RE: Windows VM performance in ACS
Have you checked in the VM's device manager that all devices are using virtio drivers (disk, disk controller, nic adapter etc) Gary Dixon Quadris Cloud Manager +44 (0) 161 537 4980 +44 (0) 7989 717661 gary.di...@quadris.co.uk www.quadris.com Innovation House, 12-13 Bredbury Business Park Bredbury Park Way, Bredbury, Stockport, SK6 2SN -Original Message- From: Alexandru Stan Sent: Thursday, May 23, 2024 11:17 AM To: users@cloudstack.apache.org Subject: RE: Windows VM performance in ACS Hi Gary, That’s what I used when registering the ISO. Doesn’t seem to help at all unfortunately. From: Gary Dixon Sent: Thursday, May 23, 2024 1:14 PM To: users@cloudstack.apache.org Subject: RE: Windows VM performance in ACS HI Alexandru We use "Windows PV" OS type on our Windows VM's - this provides the Hyper-V enlightenments. BR Gary [cid:image795113.png@DAEF2351.E3855BD4] Gary Dixon Quadris Cloud Manager [cid:image752066.png@3A68EBBE.280BF225] +44 (0) 161 537 4980 +44 (0) 7989 717661 [cid:image143416.png@CD1E068B.3BF4E714] gary.di...@quadris.co.uk<mailto:gary.di...@quadris.co.uk> [cid:image596607.png@BDE27FFF.72E872DF] http://www.quadris.com/<http://www.quadris.com/> [cid:image382983.png@B32DDBFC.505CE7AD] Innovation House, 12‑13 Bredbury Business Park Bredbury Park Way, Bredbury, Stockport, SK6 2SN -Original Message- From: Alexandru Stan mailto:alexandru.s...@lifeincloud.com.INVALID>> Sent: Thursday, May 23, 2024 10:40 AM To: users@cloudstack.apache.org<mailto:users@cloudstack.apache.org> Subject: Windows VM performance in ACS Hi everyone, Is there anything that must be done to improve the performance of Windows VMs in ACS? I tried to deploy a W10 instance, with the virtio drivers, and the performance is very, very poor (for example it took almost 3 hours to install a CU, the actual setup took about 50 minutes and so on). The hypervisor kvm on a HP server, with ssd's for storage. In other apps there are those hyper-v enlightments that can be enabled for Windows guests and it really makes a difference, but I have no idea if this is a thing in ACS too. If someone has some info on this, please share. Thank you!
RE: Windows VM performance in ACS
HI Alexandru We use "Windows PV" OS type on our Windows VM's - this provides the Hyper-V enlightenments. BR Gary Gary Dixon Quadris Cloud Manager +44 (0) 161 537 4980 +44 (0) 7989 717661 gary.di...@quadris.co.uk www.quadris.com Innovation House, 12-13 Bredbury Business Park Bredbury Park Way, Bredbury, Stockport, SK6 2SN -Original Message- From: Alexandru Stan Sent: Thursday, May 23, 2024 10:40 AM To: users@cloudstack.apache.org Subject: Windows VM performance in ACS Hi everyone, Is there anything that must be done to improve the performance of Windows VMs in ACS? I tried to deploy a W10 instance, with the virtio drivers, and the performance is very, very poor (for example it took almost 3 hours to install a CU, the actual setup took about 50 minutes and so on). The hypervisor kvm on a HP server, with ssd's for storage. In other apps there are those hyper-v enlightments that can be enabled for Windows guests and it really makes a difference, but I have no idea if this is a thing in ACS too. If someone has some info on this, please share. Thank you!
RE: Windows templates KVM
I also forgot to mention - we also add these lines into our agent.properties file on the KVM hosts so that we get better display resolution and use virtio for the graphics driver vm.video.ram=65536 vm.video.hardware=virtio and of course the virtio drivers and qemu agent are installed into all of our Windows templates Gary Dixon Quadris Cloud Manager +44 (0) 161 537 4980 +44 (0) 7989 717661 gary.di...@quadris.co.uk www.quadris.com Innovation House, 12-13 Bredbury Business Park Bredbury Park Way, Bredbury, Stockport, SK6 2SN -Original Message- From: Francisco Arencibia Quesada Sent: Thursday, May 16, 2024 11:51 AM To: users@cloudstack.apache.org Subject: Re: Windows templates KVM Hi Gary, Yes we are using cloud-init and in our case we are removing the recovery partition, with XCP templates all good, now we are testing the same with KVM. Thank you for your feedback :) Regards On Thu, May 16, 2024 at 12:48 PM Gary Dixon wrote: > Hi Fransisco > > Be careful if you are building Windows 11 or Wiindows Server 2022 > templates as Microsoft have changed the default OS partitioning - they > have put the recovery partition at the end of the disk.. > > We build these initially from ISO so we can add a 1Gb partition - this > then gives us the opportunity after the VM is built to re-arrange the > OS partitions without losing the recovery partition but also allows us > to 'resize' the C drive later on if we ever need to - you can find > more detailed info here > https://supe/ > ruser.com%2Fquestions%2F1453790%2Fhow-to-move-the-recovery-partition-o > n-windows-10=05%7C02%7CGary.Dixon%40quadris.co.uk%7Cf0c2f74a25204 > a14834108dc7596172c%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63851 > 4534711145460%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2lu > MzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C=NMfku5CZydw2mrWW > 1VIBzqiHfX8SA1zP4Caa1Lp%2FwNg%3D=0 > > It can also be useful to install cloudbase-init in your windows > template which will give you more provisioning functinality > > Gary Dixon > Quadris Cloud Manager > +44 (0) 161 537 4980 <+44%20(0)%20161%20537%204980> > +44 (0) 7989 717661 <+44%20(0)%207989%20717661> > gary.di...@quadris.co.uk > http://www.q/ > uadris.com%2F=05%7C02%7CGary.Dixon%40quadris.co.uk%7Cf0c2f74a2520 > 4a14834108dc7596172c%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C6385 > 14534711154700%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2l > uMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C=ELE8vzHnoRjUl0E > jyQFn0BUinPeNKf%2FEKyo6HTvjD0I%3D=0 > Innovation House, 12‑13 Bredbury Business Park Bredbury Park Way, > Bredbury, Stockport, SK6 2SN > > From: Francisco Arencibia Quesada > Sent: Thursday, May 16, 2024 11:35 AM > To: users@cloudstack.apache.org > Subject: Windows templates KVM > > Good morning guys, > > Is there any updated guide to build windows templates for KVM? I have > one but I'm just checking with you guys the best approach. It is also > required to install virtio drivers and qemu guest agent right? > > I have found the latest version of both, is this enough? > > > https://fedo/ > rapeople.org%2Fgroups%2Fvirt%2Fvirtio-win%2Fdirect-downloads%2Farchive > -virtio%2Fvirtio-win-0.1.248-1%2F=05%7C02%7CGary.Dixon%40quadris. > co.uk%7Cf0c2f74a25204a14834108dc7596172c%7Cf1d6abf3d3b44894ae16db0fb93 > a96a2%7C0%7C0%7C638514534711160251%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4 > wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C > data=0s0x%2FyNV6IC3sgJ5WW8S%2FKzHetyux61nNJz7LroGRQ0%3D=0 > > > https://fedo/ > rapeople.org%2Fgroups%2Fvirt%2Fvirtio-win%2Fdirect-downloads%2Farchive > -qemu-ga%2Fqemu-ga-win-107.0.1-1.el9%2F=05%7C02%7CGary.Dixon%40qu > adris.co.uk%7Cf0c2f74a25204a14834108dc7596172c%7Cf1d6abf3d3b44894ae16d > b0fb93a96a2%7C0%7C0%7C638514534711164550%7CUnknown%7CTWFpbGZsb3d8eyJWI > joiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7 > C%7C=ylpRTsOZexvxDXs7tkJ6JQ12ZVhSSXz7%2B3hXUPoEhh8%3D=0 > > > Regards > Thanks in advance :) > -- > *Francisco Arencibia Quesada.* > *DevOps Engineer* > -- *Francisco Arencibia Quesada.* *DevOps Engineer*
RE: Windows templates KVM
Hi Fransisco Be careful if you are building Windows 11 or Wiindows Server 2022 templates as Microsoft have changed the default OS partitioning - they have put the recovery partition at the end of the disk.. We build these initially from ISO so we can add a 1Gb partition - this then gives us the opportunity after the VM is built to re-arrange the OS partitions without losing the recovery partition but also allows us to 'resize' the C drive later on if we ever need to - you can find more detailed info here https://superuser.com/questions/1453790/how-to-move-the-recovery-partition-on-windows-10 It can also be useful to install cloudbase-init in your windows template which will give you more provisioning functinality Gary Dixon Quadris Cloud Manager +44 (0) 161 537 4980 +44 (0) 7989 717661 gary.di...@quadris.co.uk www.quadris.com Innovation House, 12-13 Bredbury Business Park Bredbury Park Way, Bredbury, Stockport, SK6 2SN From: Francisco Arencibia Quesada Sent: Thursday, May 16, 2024 11:35 AM To: users@cloudstack.apache.org Subject: Windows templates KVM Good morning guys, Is there any updated guide to build windows templates for KVM? I have one but I'm just checking with you guys the best approach. It is also required to install virtio drivers and qemu guest agent right? I have found the latest version of both, is this enough? https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/virtio-win-0.1.248-1/ https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-qemu-ga/qemu-ga-win-107.0.1-1.el9/ Regards Thanks in advance :) -- *Francisco Arencibia Quesada.* *DevOps Engineer*
RE: RVR's in master/master state
Thanks Wei That was the article I was following for troubleshooting - proved to be very useful. In our case even though the multicast config was present and correct on the switches it has just stopped working after the power outage. Re-applying the multicast switch config immediately restored functionality to the RVR's Gary Dixon Quadris Cloud Manager +44 (0) 161 537 4980 +44 (0) 7989 717661 gary.di...@quadris.co.uk www.quadris.com Innovation House, 12-13 Bredbury Business Park Bredbury Park Way, Bredbury, Stockport, SK6 2SN -Original Message- From: Wei ZHOU Sent: Saturday, April 20, 2024 3:28 PM To: users@cloudstack.apache.org Subject: Re: RVR's in master/master state Hi Gary, Thanks for the sharing I recall a similar issue caused by a multicast configuration (not the same): https://github.com/apache/cloudstack/issues/7838#issuecomment-1722697352 anyone facing the similar issue could check the multicast configurations. Kind regards, Wei On Fri, Apr 19, 2024 at 6:20 PM Gary Dixon wrote: > Hi Daan > > Sorry - I forgot to post back what the issue turned out to be. > > We had a power outage in our building where our Dev environment is racked. > After doing some tcp dumps on some vxlan interfaces I was seeing lots > of bad checksums. > Our Network engineer swore that the switches we're all OK but after > re-applying the multicast config on the switches - all of the RVR's > came back into a stable Master/Backup state across all VPC's. > Hope this helps others if they are seeing strange behaviour with VPC > RVR's when using VXLAN guest isolation > > BR > > Gary > > > > Gary Dixon > Quadris Cloud Manager > +44 (0) 161 537 4980 <+44%20(0)%20161%20537%204980> > +44 (0) 7989 717661 <+44%20(0)%207989%20717661> > gary.di...@quadris.co.uk > http://www.q/ > uadris.com%2F=05%7C02%7CGary.Dixon%40quadris.co.uk%7Ce9fb36590460 > 4570a19608dc61461dbf%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C6384 > 92200978503803%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2l > uMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C=MOrw1j6mujkBduk > TaLlsZ%2BhV0ql9qcziL%2FcPnNNIbmk%3D=0 > Innovation House, 12‑13 Bredbury Business Park Bredbury Park Way, > Bredbury, Stockport, SK6 2SN -Original Message- > From: Daan Hoogland > Sent: Friday, April 19, 2024 3:08 PM > To: users@cloudstack.apache.org > Subject: Re: RVR's in master/master state > > sorry no one could help you Gary, > Have you gotten any further on this issue? > > On Fri, Apr 5, 2024 at 4:59 PM Gary Dixon > > > wrote: > > > HI all > > > > > > > > ACS 4.15.2 > > > > Ubuntu 20.04 > > > > KVM > > > > Adv Zone no sec groups > > > > > > > > We recently had to move all of our dev ACS environment virtual > > management and mysql servers to a new isolated subnet for security > reasons. > > > > > > > > Since then all of the VPC RVR’s are in master/master mode. > > > > If I restart a VPC with cleanup the RVR’s come back into a > > master/backup state for a few minutes but then go into master/master > > state rendering the VPC useless. > > > > > > > > In the cloud.log on one of the RVR’s it is full of these errors: > > > > “2024-04-05 14:51:43,843 ERROR Not able to setup source-nat for a > > regular router yet” > > > > > > > > Can anyone point me in the right direction to resolve this issue ? > > > > Are there other logs I could look at or services on the RVR’s to check ? > > > > > > > > BR > > > > > > > > Gary > > > > > > Gary Dixon > > Quadris Cloud Manager > > +44 (0) 161 537 4980 <+44%20(0)%20161%20537%204980> > > +44 (0) 7989 717661 <+44%20(0)%207989%20717661> > > gary.di...@quadris.co.uk > > http://www/ > > .q%2F=05%7C02%7CGary.Dixon%40quadris.co.uk%7Ce9fb365904604570a1 > > 9608dc61461dbf%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63849220 > > 0978509895%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luM > > zIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C=yig9%2F5H%2F2T7 > > Q07%2BlcLOCgRfwH8NCvrmBZw0L5Z%2BYTz8%3D=0 > > uadris.com%2F=05%7C02%7CGary.Dixon%40quadris.co.uk%7C6d453f6408 > > 0c > > 449f243d08dc607a6e5c%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63 > > 84 > > 91326163464980%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV > > 2l > > uMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C=tKsAdO2jZBj5q > > eL > > CsCSOX0zLNsvyrXSeY7PegUCOBhE%3D=0 > > Innovation House, 12‑13 Bredbury Business Park Bredbury Park Way, > > Bredbury, Stockport, SK6 2SN > > > > > -- > Daan >
RE: RVR's in master/master state
Hi Daan Sorry - I forgot to post back what the issue turned out to be. We had a power outage in our building where our Dev environment is racked. After doing some tcp dumps on some vxlan interfaces I was seeing lots of bad checksums. Our Network engineer swore that the switches we're all OK but after re-applying the multicast config on the switches - all of the RVR's came back into a stable Master/Backup state across all VPC's. Hope this helps others if they are seeing strange behaviour with VPC RVR's when using VXLAN guest isolation BR Gary Gary Dixon Quadris Cloud Manager +44 (0) 161 537 4980 +44 (0) 7989 717661 gary.di...@quadris.co.uk www.quadris.com Innovation House, 12-13 Bredbury Business Park Bredbury Park Way, Bredbury, Stockport, SK6 2SN -Original Message- From: Daan Hoogland Sent: Friday, April 19, 2024 3:08 PM To: users@cloudstack.apache.org Subject: Re: RVR's in master/master state sorry no one could help you Gary, Have you gotten any further on this issue? On Fri, Apr 5, 2024 at 4:59 PM Gary Dixon wrote: > HI all > > > > ACS 4.15.2 > > Ubuntu 20.04 > > KVM > > Adv Zone no sec groups > > > > We recently had to move all of our dev ACS environment virtual > management and mysql servers to a new isolated subnet for security reasons. > > > > Since then all of the VPC RVR’s are in master/master mode. > > If I restart a VPC with cleanup the RVR’s come back into a > master/backup state for a few minutes but then go into master/master > state rendering the VPC useless. > > > > In the cloud.log on one of the RVR’s it is full of these errors: > > “2024-04-05 14:51:43,843 ERRORNot able to setup source-nat for a > regular router yet” > > > > Can anyone point me in the right direction to resolve this issue ? > > Are there other logs I could look at or services on the RVR’s to check ? > > > > BR > > > > Gary > > > Gary Dixon > Quadris Cloud Manager > +44 (0) 161 537 4980 <+44%20(0)%20161%20537%204980> > +44 (0) 7989 717661 <+44%20(0)%207989%20717661> > gary.di...@quadris.co.uk > http://www.q/ > uadris.com%2F=05%7C02%7CGary.Dixon%40quadris.co.uk%7C6d453f64080c > 449f243d08dc607a6e5c%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C6384 > 91326163464980%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2l > uMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C=tKsAdO2jZBj5qeL > CsCSOX0zLNsvyrXSeY7PegUCOBhE%3D=0 > Innovation House, 12‑13 Bredbury Business Park Bredbury Park Way, > Bredbury, Stockport, SK6 2SN > -- Daan
host tags issue
ACS 4.15.2 KVM on Ubuntu 20.04 Adv Zone no secgroups Hi all I am just testing implementing host tags in our dev environment Where in the database can I check the Instance that has been deployed from an Offering that specifies a host tag to see the host tags have applied to the VM I do not see in the UI on the VM details any mention of host tags and didn’t see any mention of host tags in the mgmt. logs when the Instance was deployed I basically want to double check that the host tags were followed in the VM deployment BR Gary Gary Dixon Quadris Cloud Manager +44 (0) 161 537 4980 +44 (0) 7989 717661 gary.di...@quadris.co.uk www.quadris.com Innovation House, 12-13 Bredbury Business Park Bredbury Park Way, Bredbury, Stockport, SK6 2SN
RVR's in master/master state
HI all ACS 4.15.2 Ubuntu 20.04 KVM Adv Zone no sec groups We recently had to move all of our dev ACS environment virtual management and mysql servers to a new isolated subnet for security reasons. Since then all of the VPC RVR's are in master/master mode. If I restart a VPC with cleanup the RVR's come back into a master/backup state for a few minutes but then go into master/master state rendering the VPC useless. In the cloud.log on one of the RVR's it is full of these errors: "2024-04-05 14:51:43,843 ERRORNot able to setup source-nat for a regular router yet" Can anyone point me in the right direction to resolve this issue ? Are there other logs I could look at or services on the RVR's to check ? BR Gary Gary Dixon Quadris Cloud Manager +44 (0) 161 537 4980 +44 (0) 7989 717661 gary.di...@quadris.co.uk www.quadris.com Innovation House, 12-13 Bredbury Business Park Bredbury Park Way, Bredbury, Stockport, SK6 2SN
RE: CPU topology
My bad Actually when starting to type in "cpu" - the VM setting appears in a drop-down list - its "cpu.corespersocket" and this is working now - pinning all 8 vCPU's to a single socket Many thanks Gary Gary Dixon Quadris Cloud Manager +44 (0) 161 537 4980 +44 (0) 7989 717661 gary.di...@quadris.co.uk www.quadris.com Innovation House, 12-13 Bredbury Business Park Bredbury Park Way, Bredbury, Stockport, SK6 2SN -Original Message- From: Wei ZHOU Sent: Tuesday, March 12, 2024 9:02 AM To: users@cloudstack.apache.org Subject: Re: CPU topology Hi, Sorry the vm setting name is "cpucorepersocket", not "cpucorespersocket" -Wei On Tue, Mar 12, 2024 at 9:53 AM Gary Dixon wrote: > Hi Wei > > I tried setting cpucorespersocket to 8 on a VM with 8vCPU but it has > still put them across 2 sockets? > > Heres some of the xml output: > > 8388608 > 8 > > 264 > > .. > cores='4' threads='1'/> ... > > Any ideas what I am doing wrong? > > BR > > Gary > > Gary Dixon > Quadris Cloud Manager > +44 (0) 161 537 4980 <+44%20(0)%20161%20537%204980> > +44 (0) 7989 717661 <+44%20(0)%207989%20717661> > gary.di...@quadris.co.uk > http://www.q/ > uadris.com%2F=05%7C02%7CGary.Dixon%40quadris.co.uk%7C2bedeb6f3087 > 41b71ab708dc427325b5%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C6384 > 58309534536696%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2l > uMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C=cy6mSkb1QG87z2H > ws3%2Byj37aiGRnZQLGzyiumeQI3uk%3D=0 > Innovation House, 12‑13 Bredbury Business Park Bredbury Park Way, > Bredbury, Stockport, SK6 2SN -Original Message- > From: Wei ZHOU > Sent: Monday, March 11, 2024 5:29 PM > To: users@cloudstack.apache.org > Subject: Re: CPU topology > > Stop the vm > Add a vm setting cpucorespersocket > Start the vm > > -Wei > > > On Monday, March 11, 2024, Gary Dixon > > wrote: > > > > > > > Meant to have stated here that our ACS version is 4.15.2 Hi > > > > ACS 4.1.2 > > KVM on Ubuntu 20.04 > > Hosts are Dell R7525 AMD EPYC dual socket 32 core CPU’s > > > > Is there a VM setting that can over-ride the CPU topology? > > > > It seems that when we have a VM with less than 8 vCPU – the domain > > xml of a VM shows the CPU topology as a single socket. > > However between 8 and 16 vCPU’s it shows the topology as having 2 > > sockets and 16 or more vCPUs shows 4 sockets. > > I have tried using a VM setting of cpuSocket = 1on a VM with 8vCPU’s > > but it is ignored and continues to use a topology with 2 sockets > > > > BR > > > > Gary > > > > > > [cid:image161185.png@43BB5413.7EEF77E3] > > Gary Dixon > > Quadris Cloud Manager > > [cid:image347717.png@8A941AE6.9AE8C0C0] > > +44 (0) 161 537 4980 > > +44 (0) 7989 717661 > > [cid:image253845.png@DEB7B540.7BE6A036] > > gary.di...@quadris.co.uk<mailto:gary.di...@quadris.co.uk> > > [cid:image058514.png@B54F0EC3.D31BE611] > > http://www/ > > .q%2F=05%7C02%7CGary.Dixon%40quadris.co.uk%7C2bedeb6f308741b71a > > b708dc427325b5%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63845830 > > 9534544670%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luM > > zIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C=2YFk8YOCHru4RGd > > %2BeW8J2VLdHQ56%2B84er462%2FAo%2Ffxw%3D=0 > > uadris.com%2F=05%7C02%7CGary.Dixon%40quadris.co.uk%7Ca277409825 > > e3 > > 4aaf0d0c08dc41f0e5ee%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63 > > 84 > > 57750109219152%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV > > 2l > > uMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C=YgDCwDD5fCOV9 > > ZT > > WmqURHVoTP9sNAsxyiqgtn%2FYaAtY%3D=0<https://eur01.safelinks/ > > .protection.outlook.com/?url=https%3A%2F%2Feur01.safelinks.p%2F > > =05%7C02%7CGary.Dixon%40quadris.co.uk%7C2bedeb6f308741b71ab708dc4273 > > 25b5%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C638458309534549780 > > %7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI > > 6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C=UHLpLAIzoWI%2B%2BtEKwLcGD > > 2s5bcukqIIcugHQHPVWnug%3D=0 > > rotection.outlook.com/?url=http%3A%2F%2Fwww.quadris.com%2F=05%7 > > C0 > > 2%7CGary.Dixon%40quadris.co.uk%7Ca277409825e34aaf0d0c08dc41f0e5ee%7C > > f1 > > d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C638457750109228420%7CUnknow > > n% > > 7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLC > > JX > > VCI6Mn0%3D%7C0%7C%7C%7C=jOqpTPry%2FCm4zAUenX2SFUtrfzzt8WF3CgnD > > j% 2FbM2B4%3D=0> [cid:image187233.png@747A4F03.8BAA600C] > > Innovation House, 12‑13 Bredbury Business Park Bredbury Park Way, > > Bredbury, Stockport, SK6 2SN > > > > >
RE: CPU topology
Hi Wei I tried setting cpucorespersocket to 8 on a VM with 8vCPU but it has still put them across 2 sockets? Heres some of the xml output: 8388608 8 264 .. ... Any ideas what I am doing wrong? BR Gary Gary Dixon Quadris Cloud Manager +44 (0) 161 537 4980 +44 (0) 7989 717661 gary.di...@quadris.co.uk www.quadris.com Innovation House, 12-13 Bredbury Business Park Bredbury Park Way, Bredbury, Stockport, SK6 2SN -Original Message- From: Wei ZHOU Sent: Monday, March 11, 2024 5:29 PM To: users@cloudstack.apache.org Subject: Re: CPU topology Stop the vm Add a vm setting cpucorespersocket Start the vm -Wei On Monday, March 11, 2024, Gary Dixon wrote: > > > Meant to have stated here that our ACS version is 4.15.2 Hi > > ACS 4.1.2 > KVM on Ubuntu 20.04 > Hosts are Dell R7525 AMD EPYC dual socket 32 core CPU’s > > Is there a VM setting that can over-ride the CPU topology? > > It seems that when we have a VM with less than 8 vCPU – the domain xml > of a VM shows the CPU topology as a single socket. > However between 8 and 16 vCPU’s it shows the topology as having 2 > sockets and 16 or more vCPUs shows 4 sockets. > I have tried using a VM setting of cpuSocket = 1on a VM with 8vCPU’s > but it is ignored and continues to use a topology with 2 sockets > > BR > > Gary > > > [cid:image161185.png@43BB5413.7EEF77E3] > Gary Dixon > Quadris Cloud Manager > [cid:image347717.png@8A941AE6.9AE8C0C0] > +44 (0) 161 537 4980 > +44 (0) 7989 717661 > [cid:image253845.png@DEB7B540.7BE6A036] > gary.di...@quadris.co.uk<mailto:gary.di...@quadris.co.uk> > [cid:image058514.png@B54F0EC3.D31BE611] > http://www.q/ > uadris.com%2F=05%7C02%7CGary.Dixon%40quadris.co.uk%7Ca277409825e3 > 4aaf0d0c08dc41f0e5ee%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C6384 > 57750109219152%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2l > uMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C=YgDCwDD5fCOV9ZT > WmqURHVoTP9sNAsxyiqgtn%2FYaAtY%3D=0<https://eur01.safelinks.p/ > rotection.outlook.com/?url=http%3A%2F%2Fwww.quadris.com%2F=05%7C0 > 2%7CGary.Dixon%40quadris.co.uk%7Ca277409825e34aaf0d0c08dc41f0e5ee%7Cf1 > d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C638457750109228420%7CUnknown% > 7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJX > VCI6Mn0%3D%7C0%7C%7C%7C=jOqpTPry%2FCm4zAUenX2SFUtrfzzt8WF3CgnDj% > 2FbM2B4%3D=0> [cid:image187233.png@747A4F03.8BAA600C] > Innovation House, 12‑13 Bredbury Business Park Bredbury Park Way, > Bredbury, Stockport, SK6 2SN > >
RE: CPU topology
Meant to have stated here that our ACS version is 4.15.2 Hi ACS 4.1.2 KVM on Ubuntu 20.04 Hosts are Dell R7525 AMD EPYC dual socket 32 core CPU’s Is there a VM setting that can over-ride the CPU topology? It seems that when we have a VM with less than 8 vCPU – the domain xml of a VM shows the CPU topology as a single socket. However between 8 and 16 vCPU’s it shows the topology as having 2 sockets and 16 or more vCPUs shows 4 sockets. I have tried using a VM setting of cpuSocket = 1on a VM with 8vCPU’s but it is ignored and continues to use a topology with 2 sockets BR Gary [cid:image161185.png@43BB5413.7EEF77E3] Gary Dixon Quadris Cloud Manager [cid:image347717.png@8A941AE6.9AE8C0C0] +44 (0) 161 537 4980 +44 (0) 7989 717661 [cid:image253845.png@DEB7B540.7BE6A036] gary.di...@quadris.co.uk<mailto:gary.di...@quadris.co.uk> [cid:image058514.png@B54F0EC3.D31BE611] www.quadris.com<http://www.quadris.com> [cid:image187233.png@747A4F03.8BAA600C] Innovation House, 12‑13 Bredbury Business Park Bredbury Park Way, Bredbury, Stockport, SK6 2SN
CPU topology
Hi ACS 4.1.2 KVM on Ubuntu 20.04 Hosts are Dell R7525 AMD EPYC dual socket 32 core CPU's Is there a VM setting that can over-ride the CPU topology? It seems that when we have a VM with less than 8 vCPU - the domain xml of a VM shows the CPU topology as a single socket. However between 8 and 16 vCPU's it shows the topology as having 2 sockets and 16 or more vCPUs shows 4 sockets. I have tried using a VM setting of cpuSocket = 1on a VM with 8vCPU's but it is ignored and continues to use a topology with 2 sockets BR Gary Gary Dixon Quadris Cloud Manager +44 (0) 161 537 4980 +44 (0) 7989 717661 gary.di...@quadris.co.uk www.quadris.com Innovation House, 12-13 Bredbury Business Park Bredbury Park Way, Bredbury, Stockport, SK6 2SN
RE: corrupt RVR causing host agent issues
Hi Daan It seems cloudstack did know the host had died because it tried to fence the host but couldn't because we have host HA disabled. It also reported OOB stop had occurred on the HA enabled VM's and started them all again on the same host. We then had to put the host into MM because the iDrac logs were showing issues with 2 memory DIMMS. All I know is that whichever host the corrupt VR was running on - we could not Console to it or any other running VM on the same host - because the agent comms were messed up. We have found in the agent host a line that states PublicKey authentication had failed to the VR (because the VR was corrupt at the guest OS level). At the time we did not see this and any command sent from with ACS mgmt. to either reboot the VR or restart the VPC with cleanup resulted in the host agent not servicing the request or any other request - such as to view the console of any VM or live migrate any VM to another host. We're still sifting through both agent and mgmt. logs to try and determine what exactly happened that was causing this behaviour. All other running VM's on the host were actually fine as we could connect by external methods. We are hoping to upgrade the environment ASAP so we can get better Host HA with StorPool Primary storage. BR Gary Gary Dixon Quadris Cloud Manager 0161 537 4980 +44 7989717661 gary.di...@quadris.co.uk www.quadris.com Innovation House, 12-13 Bredbury Business Park Bredbury Park Way, Bredbury, Stockport, SK6 2SN -Original Message- From: Daan Hoogland Sent: Monday, February 26, 2024 1:03 PM To: users@cloudstack.apache.org Subject: Re: corrupt RVR causing host agent issues Gary, the mail does not display the screenshot for me. Also this is an old version (4.15) I think you should upgrade. What might be the root of your issue is that *you* have seen the physical host crashed but CloudStack could not determine that. To prevent starting the same VM twice it would withhold taking any action in such situations. You may call this a bug or a "lack of feature", but the bottom line is that this is expected behaviour. I do not think a corrupt VR would crash a host. On Mon, Feb 26, 2024 at 1:25 PM Gary Dixon wrote: > ACS 4.15.2 > > KVM > > Ubuntu 20.04 > > > > Hi all > > > > We had a physical host crash on Friday due to hardware failure. This > appeared to have caused issues with some RVR’s going into an ‘unknown’ > state. > > > > The strange thing was that on any host where a RVR in an unknown state > was running – we could not console onto any VM’s on that host – nor > could we SSH directly to the RVR from the host. > > The UI was showing all hosts agent state as ‘UP’ > > > > Only when we restarted the ACS mgmt. service did we notice that the > host agent where a RVR was running in an ‘unknown’ state then was in a > ‘connecting’ state for some time – there were no networking issues > either – host was pingable from the mgmt. server. > > > > We were then briefly able to console onto one of the RVR’s in an > unknown state and then discovered that the RVR was indeed corrupt – > this is the screenshot of the RVR terminal : > > > > We then marked the RVR in the DB as ‘stopped’ and virsh destroyed it > directly on the host. We were then able to restart the VPC with > cleanup which then re-created the corrupt RVR. > > It then appeared that once the corrupt RVR had gone – all other RVR’s > in an unknown state transitioned to ‘backup’ state > > > > We are wondering if we have encountered a bug where if a corrupt RVR > crashes the host cloudstack agent if ACS tries to do anything with the > RVR – like restart it > > > > BR > > > > Gary > > > > > > > Gary Dixon > Quadris Cloud Manager > 0161 537 4980 <0161%20537%204980> > +44 7989717661 <+44%207989717661> > gary.di...@quadris.co.uk > http://www.q/ > uadris.com%2F=05%7C02%7CGary.Dixon%40quadris.co.uk%7Cccb839a47f40 > 4b38ae5608dc36cb3fbe%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C6384 > 45493800485528%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2l > uMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C=9hX%2BwqSLFpxdb > KKSdUqqhPBIK3CaUyl%2F9GkrNUSny98%3D=0 > Innovation House, 12‑13 Bredbury Business Park Bredbury Park Way, > Bredbury, Stockport, SK6 2SN > -- Daan
corrupt RVR causing host agent issues
ACS 4.15.2 KVM Ubuntu 20.04 Hi all We had a physical host crash on Friday due to hardware failure. This appeared to have caused issues with some RVR’s going into an ‘unknown’ state. The strange thing was that on any host where a RVR in an unknown state was running – we could not console onto any VM’s on that host – nor could we SSH directly to the RVR from the host. The UI was showing all hosts agent state as ‘UP’ Only when we restarted the ACS mgmt. service did we notice that the host agent where a RVR was running in an ‘unknown’ state then was in a ‘connecting’ state for some time – there were no networking issues either – host was pingable from the mgmt. server. We were then briefly able to console onto one of the RVR’s in an unknown state and then discovered that the RVR was indeed corrupt – this is the screenshot of the RVR terminal : [cid:image006.png@01DA68AE.A9D7A090] We then marked the RVR in the DB as ‘stopped’ and virsh destroyed it directly on the host. We were then able to restart the VPC with cleanup which then re-created the corrupt RVR. It then appeared that once the corrupt RVR had gone – all other RVR’s in an unknown state transitioned to ‘backup’ state We are wondering if we have encountered a bug where if a corrupt RVR crashes the host cloudstack agent if ACS tries to do anything with the RVR – like restart it BR Gary Gary Dixon Quadris Cloud Manager 0161 537 4980 +44 7989717661 gary.di...@quadris.co.uk www.quadris.com Innovation House, 12-13 Bredbury Business Park Bredbury Park Way, Bredbury, Stockport, SK6 2SN
RE: restrict Instance console access
Many thanks Wei In another test ACS 4.18 environment I can see the new role permission. We will look to update our production ACS 4.15.2 as soon as we are able Gary Dixon Quadris Cloud Manager 0161 537 4980 +44 7989717661 gary.di...@quadris.co.uk www.quadris.com Innovation House, 12-13 Bredbury Business Park Bredbury Park Way, Bredbury, Stockport, SK6 2SN -Original Message- From: Wei ZHOU Sent: Monday, February 19, 2024 10:30 PM To: users Cc: Gary Dixon Subject: Re: restrict Instance console access In 4.18+, an API is used to create the console URL: https://cloudstack.apache.org/api/apidocs-4.19/apis/createConsoleEndpoint.html Denying the API can disable the VM console. It is not available in 4.15.2 -Wei Nux 于 2024年2月19日周一 22:23写道: > Hi, > > I do not think there is one in that version - or later ones, although > certain things do change, you'll have to do it outside Cloudstack > somehow. > > On 2024-02-19 15:52, Gary Dixon wrote: > > HI > > > > ACS 4.15.2 > > > > Ubuntu 20.04 > > > > We have a requirement to restrict access to the VM console for > > certain tenants within our ACS implementation - however I cannot see > > a way to accomplish this via Role permissions. > > > > Is there a way to restrict VM Console access for specific users ? > > > > BR > > > > Gary > > > > Gary Dixon > > > > Quadris Cloud Manager > > > > 0161 537 4980 [1] > > > >+44 7989717661 [2] > > > > gary.di...@quadris.co.uk > > > > http://www/ > > .quadris.com%2F=05%7C02%7CGary.Dixon%40quadris.co.uk%7C7d03b57a > > 59d742cc6e2e08dc319a70bb%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0% > > 7C638439786597983405%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJ > > QIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C=W0Hg1 > > 7S5ogJEMZ9mVHfe3vhQNmWT6IOjWVA6H4GH1lk%3D=0 > > > > Innovation House, 12‑13 Bredbury Business Park Bredbury Park Way, > > Bredbury, Stockport, SK6 2SN > > > > > > > > Links: > > -- > > [1] tel:0161%20537%204980 > > [2] tel:+44%207989717661 >
restrict Instance console access
HI ACS 4.15.2 Ubuntu 20.04 We have a requirement to restrict access to the VM console for certain tenants within our ACS implementation - however I cannot see a way to accomplish this via Role permissions. Is there a way to restrict VM Console access for specific users ? BR Gary Gary Dixon Quadris Cloud Manager 0161 537 4980 +44 7989717661 gary.di...@quadris.co.uk www.quadris.com Innovation House, 12-13 Bredbury Business Park Bredbury Park Way, Bredbury, Stockport, SK6 2SN
RE: Hot Added NICs - PCI slot changes on instance reboot
No worries I think by default it is set to OfflineAll I see in your reply to Wei that you mention also you use Server 2022 - bear in mind Microsoft changed the OS disk partitioning scheme in Windows 10/11 and Server 2022 and now puts the recovery partition at the end of the disk. On our Windows server 2022 template we have made it so the recovery partition is at the beginning of the disk so that you still have the ability to expand the C drive in the future if you need to. Ref: https://superuser.com/questions/1453790/how-to-move-the-recovery-partition-on-windows-10 BR Gary Gary Dixon Quadris Cloud Manager 0161 537 4980 +44 7989717661 gary.di...@quadris.co.uk www.quadris.com Innovation House, 12-13 Bredbury Business Park Bredbury Park Way, Bredbury, Stockport, SK6 2SN -Original Message- From: S.Fuller Sent: Wednesday, January 24, 2024 6:58 PM To: users@cloudstack.apache.org Subject: Re: Hot Added NICs - PCI slot changes on instance reboot Gary, Thanks for chiming in. I'll check the SAN policy on and see what it is set to. On Wed, Jan 24, 2024 at 2:55 AM Gary Dixon wrote: > Hi Steve > > I don't know about the hot-add nic issue - but with the volumes on > windows guests you need to set the SAN policy to OnlineAll in diskpart > - then additional volumes will always be available (we bake this into > our windows > templates) > Ref: > https://lear/ > n.microsoft.com%2Fen-us%2Fwindows-server%2Fadministration%2Fwindows-co > mmands%2Fsan=05%7C02%7CGary.Dixon%40quadris.co.uk%7Cf3bdc0b8e4464 > a9662e608dc1d0e73cf%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63841 > 7195111998648%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2lu > MzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=095UW0PnIp6Xl > vhqdlK8zVV3DsRQLwUqj2DI1im3rH4%3D=0 > > BR > > Gary > > > Gary Dixon > Quadris Cloud Manager > 0161 537 4980 <0161%20537%204980> > +44 7989717661 <+44%207989717661> > gary.di...@quadris.co.uk > http://www.q/ > uadris.com%2F=05%7C02%7CGary.Dixon%40quadris.co.uk%7Cf3bdc0b8e446 > 4a9662e608dc1d0e73cf%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C6384 > 17195112010357%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2l > uMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=aGZJHEFXbBID > 7Yx68x3dVN6F9StkB%2F0CP3hRNUbKTs4%3D=0 > Innovation House, 12‑13 Bredbury Business Park Bredbury Park Way, > Bredbury, Stockport, SK6 2SN -Original Message- > From: S.Fuller > Sent: Wednesday, January 24, 2024 3:04 AM > To: users@cloudstack.apache.org > Subject: Hot Added NICs - PCI slot changes on instance reboot > > I am running Cloudstack 4.11 and have encountered an issue with hot > added NICs on Windows guests. I add the NIC to a running guest, > configure it, and it works as expected. After the guest reboots, the > NIC is assigned to a different PCI slot, and then needs to be > reconfigured. This has caused issues when those hot-added network interfaces > are used for ISCSI traffic. > > I can see the slot reassignment in both Windows and in the XML when I > do a virsh dumpxml on the guest. I've also seen this behavior when hot > adding volumes. That sometimes results in the volumes being in an > offline state when the guest restarts. We can bring them online > manually, and all of the data is there. > > I assume someone else has encountered this. If so, have you worked > around it somehow? For now, we're going to add interfaces and volumes > only when the guest is powered off, but that does make things a bit more work. > > Thanks. > > -- > Steve Fuller > steveful...@gmail.com > -- Steve Fuller steveful...@gmail.com
RE: Hot Added NICs - PCI slot changes on instance reboot
Hi Steve I don't know about the hot-add nic issue - but with the volumes on windows guests you need to set the SAN policy to OnlineAll in diskpart - then additional volumes will always be available (we bake this into our windows templates) Ref: https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/san BR Gary Gary Dixon Quadris Cloud Manager 0161 537 4980 +44 7989717661 gary.di...@quadris.co.uk www.quadris.com Innovation House, 12-13 Bredbury Business Park Bredbury Park Way, Bredbury, Stockport, SK6 2SN -Original Message- From: S.Fuller Sent: Wednesday, January 24, 2024 3:04 AM To: users@cloudstack.apache.org Subject: Hot Added NICs - PCI slot changes on instance reboot I am running Cloudstack 4.11 and have encountered an issue with hot added NICs on Windows guests. I add the NIC to a running guest, configure it, and it works as expected. After the guest reboots, the NIC is assigned to a different PCI slot, and then needs to be reconfigured. This has caused issues when those hot-added network interfaces are used for ISCSI traffic. I can see the slot reassignment in both Windows and in the XML when I do a virsh dumpxml on the guest. I've also seen this behavior when hot adding volumes. That sometimes results in the volumes being in an offline state when the guest restarts. We can bring them online manually, and all of the data is there. I assume someone else has encountered this. If so, have you worked around it somehow? For now, we're going to add interfaces and volumes only when the guest is powered off, but that does make things a bit more work. Thanks. -- Steve Fuller steveful...@gmail.com
RE: Cannot add kvm hosts
Hi Fransisco Try setting the global setting "ca.plugin.root.auth.strictness" to false and then try adding the host - if it adds the host successfully then set the "ca.plugin.root.auth.strictness" back to 'true' BR Gary Gary Dixon Senior Technical Consultant 0161 537 4980 +44 7989717661 gary.di...@quadris.co.uk www.quadris.com Innovation House, 12-13 Bredbury Business Park Bredbury Park Way, Bredbury, Stockport, SK6 2SN -Original Message- From: Francisco Arencibia Quesada Sent: Tuesday, January 2, 2024 2:43 PM To: users@cloudstack.apache.org Subject: Cannot add kvm hosts Good morning guys, My KVM host has ubuntu 22.04.3 LTS, I have created the zone, but it fails when adding the hosts, I run cloudstack 4.18.1.0 and this is the error I'm getting: Could not add host at [http://10.35.2.22] with zone [8], pod [8] and cluster [10] due to: [ can't setup agent, due to com.cloud.utils.exception.CloudRuntimeException: Failed to setup keystore on the KVM host: 10.35.2.22 - Failed to setup keystore on the KVM host: 10.35.2.22]. Can you suggest anything guys? Thank you all in advance. Regards -- *Francisco Arencibia Quesada.* *DevOps Engineer*
RE: Question on Compute Offerings.
Hi Palesh The CPU MHz value is part of the equation for determining the CPU Shares a VM receives - you can see this as 'cputune' when you 'virsh dumpxml ' on a running instance It is calculated by "no. of CPU's allocated to the VM X CPU MHz value divided by your CPU over-commit ratio" So for example a VM using a compute offering with 24 CPU's at 2500MHZ with an over-commit ratio of 3 would have a CPU Shares value of 24X2500/3 = 2 There is an open issue about how this will affect KVM hosts running Ubuntu 22.04 here https://github.com/apache/cloudstack/issues/6744 - actually I see that support for cgroups v2 has now been added recently Gary Dixon Senior Technical Consultant 0161 537 4980 +44 7989717661 gary.di...@quadris.co.uk www.quadris.com Innovation House, 12-13 Bredbury Business Park Bredbury Park Way, Bredbury, Stockport, SK6 2SN -Original Message- From: Palash Biswas Sent: Wednesday, December 6, 2023 5:23 AM To: users@cloudstack.apache.org Subject: Re: Question on Compute Offerings. Hi Gary, Sorry, I still cannot understand. Are you saying that specifying the MHZ actually does not take any effect? Then what is the purpose of it? Regards, palash Biswas On Tue, Dec 5, 2023 at 9:56 PM Gary Dixon wrote: > Hi Palash > > The CPU in Mhz is a bit of a misnomer as it doesn't really relate to > the actual CPU speed. It is used more as a CPU 'weight' and we set our > value to '1' and then hide the 'CPU in MHZ' from the UI. It also > relates to how CGroups on the underlying hypervisor are configured and > in our case - Ubuntu 20.04 there is a hard coded value in libvirt so > when we had a Compute offering with say 24 cores at 2000 MHZ we found > we could no longer deploy more VM's using this compute offering once > the libvirt cgroup limit was reached. It gets even worse in Ubuntu > 22.04 as the hard coded libvirt cgroup value is much less. > All of our running VM's still show the actual CPU speed in terms of > Ghz when using compute offerings with a value of just 1 Mhz > > > Gary Dixon > Senior Technical Consultant > 0161 537 4980 <0161%20537%204980> > +44 7989717661 <+44%207989717661> > gary.di...@quadris.co.uk > http://www.q/ > uadris.com%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7C71759c80bdec > 422fe3ed08dbf61ba764%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C6383 > 74370883026361%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2l > uMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=g2EyilhT0jer > QFRXSGi35U7JQ7nPiboe9PjFGJnpYy0%3D=0 > Innovation House, 12‑13 Bredbury Business Park Bredbury Park Way, > Bredbury, Stockport, SK6 2SN -Original Message- > From: Palash Biswas > Sent: Tuesday, December 5, 2023 12:57 PM > To: users@cloudstack.apache.org > Subject: Question on Compute Offerings. > > Hi Community, > > Question on Compute Offerings. > > - In the 'CPU (in MHZ)' section, does we put in the Base Clock Speed? > Or the Max Clock speed of the CPU? | > - Is the 'Network Rate (Mb/s) Parameter restrict only internet bandwidth? > Or does it also include traffic via Private Gateway (maybe to another > datacenter) > > Thank You >
RE: Question on Compute Offerings.
Hi Palash The CPU in Mhz is a bit of a misnomer as it doesn't really relate to the actual CPU speed. It is used more as a CPU 'weight' and we set our value to '1' and then hide the 'CPU in MHZ' from the UI. It also relates to how CGroups on the underlying hypervisor are configured and in our case - Ubuntu 20.04 there is a hard coded value in libvirt so when we had a Compute offering with say 24 cores at 2000 MHZ we found we could no longer deploy more VM's using this compute offering once the libvirt cgroup limit was reached. It gets even worse in Ubuntu 22.04 as the hard coded libvirt cgroup value is much less. All of our running VM's still show the actual CPU speed in terms of Ghz when using compute offerings with a value of just 1 Mhz Gary Dixon Senior Technical Consultant 0161 537 4980 +44 7989717661 gary.di...@quadris.co.uk www.quadris.com Innovation House, 12-13 Bredbury Business Park Bredbury Park Way, Bredbury, Stockport, SK6 2SN -Original Message- From: Palash Biswas Sent: Tuesday, December 5, 2023 12:57 PM To: users@cloudstack.apache.org Subject: Question on Compute Offerings. Hi Community, Question on Compute Offerings. - In the 'CPU (in MHZ)' section, does we put in the Base Clock Speed? Or the Max Clock speed of the CPU? | - Is the 'Network Rate (Mb/s) Parameter restrict only internet bandwidth? Or does it also include traffic via Private Gateway (maybe to another datacenter) Thank You
RE: Cloudstack fail to create windows 2022 templates
Hi Steve Yes - MS have changed the OS disk partitioning scheme on both Windows 11 and Server 2022. We installed Server 2022 using the ISO - but created a 1Gb partition prior to installing the OS. We then use a combination of DISM and diskpart commands to reconfigure the partitions so that we have a 1Gb Recovery partition (large enough for future OS updates to satisfy Microsoft) and have this partition at the beginning of the disk so that the "C drive" can later be extended if required Detailed steps: when installing the OS from the ISO - on the installation page - select 'advanced' and choose to add a new 1024Mb partition to the unallocated disk - this will serve as the new partition 'D' for the Recovery partition Then after the OS is installed: in diskpart find the exisiting RE partition that the system has installed and give it drive letter 'O' diskpart list volume select volume 'number of the RE partition created by the OS install' assign letter=O exit Dism /Capture-Image /ImageFile:C:\recovery-partition.wim /CaptureDir:O:\ /Name:"Recovery" Dism /Apply-Image /ImageFile:C:\recovery-partition.wim /Index:1 /ApplyDir:D:\ reagentc /disable reagentc /setreimage /path D:\Recovery\WindowsRE reagentc /enable DISKPART> select volume 'number of the D partition' DISKPART> set id=27 DISKPART> remove go into regedit hklm/system/MountedDevices and delete the item that shows the drive letter for the RE partition reboot server diskpart select volume 4 - if this was the original RE partition at the end of the disk delete partition override Gary Dixon Senior Technical Consultant 0161 537 4980 +44 7989717661 gary.di...@quadris.co.uk www.quadris.com Innovation House, 12-13 Bredbury Business Park Bredbury Park Way, Bredbury, Stockport, SK6 2SN -Original Message- From: S.Fuller Sent: Friday, November 24, 2023 2:18 AM To: users@cloudstack.apache.org Subject: Re: Cloudstack fail to create windows 2022 templates Just went through this process. - I installed Windows Server 2022 to a VM, installed the VirtIO drivers, made the other changes I wanted to the image - Ran sysprep with the shutdown and OOBE experience options - Made a template from the volume Biggest issue I had was dealing with where Windows 2022 puts the system recovery partition. MS now places it after the primary partition so automatic resizing of the volume on deployment wouldn't work. I ended up just removing that partition entirely. - Steve On Thu, Nov 23, 2023 at 12:49 AM Yu Huang Chan wrote: > Hi All, > > We are going to try to make a Windows 2022 template and follow the > documentation guides that require downloading and installing Windows AIK. > > When we look at the Windows System Image Manager catalog, it shows the > error "Details: Parameter count mismatch." > > The below latest documentation shows an example guide up to Windows > 2008 guides only. > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs > .cloudstack.apache.org%2Fen%2Flatest%2Fadminguide%2Ftemplates.html > a=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cd14867f23ed74268d71a08dbec93a > fc8%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C638363891291430927%7C > Unknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1h > aWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=JL1ZolOAhhfvjSC3LPkybTvxz5s3F > s6%2BJamQlCvPGto%3D=0 > > May we know anyone facing these issues and how to create Windows 2022 > templates in the proper way? > > Regards, > Yu Huang > -- Steve Fuller steveful...@gmail.com
RE: Proxmox and cloudstack
I believe Windows based VM's in Proxmox have an issue on booting up properly when on KVM hosts. We are also seeing this in Cloudstack Gary Dixon Senior Technical Consultant 0161 537 4980 +44 7989717661 gary.di...@quadris.co.uk www.quadris.com Innovation House, 12-13 Bredbury Business Park Bredbury Park Way, Bredbury, Stockport, SK6 2SN -Original Message- From: Francisco Arencibia Quesada Sent: Tuesday, November 21, 2023 12:10 PM To: users@cloudstack.apache.org Subject: Proxmox and cloudstack Morning guys, Has anyone tested the compatibility between proxmox and cloudstack. Cloudstack does support KVM, and proxmox uses kvm, but I would like to hear some feedbacks. Thanks as asual Regards
RE: Unable to add second host
Hi Jimmy Did you try to add the host via its IP or FQDN - it looks like you need to add it via FQDN Gary Dixon Senior Technical Consultant 0161 537 4980 +44 7989717661 gary.di...@quadris.co.uk www.quadris.com Innovation House, 12-13 Bredbury Business Park Bredbury Park Way, Bredbury, Stockport, SK6 2SN -Original Message- From: Jimmy Huybrechts Sent: Tuesday, November 14, 2023 4:18 PM To: users@cloudstack.apache.org Subject: Unable to add second host I'm trying to add a second host to my cluster now after the tests I did with having only one, however I get a Error 530 in the GUI and the management log says the following: 2023-11-14 17:11:33,491 WARN [c.c.a.d.ParamGenericValidationWorker] (qtp1278852808-495:ctx-1cea20ad ctx-5982a2e5) (logid:d7576e47) Received unknown parameters for command addHost. Unknown parameters : clustertype 2023-11-14 17:11:33,495 ERROR [c.c.a.ApiServer] (qtp1278852808-495:ctx-1cea20ad ctx-5982a2e5) (logid:d7576e47) unhandled exception executing api command: [Ljava.lang.String;@44dcd5ae com.cloud.utils.exception.CloudRuntimeException: Guid is not updated for cluster with specified cluster id; need to wait for hosts in this cluster to come up at com.cloud.resource.ResourceManagerImpl.discoverHosts(ResourceManagerImpl.java:640) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215) at com.sun.proxy.$Proxy199.discoverHosts(Unknown Source) at org.apache.cloudstack.api.command.admin.host.AddHostCmd.execute(AddHostCmd.java:136) at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:163) at com.cloud.api.ApiServer.queueCommand(ApiServer.java:782) at com.cloud.api.ApiServer.handleRequest(ApiServer.java:603) at com.cloud.api.ApiServlet.processRequestInContext(ApiServlet.java:347) at com.cloud.api.ApiServlet$1.run(ApiServlet.java:154) at org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:55) at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:102) at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:52) at com.cloud.api.ApiServlet.processRequest(ApiServlet.java:151) at com.cloud.api.ApiServlet.doPost(ApiServlet.java:110) at javax.servlet.http.HttpServlet.service(HttpServlet.java:665) at javax.servlet.http.HttpServlet.service(HttpServlet.java:750) at org.eclipse.jetty.servlet.ServletHolder$NotAsync.service(ServletHolder.java:1450) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:799) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:554) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:600) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1440) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:505) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1355) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141
RE: RVR 2 nics for Private gateway
We found 2 different Network ID's for the same private gateway so will look to delete the associated nic and then the incorrect network ID from the DB and then restart the VPC with cleanup enabled - thanks Wei Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: Wei ZHOU Sent: Friday, October 20, 2023 10:49 AM To: users@cloudstack.apache.org Subject: Re: RVR 2 nics for Private gateway You can find the private gateways in table "vpc_gateways" The issue is probably because some gateways or their corresponding networks are not removed (removed field in null). -Wei On Fri, 20 Oct 2023 at 10:40, Gary Dixon wrote: > ACS 4.14.2 > > > > KVM on ubuntu 20.04 hosts > > Adv Zone with no SG’s > > > > Hi all > > > > I restarted a redundant VPC with cleanup yesterday so the RVR’s could > pick up a new service offering with more RAM and CPU. > > > > I noticed that 2 of the interfaces were for the same Private gateway > network eth2 and eth5 (and the same on the other VPC that this private > gateway links to in the same Cloudstack environment) – checked other > tenants RVR’s that utilise a private gateway and they have just the > one interface as usual. > > > > These are the interfaces: > > > > Network > > 6 NIC(s) > > eth0 169.254.18.111 > > eth1 45.130.45.224 (PUBLIC) > > eth2 172.26.0.2 (vpc-PLS_VPC-privateNetwork) > > eth3 172.24.1.38 (172.24.1.0/24 - SERVERS) > > eth4 172.24.3.202 (DMZ_172.24.3.0/24) > > eth5 172.26.0.4 (vpc-PLS_VPC-privateNetwork) > > > > Seems this is possibly a bug where a previously deleted PG is not > fully gone and re-appears as a second interface on the RVR ? > > > > Is there a way I can remove this extra PG config somewhere – perhaps > in a DB table ? > > > > BR > > > > Gary > > > > > Gary Dixon > Senior Technical Consultant > T: +44 161 537 4990 > E: v <+44%207989717661>ms@quadris‑support.com > W: > http://www.q/ > uadris.co.uk%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7C517207d435 > 9947826e4508dbd152046f%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63 > 8333922423582736%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV > 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=fHxML9qR%2 > Fie%2BRZfINibve3F6kAJY3xUQSIdG0JtSUcY%3D=0 > The information contained in this e-mail from Quadris may be > confidential and privileged for the private use of the named > recipient. The contents of this e-mail may not necessarily represent the > official views of Quadris. > If you have received this information in error you must not copy, > distribute or take any action or reliance on its contents. Please > destroy any hard copies and delete this message. >
RE: RVR 2 nics for Private gateway
Thanks Wei Will check in the table Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: Wei ZHOU Sent: Friday, October 20, 2023 10:49 AM To: users@cloudstack.apache.org Subject: Re: RVR 2 nics for Private gateway You can find the private gateways in table "vpc_gateways" The issue is probably because some gateways or their corresponding networks are not removed (removed field in null). -Wei On Fri, 20 Oct 2023 at 10:40, Gary Dixon wrote: > ACS 4.14.2 > > > > KVM on ubuntu 20.04 hosts > > Adv Zone with no SG’s > > > > Hi all > > > > I restarted a redundant VPC with cleanup yesterday so the RVR’s could > pick up a new service offering with more RAM and CPU. > > > > I noticed that 2 of the interfaces were for the same Private gateway > network eth2 and eth5 (and the same on the other VPC that this private > gateway links to in the same Cloudstack environment) – checked other > tenants RVR’s that utilise a private gateway and they have just the > one interface as usual. > > > > These are the interfaces: > > > > Network > > 6 NIC(s) > > eth0 169.254.18.111 > > eth1 45.130.45.224 (PUBLIC) > > eth2 172.26.0.2 (vpc-PLS_VPC-privateNetwork) > > eth3 172.24.1.38 (172.24.1.0/24 - SERVERS) > > eth4 172.24.3.202 (DMZ_172.24.3.0/24) > > eth5 172.26.0.4 (vpc-PLS_VPC-privateNetwork) > > > > Seems this is possibly a bug where a previously deleted PG is not > fully gone and re-appears as a second interface on the RVR ? > > > > Is there a way I can remove this extra PG config somewhere – perhaps > in a DB table ? > > > > BR > > > > Gary > > > > > Gary Dixon > Senior Technical Consultant > T: +44 161 537 4990 > E: v <+44%207989717661>ms@quadris‑support.com > W: > http://www.q/ > uadris.co.uk%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7C517207d435 > 9947826e4508dbd152046f%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63 > 8333922423582736%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV > 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=fHxML9qR%2 > Fie%2BRZfINibve3F6kAJY3xUQSIdG0JtSUcY%3D=0 > The information contained in this e-mail from Quadris may be > confidential and privileged for the private use of the named > recipient. The contents of this e-mail may not necessarily represent the > official views of Quadris. > If you have received this information in error you must not copy, > distribute or take any action or reliance on its contents. Please > destroy any hard copies and delete this message. >
RE: RVR 2 nics for Private gateway
Sorry – mistyp’d our ACS version – we are on 4.15.2 Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. From: Gary Dixon Sent: Friday, October 20, 2023 9:40 AM To: users@cloudstack.apache.org Subject: RVR 2 nics for Private gateway ACS 4.14.2 KVM on ubuntu 20.04 hosts Adv Zone with no SG’s Hi all I restarted a redundant VPC with cleanup yesterday so the RVR’s could pick up a new service offering with more RAM and CPU. I noticed that 2 of the interfaces were for the same Private gateway network eth2 and eth5 (and the same on the other VPC that this private gateway links to in the same Cloudstack environment) – checked other tenants RVR’s that utilise a private gateway and they have just the one interface as usual. These are the interfaces: Network 6 NIC(s) eth0 169.254.18.111 eth1 45.130.45.224 (PUBLIC) eth2 172.26.0.2 (vpc-PLS_VPC-privateNetwork) eth3 172.24.1.38 (172.24.1.0/24 - SERVERS) eth4 172.24.3.202 (DMZ_172.24.3.0/24) eth5 172.26.0.4 (vpc-PLS_VPC-privateNetwork) Seems this is possibly a bug where a previously deleted PG is not fully gone and re-appears as a second interface on the RVR ? Is there a way I can remove this extra PG config somewhere – perhaps in a DB table ? BR Gary Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: vms@quadris‑support.com W: www.quadris.co.uk<http://www.quadris.co.uk> [cid:image446906.png@2900EE75.258ECF60] The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message.
RVR 2 nics for Private gateway
ACS 4.14.2 KVM on ubuntu 20.04 hosts Adv Zone with no SG's Hi all I restarted a redundant VPC with cleanup yesterday so the RVR's could pick up a new service offering with more RAM and CPU. I noticed that 2 of the interfaces were for the same Private gateway network eth2 and eth5 (and the same on the other VPC that this private gateway links to in the same Cloudstack environment) - checked other tenants RVR's that utilise a private gateway and they have just the one interface as usual. These are the interfaces: Network 6 NIC(s) eth0 169.254.18.111 eth1 45.130.45.224 (PUBLIC) eth2 172.26.0.2 (vpc-PLS_VPC-privateNetwork) eth3 172.24.1.38 (172.24.1.0/24 - SERVERS) eth4 172.24.3.202 (DMZ_172.24.3.0/24) eth5 172.26.0.4 (vpc-PLS_VPC-privateNetwork) Seems this is possibly a bug where a previously deleted PG is not fully gone and re-appears as a second interface on the RVR ? Is there a way I can remove this extra PG config somewhere - perhaps in a DB table ? BR Gary Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message.
RE: VR system offering account setting
Thanks Wei Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: Wei ZHOU Sent: Wednesday, October 11, 2023 10:38 AM To: users@cloudstack.apache.org Subject: Re: VR system offering account setting +1 Only new VRs will use the router offering -Wei On Wed, 11 Oct 2023 at 11:19, Daan Hoogland wrote: > Gary, I haven't investigated the code or tested this, but to my > knowledge it only applies on new to be created VRs. > > On Wed, Oct 11, 2023 at 11:04 AM Gary Dixon > wrote: > > > Hi all > > > > > > > > Just a quick question – if I specify the ID of a new service > > offering for a virtual router and apply it to a specific account > > setting “router.service.offering” > > > > Will it apply immediately and restart the redundant VR’s in the > customer’s > > VPC – or will it only apply the next time the VR’s are manually > > rebooted > or > > stopped and started or destroyed ? > > > > > > > > BR > > > > > > > > Gary > > > > > > > > > > Gary Dixon > > Senior Technical Consultant > > T: +44 161 537 4990 > > E: v <+44%207989717661>ms@quadris‑support.com > > W: > > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww > > .quadris.co.uk%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7C732274 > > f4a58049c5b64908dbca3dd7ed%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C > > 0%7C638326139188789064%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiL > > CJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C= > > i4HOCgMRYp9U5gAe858aBM0EDtx2cjv9GUS0WShcKZw%3D=0 > > The information contained in this e-mail from Quadris may be > > confidential and privileged for the private use of the named > > recipient. The contents > of > > this e-mail may not necessarily represent the official views of Quadris. > > If you have received this information in error you must not copy, > > distribute or take any action or reliance on its contents. Please > destroy > > any hard copies and delete this message. > > > > > -- > Daan >
VR system offering account setting
Hi all Just a quick question - if I specify the ID of a new service offering for a virtual router and apply it to a specific account setting "router.service.offering" Will it apply immediately and restart the redundant VR's in the customer's VPC - or will it only apply the next time the VR's are manually rebooted or stopped and started or destroyed ? BR Gary Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message.
RE: VR webserver.service apache2
Hi Wei I have created issue 7968 and attached the apache2 conf archive Thx Gary Bredbury Park Way, Bredbury, Stockport, SK6 2SN Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: Wei ZHOU Sent: Friday, September 15, 2023 10:53 AM To: users@cloudstack.apache.org Subject: Re: VR webserver.service apache2 Hi, Can you create a github issue and upload the archive ? -Wei On Fri, 15 Sept 2023 at 11:49, Gary Dixon wrote: > Hi Wei > > How can I get the conf file archive to you - I don't think I can > attach to this email ? > > > Gary Dixon > Senior Technical Consultant > T: +44 161 537 4990 > E: v <+44%207989717661>ms@quadris‑support.com > W: > http://www.q/ > uadris.co.uk%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7C7ef02fa6c8 > 3146c036e008dbb5d1a066%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63 > 8303684168301983%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV > 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=Skz%2FTxR9 > HXJF9zyfdvmumx9DKiNDfmgBHNafv52qHks%3D=0 > The information contained in this e-mail from Quadris may be > confidential and privileged for the private use of the named > recipient. The contents of this e-mail may not necessarily represent the > official views of Quadris. > If you have received this information in error you must not copy, > distribute or take any action or reliance on its contents. Please > destroy any hard copies and delete this message. > -Original Message- > From: Wei ZHOU > Sent: Friday, September 15, 2023 10:11 AM > To: users@cloudstack.apache.org > Subject: Re: VR webserver.service apache2 > > Hi Gary, > > Yes, please create a tarball with all config files in /etc/apache2/ > > -Wei > > On Fri, 15 Sept 2023 at 10:42, Gary Dixon > > > wrote: > > > Hi Wei > > > > We have a couple of VR's with the error now - do you want the > > apache2 conf files from one of them ? > > > > > > Gary Dixon > > Senior Technical Consultant > > T: +44 161 537 4990 > > E: v <+44%207989717661>ms@quadris‑support.com > > W: > > http://www/ > > .q%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7C7ef02fa6c83146c036 > > e008dbb5d1a066%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63830368 > > 4168301983%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luM > > zIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=gWMXGMjkMpvt > > VliTqkk%2FWf7zeawp9WsSVyoiodvsSR4%3D=0 > > uadris.co.uk%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7C918ea24b > > 33 > > 32425eaed608dbb5cbb567%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C > > 63 > > 8303658753627657%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjo > > iV > > 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=BBW%2B44 > > G4 > > 4hPDBestZi6uZlB3t5eTehNjcKobNNztrx4%3D=0 > > The information contained in this e-mail from Quadris may be > > confidential and privileged for the private use of the named > > recipient. The contents of this e-mail may not necessarily represent > > the > official views of Quadris. > > If you have received this information in error you must not copy, > > distribute or take any action or reliance on its contents. Please > > destroy any hard copies and delete this message. > > -Original Message- > > From: Wei ZHOU > > Sent: Friday, September 15, 2023 9:25 AM > > To: users@cloudstack.apache.org > > Subject: Re: VR webserver.service apache2 > > > > Hi, > > > > Do you have the backup of the apache2 conf files ? > > > > -Wei > > > > On Fri, 15 Sept 2023 at 09:47, Gary Dixon > > > > > > wrote: > > > > > Hi all > > > > > > > > > > > > ACS 4.15 > > > > > > KVM on Ubuntu 20.04 > > > > > > > > > > > > We have recently been getting failed VR health checks – > > > specifically the webserver.service apache2 failing to start (error > > > is “cannot define multiple listeners on the same IP:port) > > > > > > > > > > > > A VPC restart – with cleanup fixes the problem > > > > > > > > > > > > Just
RE: VR webserver.service apache2
Hi Wei How can I get the conf file archive to you - I don't think I can attach to this email ? Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: Wei ZHOU Sent: Friday, September 15, 2023 10:11 AM To: users@cloudstack.apache.org Subject: Re: VR webserver.service apache2 Hi Gary, Yes, please create a tarball with all config files in /etc/apache2/ -Wei On Fri, 15 Sept 2023 at 10:42, Gary Dixon wrote: > Hi Wei > > We have a couple of VR's with the error now - do you want the apache2 > conf files from one of them ? > > > Gary Dixon > Senior Technical Consultant > T: +44 161 537 4990 > E: v <+44%207989717661>ms@quadris‑support.com > W: > http://www.q/ > uadris.co.uk%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7C918ea24b33 > 32425eaed608dbb5cbb567%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63 > 8303658753627657%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV > 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=BBW%2B44G4 > 4hPDBestZi6uZlB3t5eTehNjcKobNNztrx4%3D=0 > The information contained in this e-mail from Quadris may be > confidential and privileged for the private use of the named > recipient. The contents of this e-mail may not necessarily represent the > official views of Quadris. > If you have received this information in error you must not copy, > distribute or take any action or reliance on its contents. Please > destroy any hard copies and delete this message. > -Original Message- > From: Wei ZHOU > Sent: Friday, September 15, 2023 9:25 AM > To: users@cloudstack.apache.org > Subject: Re: VR webserver.service apache2 > > Hi, > > Do you have the backup of the apache2 conf files ? > > -Wei > > On Fri, 15 Sept 2023 at 09:47, Gary Dixon > > > wrote: > > > Hi all > > > > > > > > ACS 4.15 > > > > KVM on Ubuntu 20.04 > > > > > > > > We have recently been getting failed VR health checks – specifically > > the webserver.service apache2 failing to start (error is “cannot > > define multiple listeners on the same IP:port) > > > > > > > > A VPC restart – with cleanup fixes the problem > > > > > > > > Just wanted to ask what functionality does the webserver.service > > provide as I m not seeing any issues so far on the running VM’s and > > VPN connections remain alive > > > > > > > > I know we can exclude the webserver.service from the health checks > > if it is not needed in our environment > > > > > > > > BR > > > > > > > > Gary > > > > > > Gary Dixon > > Senior Technical Consultant > > T: +44 161 537 4990 > > E: v <+44%207989717661>ms@quadris‑support.com > > W: > > http://www/ > > .q%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7C918ea24b3332425eae > > d608dbb5cbb567%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63830365 > > 8753783890%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luM > > zIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=YaDYfvLCWENy > > CHZiOyurB9FAFuLhnFiZe%2FBDPE4wTEs%3D=0 > > uadris.co.uk%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7Ccd866593 > > 35 > > 584b1b08dbb5c5595b%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C > > 63 > > 8303631471619560%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjo > > iV > > 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=8IN2XRuG > > op > > yrjL9%2F0gLBhDEN7oELUnaP8gAQ2PxHSO4%3D=0 > > The information contained in this e-mail from Quadris may be > > confidential and privileged for the private use of the named > > recipient. The contents of this e-mail may not necessarily represent > > the > official views of Quadris. > > If you have received this information in error you must not copy, > > distribute or take any action or reliance on its contents. Please > > destroy any hard copies and delete this message. > > >
RE: VR webserver.service apache2
Hi Wei We have a couple of VR's with the error now - do you want the apache2 conf files from one of them ? Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: Wei ZHOU Sent: Friday, September 15, 2023 9:25 AM To: users@cloudstack.apache.org Subject: Re: VR webserver.service apache2 Hi, Do you have the backup of the apache2 conf files ? -Wei On Fri, 15 Sept 2023 at 09:47, Gary Dixon wrote: > Hi all > > > > ACS 4.15 > > KVM on Ubuntu 20.04 > > > > We have recently been getting failed VR health checks – specifically > the webserver.service apache2 failing to start (error is “cannot > define multiple listeners on the same IP:port) > > > > A VPC restart – with cleanup fixes the problem > > > > Just wanted to ask what functionality does the webserver.service > provide as I m not seeing any issues so far on the running VM’s and > VPN connections remain alive > > > > I know we can exclude the webserver.service from the health checks if > it is not needed in our environment > > > > BR > > > > Gary > > > Gary Dixon > Senior Technical Consultant > T: +44 161 537 4990 > E: v <+44%207989717661>ms@quadris‑support.com > W: > http://www.q/ > uadris.co.uk%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7Ccd86659335 > 584b1b08dbb5c5595b%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63 > 8303631471619560%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV > 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=8IN2XRuGop > yrjL9%2F0gLBhDEN7oELUnaP8gAQ2PxHSO4%3D=0 > The information contained in this e-mail from Quadris may be > confidential and privileged for the private use of the named > recipient. The contents of this e-mail may not necessarily represent the > official views of Quadris. > If you have received this information in error you must not copy, > distribute or take any action or reliance on its contents. Please > destroy any hard copies and delete this message. >
VR webserver.service apache2
Hi all ACS 4.15 KVM on Ubuntu 20.04 We have recently been getting failed VR health checks - specifically the webserver.service apache2 failing to start (error is "cannot define multiple listeners on the same IP:port) A VPC restart - with cleanup fixes the problem Just wanted to ask what functionality does the webserver.service provide as I m not seeing any issues so far on the running VM's and VPN connections remain alive I know we can exclude the webserver.service from the health checks if it is not needed in our environment BR Gary Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message.
RE: creating multiple VM's from template
Hi Cristian Thanks for the tip - I'll reach out to out StorPool support guys - see if they have noticed any bottlenecks at the storage level BR Gary Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: Cristian Ciobanu Sent: Thursday, September 14, 2023 5:48 PM To: users@cloudstack.apache.org Subject: Re: creating multiple VM's from template Hi Gary, Are you sure that is not related to your storage performance? In my case, Windows takes much longer to deploy than Linux, because of the template size even with SSD/Nvme performance. Cristian On Thu, Sep 14, 2023, 19:38 Gary Dixon wrote: > Hi all > > > > ACS 4.15.2 > > KVM hypervisor on Ubuntu 20.04 > > > > We use Ansible to create 50 Windows VM’s from a template to spin up a > large Citrix estate. It currently takes around 2 hours for the entire > process to complete. > > Are there any settings in ACS that we can tweak to speed up the process ? > > > > BR > > > > Gary > Gary Dixon > Senior Technical Consultant > T: +44 161 537 4990 > E: v <+44%207989717661>ms@quadris‑support.com > W: > http://www.q/ > uadris.co.uk%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7C54c1d42e0e > eb40d0081908dbb542755a%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63 > 8303069272122691%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV > 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=FU6skNSKSK > valiq6%2BlQR3LiCgYXglJthiXLMCeEYeYw%3D=0 > The information contained in this e-mail from Quadris may be > confidential and privileged for the private use of the named > recipient. The contents of this e-mail may not necessarily represent the > official views of Quadris. > If you have received this information in error you must not copy, > distribute or take any action or reliance on its contents. Please > destroy any hard copies and delete this message. >
RE: creating multiple VM's from template
Hi Jithin Thanks for the tip - I wasn’t aware of this setting. I checked the setting and it is set to false. I'll analyse the logs to see if I can identify the bottleneck BR Gary Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: Jithin Raju Sent: Friday, September 15, 2023 5:19 AM To: users@cloudstack.apache.org Subject: Re: creating multiple VM's from template Hi Gary, Could you check whether setting ‘execute.in.sequence.hypervisor.commands’ to ‘false’ helps if it not already done? The default is ‘false’. You might want to review the logs to identify which operation is taking more time. -Jithin From: Cristian Ciobanu Date: Thursday, 14 September 2023 at 10:18 PM To: users@cloudstack.apache.org Subject: Re: creating multiple VM's from template Hi Gary, Are you sure that is not related to your storage performance? In my case, Windows takes much longer to deploy than Linux, because of the template size even with SSD/Nvme performance. Cristian On Thu, Sep 14, 2023, 19:38 Gary Dixon wrote: > Hi all > > > > ACS 4.15.2 > > KVM hypervisor on Ubuntu 20.04 > > > > We use Ansible to create 50 Windows VM’s from a template to spin up a > large Citrix estate. It currently takes around 2 hours for the entire > process to complete. > > Are there any settings in ACS that we can tweak to speed up the process ? > > > > BR > > > > Gary > Gary Dixon > Senior Technical Consultant > T: +44 161 537 4990 > E: v <+44%207989717661>ms@quadris‑support.com > W: > http://www.q/ > uadris.co.uk%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cfc678f5fee > c646d631fb08dbb5a2efb2%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63 > 8303483642245898%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV > 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=j0eN02ItOp > iR79Xx9QtrRlwkNnBk%2FTksY7XtVPR5JEA%3D=0<https://eur01.safeli/ > nks.protection.outlook.com/?url=http%3A%2F%2Fwww.quadris.co.uk%2F > =05%7C01%7CGary.Dixon%40quadris.co.uk%7Cfc678f5feec646d631fb08dbb5a2ef > b2%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C638303483642245898%7CU > nknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1ha > WwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=j0eN02ItOpiR79Xx9QtrRlwkNnBk%2 > FTksY7XtVPR5JEA%3D=0> The information contained in this > e-mail from Quadris may be confidential and privileged for the private > use of the named recipient. The contents of this e-mail may not > necessarily represent the official views of Quadris. > If you have received this information in error you must not copy, > distribute or take any action or reliance on its contents. Please > destroy any hard copies and delete this message. >
creating multiple VM's from template
Hi all ACS 4.15.2 KVM hypervisor on Ubuntu 20.04 We use Ansible to create 50 Windows VM’s from a template to spin up a large Citrix estate. It currently takes around 2 hours for the entire process to complete. Are there any settings in ACS that we can tweak to speed up the process ? BR Gary Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message.
RE: Windows guests hang on boot up
Hi Stephen Very interesting and thanks for the workaround – we will also look to implement this on our platform Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. From: Stephan Bienek Sent: Tuesday, August 22, 2023 7:42 PM To: users@cloudstack.apache.org Subject: Re: Windows guests hang on boot up Hi Gary, indeed we are seeing the same on all of our KVM based virtualization platform, for example CloudStack and Proxmox. We usually see this behavior when rebooting after updates. As we update and reboot using Ansible, we implemented a check if the reboot failed within the defined timeout. If the normal windows reboot failed, we execute a shutdown and start of the VM via the virtualizations platform API. After the shutdown and start, Windows is always booting normal again. A workaround because we did not find the root cause for the issue, but we know many others suffer the same issue. Best regards, Stephan Gary Dixon mailto:gary.di...@quadris.co.uk.invalid>> hat am 22.08.2023 16:38 CEST geschrieben: ACS 4.15.2 KVM hosts Ubuntu 20.04 Hi all Is anyone else seeing an issue where Windows guests VM’s are getting stuck at the windows boot logo after being rebooted ? It is the same issue as reported here https://borncity.com/win/2023/04/04/kvm-bug-windows-vms-can-hang-at-boot-after-11-days/ and also seems to be affecting other solutions that use KVM/Libvirt as the hypervisor such as proxmox If so has anyone found a fix ? BR Gary Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: vms@quadris‑support.com W: www.quadris.co.uk<http://www.quadris.co.uk/> [cid:image355344.png@091EAD28.CF104122] The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message.
Windows guests hang on boot up
ACS 4.15.2 KVM hosts Ubuntu 20.04 Hi all Is anyone else seeing an issue where Windows guests VM's are getting stuck at the windows boot logo after being rebooted ? It is the same issue as reported here https://borncity.com/win/2023/04/04/kvm-bug-windows-vms-can-hang-at-boot-after-11-days/ and also seems to be affecting other solutions that use KVM/Libvirt as the hypervisor such as proxmox If so has anyone found a fix ? BR Gary Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message.
RE: over-ride VM CPU config
Hi Stephen Sorry for the delayed reply - been away for a couple of weeks. This looks interesting - will give it a try with the CPU config - plus we may have a need for adding GPU's to specific VM's also !! BR Gary Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: Stephan Bienek Sent: Friday, July 14, 2023 4:19 PM To: users@cloudstack.apache.org Subject: Re: over-ride VM CPU config I am not sure if i understand your concern in regards to hooks, but they actually work to modify the generated XML. We are for example using the following settings in agent.properties to add GPUs to specific VMs. agent.hooks.libvirt_vm_on_start.script=libvirt-vm.groovy agent.hooks.libvirt_vm_xml_transformer.method=transform agent.hooks.libvirt_vm_xml_transformer.script=libvirt-vm.groovy agent.hooks.libvirt_vm_on_stop.script=libvirt-vm.groovy This was implemented before the nice feature of "extraconfig". The script libvirt-vm.groovy is adding additional devices (GPUs) to the device tree of the VMs XML like return new XmlParser().parseText( " \n" + "\n" + " \n" + "\n" + " ") } Maybe thats what you, Gary, were asking for? I never tried changing the CPU using this approach. Best regards, Stephan > Wido den Hollander hat am 14.07.2023 15:21 CEST geschrieben: > > > Op 14-07-2023 om 14:30 schreef Gary Dixon: > > Hi Wido > > > > So I take it this old feature request to inject custom domain XML > > wasn't implemented in any version of ACS ? > > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcw > > iki.apache.org%2Fconfluence%2Fdisplay%2FCLOUDSTACK%2FKVM%2Bhook%2Bsc > > ript%2Binclude=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cea7192122 > > 6554a430eab08db847da973%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7 > > C638249447480608018%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQ > > IjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=OTq > > jEwzkf37lJu3%2Bus3se5cubF5mvj1tLlUn3clzDss%3D=0 > > That's for during a migration. That seems to be supported by libvirt. > > Not during the start of a VM. > > Wido > > > > > Gary Dixon > > Senior Technical Consultant > > T: +44 161 537 4990 > > E: v ms@quadris‑support.com > > W: > > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww > > .quadris.co.uk%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cea7192 > > 1226554a430eab08db847da973%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C > > 0%7C638249447480608018%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiL > > CJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C= > > NxVH7v8ZnuHg%2FcI92fvonPlIq4kv4x9QyhotcFsDrbI%3D=0 > > > > The information contained in this e-mail from Quadris may be > > confidential and privileged for the private use of the named recipient. > > The contents of this e-mail may not necessarily represent the > > official views of Quadris. If you have received this information in > > error you must not copy, distribute or take any action or reliance > > on its contents. Please destroy any hard copies and delete this message. > > > > > > From: Wido den Hollander > > Sent: Friday, July 14, 2023 1:08 PM > > To: users@cloudstack.apache.org; Gary Dixon > > > > Subject: Re: over-ride VM CPU config > > > > > > > > Op 14/07/2023 om 13:46 schreef Gary Dixon: > > > Thanks Stephen > > > > > > This would be a great feature to have. I was wondering if for now > > we > could achieve our goal using libvirt hooks ? > > > https://libv/ > > > > > irt.org%2Fhooks.html%23custom-event-scripts=05%7C01%7CGary.Dixo > > n% > > > 40quadris.co.uk%7Cb12cb9c94d5a44d29c7408db8462f4ed%7Cf1d6abf3d3b4489 > > 4a > > > e16db0fb93a96a2%7C0%7C0%7C638249332779881625%7CUnknown%7CTWFpbGZsb3d > > 8e > > > yJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C > > 30 > > > 00%7C%7C%7C=CK%2Fdtn0NtenXsGtxEnRXknZlRVuNc7hEIAWN5WligRg%3D > > es > > > erved=0 > > > <https://lib/ > > > > > virt.org%2Fhooks.html%23custom-event-scripts=05%7C01%7
RE: over-ride VM CPU config
Hi Wido So I take it this old feature request to inject custom domain XML wasn't implemented in any version of ACS ? https://cwiki.apache.org/confluence/display/CLOUDSTACK/KVM+hook+script+include Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. From: Wido den Hollander Sent: Friday, July 14, 2023 1:08 PM To: users@cloudstack.apache.org; Gary Dixon Subject: Re: over-ride VM CPU config Op 14/07/2023 om 13:46 schreef Gary Dixon: > Thanks Stephen > > This would be a great feature to have. I was wondering if for now we > could achieve our goal using libvirt hooks ? > https://libv/ > irt.org%2Fhooks.html%23custom-event-scripts=05%7C01%7CGary.Dixon% > 40quadris.co.uk%7Cb12cb9c94d5a44d29c7408db8462f4ed%7Cf1d6abf3d3b44894a > e16db0fb93a96a2%7C0%7C0%7C638249332779881625%7CUnknown%7CTWFpbGZsb3d8e > yJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C30 > 00%7C%7C%7C=CK%2Fdtn0NtenXsGtxEnRXknZlRVuNc7hEIAWN5WligRg%3D > erved=0 > <https://lib/ > virt.org%2Fhooks.html%23custom-event-scripts=05%7C01%7CGary.Dixon > %40quadris.co.uk%7Cb12cb9c94d5a44d29c7408db8462f4ed%7Cf1d6abf3d3b44894 > ae16db0fb93a96a2%7C0%7C0%7C638249332779881625%7CUnknown%7CTWFpbGZsb3d8 > eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3 > 000%7C%7C%7C=CK%2Fdtn0NtenXsGtxEnRXknZlRVuNc7hEIAWN5WligRg%3D > served=0> As far as I know you are not able to modify the XML with hooks. You can act upon the hook prior to starting the VM by looking at the XML and preparing some resources for the VM, but you can't change anything at that point. Please do correct me if I'm wrong. Wido > > Gary Dixon > Senior Technical Consultant > T: +44 161 537 4990 > E: v ms@quadris‑support.com > W: > http://www.q/ > uadris.co.uk%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cb12cb9c94d > 5a44d29c7408db8462f4ed%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63 > 8249332779881625%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV > 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=Nl0TSU5cLT > JqKh4uuKibuBHW%2B24R58zPfp8zhddUH9c%3D=0 > > The information contained in this e-mail from Quadris may be > confidential and privileged for the private use of the named recipient. > The contents of this e-mail may not necessarily represent the official > views of Quadris. If you have received this information in error you > must not copy, distribute or take any action or reliance on its > contents. Please destroy any hard copies and delete this message. > > *From:*Stephan Bienek > *Sent:* Friday, July 14, 2023 12:38 PM > *To:* users@cloudstack.apache.org > *Subject:* Re: over-ride VM CPU config > > Hi Gary, > > Lukas had the same requirement and already opened an issue / feature > request for it > > https://gith/ > ub.com%2Fapache%2Fcloudstack%2Fissues%2F7600=05%7C01%7CGary.Dixon > %40quadris.co.uk%7Cb12cb9c94d5a44d29c7408db8462f4ed%7Cf1d6abf3d3b44894 > ae16db0fb93a96a2%7C0%7C0%7C638249332779881625%7CUnknown%7CTWFpbGZsb3d8 > eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3 > 000%7C%7C%7C=T%2FB5QFzUbaybc9iOIrlpxVIHukmdcI2V2%2FWFHxHRqh8%3D& > reserved=0 > <https://git/ > hub.com%2Fapache%2Fcloudstack%2Fissues%2F7600=05%7C01%7CGary.Dixo > n%40quadris.co.uk%7Cb12cb9c94d5a44d29c7408db8462f4ed%7Cf1d6abf3d3b4489 > 4ae16db0fb93a96a2%7C0%7C0%7C638249332779881625%7CUnknown%7CTWFpbGZsb3d > 8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C > 3000%7C%7C%7C=T%2FB5QFzUbaybc9iOIrlpxVIHukmdcI2V2%2FWFHxHRqh8%3D > =0> > > Best regards, > > Stephan > > Gary Dixon <mailto:gary.di...@quadris.co.uk.invalid>> hat am 14.07.2023 12:14 > CEST geschrieben: > > Hi all > > ACS 4.15.2 > > KVM on Ubuntu 20.04 > > We have a requirement that whenever a VM is deployed from a specific > template (a Netscaler appliance) that it must over-ride the agent > properties guest cpu mode = host-passthrough with a specific CPU > model like so : > > Currently the VM gets deployed with these CPU parameters from the > KVM host agent config: > > > > > > > > > And we want to over-ride with this CPU config: > > > > EPYC-Rome > > > > > >
RE: over-ride VM CPU config
Thanks Stephen This would be a great feature to have. I was wondering if for now we could achieve our goal using libvirt hooks ? https://libvirt.org/hooks.html#custom-event-scripts Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. From: Stephan Bienek Sent: Friday, July 14, 2023 12:38 PM To: users@cloudstack.apache.org Subject: Re: over-ride VM CPU config Hi Gary, Lukas had the same requirement and already opened an issue / feature request for it https://github.com/apache/cloudstack/issues/7600 Best regards, Stephan Gary Dixon mailto:gary.di...@quadris.co.uk.invalid>> hat am 14.07.2023 12:14 CEST geschrieben: Hi all ACS 4.15.2 KVM on Ubuntu 20.04 We have a requirement that whenever a VM is deployed from a specific template (a Netscaler appliance) that it must over-ride the agent properties guest cpu mode = host-passthrough with a specific CPU model like so : Currently the VM gets deployed with these CPU parameters from the KVM host agent config: And we want to over-ride with this CPU config: EPYC-Rome We can change it temporarily on a running VM with Virt-Manager – but I want this config to always be set whenever a VM is deployed from the template and whenever a deployed VM is stopped and started. Any assistance would be greatly appreciated BR Gary Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: vms@quadris‑support.com W: www.quadris.co.uk<http://www.quadris.co.uk/> [cid:image920300.png@58203250.EAA9ED95] The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message.
over-ride VM CPU config
Hi all ACS 4.15.2 KVM on Ubuntu 20.04 We have a requirement that whenever a VM is deployed from a specific template (a Netscaler appliance) that it must over-ride the agent properties guest cpu mode = host-passthrough with a specific CPU model like so : Currently the VM gets deployed with these CPU parameters from the KVM host agent config: And we want to over-ride with this CPU config: EPYC-Rome We can change it temporarily on a running VM with Virt-Manager - but I want this config to always be set whenever a VM is deployed from the template and whenever a deployed VM is stopped and started. Any assistance would be greatly appreciated BR Gary Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message.
RE: ACS with vmware hypervisors
Hi Vivek We currently have one Adv Zone that was originally setup with KVM hosts and we are trying to add a new VMware cluster to an existing Pod. We have added the relevant traffic labels to the VMWare sections on the physical adapters on the Zone and added the VMware cluster but then when trying to add the Datastore Cluster as new Primary storage we are not seeing the 'PreSetup' , 'VMFS' or 'DataCluster' options in the add primary storage wizard - its really odd. We set the vmware.management.portgroup global setting to "Management Network" and have split the ACS traffic types into 3 VLAN's (the same way we have for the KVM hosts) and created vmware vswitches called cloudbr0 (mgmt., sec storage), cloudbr1 (guest) and cloudbr2 (public) and added these vswitch names as the relevant traffic labels on the correct physical adapters in ACS. We use the vcenter full administrator account when adding to Vsphere datacenter to ACS and are using the eval license in vcenter - which is meant to be fully functional for a short period. Any assistance in resolving this would greatly be appreciated BR Gary Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: Vivek Kumar Sent: Monday, July 10, 2023 5:45 PM To: users@cloudstack.apache.org Subject: Re: ACS with vmware hypervisors Did you choose right zone/pod/cluster, because I am also using 4.15.2 and it’s giving me option PreSetup, do you have option called - vmfs ? Vivek Kumar Sr. Manager - Cloud & DevOps TechOps | Indiqus Technologies vivek.ku...@indiqus.com <mailto:vivek.ku...@indiqus.com> http://www.indiqus.com/ <https://www.indiqus.com/> > On 10-Jul-2023, at 3:34 PM, Gary Dixon > wrote: > > Hi Jithin > > This is the odd thing - when we try and add the vcenter datastore to ACS as > Primary storage - we do not have the 'preSetup' protocol option in the "add > primary storage" UI ? > > > Gary Dixon > Senior Technical Consultant > T: +44 161 537 4990 > E: v ms@quadris‑support.com > W: > http://www.q/ > uadris.co.uk%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cd2644af9a4 > 524ceecad408db81650536%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63 > 8246043116409605%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV > 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=VLMK7Hji4a > 8DH5MK0qurmLivru2LFr9e%2F%2BnOTm66jhU%3D=0 > > The information contained in this e-mail from Quadris may be confidential and > privileged for the private use of the named recipient. The contents of this > e-mail may not necessarily represent the official views of Quadris. If you > have received this information in error you must not copy, distribute or take > any action or reliance on its contents. Please destroy any hard copies and > delete this message. > -Original Message- > From: Jithin Raju > Sent: Monday, July 10, 2023 10:54 AM > To: users@cloudstack.apache.org > Subject: Re: ACS with vmware hypervisors > > Hi Gary, > > I am unable to tell the cause of the VM deployment failures with the log > snippets below. > Could you try adding the storage as a datastore in vCenter and add it to > CloudStack as ‘presetup’ ? > > -Jithin > > From: Gary Dixon > Date: Monday, 10 July 2023 at 2:12 PM > To: users@cloudstack.apache.org > Subject: RE: ACS with vmware hypervisors Hi Jithin > > We are using ACS 4.15.2 and vsphere esxi v7.0.3 > > This is the log output for job-42701: > > 2023-07-07 14:10:48,968 INFO [o.a.c.f.j.i.AsyncJobMonitor] > (API-Job-Executor-13:ctx-36699a50 job-42701) (logid:717a5506) Add > job-42701 into job monitoring > 2023-07-07 14:10:49,189 INFO [o.a.c.a.c.u.v.StartVMCmd] > (API-Job-Executor-13:ctx-36699a50 job-42701 ctx-a057c849) > (logid:96c5f242) > com.cloud.exception.InsufficientServerCapacityException: Unable to > create a deployment for VM[User|i-2-3207-VM]Scope=interface > com.cloud.dc.DataCenter; id=1 > 2023-07-07 14:10:49,189 INFO [o.a.c.a.c.u.v.StartVMCmd] > (API-Job-Executor-13:ctx-36699a50 job-42701 ctx-a057c849) > (logid:96c5f242) Unable to create a deployment for > VM[User|i-2-3207-VM] > 2023-07-07 14:10:49,210 INFO [o.a.c.f.j.i.AsyncJobMonitor] > (API-Job-Executor-13:ctx-36699a50 job-42701) (logid:96c5f242) Remove > job-42701 from job monitoring > > Do we also need to
RE: ACS with vmware hypervisors
Hi Jithin This is the odd thing - when we try and add the vcenter datastore to ACS as Primary storage - we do not have the 'preSetup' protocol option in the "add primary storage" UI ? Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: Jithin Raju Sent: Monday, July 10, 2023 10:54 AM To: users@cloudstack.apache.org Subject: Re: ACS with vmware hypervisors Hi Gary, I am unable to tell the cause of the VM deployment failures with the log snippets below. Could you try adding the storage as a datastore in vCenter and add it to CloudStack as ‘presetup’ ? -Jithin From: Gary Dixon Date: Monday, 10 July 2023 at 2:12 PM To: users@cloudstack.apache.org Subject: RE: ACS with vmware hypervisors Hi Jithin We are using ACS 4.15.2 and vsphere esxi v7.0.3 This is the log output for job-42701: 2023-07-07 14:10:48,968 INFO [o.a.c.f.j.i.AsyncJobMonitor] (API-Job-Executor-13:ctx-36699a50 job-42701) (logid:717a5506) Add job-42701 into job monitoring 2023-07-07 14:10:49,189 INFO [o.a.c.a.c.u.v.StartVMCmd] (API-Job-Executor-13:ctx-36699a50 job-42701 ctx-a057c849) (logid:96c5f242) com.cloud.exception.InsufficientServerCapacityException: Unable to create a deployment for VM[User|i-2-3207-VM]Scope=interface com.cloud.dc.DataCenter; id=1 2023-07-07 14:10:49,189 INFO [o.a.c.a.c.u.v.StartVMCmd] (API-Job-Executor-13:ctx-36699a50 job-42701 ctx-a057c849) (logid:96c5f242) Unable to create a deployment for VM[User|i-2-3207-VM] 2023-07-07 14:10:49,210 INFO [o.a.c.f.j.i.AsyncJobMonitor] (API-Job-Executor-13:ctx-36699a50 job-42701) (logid:96c5f242) Remove job-42701 from job monitoring Do we also need to add the iSCSI datatstore in vcenter as Primary storage to cloudstack UI? BR Gary Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: vms@quadris‑support.com W: http://www.quadris.co.uk/ [cid:image458271.png@D68BB0C8.6CA2D3B5] The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: Jithin Raju Sent: Monday, July 10, 2023 5:12 AM To: users@cloudstack.apache.org Subject: Re: ACS with vmware hypervisors Hi Gary, What are the ACS and Vmware ESXi versions you are using? Could you share the entire logs for this day or job-42701? -Jithin From: Gary Dixon Date: Friday, 7 July 2023 at 8:49 PM To: users@cloudstack.apache.org Subject: ACS with vmware hypervisors I was wondering if anyone has any experience with ACS and vmware ESXi as the hypervisor? I'm facing a problem when trying to deploy a new/fresh instance. I've deployed a vCenter appliance, created a data centre, cluster(s) and the hosts have all been added to ACS. When I attempt to deploy a fresh instance to the vmware cluster/hosts to build the OS from an ISO, the following errors are displayed/logged: UI Error: Unable to create a deployment for VM[User|i-2-3207-VM] Management Log: ..about 1/2 way into the error " at com.sun.proxy.$Proxy181.startVirtualMachine(Unknown Source)" is logged. 023-07-07 14:10:49,189 INFO [o.a.c.a.c.u.v.StartVMCmd] (API-Job-Executor-13:ctx-36699a50 job-42701 ctx-a057c849) (logid:96c5f242) Unable to create a deployment for VM[User|i-2-3207-VM] com.cloud.exception.InsufficientServerCapacityException: Unable to create a deployment for VM[User|i-2-3207-VM]Scope=interface com.cloud.dc.DataCenter; id=1 at org.apache.cloudstack.engine.cloud.entity.api.VMEntityManagerImpl.reserveVirtualMachine(VMEntityManagerImpl.java:225) at org.apache.cloudstack.engine.cloud.entity.api.VirtualMachineEntityImpl.reserve(VirtualMachineEntityImpl.java:202) at com.cloud.vm.UserVmManagerImpl.startVirtualMachine(UserVmManagerImpl.java:4937) at com.cloud.vm.UserVmManagerImpl.startVirtualMachine(UserVmManagerImpl.java:2897) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at org.springframework.aop.support.AopUtils.invokeJoin
RE: ACS with vmware hypervisors
Hi Jithin We are using ACS 4.15.2 and vsphere esxi v7.0.3 This is the log output for job-42701: 2023-07-07 14:10:48,968 INFO [o.a.c.f.j.i.AsyncJobMonitor] (API-Job-Executor-13:ctx-36699a50 job-42701) (logid:717a5506) Add job-42701 into job monitoring 2023-07-07 14:10:49,189 INFO [o.a.c.a.c.u.v.StartVMCmd] (API-Job-Executor-13:ctx-36699a50 job-42701 ctx-a057c849) (logid:96c5f242) com.cloud.exception.InsufficientServerCapacityException: Unable to create a deployment for VM[User|i-2-3207-VM]Scope=interface com.cloud.dc.DataCenter; id=1 2023-07-07 14:10:49,189 INFO [o.a.c.a.c.u.v.StartVMCmd] (API-Job-Executor-13:ctx-36699a50 job-42701 ctx-a057c849) (logid:96c5f242) Unable to create a deployment for VM[User|i-2-3207-VM] 2023-07-07 14:10:49,210 INFO [o.a.c.f.j.i.AsyncJobMonitor] (API-Job-Executor-13:ctx-36699a50 job-42701) (logid:96c5f242) Remove job-42701 from job monitoring Do we also need to add the iSCSI datatstore in vcenter as Primary storage to cloudstack UI? BR Gary Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: Jithin Raju Sent: Monday, July 10, 2023 5:12 AM To: users@cloudstack.apache.org Subject: Re: ACS with vmware hypervisors Hi Gary, What are the ACS and Vmware ESXi versions you are using? Could you share the entire logs for this day or job-42701? -Jithin From: Gary Dixon Date: Friday, 7 July 2023 at 8:49 PM To: users@cloudstack.apache.org Subject: ACS with vmware hypervisors I was wondering if anyone has any experience with ACS and vmware ESXi as the hypervisor? I'm facing a problem when trying to deploy a new/fresh instance. I've deployed a vCenter appliance, created a data centre, cluster(s) and the hosts have all been added to ACS. When I attempt to deploy a fresh instance to the vmware cluster/hosts to build the OS from an ISO, the following errors are displayed/logged: UI Error: Unable to create a deployment for VM[User|i-2-3207-VM] Management Log: ..about 1/2 way into the error " at com.sun.proxy.$Proxy181.startVirtualMachine(Unknown Source)" is logged. 023-07-07 14:10:49,189 INFO [o.a.c.a.c.u.v.StartVMCmd] (API-Job-Executor-13:ctx-36699a50 job-42701 ctx-a057c849) (logid:96c5f242) Unable to create a deployment for VM[User|i-2-3207-VM] com.cloud.exception.InsufficientServerCapacityException: Unable to create a deployment for VM[User|i-2-3207-VM]Scope=interface com.cloud.dc.DataCenter; id=1 at org.apache.cloudstack.engine.cloud.entity.api.VMEntityManagerImpl.reserveVirtualMachine(VMEntityManagerImpl.java:225) at org.apache.cloudstack.engine.cloud.entity.api.VirtualMachineEntityImpl.reserve(VirtualMachineEntityImpl.java:202) at com.cloud.vm.UserVmManagerImpl.startVirtualMachine(UserVmManagerImpl.java:4937) at com.cloud.vm.UserVmManagerImpl.startVirtualMachine(UserVmManagerImpl.java:2897) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) at org.apache.cloudstack.network.contrail.management.EventUtils$EventInterceptor.invoke(EventUtils.java:107) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175) at com.cloud.event.ActionEventInterceptor.invoke(ActionEventInterceptor.java:51) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175) at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215) at com.sun.proxy.$Proxy181.startVirtualMachine(Unknown Source) at org.apache.cloudstack.api.command.user.vm.StartVMCmd.execute(StartVMCmd.java:169) at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:156) at com.cloud.api.ApiAsyncJobDispatc
ACS with vmware hypervisors
I was wondering if anyone has any experience with ACS and vmware ESXi as the hypervisor? I'm facing a problem when trying to deploy a new/fresh instance. I've deployed a vCenter appliance, created a data centre, cluster(s) and the hosts have all been added to ACS. When I attempt to deploy a fresh instance to the vmware cluster/hosts to build the OS from an ISO, the following errors are displayed/logged: UI Error: Unable to create a deployment for VM[User|i-2-3207-VM] Management Log: ..about 1/2 way into the error " at com.sun.proxy.$Proxy181.startVirtualMachine(Unknown Source)" is logged. 023-07-07 14:10:49,189 INFO [o.a.c.a.c.u.v.StartVMCmd] (API-Job-Executor-13:ctx-36699a50 job-42701 ctx-a057c849) (logid:96c5f242) Unable to create a deployment for VM[User|i-2-3207-VM] com.cloud.exception.InsufficientServerCapacityException: Unable to create a deployment for VM[User|i-2-3207-VM]Scope=interface com.cloud.dc.DataCenter; id=1 at org.apache.cloudstack.engine.cloud.entity.api.VMEntityManagerImpl.reserveVirtualMachine(VMEntityManagerImpl.java:225) at org.apache.cloudstack.engine.cloud.entity.api.VirtualMachineEntityImpl.reserve(VirtualMachineEntityImpl.java:202) at com.cloud.vm.UserVmManagerImpl.startVirtualMachine(UserVmManagerImpl.java:4937) at com.cloud.vm.UserVmManagerImpl.startVirtualMachine(UserVmManagerImpl.java:2897) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) at org.apache.cloudstack.network.contrail.management.EventUtils$EventInterceptor.invoke(EventUtils.java:107) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175) at com.cloud.event.ActionEventInterceptor.invoke(ActionEventInterceptor.java:51) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175) at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215) at com.sun.proxy.$Proxy181.startVirtualMachine(Unknown Source) at org.apache.cloudstack.api.command.user.vm.StartVMCmd.execute(StartVMCmd.java:169) at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:156) at com.cloud.api.ApiAsyncJobDispatcher.runJob(ApiAsyncJobDispatcher.java:108) at org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.runInContext(AsyncJobManagerImpl.java:620) at org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:48) at org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:55) at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:102) at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:52) at org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:45) at org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.run(AsyncJobManagerImpl.java:568) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:829) Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies a
RE: ACS 4.15 with vsphere 7.0
Thanks Wei Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: Wei ZHOU Sent: Monday, June 26, 2023 12:07 PM To: users@cloudstack.apache.org Subject: Re: ACS 4.15 with vsphere 7.0 Hi, VMware 7.0 is supported since CloudStack 4.15.1.0, see https://github.com/apache/cloudstack/pull/4300 You should be able to run VMware 7.0 with CloudStack 4.15.2 -Wei On Mon, 26 Jun 2023 at 12:30, Gary Dixon wrote: > Hi all > > > > Wondering if anyone out there is successfully running vSphere 7.0 > clusters with ACS 4.15.2 ? > > > > BR > > > > Gary > > > > Gary Dixon > Senior Technical Consultant > T: +44 161 537 4990 > E: v <+44%207989717661>ms@quadris‑support.com > W: > http://www.q/ > uadris.co.uk%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cc47eeac043 > ba4af7548508db76358ee5%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63 > 8233744637186627%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV > 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=SZGllf0rix > dv5ukAtDYXf%2FD0FlN1g0jbIPSTPsPv8a4%3D=0 > The information contained in this e-mail from Quadris may be > confidential and privileged for the private use of the named > recipient. The contents of this e-mail may not necessarily represent the > official views of Quadris. > If you have received this information in error you must not copy, > distribute or take any action or reliance on its contents. Please > destroy any hard copies and delete this message. >
ACS 4.15 with vsphere 7.0
Hi all Wondering if anyone out there is successfully running vSphere 7.0 clusters with ACS 4.15.2 ? BR Gary Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message.
RE: Service offering CPU speed
Hi Shiv As stated we already have 24 VM's running using this offering. At first I thought there was an issue with a new template I had created that wasn't deploying using this offering - but it deployed fine with other offerings. I then used other known good templates to try and deploy using the offering that has the issue - same - cannot seem to deploy any more VM's with this offering. I read somewhere that the Compute offering relates to cgroups on the physical hypervisor and this is where the limit is being reached We are using Ubuntu 20.04 with KVM and I believe this is using cgroup v1 - I have heard of other issues when upgrading te KVM hypervisor to an OS - like Ubuntu 22.04 that uses cgroup v2 which has an even lower limit then cgroup v1 Bredbury Park Way, Bredbury, Stockport, SK6 2SN Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: K B Shiv Kumar Sent: Friday, May 19, 2023 2:07 PM To: users@cloudstack.apache.org Subject: Re: Service offering CPU speed Another thing, you can't exceed the physical clock speed... So if you have 2430 MHz you can't go above it. Does it work with 2400mhz? Regards, Shiv (Sent from mobile device. Please excuse brevity and typos.) On Fri, 19 May 2023, 18:34 K B Shiv Kumar, wrote: > Hi Gary > > What are the logs showing as the reason for not being able to deploy? > > 1mhz is getting the full clock speed because you may not have selected > cap CPU in your offering. > > We have never faced such a problem unless you are actually or of > space. If you are and your actual CPU utilisation is relatively low > you can specify overcommit ratio as 2 or even 4. > > Regards, > Shiv > (Sent from mobile device. Please excuse brevity and typos.) > > On Fri, 19 May 2023, 18:29 Gary Dixon, > > wrote: > >> Hi All >> >> >> >> We have a fixed service offering of 4 vCPU at a CPU speed of 2430 Mhz >> and have noticed that we are unable to deploy any more VM’s using >> this offering. There are currently 24 VM’s using this offering so >> 24*4*2430 = >> 233280 >> >> I believe Libvirt/Qemu has a hard coded cgroup limit of something >> like >> 266000 and so this is the reason we cannot deploy any more instances ? >> >> >> >> >> >> What are you guys using for your CPU speed as clearly it actually has >> nothing to do with CPU speed but more to do with CPU weight ? >> >> >> >> I have created a new offering as a test with 4 CPU and just 1Mhz cpu >> speed and deployed a MS Server 2109 instance and in task manager it >> clearly shows it is using 2.4 Ghz >> >> >> >> I am unsure whether we should set ALL of our compute offerings to be >> 1Mhz or should it be based on the number of CPU’s as well – so a 1 >> cpu offering has 1Mhz – a 2cpu offering has 2Mhz speed - a 4CPU >> offering has 4Mhz set as the speed/weight etc etc ? >> >> >> >> Would be interesting to see what others are setting in their >> offerings as the speed – also do you set your System offerings >> (default 500Mhz) to use the new speed as other offerings ? >> >> >> >> BR >> >> >> >> Gary >> >> >> >> >> Gary Dixon >> Senior Technical Consultant >> T: +44 161 537 4990 >> E: *v* <+44%207989717661>ms@quadris‑support.com >> W: >> https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww. >> quadris.co.uk%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cdab51144 >> 1bbf47b0de1308db586a24f2%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7 >> C638200985130644516%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQI >> joiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=2ms9W >> WRlsUougYHiOlvEYBJ8%2FejftVI6yjwm0maQki0%3D=0 >> The information contained in this e-mail from Quadris may be >> confidential and privileged for the private use of the named >> recipient. The contents of this e-mail may not necessarily represent the >> official views of Quadris. >> If you have received this information in error you must not copy, >> distribute or take any action or reliance on its contents. Please >> destroy any hard copies and delete this message. >> >
Service offering CPU speed
Hi All We have a fixed service offering of 4 vCPU at a CPU speed of 2430 Mhz and have noticed that we are unable to deploy any more VM's using this offering. There are currently 24 VM's using this offering so 24*4*2430 = 233280 I believe Libvirt/Qemu has a hard coded cgroup limit of something like 266000 and so this is the reason we cannot deploy any more instances ? What are you guys using for your CPU speed as clearly it actually has nothing to do with CPU speed but more to do with CPU weight ? I have created a new offering as a test with 4 CPU and just 1Mhz cpu speed and deployed a MS Server 2109 instance and in task manager it clearly shows it is using 2.4 Ghz I am unsure whether we should set ALL of our compute offerings to be 1Mhz or should it be based on the number of CPU's as well - so a 1 cpu offering has 1Mhz - a 2cpu offering has 2Mhz speed - a 4CPU offering has 4Mhz set as the speed/weight etc etc ? Would be interesting to see what others are setting in their offerings as the speed - also do you set your System offerings (default 500Mhz) to use the new speed as other offerings ? BR Gary Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message.
RE: preventing VM Live migration between Pods
I have managed to workaround the issue. I have created a new Role based on the Root Admin role but edited it to not allow VM migrations - I can then use the API to move all of our current IT admins into a new Root account based on this new role so no internal staff can live migrate a VM Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: K B Shiv Kumar Sent: Wednesday, May 17, 2023 9:34 AM To: users@cloudstack.apache.org Subject: Re: preventing VM Live migration between Pods Hi Gary The other 2 settings as mentioned by Simon should do the trick. We are doing the same as a safeguard albeit to a different problem. Regards, Shiv (Sent from mobile device. Please excuse brevity and typos.) On Wed, 17 May 2023, 12:59 Gary Dixon, wrote: > Hi Si > > Unfortunately, we don't seem to have the global setting " > migrate.vm.across.clusters" on our ACS version - 4.15.2 > > > Gary Dixon > Senior Technical Consultant > T: +44 161 537 4990 > E: *v* <+44%207989717661>ms@quadris‑support.com > W: > http://www.q/ > uadris.co.uk%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cd3fc66be2e > 9b4299f48008db56b17ba2%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63 > 8199092509051713%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV > 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=D9uPO1Cu2Q > 9Z58jQ55x1gjdBc9CB9331mb1uX0gjHqQ%3D=0 > The information contained in this e-mail from Quadris may be > confidential and privileged for the private use of the named > recipient. The contents of this e-mail may not necessarily represent the > official views of Quadris. > If you have received this information in error you must not copy, > distribute or take any action or reliance on its contents. Please > destroy any hard copies and delete this message. > -Original Message- > From: Simon Weller > Sent: Tuesday, May 16, 2023 4:12 PM > To: users@cloudstack.apache.org > Subject: Re: preventing VM Live migration between Pods > > Gary, > > There are some global settings you can enable/disable to prevent > certain VM (and storage) movements. > > migrate.vm.across.clusters - indicates whether the VM can be migrated > to different cluster if no host is found in same cluster > enable.storage.migration - Enable/disable storage migration across > primary storage enable.ha.storage.migration - Enable/disable storage > migration across primary storage during HA > > -Si > > On Tue, May 16, 2023 at 8:13 AM Gary Dixon > > wrote: > > > Hi everyone > > > > > > > > Other than disabling a Pod – is there a way to prevent live > > migration of VM’s between Pods in ACS ? > > > > > > > > We are on version 4.15.2 with Ubuntu 20.04 KVM hosts. Each Pod > > contains a single cluster of Homogenous hosts – however there are > > only slight differences between the CPU’s on the physical hosts in > > each Cluster. We have the guest.cpu.mode set to host-passthrough but > > have noticed serious issues when a VM is live migrated between > > specific Pods (usually if a VM is started on a cluster with the > > slightly better CPU’s and then live migrated to an older Pod) > > > > > > > > We have tried setting the guest.cpu.mode to host-passthrough with > > specific CPU features using the “guest.cpu.features=” and then > > setting all of the host’s CPU flags shown from the output of the > > lscpu command in a space separated list as instructed from ACS > > documentation – but we then are unable to even start a VM – > > insufficient resources error, > > - if we remove the guest.cpu.features from the agent.properties – > > then we can start a VM again. > > > > > > > > It would be good if we had an option or a setting to just not allow > > live migration of VM’s between pods and therefore can only perform a > ‘cold’ > > migration if we wish to move a VM to another Pod. > > > > > > > > Any thoughts on this ? > > > > > > > > BR > > > > > > > > Gary > > > > > > > > > > Gary Dixon > > Senior Technical Consultant > > T: +44 161 537 4990 > > E: *v* <+44%207989717661>ms@quadris‑support.com >
RE: preventing VM Live migration between Pods
Hi Si Unfortunately, we don't seem to have the global setting " migrate.vm.across.clusters" on our ACS version - 4.15.2 Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: Simon Weller Sent: Tuesday, May 16, 2023 4:12 PM To: users@cloudstack.apache.org Subject: Re: preventing VM Live migration between Pods Gary, There are some global settings you can enable/disable to prevent certain VM (and storage) movements. migrate.vm.across.clusters - indicates whether the VM can be migrated to different cluster if no host is found in same cluster enable.storage.migration - Enable/disable storage migration across primary storage enable.ha.storage.migration - Enable/disable storage migration across primary storage during HA -Si On Tue, May 16, 2023 at 8:13 AM Gary Dixon wrote: > Hi everyone > > > > Other than disabling a Pod – is there a way to prevent live migration > of VM’s between Pods in ACS ? > > > > We are on version 4.15.2 with Ubuntu 20.04 KVM hosts. Each Pod > contains a single cluster of Homogenous hosts – however there are only > slight differences between the CPU’s on the physical hosts in each > Cluster. We have the guest.cpu.mode set to host-passthrough but have > noticed serious issues when a VM is live migrated between specific > Pods (usually if a VM is started on a cluster with the slightly better > CPU’s and then live migrated to an older Pod) > > > > We have tried setting the guest.cpu.mode to host-passthrough with > specific CPU features using the “guest.cpu.features=” and then setting > all of the host’s CPU flags shown from the output of the lscpu command > in a space separated list as instructed from ACS documentation – but > we then are unable to even start a VM – insufficient resources error, > - if we remove the guest.cpu.features from the agent.properties – then > we can start a VM again. > > > > It would be good if we had an option or a setting to just not allow > live migration of VM’s between pods and therefore can only perform a ‘cold’ > migration if we wish to move a VM to another Pod. > > > > Any thoughts on this ? > > > > BR > > > > Gary > > > > > Gary Dixon > Senior Technical Consultant > T: +44 161 537 4990 > E: *v* <+44%207989717661>ms@quadris‑support.com > W: > http://www.q/ > uadris.co.uk%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cf8331db395 > 984949ba8d08db562012bb%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63 > 8198467982509544%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV > 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=h%2BigV6hV > qgBCI9uXH9E6WkaOmeN9Ks%2BLZ6d4Fga9ekM%3D=0 > The information contained in this e-mail from Quadris may be > confidential and privileged for the private use of the named > recipient. The contents of this e-mail may not necessarily represent the > official views of Quadris. > If you have received this information in error you must not copy, > distribute or take any action or reliance on its contents. Please > destroy any hard copies and delete this message. >
RE: preventing VM Live migration between Pods
We have tried host-model – however virsh capabilities on the newer servers doesn’t even pick up the correct cpu map xml definition – the actual CPU is a AMD EPYC 7763 (codename Milan) and libvirt thinks it’s a ‘Rome’ cpu – a whole generation earlier !!! Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. From: Granwille Strauss Sent: Tuesday, May 16, 2023 3:51 PM To: users@cloudstack.apache.org Cc: gary.di...@quadris.co.uk.INVALID Subject: Re: preventing VM Live migration between Pods Hi Gary I am still fairly new to ACS myself, but as far as I can recall, using the 'host-passthrough' option is prone to cause problems during migrations, this is also mentioned in the documentation: https://docs.cloudstack.apache.org/en/latest/installguide/hypervisor/kvm.html?highlight=host-passthrough#configure-cpu-model-for-kvm-guest-optional I suggest changing to 'host-model' instead: host-passthrough may lead to migration failure,if you have this problem, you should use host-model or custom. guest.cpu.features will force cpu features as a required policy so make sure to put only those features that are provided by the host CPU. As your kvm cluster needs to be made up of homogenous nodes anyway (see System Requirements), it might make most sense to use guest.cpu.mode=host-model or guest.cpu.mode=host-passthrough On 5/16/23 15:13, Gary Dixon wrote: Hi everyone Other than disabling a Pod – is there a way to prevent live migration of VM’s between Pods in ACS ? We are on version 4.15.2 with Ubuntu 20.04 KVM hosts. Each Pod contains a single cluster of Homogenous hosts – however there are only slight differences between the CPU’s on the physical hosts in each Cluster. We have the guest.cpu.mode set to host-passthrough but have noticed serious issues when a VM is live migrated between specific Pods (usually if a VM is started on a cluster with the slightly better CPU’s and then live migrated to an older Pod) We have tried setting the guest.cpu.mode to host-passthrough with specific CPU features using the “guest.cpu.features=” and then setting all of the host’s CPU flags shown from the output of the lscpu command in a space separated list as instructed from ACS documentation – but we then are unable to even start a VM – insufficient resources error, - if we remove the guest.cpu.features from the agent.properties – then we can start a VM again. It would be good if we had an option or a setting to just not allow live migration of VM’s between pods and therefore can only perform a ‘cold’ migration if we wish to move a VM to another Pod. Any thoughts on this ? BR Gary Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: vms@quadris‑support.com W: www.quadris.co.uk<http://www.quadris.co.uk> [cid:image208890.png@3D7DB5EF.08AC05B1] The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -- Regards / Groete [https://www.adsigner.com/v1/s/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818/logo/621b3fa39fb210001f975298/cd2904ba-304d-4a49-bf33-cbe9ac76d929_248x-.png]<https://www.namhost.com/> Granwille Strauss // Senior Systems Admin e: granwi...@namhost.com<mailto:granwi...@namhost.com> m: +264 81 323 1260 w: www.namhost.com<https://www.namhost.com/> [https://www.adsigner.com/v1/s/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818/social_icon_01/621b3fa39fb210001f975298/9151954b-b298-41aa-89c8-1d68af075373_48x48.png]<https://www.facebook.com/namhost>[https://www.adsigner.com/v1/s/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818/social_icon_02/621b3fa39fb210001f975298/85a9dc7c-7bd1-4958-85a9-e6a25baeb028_48x48.png]<https://twitter.com/namhost>[https://www.adsigner.com/v1/s/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818/social_icon_03/621b3fa39fb210001f975298/c1c5386c-914c-43cf-9d37-5b4aa8e317ab_48x48.png]<https://www.instagram.com/namhostinternetservices/>[https://www.adsigner.com/v1/s/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818/social_icon_04/621b3fa39fb210001f975298/3aaa7968-130e-48ec-821d-559a332cce47_48x48.png]<https://www.linkedin.com/company/namhos>[https://www.adsigner.com/v1/s/631091998d467000
preventing VM Live migration between Pods
Hi everyone Other than disabling a Pod – is there a way to prevent live migration of VM’s between Pods in ACS ? We are on version 4.15.2 with Ubuntu 20.04 KVM hosts. Each Pod contains a single cluster of Homogenous hosts – however there are only slight differences between the CPU’s on the physical hosts in each Cluster. We have the guest.cpu.mode set to host-passthrough but have noticed serious issues when a VM is live migrated between specific Pods (usually if a VM is started on a cluster with the slightly better CPU’s and then live migrated to an older Pod) We have tried setting the guest.cpu.mode to host-passthrough with specific CPU features using the “guest.cpu.features=” and then setting all of the host’s CPU flags shown from the output of the lscpu command in a space separated list as instructed from ACS documentation – but we then are unable to even start a VM – insufficient resources error, - if we remove the guest.cpu.features from the agent.properties – then we can start a VM again. It would be good if we had an option or a setting to just not allow live migration of VM’s between pods and therefore can only perform a ‘cold’ migration if we wish to move a VM to another Pod. Any thoughts on this ? BR Gary Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message.
removing UI elements
Hi everyone Does anyone know how we can remove the "CPU Mhz" from displaying in the UI ? We want customers only to be able to see the number of vCPUS's in the compute offerings and not their MHZ value BR Gary Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message.
RE: SQL error and "can't upgrade database" when I try to upgrade CS 4.17.1.0 to 4.18.0.0
Somebody else recently posted about this issue and resolved it by updating their MySql that was also on v5.7.41 - they didn't specify what version they updated MySql to however Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: David Larsen Sent: Friday, March 24, 2023 4:27 PM To: users@cloudstack.apache.org Subject: SV: SQL error and "can't upgrade database" when I try to upgrade CS 4.17.1.0 to 4.18.0.0 Update: I reverted to 4.17.1.0 snapshot and successfully upgraded to 4.17.2.0 without any issues. I will try upgrade to 4.18.0 from 4.17.2.0 later. Med vennlig hilsen David Larsen Senior systemkonsulent ADCOM MOLDE, IT Data AS Fabrikkvegen 13 | 6415 Molde Mobil: 959 48 308 | Sentralbord: 71 25 06 40 david.lar...@adcom.no | https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.adcom.no%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7C68fd5fbd03f147134c6008db2c84b008%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C638152720630391311%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=2srpXA2d5XwQHLEW9bT%2BPwgtz5RCzAqI5et%2BYVX7qKE%3D=0 Følg oss på sosiale medier: Tenk på miljøet før du skriver ut denne eposten -Opprinnelig melding- Fra: David Larsen Sendt: fredag 24. mars 2023 15:33 Til: users@cloudstack.apache.org Emne: SQL error and "can't upgrade database" when I try to upgrade CS 4.17.1.0 to 4.18.0.0 Hi I’m running CS 4.17.1.0 on ubuntu 18.04 and MySQL 5.7.41, and tried to upgrade to 4.18.0.0 Please see log bellow for details regarding sql error. 2023-03-24 15:07:42,669 DEBUG [c.c.u.d.ScriptRunner] (main:null) (logid:) CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.vm_template', 'user_data_id', 'bigint unsigned DEFAULT NULL COMMENT "id of the us er data"') 2023-03-24 15:07:43,075 DEBUG [c.c.u.d.ScriptRunner] (main:null) (logid:) CALL `cloud`.`IDEMPOTENT_ADD_FOREIGN_KEY`('cloud.vm_template', 'user_data', 'id') 2023-03-24 15:07:43,213 ERROR [c.c.u.d.ScriptRunner] (main:null) (logid:) Error executing: CALL `cloud`.`IDEMPOTENT_ADD_FOREIGN_KEY`('cloud.vm_template', 'user_data', 'id') 2023-03-24 15:07:43,214 ERROR [c.c.u.d.ScriptRunner] (main:null) (logid:) java.sql.SQLIntegrityConstraintViolationException: Can't write; duplicate key in table '#sql-500_158' 2023-03-24 15:07:43,216 ERROR [c.c.u.DatabaseUpgradeChecker] (main:null) (logid:) Unable to execute upgrade script java.sql.SQLIntegrityConstraintViolationException: Can't write; duplicate key in table '#sql-500_158' at com.cloud.utils.db.ScriptRunner.runScript(ScriptRunner.java:185) at com.cloud.utils.db.ScriptRunner.runScript(ScriptRunner.java:87) at com.cloud.upgrade.DatabaseUpgradeChecker.runScript(DatabaseUpgradeChecker.java:226) at com.cloud.upgrade.DatabaseUpgradeChecker.upgrade(DatabaseUpgradeChecker.java:310) at com.cloud.upgrade.DatabaseUpgradeChecker.check(DatabaseUpgradeChecker.java:401) at org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle.checkIntegrity(CloudStackExtendedLifeCycle.java:64) at org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle.start(CloudStackExtendedLifeCycle.java:54) at org.springframework.context.support.DefaultLifecycleProcessor.doStart(DefaultLifecycleProcessor.java:178) at org.springframework.context.support.DefaultLifecycleProcessor.access$200(DefaultLifecycleProcessor.java:54) at org.springframework.context.support.DefaultLifecycleProcessor$LifecycleGroup.start(DefaultLifecycleProcessor.java:356) at java.base/java.lang.Iterable.forEach(Iterable.java:75) at org.springframework.context.support.DefaultLifecycleProcessor.startBeans(DefaultLifecycleProcessor.java:155) at org.springframework.context.support.DefaultLifecycleProcessor.onRefresh(DefaultLifecycleProcessor.java:123) at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:935) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:586) at org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.loadContext(DefaultModuleDefinitionSet.java:144) at org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet$2.with(Defau
RE: Enabling UEFI secure Boot on ACS 4.17.2 KVM+Ubuntu
Hi Joan You have to update the host entries in the database manually unfortunately as 4.17.2 with KVM hosts doesn't pick up the uefi config - it’s a known issue apparently. Also even if you manage to get this working - you won't be able to live migrate uefi enabled VM's - ACS will state its not supported in the logs. We're waiting to update ACS to the latest version and update the KVM hosts to Ubuntu 22.04 as apparently uefi has much better support. Also bear in mind that you will need MS signed virtio drivers for Secure Boot enabled Windows VM's as the virtio drivers will be blocked if they are not signed by Microsoft BR Gary Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: Joan g Sent: Tuesday, March 21, 2023 1:11 PM To: users@cloudstack.apache.org Subject: Enabling UEFI secure Boot on ACS 4.17.2 KVM+Ubuntu Hello, I am trying to deploy a Windows machine with Secure boot. But its getting failed with message " Cannot deploy to specified host as host does n't support uefi vm deployment, returning." OVMF is already installed in KVM node and uefi.properties are updated with below details: === guest.nvram.template.secure=/usr/share/OVMF/OVMF_VARS.fd guest.nvram.template.legacy=/usr/share/OVMF/OVMF_VARS.fd guest.loader.secure=/usr/share/OVMF/OVMF_CODE.secboot.fd guest.loader.legacy=/usr/share/OVMF/OVMF_CODE.fd guest.nvram.path=/var/lib/libvirt/qemu/nvram/ === After restarting the cloudstack-agent in host, still the Database table not getting updated - mysql> select * from host_details where name like '%uefi%'; Empty set (0.00 sec) - Can someone advice what I am missing here? Regards Jg
RE: There issue with MTU size on Ubuntu KVM
Hi Sanjay MTU has to be correct end to end for it to work. Do your switches also support the higher MTU value that you are trying to set ie - 9000 ? Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: Sanjay Kumar Sent: Wednesday, March 15, 2023 10:21 AM To: users@cloudstack.apache.org Subject: There issue with MTU size on Ubuntu KVM Hi all, We have setup ubuntu 20.04 as KVM and set the MTU size 9000 after that it is not working. If we have setup 1500 and it is working fine. is there any work around on this? Any help would be really appreciated. Thank you! With Regards, Sanjay
RE: Console Proxy VM TLS version and cipher suites
Hi Wei Thanks for checking and good to know! Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: Wei ZHOU Sent: Thursday, March 9, 2023 8:56 AM To: users@cloudstack.apache.org Subject: Re: Console Proxy VM TLS version and cipher suites Hi Gary, I have checked 4.16.1, 4.17.2, 4.18.0 system vms, it looks like `TLSv1, TLSv1.1` has been already added to "jdk.tls.disabledAlgorithms". root@s-1-VM:~# cat /etc/cloudstack-release Cloudstack Release 4.16.1 Mon 31 Jan 2022 10:02:56 AM UTC root@s-1-VM:~# grep ^jdk.tls.disabledAlgorithms /etc/java-11-openjdk/security/java.security -A3 jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \ DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \ include jdk.disabled.namedCurves root@v-2-VM:~# cat /etc/cloudstack-release Cloudstack Release 4.17.2 Fri 09 Dec 2022 12:51:18 PM UTC root@v-2-VM:~# grep ^jdk.tls.disabledAlgorithms /etc/java-11-openjdk/security/java.security -A3 jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \ DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \ include jdk.disabled.namedCurves root@v-11-VM:~# cat /etc/cloudstack-release Cloudstack Release 4.18.0 Wed 28 Dec 2022 09:45:19 AM UTC root@v-11-VM:~# grep ^jdk.tls.disabledAlgorithms /etc/java-11-openjdk/security/java.security -A3 jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \ DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \ include jdk.disabled.namedCurves -Wei On Thu, 9 Mar 2023 at 09:41, Gary Dixon wrote: > Hi Si > > We are on ACS 4.15.2 with KVM Hypervisor on Ubuntu 20.04 hosts > > we've added "TLSv1" and "TLSv1.1" in the > /etc/java-11-openjdk/security/java.security file on the SystemVM, on > the line starting with "jdk.tls.disableAlgorithms > > The scan reported TLS 1.0 and TLS 1.1 was enabled for" https port 443 > JBoss Enterprise Application Paltform" before we made the change above. > After the config change the scan no longer shows this > > This may well be locked down to TLS 1.2 and higher in later versions > of CloudStack ? > > BR > > Gary > > > > Gary Dixon > Senior Technical Consultant > T: +44 161 537 4990 > E: *v* <+44%207989717661>ms@quadris‑support.com > W: > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.q > uadris.co.uk%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7C888509cb05 > 8d4525d4fe08db207c21be%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63 > 8139489765419355%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV > 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=liiDG3iAUX > PH6xhUMaeKCYOj9hfZBIKPgDBzs1RthCI%3D=0 > The information contained in this e-mail from Quadris may be > confidential and privileged for the private use of the named > recipient. The contents of this e-mail may not necessarily represent the > official views of Quadris. > If you have received this information in error you must not copy, > distribute or take any action or reliance on its contents. Please > destroy any hard copies and delete this message. > -Original Message- > From: Simon Weller > Sent: Wednesday, March 8, 2023 9:34 PM > To: users@cloudstack.apache.org > Subject: Re: Console Proxy VM TLS version and cipher suites > > Gary, > > Can you provide more information as to which CloudStack version you're > running and also where you made modifications? Was it to the Tomcat config? > As Kiran indicated, you should not see any old TLS versions offered in > modern versions of CloudStack. So, if you are, we want to get to the > bottom of it quickly. > > -Si > > On Wed, Mar 8, 2023 at 3:48 AM Gary Dixon > > > wrote: > > > > > The PEN test had picked up that a JBoss Enterprise Application was > > allowing TLS v1.0 and TLS v1.1- we have managed to disable this now > > but obviously we would need to build this in to a new System VM > > template to make the change persist a Console Proxy VM rebuild Gary > > Dixon Senior Technical Consultant > > T: +44 161 537 4990 > > E: *v* <+44%207989717661>ms@quadris‑support.com > > W: > > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww > &
RE: Console Proxy VM TLS version and cipher suites
Hi Si We are on ACS 4.15.2 with KVM Hypervisor on Ubuntu 20.04 hosts we've added "TLSv1" and "TLSv1.1" in the /etc/java-11-openjdk/security/java.security file on the SystemVM, on the line starting with "jdk.tls.disableAlgorithms The scan reported TLS 1.0 and TLS 1.1 was enabled for" https port 443 JBoss Enterprise Application Paltform" before we made the change above. After the config change the scan no longer shows this This may well be locked down to TLS 1.2 and higher in later versions of CloudStack ? BR Gary Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: Simon Weller Sent: Wednesday, March 8, 2023 9:34 PM To: users@cloudstack.apache.org Subject: Re: Console Proxy VM TLS version and cipher suites Gary, Can you provide more information as to which CloudStack version you're running and also where you made modifications? Was it to the Tomcat config? As Kiran indicated, you should not see any old TLS versions offered in modern versions of CloudStack. So, if you are, we want to get to the bottom of it quickly. -Si On Wed, Mar 8, 2023 at 3:48 AM Gary Dixon wrote: > > The PEN test had picked up that a JBoss Enterprise Application was > allowing TLS v1.0 and TLS v1.1- we have managed to disable this now > but obviously we would need to build this in to a new System VM > template to make the change persist a Console Proxy VM rebuild Gary > Dixon Senior Technical Consultant > T: +44 161 537 4990 > E: *v* <+44%207989717661>ms@quadris‑support.com > W: > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.q > uadris.co.uk%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cd6fbad0d06 > 1646b0798d08db201d1487%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63 > 8139081499335831%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV > 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=fp0XzdxqdB > ocYlRM9dBdOH%2F5Gn87y4j0ZHJq49xrfB4%3D=0 > The information contained in this e-mail from Quadris may be > confidential and privileged for the private use of the named > recipient. The contents of this e-mail may not necessarily represent the > official views of Quadris. > If you have received this information in error you must not copy, > distribute or take any action or reliance on its contents. Please > destroy any hard copies and delete this message. > > From: Kiran Chavala > Sent: Tuesday, March 7, 2023 12:59 PM > To: users@cloudstack.apache.org > Subject: Re: Console Proxy VM TLS version and cipher suites > > Hi Gary > > AFAIK, I think cloudstack has disabled anything below TLS v1.2 from > 4.11.0 release > > > > > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgith > ub.com%2Fapache%2Fcloudstack%2Fpull%2F2480=05%7C01%7CGary.Dixon%4 > 0quadris.co.uk%7Cd6fbad0d061646b0798d08db201d1487%7Cf1d6abf3d3b44894ae > 16db0fb93a96a2%7C0%7C0%7C638139081499335831%7CUnknown%7CTWFpbGZsb3d8ey > JWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C300 > 0%7C%7C%7C=oCYSb6dI2ift9%2Bg2ReXuv%2BWHLTZ1blgPjMtjn%2B3%2B0PI%3 > D=0 > > > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissu > es.apache.org%2Fjira%2Fbrowse%2FCLOUDSTACK-10319=05%7C01%7CGary.D > ixon%40quadris.co.uk%7Cd6fbad0d061646b0798d08db201d1487%7Cf1d6abf3d3b4 > 4894ae16db0fb93a96a2%7C0%7C0%7C638139081499335831%7CUnknown%7CTWFpbGZs > b3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D > %7C3000%7C%7C%7C=p0m1mWEnJZJvNA9cvfbu0oDIncC1G2WM94w8VAA4Lrc%3D& > reserved=0 > > [ > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fopen > graph.githubassets.com%2F2b9813d128412ed49741e9c7523f4d3fb466d19b3c3b2 > 90539fb876ba1bcf0a9%2Fapache%2Fcloudstack%2Fpull%2F2480=05%7C01%7 > CGary.Dixon%40quadris.co.uk%7Cd6fbad0d061646b0798d08db201d1487%7Cf1d6a > bf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C638139081499335831%7CUnknown%7CT > WFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI > 6Mn0%3D%7C3000%7C%7C%7C=nYJSVq%2FcNSEAOKNt%2FVM5x2%2F9g4rAsc3qWB > v90IsMpPU%3D=0 > ]< > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgith > ub.com%2Fapache%2Fcloudstack%2Fpull%2F2480=05%7C01%7CGary.Dixon%4 > 0quadris.co.uk%7Cd6fbad0d061646b0798d08db201d1487%7Cf1d6abf3d3b44894ae > 16db0fb93a96a2%7C0%7C0%7C6381
RE: Console Proxy VM TLS version and cipher suites
The PEN test had picked up that a JBoss Enterprise Application was allowing TLS v1.0 and TLS v1.1- we have managed to disable this now but obviously we would need to build this in to a new System VM template to make the change persist a Console Proxy VM rebuild Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. From: Kiran Chavala Sent: Tuesday, March 7, 2023 12:59 PM To: users@cloudstack.apache.org Subject: Re: Console Proxy VM TLS version and cipher suites Hi Gary AFAIK, I think cloudstack has disabled anything below TLS v1.2 from 4.11.0 release https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fcloudstack%2Fpull%2F2480=05%7C01%7CGary.Dixon%40quadris.co.uk%7C8bc43b9aac7341c924db08db1f0bee5d%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C638137908353696323%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=Ezd9nXe6wavgsWaZntbfm6s3fj%2FdaWRle%2BNQbZYcaKg%3D=0 https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FCLOUDSTACK-10319=05%7C01%7CGary.Dixon%40quadris.co.uk%7C8bc43b9aac7341c924db08db1f0bee5d%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C638137908353696323%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=5DMAQJ38va8zfrqiNml2l6xp8KNEiQWjFVc8DQDjePQ%3D=0 [https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fopengraph.githubassets.com%2F2b9813d128412ed49741e9c7523f4d3fb466d19b3c3b290539fb876ba1bcf0a9%2Fapache%2Fcloudstack%2Fpull%2F2480=05%7C01%7CGary.Dixon%40quadris.co.uk%7C8bc43b9aac7341c924db08db1f0bee5d%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C638137908353696323%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=9lCnFXXAzx6fkhd1mm4ICMFgA1wqQwXAr%2BM4gQfOgFw%3D=0]<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fcloudstack%2Fpull%2F2480=05%7C01%7CGary.Dixon%40quadris.co.uk%7C8bc43b9aac7341c924db08db1f0bee5d%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C638137908353696323%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=Ezd9nXe6wavgsWaZntbfm6s3fj%2FdaWRle%2BNQbZYcaKg%3D=0> CLOUDSTACK-10319: Prefer TLSv1.2, deprecate TLSv1.0,1.1 by rohityadavcloud · Pull Request #2480 · apache/cloudstack<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fcloudstack%2Fpull%2F2480=05%7C01%7CGary.Dixon%40quadris.co.uk%7C8bc43b9aac7341c924db08db1f0bee5d%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C638137908353696323%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=Ezd9nXe6wavgsWaZntbfm6s3fj%2FdaWRle%2BNQbZYcaKg%3D=0> This deprecates and remove TLS 1.0 and 1.1 from preferred list of protocols and keeps only TLSv1.2. @blueorangutan package github.com Regards Kiran ____ From: Gary Dixon Sent: 07 March 2023 17:35 To: users@cloudstack.apache.org Subject: Console Proxy VM TLS version and cipher suites Hi all Is there a way of limiting the console proxy to allow nothing below TLS v1.2, 1.3 and only allow strong cipher suites – we are failing a PEN test currently and need to strengthen the CPVM security ? TIA Gary Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: vms@quadris‑support.com W: https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.quadris.co.uk%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7C8bc43b9aac7341c924db08db1f0bee5d%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C638137908353696323%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=ELMyfDyavuFHOtvcyf7PvqWUFkMwhmWHJPADH6nd%2FnE%3D=0 [cid:image056775.png@576B6FF7.488A06BD] The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message.
Windows VM vga adapter
Hi all Is there a way of setting a better vga adapter on a windows based VM on Ubuntu KVM hypervisor in ACS 4.15.2 and setting more Video RAM ? A virsh dumop shows the current video adapter as cirrus with just 16Mb RAM and we cannot increase the display resolution inside the VM beyond 1024X768 with this ? Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message.
Console Proxy VM TLS version and cipher suites
Hi all Is there a way of limiting the console proxy to allow nothing below TLS v1.2, 1.3 and only allow strong cipher suites - we are failing a PEN test currently and need to strengthen the CPVM security ? TIA Gary Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message.
RE: network bandwidth issue
Thanks Jordan I figured it out in the end. I set the "vm.network.throttling.rate" and the "network.throttling.rate" global settings both to 1000mb\s and restarted the mgmt. service. The issue was we had to stop any VM's that had a compute offering with NULL value on the network rate and start them again to pick up the new setting - just restarting the VM's doesn't work. After doing this the VM's are now receiving at 1Gb\s as well as sending at 1Gb\s Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: jordan j Sent: Wednesday, February 15, 2023 5:15 PM To: users@cloudstack.apache.org Subject: Re: network bandwidth issue Hey Gary, One thing that comes to my mind is that the default Network offering limit is 200 MBps. You can check it from the GUI in the Network Offerings section. Best regards, Jordan On Tue, Feb 14, 2023 at 1:35 PM Gary Dixon wrote: > Hi all > > > > ACS 4.17.2 > > Hypervisor KVM > > > > We are seeing strange behaviour on the network bandwidth within guest > VM’s > > VMs are able to send at full speed – 1Gb/s but are only receiving at > 200Mbits/s – can anyone shed any light on this behaviour? > > > > BR > > > > Gary > > > > > > > Gary Dixon > Senior Technical Consultant > T: +44 161 537 4990 > E: *v* <+44%207989717661>ms@quadris‑support.com > W: > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.q > uadris.co.uk%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7C5e16ff5a83 > 4b4c91260208db0f785d9d%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63 > 8120781863731886%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV > 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=4c1Jnq0z8V > fTeDisK32LnGn0qQ0hYaXYo%2BfF2KZ4QhU%3D=0 > The information contained in this e-mail from Quadris may be > confidential and privileged for the private use of the named > recipient. The contents of this e-mail may not necessarily represent the > official views of Quadris. > If you have received this information in error you must not copy, > distribute or take any action or reliance on its contents. Please > destroy any hard copies and delete this message. >
network bandwidth issue
Hi all ACS 4.17.2 Hypervisor KVM We are seeing strange behaviour on the network bandwidth within guest VM's VMs are able to send at full speed - 1Gb/s but are only receiving at 200Mbits/s - can anyone shed any light on this behaviour? BR Gary Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message.
RE: noob question about Templates
Hi Simon Thanks for the info - its quite interesting !! We are running KVM hypervisor on Ubuntu 20.04 on AMD EPYC cpu's We haven't been enabling HVM on templates as we don't want users to be able to nest hypervisors within their VM's Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: Simon Weller Sent: 10 February 2023 16:23 To: users@cloudstack.apache.org Subject: Re: noob question about Templates Hey Gary, Welcome to the list. Firstly, which hypervisor are you using? HVM used to mean use hardware accelerated virtualization back in the day when it was still fairly new. It was required for some hypervisors, but not all. These days everything is hardware accelerated. If you are running KVM, you can enable the ability to run nested virilization by doing this - Intel - modprobe -r kvm_intel modprobe kvm_intel nested=1 Make it permanent by adding the following line to /etc/modprobe.d/kvm.conf: options kvm_intel nested=1 AMD - modprobe -r kvm_amd modprobe kvm_amd nested=1 Make it permanent by adding the following line to /etc/modprobe.d/kvm.conf: options kvm_amd nested=1 Please note that CloudStack will not manage any nested virtualization unless Cloudstack itself is nested (e.g. a lab environment). -Si On Fri, Feb 10, 2023 at 8:28 AM Gary Dixon wrote: > HI > > > > Sorry for the newbie question but ….. > > > > When creating a template – does enabling the HVM option allow the > virtual machine to also be a hypervisor so that nested virtualization > can be achieved? > Gary Dixon > Senior Technical Consultant > T: +44 161 537 4990 > E: *v* <+44%207989717661>ms@quadris‑support.com > W: > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.q > uadris.co.uk%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7C425ae13b53 > 394cabd18808db0b831363%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63 > 8116429828439052%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV > 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=2GprAUWMFJ > cOjv2PGTIr6gZdnFIDOFAZQd61NGvMGBc%3D=0 > The information contained in this e-mail from Quadris may be > confidential and privileged for the private use of the named > recipient. The contents of this e-mail may not necessarily represent the > official views of Quadris. > If you have received this information in error you must not copy, > distribute or take any action or reliance on its contents. Please > destroy any hard copies and delete this message. >
noob question about Templates
HI Sorry for the newbie question but . When creating a template - does enabling the HVM option allow the virtual machine to also be a hypervisor so that nested virtualization can be achieved? Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message.
RE: Override DNS IP addresses
Hi Hm - I've been pondering whether cloudbase-init would be of use to us. I plan on testing it in the near future when time allows. I'll report back with my findings Thx Gary 2SN Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: Nux Sent: 31 January 2023 12:24 To: users@cloudstack.apache.org Cc: Gary Dixon Subject: Re: Override DNS IP addresses Hello, That's an unfortunate behaviour. Wonder what the culprit is. Did you try to use cloudbase-init in the Windows VMS? Does it make things better/worse? REgards On 2023-01-30 15:32, Gary Dixon wrote: > Thx Nux - this is good news > > The issue doesn't happen all the time - we have seen it occasionally > after a windows guest reboot - something seems to stop the nic from > getting its statically assigned IP configuration and so it reverts to > creating a new nic within the guest OS and this is where it then picks > up the Zone DNS server IP's - I'm guessing from the DNS provider on > the virtual router. > If we look in Device Mgr on the guest and 'show hidden devices' we see > a 'ghosted' nic adapter - but this will still have registry entries > for its IP config - so the new nic that seems to be created > automatically cannot use the already assigned IP address and picks a > new one from DHCP on the VR and also then gets the Zone DNS IP > Addresses. > > Our workaround for if/when this happens is to delete the ghosted nic > adapter in Device Mgr and its corresponding IP configuration in the > windows registry - and then manually set the static IP info on the > remaining nic adapter > > Gary Dixon > > Senior Technical Consultant > > T: +44 161 537 4990 > > E: v [1]ms@quadris‑support.com > > W: > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.q > uadris.co.uk%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cf352ab8e9e > 5846ef6ea608db038614d1%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63 > 8107646643378568%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV > 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=hjgszY%2B6 > f1eAZzCbZpg1xP5Tb5gxL7nZBcdhWOS76bo%3D=0 > > The information contained in this e-mail from Quadris may be > confidential and privileged for the private use of the named > recipient. The contents of this e-mail may not necessarily represent > the official views of Quadris. If you have received this information > in error you must not copy, distribute or take any action or reliance > on its contents. Please destroy any hard copies and delete this > message. > > -Original Message- > From: Nux > Sent: 30 January 2023 12:01 > To: users@cloudstack.apache.org > Cc: Gary Dixon > Subject: Re: Override DNS IP addresses > > Hi Gary, > > Yes, indeed, this is coming to 4.18: > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgith > ub.com%2Fapache%2Fcloudstack%2Fpull%2F6425=05%7C01%7CGary.Dixon%4 > 0quadris.co.uk%7Cf352ab8e9e5846ef6ea608db038614d1%7Cf1d6abf3d3b44894ae > 16db0fb93a96a2%7C0%7C0%7C638107646643378568%7CUnknown%7CTWFpbGZsb3d8ey > JWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C300 > 0%7C%7C%7C=f8We%2B1xIMLEq1S3JJ8GD8U2pXIaRvRzmnJxMW3%2BFPjc%3D > served=0 > > Until then I am not sure how to solve the problem though. If IPs and > DNS are statically assign, why does this continue to be a problem? > > Regards > > On 2023-01-30 11:37, Gary Dixon wrote: >> HI everyone >> >> CS 4.15.2 >> >> Hypervisor Ubuntu 20.04 KVM >> >> The vast majority of our tenants in CS are windows Active directory >> domain based networks. This relies on the Domain Controllers being > the >> DNS servers for the domain. >> >> In each guest OS we statically assign IP address information and set > >> the DNS server addresses to point to the IP address of the Domain >> Controllers >> >> We see issues where the Zone defined DNS server IP addresses >> (8.8.8.8, 8.8.4.4) are being passed through to the guest Windows > VM’s >> which then causes them to lose their domain trust because they > cannot >> locate the domain controllers >> >> Is there a way to override the global Zone DNS server IP addresses &
RE: Override DNS IP addresses
Thx Nux - this is good news The issue doesn't happen all the time - we have seen it occasionally after a windows guest reboot - something seems to stop the nic from getting its statically assigned IP configuration and so it reverts to creating a new nic within the guest OS and this is where it then picks up the Zone DNS server IP's - I'm guessing from the DNS provider on the virtual router. If we look in Device Mgr on the guest and 'show hidden devices' we see a 'ghosted' nic adapter - but this will still have registry entries for its IP config - so the new nic that seems to be created automatically cannot use the already assigned IP address and picks a new one from DHCP on the VR and also then gets the Zone DNS IP Addresses. Our workaround for if/when this happens is to delete the ghosted nic adapter in Device Mgr and its corresponding IP configuration in the windows registry - and then manually set the static IP info on the remaining nic adapter Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: Nux Sent: 30 January 2023 12:01 To: users@cloudstack.apache.org Cc: Gary Dixon Subject: Re: Override DNS IP addresses Hi Gary, Yes, indeed, this is coming to 4.18: https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fcloudstack%2Fpull%2F6425=05%7C01%7CGary.Dixon%40quadris.co.uk%7Caa1d5e15f15848273cb508db02b9a01b%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C638106768520826236%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=QZjqm0qb4OjtfoujFPjZe%2F8W8jaU9f8gGpa12ZfoyCw%3D=0 Until then I am not sure how to solve the problem though. If IPs and DNS are statically assign, why does this continue to be a problem? Regards On 2023-01-30 11:37, Gary Dixon wrote: > HI everyone > > CS 4.15.2 > > Hypervisor Ubuntu 20.04 KVM > > The vast majority of our tenants in CS are windows Active directory > domain based networks. This relies on the Domain Controllers being the > DNS servers for the domain. > > In each guest OS we statically assign IP address information and set > the DNS server addresses to point to the IP address of the Domain > Controllers > > We see issues where the Zone defined DNS server IP addresses > (8.8.8.8, 8.8.4.4) are being passed through to the guest Windows VM’s > which then causes them to lose their domain trust because they cannot > locate the domain controllers > > Is there a way to override the global Zone DNS server IP addresses > that are passed through to guest VM’s – can this be changed for each > Tennant/Domain in the Cloud database ? > > Best regards > > Gary > > Gary Dixon > > Senior Technical Consultant > > T: +44 161 537 4990 > > E: v [1]ms@quadris‑support.com > > W: > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.q > uadris.co.uk%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7Caa1d5e15f1 > 5848273cb508db02b9a01b%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63 > 8106768520826236%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV > 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=r25zVpzJzf > jUG46HKguwC%2FRkIm3nYcZAmRgiBG%2BKPlA%3D=0 > > The information contained in this e-mail from Quadris may be > confidential and privileged for the private use of the named > recipient. The contents of this e-mail may not necessarily represent > the official views of Quadris. If you have received this information > in error you must not copy, distribute or take any action or reliance > on its contents. Please destroy any hard copies and delete this > message. > > > > Links: > -- > [1] tel:+44%207989717661
Override DNS IP addresses
HI everyone CS 4.15.2 Hypervisor Ubuntu 20.04 KVM The vast majority of our tenants in CS are windows Active directory domain based networks. This relies on the Domain Controllers being the DNS servers for the domain. In each guest OS we statically assign IP address information and set the DNS server addresses to point to the IP address of the Domain Controllers We see issues where the Zone defined DNS server IP addresses (8.8.8.8, 8.8.4.4) are being passed through to the guest Windows VM’s which then causes them to lose their domain trust because they cannot locate the domain controllers Is there a way to override the global Zone DNS server IP addresses that are passed through to guest VM’s – can this be changed for each Tennant/Domain in the Cloud database ? Best regards Gary Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message.
RE: KVM host UEFI allow guest UEFI Secure boot
Thanks Pavan Are you successfully running Windows Server VM's in uefi secure boot mode in Cloudstack ? Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: pavan aravapalli Sent: 24 January 2023 07:47 To: users@cloudstack.apache.org Subject: Re: KVM host UEFI allow guest UEFI Secure boot Hi Gary, If you don't have any specific dependencies with Ubunut version try with the latest Ubuntu 22.04, it has secure files. I verified and it supports secure files. Thanks & Regards, Pavan Aravapalli. Architect. https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fpavan-a-70995a27%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cf26e2c788cae4190af3008dafddf2f3a%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C638101432282521311%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=lorVxhzKY8skt0LMTiDaby63B%2BA7EpSJv02hHNvzZls%3D=0 On Mon, 23 Jan 2023 at 23:08, Gary Dixon wrote: > Thanks Pavan > > Unfortunately, in the Ubuntu OVMF package it does not install a > "OVMF_VARS.secboot.fd" file in the /usr/share/OVMF/ path This VARS > file does not exist it appears on an ubuntu system. > > BR > > Gary > > Gary Dixon > Senior Technical Consultant > T: +44 161 537 4990 > E: *v* <+44%207989717661>ms@quadris‑support.com > W: > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.q > uadris.co.uk%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cf26e2c788c > ae4190af3008dafddf2f3a%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63 > 8101432282521311%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV > 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=9sQKrpy2Xs > 1yrXYliGQSfPtARsaafISJIJ17JTFhB4s%3D=0 > The information contained in this e-mail from Quadris may be > confidential and privileged for the private use of the named > recipient. The contents of this e-mail may not necessarily represent the > official views of Quadris. > If you have received this information in error you must not copy, > distribute or take any action or reliance on its contents. Please > destroy any hard copies and delete this message. > -Original Message- > From: pavan aravapalli > Sent: 23 January 2023 11:48 > To: gary.di...@quadris.co.uk.invalid > Cc: users@cloudstack.apache.org > Subject: Re: KVM host UEFI allow guest UEFI Secure boot > > I see wrong vars configured for secure VAR. * template='/usr/share/OVMF/OVMF_VARS.fd'> * > > It should be something like > "/usr/share/OVMF/OVMF_CODE.secboot.fd:/usr/share/OVMF/OVMF_VARS.fd", > or the file should be like path to the OVMF_VARS.secboot.fd inside > uefi.properties on the Ubuntu Host. I hope this helps. > > > Thanks & Regards, > Pavan Aravapalli. > Architect. > > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww. > linkedin.com%2Fin%2Fpavan-a-70995a27%2F=05%7C01%7CGary.Dixon%40qu > adris.co.uk%7Cf26e2c788cae4190af3008dafddf2f3a%7Cf1d6abf3d3b44894ae16d > b0fb93a96a2%7C0%7C0%7C638101432282521311%7CUnknown%7CTWFpbGZsb3d8eyJWI > joiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7 > C%7C%7C=lorVxhzKY8skt0LMTiDaby63B%2BA7EpSJv02hHNvzZls%3D > d=0 > > > > > On Fri, 20 Jan 2023 at 16:01, Gary Dixon > > > wrote: > > > I think this is possibly a bug in CS 4.15.2 with KVM hypervisor on > > Ubuntu > > 20.04 > > > > > > > > I have evicted one of our hosts from the cloudstack cluster and > > added the /etc/cloudstack/agent/uefi.properties file. > > > > > > > > Cleared out the keystore and set the libvirtd.conf file back to > > listen_tls=0, listen_tcp=1 and re-added the host back in to the > > cluster in Cloudstack > > > > > > > > In the agent logs I can see that it detects the uefi.properties file > > and enumerates the paths. > > > > > > > > The host is added back into Cloudstack – but in the database in the > > “host_details” table I see the “host.uefi.enable” value is set to “false” > > for this host ? > > > > > > > > We then manually set “host.uefi.enable” to true in the database > > > > > > > > I then provision a new instance and use a Windows Se
RE: KVM host UEFI allow guest UEFI Secure boot
Hi Wei Is your win11_VARS.fd file custom built ? In any case even if we could console onto the uefi secure boot enabled Windows based VM - it would be unusable as the KVM virtio drivers would not function as they are not signed by Microsoft - it seems only RHEL subscription users are entitled to get a copy of the virtio drivers that are signed by Microsoft BR Gary Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: Wei ZHOU Sent: 23 January 2023 15:44 To: users@cloudstack.apache.org Subject: Re: KVM host UEFI allow guest UEFI Secure boot Hi Gary, The detection of UEFI support was introduced by https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fcloudstack%2Fpull%2F6139=05%7C01%7CGary.Dixon%40quadris.co.uk%7C0e23ac6ecd944d42e30508dafd58bcd1%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C638100854821175326%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=H46XIvR27lLVCUYimfe4QhN7PKyu0ezCoy79Ggeh2Xw%3D=0 in ACS 4.17.0.0 If you run 4.15.2, you need to update the database manually - as you did. For the issue with windows VM, I have a win11 vm on Ubuntu 22.04 which works fine. The xml definition of VM is as follows (just for your information) hvm /usr/share/OVMF/OVMF_CODE_4M.secboot.fd /var/lib/libvirt/qemu/nvram/win11_VARS.fd You may try with different UEFI settings, for example what Paven suggested. -Wei On Fri, 20 Jan 2023 at 11:31, Gary Dixon wrote: > I think this is possibly a bug in CS 4.15.2 with KVM hypervisor on > Ubuntu > 20.04 > > > > I have evicted one of our hosts from the cloudstack cluster and added > the /etc/cloudstack/agent/uefi.properties file. > > > > Cleared out the keystore and set the libvirtd.conf file back to > listen_tls=0, listen_tcp=1 and re-added the host back in to the > cluster in Cloudstack > > > > In the agent logs I can see that it detects the uefi.properties file > and enumerates the paths. > > > > The host is added back into Cloudstack – but in the database in the > “host_details” table I see the “host.uefi.enable” value is set to “false” > for this host ? > > > > We then manually set “host.uefi.enable” to true in the database > > > > I then provision a new instance and use a Windows Server2016 ISO to > provision the machine on this uefi enabled host. I set the adv > settings to > BIOS: UEFI BOOT MODE: Secure > > The VM starts but when I console on to it there is an error message on > the console window saying “*Guest has not initialized the display > (yet)”* > > So at this point it appears we are unable to create any VM’s with uefi > – secure boot enabled > > > > Has anyone suucessfully managed to get Windows VM’s with uefi secure > boot enabled working in Cloudstack 4.15.2 with KVM hypervisor on > Ubuntu 20.04 hosts ? > > > > > > A virsh dumpxml shows this: > > > > Windows Server 2016 (64-bit) > > 8388608 > > 8388608 > > 4 > > > > 3240 > > > > > > /machine > > > > > > > > Apache Software Foundation > > CloudStack KVM Hypervisor > > 39c9fa33-0ef2-463a-aff6-45b6e77d1c4d > > > > > > > > hvm > > type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd > > template='/usr/share/OVMF/OVMF_VARS.fd'>/var/lib/libvirt/qemu/nvram/39 > c9fa33-0ef2-463a-aff6-45b6e77d1c4d.fd > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > destroy > > restart > > destroy > > > > /usr/bin/qemu-system-x86_64 > > > > > > > > > > > > 69bcfffc3c8a41ab876b > > > >unit='0'/> > > > > > > > >file='/mnt/45d6d957-afa2-371a-b0dc-b6e70ef17d97/035fa65a-4556-47b0-95c1-ac2db8ee054e.iso' > index='1'/> > > > > > > > > > >unit='3'/> > > > > > > &
RE: KVM host UEFI allow guest UEFI Secure boot
Thanks Pavan Unfortunately, in the Ubuntu OVMF package it does not install a "OVMF_VARS.secboot.fd" file in the /usr/share/OVMF/ path This VARS file does not exist it appears on an ubuntu system. BR Gary Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: pavan aravapalli Sent: 23 January 2023 11:48 To: gary.di...@quadris.co.uk.invalid Cc: users@cloudstack.apache.org Subject: Re: KVM host UEFI allow guest UEFI Secure boot I see wrong vars configured for secure VAR. * * It should be something like "/usr/share/OVMF/OVMF_CODE.secboot.fd:/usr/share/OVMF/OVMF_VARS.fd", or the file should be like path to the OVMF_VARS.secboot.fd inside uefi.properties on the Ubuntu Host. I hope this helps. Thanks & Regards, Pavan Aravapalli. Architect. https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fpavan-a-70995a27%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cd65b0c4aa7ee4160b06c08dafd37c31d%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C638100713210482703%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=RHcqVoV2VK44yi6KNcAaWhvyxy2ZsLvCYxF6Oa66LSI%3D=0 On Fri, 20 Jan 2023 at 16:01, Gary Dixon wrote: > I think this is possibly a bug in CS 4.15.2 with KVM hypervisor on > Ubuntu > 20.04 > > > > I have evicted one of our hosts from the cloudstack cluster and added > the /etc/cloudstack/agent/uefi.properties file. > > > > Cleared out the keystore and set the libvirtd.conf file back to > listen_tls=0, listen_tcp=1 and re-added the host back in to the > cluster in Cloudstack > > > > In the agent logs I can see that it detects the uefi.properties file > and enumerates the paths. > > > > The host is added back into Cloudstack – but in the database in the > “host_details” table I see the “host.uefi.enable” value is set to “false” > for this host ? > > > > We then manually set “host.uefi.enable” to true in the database > > > > I then provision a new instance and use a Windows Server2016 ISO to > provision the machine on this uefi enabled host. I set the adv > settings to > BIOS: UEFI BOOT MODE: Secure > > The VM starts but when I console on to it there is an error message on > the console window saying “*Guest has not initialized the display > (yet)”* > > So at this point it appears we are unable to create any VM’s with uefi > – secure boot enabled > > > > Has anyone suucessfully managed to get Windows VM’s with uefi secure > boot enabled working in Cloudstack 4.15.2 with KVM hypervisor on > Ubuntu 20.04 hosts ? > > > > > > A virsh dumpxml shows this: > > > > Windows Server 2016 (64-bit) > > 8388608 > > 8388608 > > 4 > > > > 3240 > > > > > > /machine > > > > > > > > Apache Software Foundation > > CloudStack KVM Hypervisor > > 39c9fa33-0ef2-463a-aff6-45b6e77d1c4d > > > > > > > > hvm > > type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd > > template='/usr/share/OVMF/OVMF_VARS.fd'>/var/lib/libvirt/qemu/nvram/39 > c9fa33-0ef2-463a-aff6-45b6e77d1c4d.fd > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > destroy > > restart > > destroy > > > > /usr/bin/qemu-system-x86_64 > > > > > > > > > > > > 69bcfffc3c8a41ab876b > > > >unit='0'/> > > > > > > > >file='/mnt/45d6d957-afa2-371a-b0dc-b6e70ef17d97/035fa65a-4556-47b0-95c1-ac2db8ee054e.iso' > index='1'/> > > > > > > > > > >unit='3'/> > > > > > > > >function='0x0'/> > > > > > > > >function='0x2'/> > > >
RE: KVM host UEFI allow guest UEFI Secure boot
I think this is possibly a bug in CS 4.15.2 with KVM hypervisor on Ubuntu 20.04 I have evicted one of our hosts from the cloudstack cluster and added the /etc/cloudstack/agent/uefi.properties file. Cleared out the keystore and set the libvirtd.conf file back to listen_tls=0, listen_tcp=1 and re-added the host back in to the cluster in Cloudstack In the agent logs I can see that it detects the uefi.properties file and enumerates the paths. The host is added back into Cloudstack – but in the database in the “host_details” table I see the “host.uefi.enable” value is set to “false” for this host ? We then manually set “host.uefi.enable” to true in the database I then provision a new instance and use a Windows Server2016 ISO to provision the machine on this uefi enabled host. I set the adv settings to BIOS: UEFI BOOT MODE: Secure The VM starts but when I console on to it there is an error message on the console window saying “Guest has not initialized the display (yet)” So at this point it appears we are unable to create any VM’s with uefi – secure boot enabled Has anyone suucessfully managed to get Windows VM’s with uefi secure boot enabled working in Cloudstack 4.15.2 with KVM hypervisor on Ubuntu 20.04 hosts ? A virsh dumpxml shows this: Windows Server 2016 (64-bit) 8388608 8388608 4 3240 /machine Apache Software Foundation CloudStack KVM Hypervisor 39c9fa33-0ef2-463a-aff6-45b6e77d1c4d hvm /usr/share/OVMF/OVMF_CODE.secboot.fd /var/lib/libvirt/qemu/nvram/39c9fa33-0ef2-463a-aff6-45b6e77d1c4d.fd destroy restart destroy /usr/bin/qemu-system-x86_64 69bcfffc3c8a41ab876b +0:+0 +0:+0 Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. From: Gary Dixon Sent: 19 January 2023 14:35 To: users@cloudstack.apache.org Subject: RE: KVM host UEFI allow guest UEFI Secure boot I think I just solved this myself – in the qemu.conf file I see : #nvram = [ # "/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_VARS.fd", # "/usr/share/OVMF/OVMF_CODE.secboot.fd:/usr/share/OVMF/OVMF_VARS.fd", # "/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd", # "/usr/share/AAVMF/AAVMF32_CODE.fd:/usr/share/AAVMF/AAVMF32_VARS.fd", # "/usr/share/OVMF/OVMF_CODE.ms.fd:/usr/share/OVMF/OVMF_VARS.ms.fd" #] So in Ubuntu 20.04 there is no reference to OVMF_VARS.secure.fd for the nvram template Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: vms@quadris‑support.com W: www.quadris.co.uk<http://www.quadris.co.uk> [cid:image828463.png@1B150A60.0CBE8265] The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. From: Gary Dixon mailto:gary.di...@quadris.co.uk.INVALID>> Sent: 19 January 2023 13:55 To: users@cloudstack.apache.org<mailto:users@cloudstack.apache.org> Subject: RE: KVM host UEFI allow guest UEFI Secure boot Thanks for all your quick responses On our Ubuntu 20.04 hosts it appears that the OVMF files are located in "/usr/share/OVMF/" directory - however the OVMF_VARS.secboot.fd file is not there ? : root@qcloud-s2-p1-c1-kvm4:~# ls -al /usr/share/OVMF/ total 4232 drwxr-xr-x 2 root root 4096 Mar 9 2022 . drwxr-xr-x 151 root root 4096 Apr 2 2022 .. -rw-r--r-- 1 root root 1966080 Sep 20 2021 OVMF_CODE.fd lrwxrwxr
RE: KVM host UEFI allow guest UEFI Secure boot
I think I just solved this myself – in the qemu.conf file I see : #nvram = [ # "/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_VARS.fd", # "/usr/share/OVMF/OVMF_CODE.secboot.fd:/usr/share/OVMF/OVMF_VARS.fd", # "/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd", # "/usr/share/AAVMF/AAVMF32_CODE.fd:/usr/share/AAVMF/AAVMF32_VARS.fd", # "/usr/share/OVMF/OVMF_CODE.ms.fd:/usr/share/OVMF/OVMF_VARS.ms.fd" #] So in Ubuntu 20.04 there is no reference to OVMF_VARS.secure.fd for the nvram template Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. From: Gary Dixon Sent: 19 January 2023 13:55 To: users@cloudstack.apache.org Subject: RE: KVM host UEFI allow guest UEFI Secure boot Thanks for all your quick responses On our Ubuntu 20.04 hosts it appears that the OVMF files are located in "/usr/share/OVMF/" directory - however the OVMF_VARS.secboot.fd file is not there ? : root@qcloud-s2-p1-c1-kvm4:~# ls -al /usr/share/OVMF/ total 4232 drwxr-xr-x 2 root root 4096 Mar 9 2022 . drwxr-xr-x 151 root root 4096 Apr 2 2022 .. -rw-r--r-- 1 root root 1966080 Sep 20 2021 OVMF_CODE.fd lrwxrwxrwx 1 root root 20 Sep 20 2021 OVMF_CODE.ms.fd -> OVMF_CODE.secboot.fd -rw-r--r-- 1 root root 1966080 Sep 20 2021 OVMF_CODE.secboot.fd -rw-r--r-- 1 root root 131072 Sep 20 2021 OVMF_VARS.fd -rw-r--r-- 1 root root 131072 Sep 20 2021 OVMF_VARS.ms.fd -rw-r--r-- 1 root root 131072 Sep 20 2021 OVMF_VARS.snakeoil.fd Is this needed in the uefi.properties config file ? BR Gary Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: vms@quadris‑support.com W: www.quadris.co.uk<http://www.quadris.co.uk> [cid:image385073.png@E0A53755.B8760DA1] The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: vas...@gmx.de<mailto:vas...@gmx.de> mailto:vas...@gmx.de>> Sent: 19 January 2023 13:42 To: users@cloudstack.apache.org<mailto:users@cloudstack.apache.org> Subject: Re: KVM host UEFI allow guest UEFI Secure boot Not the direct solution but maybe some bits of information for your further efforts: Overall description of the feature https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcwiki.apache.org%2Fconfluence%2Fdisplay%2FCLOUDSTACK%2FEnable%2BUEFI%2Bbooting%2Bfor%2BInstance=05%7C01%7CGary.Dixon%40quadris.co.uk%7C8057c1b2e3bd4f13beae08dafa231af3%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C638097325927612509%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=8Q5jWBGmCYA82hk6NmrVESq%2F%2BwkdzSKKn9MbJsPjA%2BM%3D=0 User guide + example to enable secure boot https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flab.piszki.pl%2Fcloudstack-vm-with-vtpm-and-secure-boot-uefi%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7C8057c1b2e3bd4f13beae08dafa231af3%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C638097325927612509%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=o312PhI9IqAYJEgn8dY4EQliP4p4W4Ry9iJ4XuKsSVA%3D=0 Gitlab - Issue with further informations on deploying that capability https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fcloudstack%2Fissues%2F4238=05%7C01%7CGary.Dixon%40quadris.co.uk%7C8057c1b2e3bd4f13beae08dafa231af3%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C638097325927612509%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=HDMzobnzON4SpjRT9VZFXNtvd7RMpVluNwjcF1TQDvo%3D=0 regards, Chris Am Do., 19. Jan. 2023 um 14:09 Uhr schrieb Gary Dixon mailto:gary.di...@quadris.co.uk.invalid>>: > Hi everyone > > > > CS : 4.15.2 > > Hypervisor: KVM > > OS: Ubuntu 20.04 > > > > Apologies if this has been discussed before. > > We have a requirement to create Windows server templates with UEFI > Secure boot enabled and in testing find that our instances are being > created with Legacy BIOS enabled. > > I checked our KVM hosts and they have the ovmf package installed – > however there is no
RE: KVM host UEFI allow guest UEFI Secure boot
Thanks for all your quick responses On our Ubuntu 20.04 hosts it appears that the OVMF files are located in "/usr/share/OVMF/" directory - however the OVMF_VARS.secboot.fd file is not there ? : root@qcloud-s2-p1-c1-kvm4:~# ls -al /usr/share/OVMF/ total 4232 drwxr-xr-x 2 root root4096 Mar 9 2022 . drwxr-xr-x 151 root root4096 Apr 2 2022 .. -rw-r--r-- 1 root root 1966080 Sep 20 2021 OVMF_CODE.fd lrwxrwxrwx 1 root root 20 Sep 20 2021 OVMF_CODE.ms.fd -> OVMF_CODE.secboot.fd -rw-r--r-- 1 root root 1966080 Sep 20 2021 OVMF_CODE.secboot.fd -rw-r--r-- 1 root root 131072 Sep 20 2021 OVMF_VARS.fd -rw-r--r-- 1 root root 131072 Sep 20 2021 OVMF_VARS.ms.fd -rw-r--r-- 1 root root 131072 Sep 20 2021 OVMF_VARS.snakeoil.fd Is this needed in the uefi.properties config file ? BR Gary Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: vas...@gmx.de Sent: 19 January 2023 13:42 To: users@cloudstack.apache.org Subject: Re: KVM host UEFI allow guest UEFI Secure boot Not the direct solution but maybe some bits of information for your further efforts: Overall description of the feature https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcwiki.apache.org%2Fconfluence%2Fdisplay%2FCLOUDSTACK%2FEnable%2BUEFI%2Bbooting%2Bfor%2BInstance=05%7C01%7CGary.Dixon%40quadris.co.uk%7C8057c1b2e3bd4f13beae08dafa231af3%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C638097325927612509%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=8Q5jWBGmCYA82hk6NmrVESq%2F%2BwkdzSKKn9MbJsPjA%2BM%3D=0 User guide + example to enable secure boot https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flab.piszki.pl%2Fcloudstack-vm-with-vtpm-and-secure-boot-uefi%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7C8057c1b2e3bd4f13beae08dafa231af3%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C638097325927612509%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=o312PhI9IqAYJEgn8dY4EQliP4p4W4Ry9iJ4XuKsSVA%3D=0 Gitlab - Issue with further informations on deploying that capability https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fcloudstack%2Fissues%2F4238=05%7C01%7CGary.Dixon%40quadris.co.uk%7C8057c1b2e3bd4f13beae08dafa231af3%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C638097325927612509%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=HDMzobnzON4SpjRT9VZFXNtvd7RMpVluNwjcF1TQDvo%3D=0 regards, Chris Am Do., 19. Jan. 2023 um 14:09 Uhr schrieb Gary Dixon : > Hi everyone > > > > CS : 4.15.2 > > Hypervisor: KVM > > OS: Ubuntu 20.04 > > > > Apologies if this has been discussed before. > > We have a requirement to create Windows server templates with UEFI > Secure boot enabled and in testing find that our instances are being > created with Legacy BIOS enabled. > > I checked our KVM hosts and they have the ovmf package installed – > however there is no uefi.properties file in the /etc/cloudstack/agent > directory > > How do I enable the KVM hosts to support Cloudstack guests with UEFI > Secure boot bios ? > > Also will this ‘break’ all current running VM’s that have the Legacy > BIOS enabled or will they still be able to run ? > > > > BR > > > > Gary > Gary Dixon > Senior Technical Consultant > T: +44 161 537 4990 > E: *v* <+44%207989717661>ms@quadris‑support.com > W: > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.q > uadris.co.uk%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7C8057c1b2e3 > bd4f13beae08dafa231af3%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63 > 8097325927612509%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV > 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=M9uXGY9aAT > 4z8oYezjiqrFQ6%2FH9nDV4ZmDOXn6RxUB4%3D=0 > The information contained in this e-mail from Quadris may be > confidential and privileged for the private use of the named > recipient. The contents of this e-mail may not necessarily represent the > official views of Quadris. > If you have received this information in error you must not copy, > distribute or take any action or reliance on its contents. Please > destroy any hard copies and delete this message. >
KVM host UEFI allow guest UEFI Secure boot
Hi everyone CS : 4.15.2 Hypervisor: KVM OS: Ubuntu 20.04 Apologies if this has been discussed before. We have a requirement to create Windows server templates with UEFI Secure boot enabled and in testing find that our instances are being created with Legacy BIOS enabled. I checked our KVM hosts and they have the ovmf package installed - however there is no uefi.properties file in the /etc/cloudstack/agent directory How do I enable the KVM hosts to support Cloudstack guests with UEFI Secure boot bios ? Also will this 'break' all current running VM's that have the Legacy BIOS enabled or will they still be able to run ? BR Gary Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message.
RVR not leasing DHCP IPv4 address
Hi all Hypervisor: KVM CS : 4.15.2 Came across an issue today with RVR's in a VPC very similar to this issue : https://issues.apache.org/jira/browse/CLOUDSTACK-6665 If we destroy a VM and expunge - on the RVR Master router if we run 'arp' command we still see its MAC to IP entry. We then run scripts/API calls to re-provision the VM from a template using the same static IP. The VM boots but then gets an APIPA 169.254.x.x IP address in the guest OS (Windows server2022) On the RVR in the dnsmasq.log we see: Jan 9 15:12:59 dnsmasq-dhcp[3588]: not using configured address 10.200.0.62 because it is leased to 02:00:48:d7:00:35 Jan 9 15:12:59 dnsmasq-dhcp[3588]: DHCPDISCOVER(eth3) 02:00:6c:a3:00:38 no address available Jan 9 15:13:03 dnsmasq-dhcp[3588]: not using configured address 10.200.0.62 because it is leased to 02:00:48:d7:00:35 Jan 9 15:13:03 dnsmasq-dhcp[3588]: DHCPDISCOVER(eth3) 02:00:6c:a3:00:38 no address available Jan 9 15:13:08 dnsmasq-dhcp[3588]: not using configured address 10.200.0.62 because it is leased to 02:00:48:d7:00:35 Jan 9 15:13:08 dnsmasq-dhcp[3588]: DHCPDISCOVER(eth3) 02:00:6c:a3:00:38 no address available If we restart the dnsmaq service on the RVR then the VM is able to lease its 'statis' IP Strangely we don't see this behaviour on a different VPC with RVR's Any ideas ? BR Gary Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message.
RE: Custom VM nic model for single vm
Hi Davide Try "nicAdapter" = "PCNet32" or "E1000" or "virtio" Not sure if there is a published full list of all available settings but there are some details listed in this article : https://docs.cloudstack.apache.org/en/latest/adminguide/virtual_machines.html Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: Davide Collovigh Sent: 02 January 2023 08:33 To: users@cloudstack.apache.org Subject: Custom VM nic model for single vm Hello, Is it possible to specify a vm nic model in the same way you can specify the disk bus ( inside the vm setting menu ) ? PS: is there somewhere a full list of the settings that can be specified ? Thank You Davide
RE: database connection lost
Thanks all I just checked and mysql wait timeout is set to 28800 The strange thing is we take mysqldumps every 15 minutes - but we see the db connection only gets lost around every 7 and half hours apart not every 15 minutes. I am going to set the mysql wait_timeout to 3600 as suggested in the last post in the article that Wei posted https://github.com/apache/cloudstack/issues/4657 Subject: Re: database connection lost Hi Gary, We had the same problem and increasing the wait timeout solved it. Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. From: Gary Dixon Sent: Tuesday, December 20, 2022, 9:31 AM To: users@cloudstack.apache.org Subject: RE: database connection lost Thanks Wei Yes we are seeing the exact same errors in the cs mgmt. logs - we will set the MySQL global wait timeout to a higher value and see if it resolves our issue What's the error message ? There was a github issue may help you: https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fcloudstack%2Fissues%2F4657=05%7C01%7CGary.Dixon%40quadris.co.uk%7C605bb13402834b9e42bd08dae297f382%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C638071439517503224%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=XUINQ77haPeXi7%2BsRx%2BZvnT2OGxmqh0LIpLaB4y7wOM%3D=0 -Wei On Tuesday, 20 December 2022, Gary Dixon wrote: > Hi Vivek > > We are using the --single-transaction flag and --skip-lock-tables flag > Could there be something other than mysqldumps causing the cs mgmt. > server to be losing the connection to the database ? > > > BR > > Gary > > > Hello, > > You can use --single-transaction > Option while taking the dump or you can schedule to take dump from a > slave server if you have. > > Regards, > Vivek Kumar > > Gary Dixon > Senior Technical Consultant > T: +44 161 537 4990 > E: *v* <+44%207989717661>ms@quadris‑support.com > W: > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.q > %2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7C605bb13402834b9e42bd08 > dae297f382%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63807143951765 > 9442%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBT > iI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=lxW6c1uPtRfxmKZxhu6Jmg > PJOlnC0hhKOOuMhIM3zO8%3D=0 > uadris.co.uk%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cc0e6e3c68e > 4149de9c5308dae295e6b3%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63 > 8071430711725069%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV > 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=ClDbnphfgf > WJtD37XnVSa2U1n6EQOtTVYBYbUBCsAJc%3D=0 > The information contained in this e-mail from Quadris may be > confidential and privileged for the private use of the named > recipient. The contents of this e-mail may not necessarily represent the > official views of Quadris. > If you have received this information in error you must not copy, > distribute or take any action or reliance on its contents. Please > destroy any hard copies and delete this message. > Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: vms@quadris‑support.com W: https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.quadris.co.uk%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7C605bb13402834b9e42bd08dae297f382%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C638071439517659442%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=trP%2BLqxu6N08d0Yu600pNE3y2y1Wuv0pb44t2n%2BTf6E%3D=0 [cid:image011498.png@FB84B645.38DDA861] The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. On Tue, Dec 20, 2022, 7:25 PM Gary Dixon invalid> > wrote: > > > Hi all > > > > > > > > CS v4.15.2 > > > > Hypervisor = KVM > > > > > > > > We have started to experience an issue on a frequent basis where the > > CS mgmt. service is losing the connection to the databa
RE: database connection lost
Thanks Wei Yes we are seeing the exact same errors in the cs mgmt. logs - we will set the MySQL global wait timeout to a higher value and see if it resolves our issue What's the error message ? There was a github issue may help you: https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fcloudstack%2Fissues%2F4657=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cc0e6e3c68e4149de9c5308dae295e6b3%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C638071430711725069%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=u%2BEUWskmwM4y%2FA4%2FEwmJOBEOsdr0ZtYKcmz2Z5X9OGg%3D=0 -Wei On Tuesday, 20 December 2022, Gary Dixon wrote: > Hi Vivek > > We are using the --single-transaction flag and --skip-lock-tables flag > Could there be something other than mysqldumps causing the cs mgmt. > server to be losing the connection to the database ? > > > BR > > Gary > > > Hello, > > You can use --single-transaction > Option while taking the dump or you can schedule to take dump from a > slave server if you have. > > Regards, > Vivek Kumar > > Gary Dixon > Senior Technical Consultant > T: +44 161 537 4990 > E: *v* <+44%207989717661>ms@quadris‑support.com > W: > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.q > uadris.co.uk%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cc0e6e3c68e > 4149de9c5308dae295e6b3%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63 > 8071430711725069%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV > 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=ClDbnphfgf > WJtD37XnVSa2U1n6EQOtTVYBYbUBCsAJc%3D=0 > The information contained in this e-mail from Quadris may be > confidential and privileged for the private use of the named > recipient. The contents of this e-mail may not necessarily represent the > official views of Quadris. > If you have received this information in error you must not copy, > distribute or take any action or reliance on its contents. Please > destroy any hard copies and delete this message. > On Tue, Dec 20, 2022, 7:25 PM Gary Dixon invalid> > wrote: > > > Hi all > > > > > > > > CS v4.15.2 > > > > Hypervisor = KVM > > > > > > > > We have started to experience an issue on a frequent basis where the > > CS mgmt. service is losing the connection to the database and > > believe it is being caused by mysqldumps locking the tables. > > > > Looking at the db.properties file there are tuning parameters : > > > > # CloudStack database tuning parameters > > > > db.cloud.maxActive=250 > > > > db.cloud.maxIdle=30 > > > > db.cloud.maxWait=1 > > > > db.cloud.validationQuery=SELECT 1 > > > > db.cloud.testOnBorrow=true > > > > db.cloud.testWhileIdle=true > > > > db.cloud.timeBetweenEvictionRunsMillis=4 > > > > db.cloud.minEvictableIdleTimeMillis=24 > > > > db.cloud.poolPreparedStatements=false > > > > > > db.cloud.url.params=prepStmtCacheSize=517=true > > nV > > ariables=sql_mode='STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE, > > ER > > ROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION'=UTC > > > > > > > > would changing the ‘maxwait’ value to a higher value stop the mgmt. > > service losing the db connection whilst dumps are taken ? > > > > BR > > > > > > > > Gary > > > > > > > > > > Gary Dixon > > Senior Technical Consultant > > T: +44 161 537 4990 > > E: *v* <+44%207989717661>ms@quadris‑support.com > > W: > > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww > > .q%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cc0e6e3c68e4149de9c > > 5308dae295e6b3%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63807143 > > 0711725069%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luM > > zIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=mt9MlK3EMSW1 > > shNbTq%2B4Z9JseyTJw1Ynah305yJeq4s%3D=0 > > uadris.co.uk%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cc5084879 > > 20 > > c948fa441908dae2949e38%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C > > 63 > > 8071425209591727%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjo > > iV > > 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=SAj0nkOY > > 53 > > 6UUokgQPzXfdGH6Jp2pJ1hxlqA5hAJiwY%3D=0 > > The information contained in this e-mail from Quadris may be > > confidential and privileged for the private use of the named > > recipient. The contents of this e-mail may not necessarily represent > > the > offi
RE: database connection lost
Hi Vivek We are using the --single-transaction flag and --skip-lock-tables flag Could there be something other than mysqldumps causing the cs mgmt. server to be losing the connection to the database ? BR Gary Hello, You can use --single-transaction Option while taking the dump or you can schedule to take dump from a slave server if you have. Regards, Vivek Kumar On Tue, Dec 20, 2022, 7:25 PM Gary Dixon wrote: > Hi all > > > > CS v4.15.2 > > Hypervisor = KVM > > > > We have started to experience an issue on a frequent basis where the > CS mgmt. service is losing the connection to the database and believe > it is being caused by mysqldumps locking the tables. > > Looking at the db.properties file there are tuning parameters : > > # CloudStack database tuning parameters > > db.cloud.maxActive=250 > > db.cloud.maxIdle=30 > > db.cloud.maxWait=1 > > db.cloud.validationQuery=SELECT 1 > > db.cloud.testOnBorrow=true > > db.cloud.testWhileIdle=true > > db.cloud.timeBetweenEvictionRunsMillis=4 > > db.cloud.minEvictableIdleTimeMillis=24 > > db.cloud.poolPreparedStatements=false > > > db.cloud.url.params=prepStmtCacheSize=517=true > ariables=sql_mode='STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ER > ROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION'=UTC > > > > would changing the ‘maxwait’ value to a higher value stop the mgmt. > service losing the db connection whilst dumps are taken ? > > BR > > > > Gary > > > > > Gary Dixon > Senior Technical Consultant > T: +44 161 537 4990 > E: *v* <+44%207989717661>ms@quadris‑support.com > W: > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.q > uadris.co.uk%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cc508487920 > c948fa441908dae2949e38%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63 > 8071425209591727%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV > 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=SAj0nkOY53 > 6UUokgQPzXfdGH6Jp2pJ1hxlqA5hAJiwY%3D=0 > The information contained in this e-mail from Quadris may be > confidential and privileged for the private use of the named > recipient. The contents of this e-mail may not necessarily represent the > official views of Quadris. > If you have received this information in error you must not copy, > distribute or take any action or reliance on its contents. Please > destroy any hard copies and delete this message. > -- This message is intended only for the use of the individual or entity to which it is addressed and may contain confidential and/or privileged information. If you are not the intended recipient, please delete the original message and any copy of it from your computer system. You are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited unless proper authorization has been obtained for such action. If you have received this communication in error, please notify the sender immediately. Although IndiQus attempts to sweep e-mail and attachments for viruses, it does not guarantee that both are virus-free and accepts no liability for any damage sustained as a result of viruses. Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message.
RE: database connection lost
Hi Wei We thought that without locking tables the mysql dumps may be inconsistent ? Hi, You can dump databases without locking tables. -Wei On Tuesday, 20 December 2022, Gary Dixon wrote: > Hi all > > > > CS v4.15.2 > > Hypervisor = KVM > > > > We have started to experience an issue on a frequent basis where the > CS mgmt. service is losing the connection to the database and believe > it is being caused by mysqldumps locking the tables. > > Looking at the db.properties file there are tuning parameters : > > # CloudStack database tuning parameters > > db.cloud.maxActive=250 > > db.cloud.maxIdle=30 > > db.cloud.maxWait=1 > > db.cloud.validationQuery=SELECT 1 > > db.cloud.testOnBorrow=true > > db.cloud.testWhileIdle=true > > db.cloud.timeBetweenEvictionRunsMillis=4 > > db.cloud.minEvictableIdleTimeMillis=24 > > db.cloud.poolPreparedStatements=false > > db.cloud.url.params=prepStmtCacheSize=517=true& > sessionVariables=sql_mode='STRICT_TRANS_TABLES,NO_ZERO_ > IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION > '& > serverTimezone=UTC > > > > would changing the ‘maxwait’ value to a higher value stop the mgmt. > service losing the db connection whilst dumps are taken ? > > BR > > > > Gary > > > > > Gary Dixon > Senior Technical Consultant > T: +44 161 537 4990 > E: *v* <+44%207989717661>ms@quadris‑support.com > W: > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.q > uadris.co.uk%2F=05%7C01%7CGary.Dixon%40quadris.co.uk%7Ccea023f90a > c8411f3f4108dae2930167%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63 > 8071418262847712%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV > 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=4koYUIbCcb > ARylkd5DOg1ZP7gY%2B6YkNyRRjOipuM%2Brw%3D=0 > The information contained in this e-mail from Quadris may be > confidential and privileged for the private use of the named > recipient. The contents of this e-mail may not necessarily represent the > official views of Quadris. > If you have received this information in error you must not copy, > distribute or take any action or reliance on its contents. Please > destroy any hard copies and delete this message. > Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message.
database connection lost
Hi all CS v4.15.2 Hypervisor = KVM We have started to experience an issue on a frequent basis where the CS mgmt. service is losing the connection to the database and believe it is being caused by mysqldumps locking the tables. Looking at the db.properties file there are tuning parameters : # CloudStack database tuning parameters db.cloud.maxActive=250 db.cloud.maxIdle=30 db.cloud.maxWait=1 db.cloud.validationQuery=SELECT 1 db.cloud.testOnBorrow=true db.cloud.testWhileIdle=true db.cloud.timeBetweenEvictionRunsMillis=4 db.cloud.minEvictableIdleTimeMillis=24 db.cloud.poolPreparedStatements=false db.cloud.url.params=prepStmtCacheSize=517=true=sql_mode='STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION'=UTC would changing the 'maxwait' value to a higher value stop the mgmt. service losing the db connection whilst dumps are taken ? BR Gary Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message.
RE: VM instances and RVR cannot communicate with each other when on different hosts
Thanks for the response Andrija Do you have any real world examples of the RVR feature 'breaking' or any further info as to why they are not recommended in a production environment / BR Gary Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: Andrija Panic Sent: 05 December 2022 12:59 To: users@cloudstack.apache.org Subject: Re: VM instances and RVR cannot communicate with each other when on different hosts Hi, RVR is a feature that is known to break from time to time, and is NOT recommended for the Production use, at least that's what we advise your customers to do/avoid doing. However, if 2 VMs can not communicate while on different hosts, but CAN communicate while on the same host - this might indicate VLAN (trunking) misconfiguration on the switches - the VLANs via which those VMs are communicating, has to be trunked to all the hypervisors in your Zone - so that host1 and hostN both can talk over the specific VLAN (here, I'm guessing you are hitting issues with Guest traffic - so check that all your VLANs for Guest traffic are properly trunked on all switch ports to which all of your servers are connected) Best, On Fri, 18 Nov 2022 at 15:08, Gary Dixon wrote: > Hi > > > > I am hoping someone could help with a new Dev Cloudstack system we are > trying to setup based on Ubuntu 20.04 KVM hosts and mgmt. servers with > CS > 4.15.2 and an Adv Zone with VPC’s > > > > We spotted that the RVR’s in the VPC’s are both in the ‘MASTER’ state > indicating that they cannot communicate with each other. Also testing > within a guest VM – it is able to ping another guest VM in the same > network – but only when on the same KVM host. > > If we live migrate one of the VM’s to a different KVM host then the > ping breaks. > > Our guest network is using VXLAN isolation method and all network > labesl in CS are correct. We are trying to setup this Dev system to > match our production system as closely as possible and all networking > works perfectly in the Production system > > > > One thing we have noticed is if we put a KVM host into maintenance > mode – thus destroying all the brvx-xxx interfaces on there and then > bring it back out of maintenance mode and migrate VM’s to it and > Restart the VPC with cleanup enabled – communication between VM’s > cross host works again for a few minutes. The RVR’s go into Master and > Backup status briefly – but then after a few minutes both VR’s go into > ‘MASTER’ state and VM’s cannot ping each other when on different hosts. > > Any pointers/help would be greatly appreciated > > > > BR > > > > Gary > Gary Dixon > Senior Technical Consultant > T: +44 161 537 4990 > E: *v* <+44%207989717661>ms@quadris‑support.com > W: > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.q > uadris.co.uk%2Fdata=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cefdf1f > 0e844d4aee130308dad6c081c2%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0% > 7C638058419553464258%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQI > joiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7Csdata=Fq > bSS%2FHgLkhzM0UTyBY5eH3bepYiwjcvmvIa4%2BWTDds%3Dreserved=0 > The information contained in this e-mail from Quadris may be > confidential and privileged for the private use of the named > recipient. The contents of this e-mail may not necessarily represent the > official views of Quadris. > If you have received this information in error you must not copy, > distribute or take any action or reliance on its contents. Please > destroy any hard copies and delete this message. > -- Andrija Panić
VM instances and RVR cannot communicate with each other when on different hosts
Hi I am hoping someone could help with a new Dev Cloudstack system we are trying to setup based on Ubuntu 20.04 KVM hosts and mgmt. servers with CS 4.15.2 and an Adv Zone with VPC's We spotted that the RVR's in the VPC's are both in the 'MASTER' state indicating that they cannot communicate with each other. Also testing within a guest VM - it is able to ping another guest VM in the same network - but only when on the same KVM host. If we live migrate one of the VM's to a different KVM host then the ping breaks. Our guest network is using VXLAN isolation method and all network labesl in CS are correct. We are trying to setup this Dev system to match our production system as closely as possible and all networking works perfectly in the Production system One thing we have noticed is if we put a KVM host into maintenance mode - thus destroying all the brvx-xxx interfaces on there and then bring it back out of maintenance mode and migrate VM's to it and Restart the VPC with cleanup enabled - communication between VM's cross host works again for a few minutes. The RVR's go into Master and Backup status briefly - but then after a few minutes both VR's go into 'MASTER' state and VM's cannot ping each other when on different hosts. Any pointers/help would be greatly appreciated BR Gary Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message.
RE: Change MAC Address of a NIC
Hi Christian I'm not 100% sure - but you might need to change the policy on the vSwitch in VMWare and set it to allow 'MAC Address Changes' see - https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-942BD3AA-731B-4A05-8196-66F2B4BF1ACB.html Hope this solves your problem BR Gary Gary Dixon Senior Technical Consultant T: +44 161 537 4990 E: v...@quadris-support.com W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: Christian Reichert Sent: 20 September 2022 15:07 To: 'users@cloudstack.apache.org' Subject: AW: Change MAC Address of a NIC Hi, the json looks fine, the mac is the correct one. I think it is a vmware problem we will dig into this now. Thanks, Christian -Ursprüngliche Nachricht- Von: Udo Müller [mailto:i...@cs-ol.de] Gesendet: Dienstag, 20. September 2022 12:18 An: users@cloudstack.apache.org Betreff: Re: Change MAC Address of a NIC No idea tbh. We are using CS with KVM only and there it works like a charm. Do younhave the possibility to debug the communcation received by the agent? It receives a json from the manager with all the information how to create the machine. The mac should be included. Gruß Udo > Am 20.09.2022 um 11:52 schrieb Christian Reichert > : > > Hi Udo, > > thanks for the feedback, I changed the MAC in the nics mysql tabell and the > MAC is set correct in vmware. > When I boot the VM, it is reachable but after a shutdown and start it is not > reachable any more. Then I edit the nic in vmware (just a save) and start the > VM it is reachable again. > Any idea? > > Regards, > > Christian > > > -Ursprüngliche Nachricht- > Von: Udo Müller [mailto:i...@cs-ol.de] > Gesendet: Montag, 19. September 2022 20:04 > An: users@cloudstack.apache.org > Betreff: Re: Change MAC Address of a NIC > > Hi, > > We use the mysql cli for that. Find out the id of the vm and run an update > command on table nics. > Stop and start the vm afterwards since the new mac address is not changed on > the fly. > > Regards Udo > >> Am 19.09.2022 um 20:26 schrieb Christian Reichert >> : >> >> >> Hello, >> >> I need to change the MAC Address of a NIC, what is the best way to do it? >> I found no option on the UI. >> >> Thanks and Regards, >> >> Christian
RVR
Hi all Quick Question Can anyone tell me if Redundant Virtual Routers have anti-host affinity built into it by default as there seems to be no way to set anti-host affinity rules for RVR's BR Gary Gary Dixon Senior Technical Consultant T: 0161 537 4980 W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message.
RE: Setting UI timeout
Hi Joshua You will need to edit the /etc/cloudstack/management/server.properties file on both mgmt. servers and set the "session.timeout" value to 60 and restart the cloudstack management service on both servers for the setting to take effect BR Gary Gary Dixon Senior Technical Consultant T: 0161 537 4980 W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: Joshua Schaeffer Sent: 30 August 2022 17:03 To: users@cloudstack.apache.org Subject: Setting UI timeout Running ACS 4.15.1.0 Are these instructions still valid for setting the UI timeout: https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcwiki.apache.org%2Fconfluence%2Fdisplay%2FCLOUDSTACK%2FIncrease%2Bthe%2BTimeout%2Bof%2Bthe%2BCloudStack%2BManagement%2BGUIdata=05%7C01%7CGary.Dixon%40quadris.co.uk%7C37ab0befe0d949a84f8e08da8aa11512%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C637974721715986559%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7Csdata=SJ4ZeZdda4wd9hMPPpZfZE8wL5dLryuykq2Zejp5mtA%3Dreserved=0 I edited my web.xml file on both management servers, set the value to 60 minutes, and restarted the services but the UI is still timing out after 30 minutes (the default I assume). What is the correct way to edit the UI's timeout? -- Thanks, Joshua Schaeffer
default virtual router HA behavior
HI all We have a situation where our ACS mgmt. server is in one site and communicates with Ubuntu KVM hosts in other sites over a VPN. We see that if the VPN is interrupted briefly – virtual routers spawn on 2 KVM hosts which in turn corrupts the VR and it needs to be rebuilt. Is there any detailed documentation on how exactly HA works in Cloudstack at the virtual machine level ? BR Gary Gary Dixon Senior Technical Consultant T: 0161 537 4980 W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message.
RE: system vms
Hi Andrey It is my understanding that the system VM's are assigned the 1st available IP address from the IP address range that you assigned to the Pod when you created the Pod BR Gary Gary Dixon Senior Technical Consultant T: 0161 537 4980 W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: Andrey Smirnov Sent: 16 August 2022 18:42 To: users@cloudstack.apache.org Subject: system vms Hi, Could anyone help with this question? Which IP address space should be used for system VMs for a zone -- I cannot find any documentation related to storage VMs networking, they start with two sets of IP addresses -- private and not private -- but I cannot find any references -- how Cloudstack decides which IP network to use for what and what kind of communications is expected between storage/console VMs, management servers and KVM hosts. Sincerely Andrey
RE: VR for VPC won't start anymore
Hi Christopher My values show : size=262144 physical size=375471104 and this is for a 4.15.1 systemVM template BR Gary Gary Dixon Senior Technical Consultant T: 0161 537 4980 W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: vas...@gmx.de Sent: 04 August 2022 09:40 To: users@cloudstack.apache.org; Wei ZHOU Subject: Re: VR for VPC won't start anymore I forgot to ask - might anyone take a quick look into the database and can give a hind if the fields are indeed "filled" with values (template_store_res.size / template_store_res.physical_size)? Another question for understanding would be the difference of the values - physical size is the actual amount of data on a datasystemlevel - but what represents the value of "size"? Regards, Christopher Am Mi., 3. Aug. 2022 um 23:14 Uhr schrieb vas...@gmx.de : > Wei, seems like you are heading twards the right direction - like always. > > i took a look into the "template_store_res" table... and guess: There > is a entry for the current systemvmtemplate-4.16.1. How ever: The > field for "size" ist "null" and "physical_size" is "0". > > Might this be the reason for the " java.lang.NullPointerException" ? > > Regards, > Chris > > Am Mi., 3. Aug. 2022 um 21:56 Uhr schrieb Wei ZHOU > >: > >> It looks there is no entry in template_store_ref table for the >> systemvm template >> >> -Wei >> >> On Wed, 3 Aug 2022 at 21:43, vas...@gmx.de wrote: >> >> > Hi everyone, >> > >> > faceing currently some challanges regarding my network >> > configuration in >> CS >> > 4.16.1. >> > >> > Setup: >> > VPC with redundant routers and some tiers as well as an private gateway. >> > >> > Today i wanted to restart the whole VPC - sadly only one vrouter >> > "survived" Currently i can't depoly any networks in or outside >> > the VPC. Also the second router shall be delployed but keeps in the >> > stopped state. >> > I really dont have a clue where to look at first... >> > >> > here the logfile from the Management-Server: >> > >> > 2022-08-03 20:35:48,768 DEBUG [c.c.n.r.NetworkHelperImpl] >> > (API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) >> (logid:6b6b9867) >> > Allocating the VR with id=74 in datacenter Zone {"id": "1", "name": >> > "xx", "uuid": "48e2e928-3300-43b5-8e3a-d> >> > 2022-08-03 20:35:48,776 DEBUG [c.c.n.r.NetworkHelperImpl] >> > (API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) >> (logid:6b6b9867) >> > Adding nic for Virtual Router in Control network >> > 2022-08-03 20:35:48,781 DEBUG [o.a.c.e.o.NetworkOrchestrator] >> > (API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) >> (logid:6b6b9867) >> > Found existing network configuration for offering [Network Offering >> > [3-Control-System-Control-Network]: Ntwk[202|> >> > 2022-08-03 20:35:48,781 DEBUG [o.a.c.e.o.NetworkOrchestrator] >> > (API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) >> (logid:6b6b9867) >> > Releasing lock for >> > Acct[60bddbd5-1d8a-11ec-83ce-525400c9c662-system] -- Account {"id": >> > 1, "name": "system", "uuid> >> > 2022-08-03 20:35:48,785 DEBUG [c.c.n.r.NetworkHelperImpl] >> > (API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) >> (logid:6b6b9867) >> > Adding nic for Virtual Router in Public network >> > 2022-08-03 20:35:48,789 DEBUG [o.a.c.e.o.NetworkOrchestrator] >> > (API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) >> (logid:6b6b9867) >> > Found existing network configuration for offering [Network Offering >> > [1-Public-System-Public-Network]: Ntwk[200|Pu> >> > 2022-08-03 20:35:48,789 DEBUG [o.a.c.e.o.NetworkOrchestrator] >> > (API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) >> (logid:6b6b9867) >> > Releasing lock for >> > Acct[60bddbd5-1d8a-11ec-83ce-525400c9c662-system] -- Account {"id": >> > 1, "name": "system", "uuid> >> > 2022-08-03 20:35:48,793 I
RE: CPVM VNC clipboard character mapping
Hi This is still an issue - The VM is set to UK keyboard in the settings. Specifically, it is an issue with the CPVM vnc clipboard functionality that is mapping the UK keyboard to US I can type in an open document on the VM with no issues and characters typed on a UK keyboard are correctly mapped- but if I use the vnc clipboard UK character keys such as #, @, " , £ etc are mapped incorrectly when pasted into the document and are converted to the us equivalent keys. BR Gary Gary Dixon Technical Consultant T: 0161 537 4980 W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: Pearl d'Silva Sent: 27 July 2022 17:56 To: users@cloudstack.apache.org Subject: Re: CPVM VNC clipboard character mapping Hi Gary, Can you please check the specific VM's settings - specifically the keyboard setting. If it is pointing to 'us' change it to 'uk'. This would however require you to first shutdown the VM. Regards, Pearl From: Gary Dixon Sent: Wednesday, July 27, 2022 8:42 PM To: users@cloudstack.apache.org Subject: FW: CPVM VNC clipboard character mapping Hi Has anyone seen this behaviour before ? Gary Dixon Technical Consultant T: 0161 537 4980 W: https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.quadris.co.uk%2Fdata=05%7C01%7CGary.Dixon%40quadris.co.uk%7C98842a457bc641ee5ea008da6ff1043f%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C637945378205522033%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7Csdata=uq%2FCEsvaOm2GDykMV8J8Ew0uowlc3AePR5wJnoniV%2Fs%3Dreserved=0 [cid:image144474.png@F5DAB9C0.A4AE5009] The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. From: Gary Dixon Sent: 26 July 2022 08:57 To: users@cloudstack.apache.org Subject: CPVM VNC clipboard character mapping Hi everyone I’m sure this must have been raised before but I am struggling to find any recent documentation for this issue. We have ACS 4.15.2 on Ubuntu 20.04 for mgmt. and KVM hosts and I am seeing an issue where if I use the console proxy VNC viewer on any of my Windows based instances – certain characters are mapped incorrectly For example if I put the following characters into the clipboard : “@| And then ‘send’ them into a notepad file on the guest – they map to the following characters : @”# However if I type the characters directly into the open notepad file on the guest – they do type correctly. So it appears that the console proxy VNC viewer clipboard is translating the characters as ‘US’ keyboard rather than ‘UK’ keyboard. I have been reading this thread about CPVM non US keyboard support but it seems out of date now : https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcwiki.apache.org%2Fconfluence%2Fdisplay%2FCLOUDSTACK%2FSupport%2Bfor%2Bnon-US%2Bkeyboards%2Bin%2BConsole%2BProxydata=05%7C01%7CGary.Dixon%40quadris.co.uk%7C98842a457bc641ee5ea008da6ff1043f%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C637945378205522033%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7Csdata=iHUyeJRtae3KFo2L6V0IaZAkgNm8GXXXOZWVuGY7zgE%3Dreserved=0<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcwiki.apache.org%2Fconfluence%2Fdisplay%2FCLOUDSTACK%2FSupport%2Bfor%2Bnon-US%2Bkeyboards%2Bin%2BConsole%2BProxydata=05%7C01%7CGary.Dixon%40quadris.co.uk%7C98842a457bc641ee5ea008da6ff1043f%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C637945378205522033%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7Csdata=iHUyeJRtae3KFo2L6V0IaZAkgNm8GXXXOZWVuGY7zgE%3Dreserved=0> I’m sure there will be a straight forward fix for this issue – as at the mment we have to be careful about what characters we use in passwords – etc as they currently are pasting incorrectly using the vnc viewer clipboard. Any advice would be greatly appreciated BR Gary Dixon Technical Consultant T: 0161 537 4980 W: https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.quadris.co.uk%2Fdata=05%7C01%7CGary.Dixon%40quadris.co.uk%7C98842a457bc641ee5ea008da6ff1043f%7Cf1d6abf3d3b44894ae16db0fb93a9
FW: CPVM VNC clipboard character mapping
Hi Has anyone seen this behaviour before ? Gary Dixon Technical Consultant T: 0161 537 4980 W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. From: Gary Dixon Sent: 26 July 2022 08:57 To: users@cloudstack.apache.org Subject: CPVM VNC clipboard character mapping Hi everyone I’m sure this must have been raised before but I am struggling to find any recent documentation for this issue. We have ACS 4.15.2 on Ubuntu 20.04 for mgmt. and KVM hosts and I am seeing an issue where if I use the console proxy VNC viewer on any of my Windows based instances – certain characters are mapped incorrectly For example if I put the following characters into the clipboard : “@| And then ‘send’ them into a notepad file on the guest – they map to the following characters : @”# However if I type the characters directly into the open notepad file on the guest – they do type correctly. So it appears that the console proxy VNC viewer clipboard is translating the characters as ‘US’ keyboard rather than ‘UK’ keyboard. I have been reading this thread about CPVM non US keyboard support but it seems out of date now : https://cwiki.apache.org/confluence/display/CLOUDSTACK/Support+for+non-US+keyboards+in+Console+Proxy<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcwiki.apache.org%2Fconfluence%2Fdisplay%2FCLOUDSTACK%2FSupport%2Bfor%2Bnon-US%2Bkeyboards%2Bin%2BConsole%2BProxy=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cc9a9cc7a70374ab7390308da6edc6913%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C1%7C637944190181732004%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=Oliclbrw8Vnoeuwx9wdS1V9L91T8tifau58YMq6ROUA%3D=0> I’m sure there will be a straight forward fix for this issue – as at the mment we have to be careful about what characters we use in passwords – etc as they currently are pasting incorrectly using the vnc viewer clipboard. Any advice would be greatly appreciated BR Gary Dixon Technical Consultant T: 0161 537 4980 W: www.quadris.co.uk<http://www.quadris.co.uk> [cid:image001.png@01D8A0CC.EBEFE650] The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message.
CPVM VNC clipboard character mapping
Hi everyone I’m sure this must have been raised before but I am struggling to find any recent documentation for this issue. We have ACS 4.15.2 on Ubuntu 20.04 for mgmt. and KVM hosts and I am seeing an issue where if I use the console proxy VNC viewer on any of my Windows based instances – certain characters are mapped incorrectly For example if I put the following characters into the clipboard : “@| And then ‘send’ them into a notepad file on the guest – they map to the following characters : @”# However if I type the characters directly into the open notepad file on the guest – they do type correctly. So it appears that the console proxy VNC viewer clipboard is translating the characters as ‘US’ keyboard rather than ‘UK’ keyboard. I have been reading this thread about CPVM non US keyboard support but it seems out of date now : https://cwiki.apache.org/confluence/display/CLOUDSTACK/Support+for+non-US+keyboards+in+Console+Proxy I’m sure there will be a straight forward fix for this issue – as at the mment we have to be careful about what characters we use in passwords – etc as they currently are pasting incorrectly using the vnc viewer clipboard. Any advice would be greatly appreciated BR Gary Dixon Technical Consultant T: 0161 537 4980 W: www.quadris.co.uk [cid:image001.png@01D8A0CC.EBEFE650] The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message.
RE: Intrusion Detection in ACS
Hi Hean I have been told by my network team that this will not be possible as the guest traffic is encapsulated in VXLAN and the Nexus switches are either not capable of reading the traffic or don't have the appropriate licensed feature BR Gary Gary Dixon Technical Consultant T: 0161 537 4980 W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. Original Message- From: Hean Seng Sent: 21 July 2022 18:41 To: users@cloudstack.apache.org Subject: Re: Intrusion Detection in ACS Hi You should do port mirroring at your Switch or Router , instead of Cloud Node . On Fri, Jul 22, 2022 at 12:20 AM Gary Dixon wrote: > > > Hi All > > > > ACS 4.15.2 > > Hypervisor: KVM > > HyperVisor OS: Ubuntu 20.04 > > > > I have been tasked with providing an Intrusion Detection solution for > our Cloud customers. Our ACS guest traffic isolation utilises VXLAN > and so I have been advised that we cannot implement port mirroring at > the physical switch layer. > > I have been looking at port mirroring at the KVM host level with > setting up ingess/egress qdiscs with TC filters to port mirror the > guest traffic along a gretap tunnel to the IDS appliance (which is > hosted on another platform). So far this seems to mostly work. > > > > I’m wondering if this is a viable way of implementing IDS ? As for > automating the process could this be done as a Cloudstack custom > plugin or would this have to be automated externally to cloudstack. > Trying to research into this has been challenging to say the least. I > would really appreciate if any of you have any pointers or let me know > if I am barking up the wrong tree. > > > > Best regards > > > > *Gary Dixon***** > > Technical Consultant > > T: 0161 537 4980 <0161%20537%204980> > > W: > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.q > uadris.co.uk%2Fdata=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cb1bde5 > a9f2464695d0d008da6b4043cf%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0% > 7C637940220999265387%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQI > joiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7Csdata=Zm > ZGhWBUC8fd9IdDkw%2BadSk1rdV6a7ji8mtVjjeN8RQ%3Dreserved=0 > > *The information contained in this e-mail from Quadris may be > confidential and privileged for the private use of the named > recipient. The contents of this e-mail may not necessarily represent the > official views of Quadris. > If you have received this information in error you must not copy, > distribute or take any action or reliance on its contents. Please > destroy any hard copies and delete this message.* > > > -- Regards, Hean Seng
Intrusion Detection in ACS
Hi All ACS 4.15.2 Hypervisor: KVM HyperVisor OS: Ubuntu 20.04 I have been tasked with providing an Intrusion Detection solution for our Cloud customers. Our ACS guest traffic isolation utilises VXLAN and so I have been advised that we cannot implement port mirroring at the physical switch layer. I have been looking at port mirroring at the KVM host level with setting up ingess/egress qdiscs with TC filters to port mirror the guest traffic along a gretap tunnel to the IDS appliance (which is hosted on another platform). So far this seems to mostly work. I’m wondering if this is a viable way of implementing IDS ? As for automating the process could this be done as a Cloudstack custom plugin or would this have to be automated externally to cloudstack. Trying to research into this has been challenging to say the least. I would really appreciate if any of you have any pointers or let me know if I am barking up the wrong tree. Best regards Gary Dixon Technical Consultant T: 0161 537 4980 W: www.quadris.co.uk [cid:image001.png@01D89D25.6C8E3740] The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message.
RE: Virtual Router filesystem corruption
I think we have got to the bottom of this : Last week we had a firewall issue that was preventing the mgmt. server from seeing the secondary storage so the heartbeat HA was lost. This appears to be what was causing the duplicate, orphaned instances. The firewall issues were fixed. Force stopping a duplicated instance from within ACS and then checking which KVM host was still running the VM allowed us to then manually destroy the still running instance on the host with virsh destroy command We could then start the instance from within ACS and this now seems to be running OK Gary Dixon Technical Consultant T: 0161 537 4980 W: www.quadris.co.uk [cid:image001.png@01D89CFA.907E4120] The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. From: Gary Dixon Sent: 21 July 2022 10:02 To: users@cloudstack.apache.org Subject: RE: Virtual Router filesystem corruption Storpool have looked into it and have determined that 'fencing' is causing the corruption - we are seeing VM instances running on 2 hosts - here is a log excerpt : Jul 16 12:37:04 server25311 java[962152]: INFO [c.c.h.HighAvailabilityManagerImpl] (HA-Worker-1:ctx-eb111af1 work-670) (logid:07a47ffd) Ovm3Investigator could not find VM[User|i-2-393-VM] Jul 16 12:37:04 server25311 java[962152]: DEBUG [c.c.h.HighAvailabilityManagerImpl] (HA-Worker-1:ctx-eb111af1 work-670) (logid:07a47ffd) Fencing off VM that we don't know the state of Jul 16 12:37:04 server25311 java[962152]: DEBUG [c.c.o.h.OvmFencer] (HA-Worker-1:ctx-eb111af1 work-670) (logid:07a47ffd) Don't know how to fence non Ovm hosts KVM Jul 16 12:37:04 server25311 java[962152]: INFO [c.c.h.HighAvailabilityManagerImpl] (HA-Worker-1:ctx-eb111af1 work-670) (logid:07a47ffd) Fencer OvmFenceBuilder returned null Jul 16 12:37:04 server25311 java[962152]: DEBUG [c.c.h.o.r.Ovm3FenceBuilder] (HA-Worker-1:ctx-eb111af1 work-670) (logid:07a47ffd) Don't know how to fence non Ovm3 hosts KVM Jul 16 12:37:04 server25311 java[962152]: INFO [c.c.h.HighAvailabilityManagerImpl] (HA-Worker-1:ctx-eb111af1 work-670) (logid:07a47ffd) Fencer Ovm3FenceBuilder returned null Jul 16 12:37:04 server25311 java[962152]: DEBUG [c.c.h.ManagementIPSystemVMInvestigator] (HA-Worker-2:ctx-f405f7dd work-669) (logid:5cd9b357) Unable to find a management nic, cannot ping this system VM, unable to determine state of VM[User|i-2-393-VM] returning null Jul 16 12:37:04 server25311 java[962152]: INFO [c.c.h.HighAvailabilityManagerImpl] (HA-Worker-2:ctx-f405f7dd work-669) (logid:5cd9b357) ManagementIPSysVMInvestigator could not find VM[User|i-2-393-VM] Jul 16 12:37:04 server25311 java[962152]: DEBUG [c.c.h.Ovm3Investigator] (HA-Worker-2:ctx-f405f7dd work-669) (logid:5cd9b357) isVmAlive: CTXDC02 on qcloud-s1-p1-c1-kvm3 Jul 16 12:37:04 server25311 java[962152]: INFO [c.c.h.HighAvailabilityManagerImpl] (HA-Worker-2:ctx-f405f7dd work-669) (logid:5cd9b357) Ovm3Investigator could not find VM[User|i-2-393-VM] Jul 16 12:37:04 server25311 java[962152]: DEBUG [c.c.h.HighAvailabilityManagerImpl] (HA-Worker-2:ctx-f405f7dd work-669) (logid:5cd9b357) Fencing off VM that we don't know the state of Jul 16 12:37:04 server25311 java[962152]: DEBUG [c.c.o.h.OvmFencer] (HA-Worker-2:ctx-f405f7dd work-669) (logid:5cd9b357) Don't know how to fence non Ovm hosts KVM Jul 16 12:37:04 server25311 java[962152]: INFO [c.c.h.HighAvailabilityManagerImpl] (HA-Worker-2:ctx-f405f7dd work-669) (logid:5cd9b357) Fencer OvmFenceBuilder returned null Jul 16 12:37:04 server25311 java[962152]: DEBUG [c.c.h.o.r.Ovm3FenceBuilder] (HA-Worker-2:ctx-f405f7dd work-669) (logid:5cd9b357) Don't know how to fence non Ovm3 hosts KVM Jul 16 12:37:04 server25311 java[962152]: INFO [c.c.h.HighAvailabilityManagerImpl] (HA-Worker-2:ctx-f405f7dd work-669) (logid:5cd9b357) Fencer Ovm3FenceBuilder returned null Gary Dixon Technical Consultant T: 0161 537 4980 W: www.quadris.co.uk<http://www.quadris.co.uk> [cid:image505801.png@7B8C6647.B971A4D9] The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: Simon Weller mailto:swel...@ena.com.INVALID>> Sent: 20 July 2022 22:10 To: users@cloudstack.apache.org<mailto:users@cloudstack.apache.org> Subject: Re: Virtual Router filesystem corruption Gary, No prob wit
RE: Virtual Router filesystem corruption
Storpool have looked into it and have determined that 'fencing' is causing the corruption - we are seeing VM instances running on 2 hosts - here is a log excerpt : Jul 16 12:37:04 server25311 java[962152]: INFO [c.c.h.HighAvailabilityManagerImpl] (HA-Worker-1:ctx-eb111af1 work-670) (logid:07a47ffd) Ovm3Investigator could not find VM[User|i-2-393-VM] Jul 16 12:37:04 server25311 java[962152]: DEBUG [c.c.h.HighAvailabilityManagerImpl] (HA-Worker-1:ctx-eb111af1 work-670) (logid:07a47ffd) Fencing off VM that we don't know the state of Jul 16 12:37:04 server25311 java[962152]: DEBUG [c.c.o.h.OvmFencer] (HA-Worker-1:ctx-eb111af1 work-670) (logid:07a47ffd) Don't know how to fence non Ovm hosts KVM Jul 16 12:37:04 server25311 java[962152]: INFO [c.c.h.HighAvailabilityManagerImpl] (HA-Worker-1:ctx-eb111af1 work-670) (logid:07a47ffd) Fencer OvmFenceBuilder returned null Jul 16 12:37:04 server25311 java[962152]: DEBUG [c.c.h.o.r.Ovm3FenceBuilder] (HA-Worker-1:ctx-eb111af1 work-670) (logid:07a47ffd) Don't know how to fence non Ovm3 hosts KVM Jul 16 12:37:04 server25311 java[962152]: INFO [c.c.h.HighAvailabilityManagerImpl] (HA-Worker-1:ctx-eb111af1 work-670) (logid:07a47ffd) Fencer Ovm3FenceBuilder returned null Jul 16 12:37:04 server25311 java[962152]: DEBUG [c.c.h.ManagementIPSystemVMInvestigator] (HA-Worker-2:ctx-f405f7dd work-669) (logid:5cd9b357) Unable to find a management nic, cannot ping this system VM, unable to determine state of VM[User|i-2-393-VM] returning null Jul 16 12:37:04 server25311 java[962152]: INFO [c.c.h.HighAvailabilityManagerImpl] (HA-Worker-2:ctx-f405f7dd work-669) (logid:5cd9b357) ManagementIPSysVMInvestigator could not find VM[User|i-2-393-VM] Jul 16 12:37:04 server25311 java[962152]: DEBUG [c.c.h.Ovm3Investigator] (HA-Worker-2:ctx-f405f7dd work-669) (logid:5cd9b357) isVmAlive: CTXDC02 on qcloud-s1-p1-c1-kvm3 Jul 16 12:37:04 server25311 java[962152]: INFO [c.c.h.HighAvailabilityManagerImpl] (HA-Worker-2:ctx-f405f7dd work-669) (logid:5cd9b357) Ovm3Investigator could not find VM[User|i-2-393-VM] Jul 16 12:37:04 server25311 java[962152]: DEBUG [c.c.h.HighAvailabilityManagerImpl] (HA-Worker-2:ctx-f405f7dd work-669) (logid:5cd9b357) Fencing off VM that we don't know the state of Jul 16 12:37:04 server25311 java[962152]: DEBUG [c.c.o.h.OvmFencer] (HA-Worker-2:ctx-f405f7dd work-669) (logid:5cd9b357) Don't know how to fence non Ovm hosts KVM Jul 16 12:37:04 server25311 java[962152]: INFO [c.c.h.HighAvailabilityManagerImpl] (HA-Worker-2:ctx-f405f7dd work-669) (logid:5cd9b357) Fencer OvmFenceBuilder returned null Jul 16 12:37:04 server25311 java[962152]: DEBUG [c.c.h.o.r.Ovm3FenceBuilder] (HA-Worker-2:ctx-f405f7dd work-669) (logid:5cd9b357) Don't know how to fence non Ovm3 hosts KVM Jul 16 12:37:04 server25311 java[962152]: INFO [c.c.h.HighAvailabilityManagerImpl] (HA-Worker-2:ctx-f405f7dd work-669) (logid:5cd9b357) Fencer Ovm3FenceBuilder returned null Gary Dixon Technical Consultant T: 0161 537 4980 W: www.quadris.co.uk The information contained in this e-mail from Quadris may be confidential and privileged for the private use of the named recipient. The contents of this e-mail may not necessarily represent the official views of Quadris. If you have received this information in error you must not copy, distribute or take any action or reliance on its contents. Please destroy any hard copies and delete this message. -Original Message- From: Simon Weller Sent: 20 July 2022 22:10 To: users@cloudstack.apache.org Subject: Re: Virtual Router filesystem corruption Gary, No prob with the info, thanks for providing it. Since you're using Storpool, I'd suggest you reach out to them on this directly and see whether they have any information that could be helpful. There was an issue a while ago (Storpool actually reported it) where a kernel commit introduced a bug that caused file corruption. That was back in about 2018 - https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fstorpool.com%2Fblog%2Fbeware-silent-data-corruption-discovered-in-linux-kernels-4-10-4-17%2Fdata=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cece461d8f261463ed2b408da6a9433b7%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C637939481997555790%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7Csdata=yajiRaYix9u2mhCLVnG9%2FDQHcS9tSPNuhzORVgTEBQ4%3Dreserved=0 I believe ACS 4.15.x uses Debian 10.5 (Buster) for the VR images (dates to August 2020), That release is based on kernel 4.19.0-10. -Si From: Gary Dixon Sent: Wednesday, July 20, 2022 3:00 PM To: users@cloudstack.apache.org Subject: Re: Virtual Router filesystem corruption EXTERNAL EMAIL: This message originated outside of ENA. Use caution when clicking links, opening attachments, or complying with requests. Click the "Phish Alert Report" button above the email, or contact MIS, regarding any suspicio