ACS with local disks

2021-12-17 Thread Yordan Kostov 
Hey everyone,

I am exploring a design based on ACS + XCP-NG with nodes that 
have local disks. Roughly around 50 nodes.
In this case local storage is just local - no SDS solutions 
whatsoever.
Are there any cons that I should have in mind?

Best regards,
Jordan

RE: usage server data collection

2021-11-09 Thread Yordan Kostov 
I do enabled the configs some time ago and rebooted the server but from a brief 
check now it seems none of those data types (4,5,21,22,23,24) are collected.

Regards,
Jordan

-Original Message-
From: Matheus Fontes  
Sent: Tuesday, November 9, 2021 4:44 PM
To: users 
Subject: Re: usage server data collection

Hi,
did you solve this?
I have same issue here, all usage network bytes sent/receive (type 4 and 5) are 
not reported by usage.
All networks are "Isolated Network"

router.stats.interval=300




> On 22 Oct 2021, at 09:07, Yordan Kostov  wrote:
> 
> Thank you Wei,
> 
>   Configurations are now enabled .
> 
> Regards,
> Jordan
> 
> -Original Message-
> From: Wei ZHOU 
> Sent: Friday, October 22, 2021 2:01 PM
> To: users 
> Subject: Re: usage server data collection
> 
> 
> [X] This message came from outside your organization
> 
> 
> Hi Jordan,
> 
> Please check some global settings
> 
> router.stats.interval  (for isolated networks) 
> vm.network.stats.interval  and vm.network.stats.interval.min (for 
> shared
> networks)
> vm.disk.stats.interval and vm.disk.stats.interval.min (for disk I/O)
> 
> -Wei
> 
> 
> On Fri, 22 Oct 2021 at 12:25, Yordan Kostov  wrote:
> 
>> Dear all,
>> 
>>As I am poking around the usage server trying report 
>> queries I noticed that for some usage types there is no data collected.
>>For example:
>> 
>>  *   nothing is collected for VM disks I/O usage (21,22,23,24).
>>  *   Nothing is collected for network usage bytes sent/received (4,5)
>> 
>> I assume some data availability may be dependent on the hypervisor 
>> that is used.
>> Is there some paper describing which metrics can be collected and 
>> which not?
>> 
>> Environment is ACS 4.15.2 + XCP-NG 8.2.
>> 
>>No Errors or Warns in usage.log. All looks fine.
>> 
>> Regards,
>> Jordan
>> 
>> 
>> 


11!

RE: ssh key pairs not working for ubuntu VM

2021-11-04 Thread Yordan Kostov 
If you prefer cloud-init you can use this guide -> 
http://qa.cloudstack.cloud/docs/WIP-PROOFING/pr/215/adminguide/templates/_cloud_init.html

Best regards,
Jordan 

-Original Message-
From: Darren Cole  
Sent: Wednesday, November 3, 2021 8:29 PM
To: users 
Subject: Re: ssh key pairs not working for ubuntu VM


[X] This message came from outside your organization


I've gotten templates Ubuntu 20.04 (and 18.04) built for my Cloudstack clusters.
The iso out of the box didn't work, or at least required me to access the 
console to get the initial install done.

I have a two step process I've described before, and am still waiting on 
approval for some ansible I wrote to push it to a public repo.
Create a very basic template with ssh and a known password.
I call this a stepping stone template and is only used by admins to create the 
templates users actually use.
Then I spin up an instance from that template and run my ansible against it.
Once the instance shuts down I manually create a template from it.

That ansible has a few steps:
  Get su or sudo configured enough for the rest of the play to run
  install a minimal set of required/desired packages (rsyslog on Centos, tar, 
zip, etc).
  install and configure required cloud-init packages, make sure 
cloud-utils-growpart is install on RedHat systems
  cleanup package caches
  template over the final script that does the final cleanup.
  run the final scripts async from the ansible and disconnect.
The script does a few things
  sleep for a bit to make sure the ansible disconnects
  delete and remove sudoers files for users
  lock the root password
  remove cloud-init logs
  reset cloud-init (cloud-init clean)
  remove ssh host keys
  remove the script itself
  shutdown -P now

I found -P more reliably powers off the instance than -H.
Eventually I intend to automate making the template instead of manual steps in 
the webconsole.

Darren
--
This e-mail is confidential. Any distribution, use or copying of this e-mail or 
the information it contains other than by the intended recipient is forbidden. 
If you are not the intended recipient, please advise the sender (by return 
e-mail or otherwise) immediately and delete this e-mail.

- Original Message -
From: "Peter Stine" 
To: "users" 
Sent: Tuesday, November 2, 2021 12:50:21 PM
Subject: ssh key pairs not working for ubuntu VM

Hello all,

I have been attempting to get a SSH key pair to be set on a VM template using 
Ubuntu server 20.04 (I downloaded the iso from the Ubuntu website, then created 
a VM from it.), but I do not seem to be able to get it work. My VMs are running 
with kvm as the hypervisor.

I have been following this guide: 
https://urldefense.com/v3/__http://docs.cloudstack.apache.org/en/latest/adminguide/templates.html*uploading-templates-from-a-remote-http-server__;Iw!!A6UyJA!xw2NyLYQBA44F2FBRGsd45yq24Gk2nc6nWulaz8TXyFlF8GS4zM-7YNwIO70yOpo30VSh3JGkswu$
  but when I follow all the steps, I cannot login to the machine anymore.

Are there any official ubuntu templates that have this ssh and password change 
ability baked in? Or is there something else that I should try?

Thanks!
Peter

SSVM ntps do not take custom config

2021-10-28 Thread Yordan Kostov 
Dear all,

ACS 4.15.2 + XCP-NG + Template 4.15.1.
Trying to change default  SSVM NTPs to internal ones.
Edit ACS parameter ntp.server.list, rebooted ACS and SSVMs but 
NTPs stay the same.

Same issue was experienced on 4.15.0 + template 4.15.0 with the 
following github issue opened https://github.com/apache/cloudstack/pull/5160
Any idea why change is not applied?

Regards,
Jordan

RE: usage server data collection

2021-10-22 Thread Yordan Kostov 
Thank you Wei,

Configurations are now enabled .

Regards,
Jordan

-Original Message-
From: Wei ZHOU  
Sent: Friday, October 22, 2021 2:01 PM
To: users 
Subject: Re: usage server data collection


[X] This message came from outside your organization


Hi Jordan,

Please check some global settings

router.stats.interval  (for isolated networks) vm.network.stats.interval  and 
vm.network.stats.interval.min (for shared
networks)
vm.disk.stats.interval and vm.disk.stats.interval.min (for disk I/O)

-Wei


On Fri, 22 Oct 2021 at 12:25, Yordan Kostov  wrote:

> Dear all,
>
> As I am poking around the usage server trying report 
> queries I noticed that for some usage types there is no data collected.
> For example:
>
>   *   nothing is collected for VM disks I/O usage (21,22,23,24).
>   *   Nothing is collected for network usage bytes sent/received (4,5)
>
> I assume some data availability may be dependent on the hypervisor 
> that is used.
> Is there some paper describing which metrics can be collected and 
> which not?
>
> Environment is ACS 4.15.2 + XCP-NG 8.2.
>
> No Errors or Warns in usage.log. All looks fine.
>
> Regards,
> Jordan
>
>
>

usage server data collection

2021-10-22 Thread Yordan Kostov 
Dear all,

As I am poking around the usage server trying report queries I 
noticed that for some usage types there is no data collected.
For example:

  *   nothing is collected for VM disks I/O usage (21,22,23,24).
  *   Nothing is collected for network usage bytes sent/received (4,5)

I assume some data availability may be dependent on the hypervisor that is used.
Is there some paper describing which metrics can be collected and which not?

Environment is ACS 4.15.2 + XCP-NG 8.2.

No Errors or Warns in usage.log. All looks fine.

Regards,
Jordan

RE: Size of the snapshots volume

2021-10-21 Thread Yordan Kostov 
You are correct.
Snapshots remain visible in the GUI and can be removed.

Thanks, that explains it.

Best Regards,
Jordan 

-Original Message-
From: Slavka Peleva  
Sent: Thursday, October 21, 2021 3:42 PM
To: users@cloudstack.apache.org
Subject: Re: Size of the snapshots volume


[X] This message came from outside your organization


Unfortunately, I'm not familiar with XCP-NG. I rechecked your steps, and there 
isn't a call to delete a volume snapshot. I think that destroying a VM works 
almost the same for all hypervisors, and the volume snapshots won't be deleted 
automatically. Can you check if they are visible in the UI?

On Thu, Oct 21, 2021 at 3:03 PM Yordan Kostov  wrote:

> Hey Slavka,
>
> Deployment is 4.15.2 + XCP-NG 8.2 utilizing fiber channel SAN 
> as primary storage.
>
> Regards,
> Jordan
>
> -Original Message-
> From: Slavka Peleva 
> Sent: Thursday, October 21, 2021 2:54 PM
> To: users@cloudstack.apache.org
> Subject: Re: Size of the snapshots volume
>
>
> [X] This message came from outside your organization
>
>
> Hi Yordan,
>
> can you share what are you using for primary storage? In some cases, 
> the deletion of snapshots on secondary isn't implemented. According to 
> the code, the cleanup of the snapshots is only for the DB, not for 
> cleaning the secondary storage.
>
> Best regards,
> Slavka
>
> On Thu, Oct 21, 2021 at 2:37 PM Vivek Kumar  .invalid>
> wrote:
>
> > Hello,
> >
> > You can check the the snapshot status in - snapshots table in DB. 
> > You can also verify the status in  table called - 
> > snapshot_store_ref. Yes cloudStack runs a cleanup job, timings 
> > depends what you have defined in global setting  -
> >
> > storage.cleanup.delay   Determines how long (in seconds) to wait before
> > actually expunging destroyed volumes. The default value = the 
> > default
> value
> > of storage.cleanup.interval.Advanced
> > 86400
> >
> > storage.cleanup.enabled Enables/disables the storage cleanup thread.
> > Advanced
> > true
> >
> > storage.cleanup.intervalThe interval (in seconds) to wait before
> > running the storage cleanup thread.Advanced
> > 86400
> >
> >
> >
> > Vivek Kumar
> > Sr. Manager - Cloud & DevOps
> > IndiQus Technologies
> > M +91 7503460090
> > https://urldefense.com/v3/__http://www.indiqus.com__;!!A6UyJA!3CYjCk
> > -6 
> > l_RJxlZSVAgmTqt2LJFeWODa5bdiKclS7xGT1weD16tUBUGwVHeDrYKQpLoahZ_meJ1V
> > $
> >
> >
> >
> >
> > > On 21-Oct-2021, at 4:38 PM, Yordan Kostov 
> wrote:
> > >
> > > Here is another thing I noticed.
> > > - have a VM with a volume snapshots
> > > - Expunge the VM so the disk is removed also
> > > - check the Secondary Storage - backup still remains.
> > >
> > > Does anyone knows if Cloudstack does a cleanup later or the 
> > > orphaned
> > backups will remain?
> > >
> > > Regards,
> > > Jordan
> > >
> > > -Original Message-
> > > From: benoit lair 
> > > Sent: Tuesday, October 19, 2021 1:22 PM
> > > To: users@cloudstack.apache.org
> > > Subject: Re: Size of the snapshots volume
> > >
> > >
> > > [X] This message came from outside your organization
> > >
> > >
> > > Hello Yordan,
> > >
> > > I had same results with xcp-ng 8.2 and ACS 4.15.1
> > >
> > > The max filled during the life of the disk will be the size of the
> > snapshot
> > >
> > > That's why i looking towards SDS with a solution giving me 
> > > possibility
> > to do some thin provisionning with XCP-NG I was thinking about an 
> > SDS which could give me block storage or at least file storage and 
> > acting as a proxy between my iscsi array and my xcp-ng
> > >
> > > Linstor could be a solution, but for the moment i don't know if 
> > > the
> > plugin will be compatible with xcp-ng
> > >
> > > Regards, Benoit
> > >
> > > Le mar. 19 oct. 2021 à 11:46, Yordan Kostov  
> > > a
> > écrit :
> > >
> > >> Hello Benoit,
> > >>
> > >>Here are some results - 4.15.2 + XCP-NG. I made 2 VMs from 
> > >> template - Centos 7, 46 GB hdd, 4% full
> > >>- VM1 - root disk is as full as template.
> > >>- VM2 - root disk is made full up to ~90%  ( cat /dev/zero 
> > >> >
> > >> test_file1 )then the file was removed s

RE: Size of the snapshots volume

2021-10-21 Thread Yordan Kostov 
Hey Slavka,

Deployment is 4.15.2 + XCP-NG 8.2 utilizing fiber channel SAN as 
primary storage.

Regards,
Jordan

-Original Message-
From: Slavka Peleva  
Sent: Thursday, October 21, 2021 2:54 PM
To: users@cloudstack.apache.org
Subject: Re: Size of the snapshots volume


[X] This message came from outside your organization


Hi Yordan,

can you share what are you using for primary storage? In some cases, the 
deletion of snapshots on secondary isn't implemented. According to the code, 
the cleanup of the snapshots is only for the DB, not for cleaning the secondary 
storage.

Best regards,
Slavka

On Thu, Oct 21, 2021 at 2:37 PM Vivek Kumar 
wrote:

> Hello,
>
> You can check the the snapshot status in - snapshots table in DB. You 
> can also verify the status in  table called - snapshot_store_ref. Yes 
> cloudStack runs a cleanup job, timings depends what you have defined 
> in global setting  -
>
> storage.cleanup.delay   Determines how long (in seconds) to wait before
> actually expunging destroyed volumes. The default value = the default value
> of storage.cleanup.interval.Advanced
> 86400
>
> storage.cleanup.enabled Enables/disables the storage cleanup thread.
> Advanced
> true
>
> storage.cleanup.intervalThe interval (in seconds) to wait before
> running the storage cleanup thread.Advanced
> 86400
>
>
>
> Vivek Kumar
> Sr. Manager - Cloud & DevOps
> IndiQus Technologies
> M +91 7503460090
> https://urldefense.com/v3/__http://www.indiqus.com__;!!A6UyJA!3CYjCk-6
> l_RJxlZSVAgmTqt2LJFeWODa5bdiKclS7xGT1weD16tUBUGwVHeDrYKQpLoahZ_meJ1V$
>
>
>
>
> > On 21-Oct-2021, at 4:38 PM, Yordan Kostov  wrote:
> >
> > Here is another thing I noticed.
> > - have a VM with a volume snapshots
> > - Expunge the VM so the disk is removed also
> > - check the Secondary Storage - backup still remains.
> >
> > Does anyone knows if Cloudstack does a cleanup later or the orphaned
> backups will remain?
> >
> > Regards,
> > Jordan
> >
> > -Original Message-
> > From: benoit lair 
> > Sent: Tuesday, October 19, 2021 1:22 PM
> > To: users@cloudstack.apache.org
> > Subject: Re: Size of the snapshots volume
> >
> >
> > [X] This message came from outside your organization
> >
> >
> > Hello Yordan,
> >
> > I had same results with xcp-ng 8.2 and ACS 4.15.1
> >
> > The max filled during the life of the disk will be the size of the
> snapshot
> >
> > That's why i looking towards SDS with a solution giving me 
> > possibility
> to do some thin provisionning with XCP-NG I was thinking about an SDS 
> which could give me block storage or at least file storage and acting 
> as a proxy between my iscsi array and my xcp-ng
> >
> > Linstor could be a solution, but for the moment i don't know if the
> plugin will be compatible with xcp-ng
> >
> > Regards, Benoit
> >
> > Le mar. 19 oct. 2021 à 11:46, Yordan Kostov  a
> écrit :
> >
> >> Hello Benoit,
> >>
> >>Here are some results - 4.15.2 + XCP-NG. I made 2 VMs from 
> >> template - Centos 7, 46 GB hdd, 4% full
> >>- VM1 - root disk is as full as template.
> >>- VM2 - root disk is made full up to ~90%  ( cat /dev/zero >
> >> test_file1 )then the file was removed so the used space is again 4%.
> >>- scheduled backup goes through both VMs. First snapshot size is
> >>- VM1 -  2.3G
> >>- VM2 -  41G
> >>- Then on VM2 this script was run to fill and empty the disk 
> >> again
> >> - cat /dev/zero > /opt/test_file1; sync; rm /opt/ test_file1.
> >>- scheduled backup goes through both VMs. All snapshots size is:
> >>- VM1 - 2.3G
> >>- VM2 - 88G
> >>
> >>Once the disk is filled you will get a snapshot with size no 
> >> less than the size of the whole disk.
> >>May be there is a way to shrink it but I could not find it.
> >>
> >> Best regards,
> >> Jordan
> >>
> >> -Original Message-
> >> From: Yordan Kostov 
> >> Sent: Tuesday, October 12, 2021 3:58 PM
> >> To: users@cloudstack.apache.org
> >> Subject: RE: Size of the snapshots volume
> >>
> >>
> >> [X] This message came from outside your organization
> >>
> >>
> >> Hello Benoit,
> >>
> >>Unfortunately no.
> >>When I do it I will make sure to drop a line here.
> >>
> >&

RE: Size of the snapshots volume

2021-10-21 Thread Yordan Kostov 
Here is another thing I noticed.
- have a VM with a volume snapshots
- Expunge the VM so the disk is removed also
- check the Secondary Storage - backup still remains.

Does anyone knows if Cloudstack does a cleanup later or the orphaned backups 
will remain?

Regards,
Jordan 

-Original Message-
From: benoit lair  
Sent: Tuesday, October 19, 2021 1:22 PM
To: users@cloudstack.apache.org
Subject: Re: Size of the snapshots volume


[X] This message came from outside your organization


Hello Yordan,

I had same results with xcp-ng 8.2 and ACS 4.15.1

The max filled during the life of the disk will be the size of the snapshot

That's why i looking towards SDS with a solution giving me possibility to do 
some thin provisionning with XCP-NG I was thinking about an SDS which could 
give me block storage or at least file storage and acting as a proxy between my 
iscsi array and my xcp-ng

Linstor could be a solution, but for the moment i don't know if the plugin will 
be compatible with xcp-ng

Regards, Benoit

Le mar. 19 oct. 2021 à 11:46, Yordan Kostov  a écrit :

> Hello Benoit,
>
> Here are some results - 4.15.2 + XCP-NG. I made 2 VMs from 
> template - Centos 7, 46 GB hdd, 4% full
> - VM1 - root disk is as full as template.
> - VM2 - root disk is made full up to ~90%  ( cat /dev/zero >
> test_file1 )then the file was removed so the used space is again 4%.
> - scheduled backup goes through both VMs. First snapshot size is
> - VM1 -  2.3G
> - VM2 -  41G
> - Then on VM2 this script was run to fill and empty the disk 
> again
> - cat /dev/zero > /opt/test_file1; sync; rm /opt/ test_file1.
> - scheduled backup goes through both VMs. All snapshots size is:
> - VM1 - 2.3G
> - VM2 - 88G
>
> Once the disk is filled you will get a snapshot with size no 
> less than the size of the whole disk.
> May be there is a way to shrink it but I could not find it.
>
> Best regards,
> Jordan
>
> -Original Message-
> From: Yordan Kostov 
> Sent: Tuesday, October 12, 2021 3:58 PM
> To: users@cloudstack.apache.org
> Subject: RE: Size of the snapshots volume
>
>
> [X] This message came from outside your organization
>
>
> Hello Benoit,
>
> Unfortunately no.
> When I do it I will make sure to drop a line here.
>
> Best regards,
> Jordan
>
> -Original Message-
> From: benoit lair 
> Sent: Tuesday, October 12, 2021 3:40 PM
> To: users@cloudstack.apache.org
> Subject: Re: Size of the snapshots volume
>
>
> [X] This message came from outside your organization
>
>
> Hello Jordan,
>
> Could you proceed to your tests ? Have you got the same results ?
>
> Regards, Benoit Lair
>
> Le lun. 4 oct. 2021 à 17:59, Yordan Kostov  a 
> écrit
> :
>
> > Here are a few considerations:
> >
> > - First snapshot of volume is always full snap.
> > - XenServer/XCP-NG backups are always thin.
> > - Thin provisioning calculations never go down. Even if you delete 
> > data from disk.
> >
> > As you filled the disk of the VM to top the thin provisioning 
> > threats it as full VM from that moment on even if data is deleted. 
> > So the full snap that will be migrated to NFS will always be of max size.
> >
> > I am not 100% certain as I am yet to start running backup tests.
> >
> > Best regards,
> > Jordan
> >
> > -Original Message-
> > From: Florian Noel 
> > Sent: Monday, October 4, 2021 6:22 PM
> > To: 'users@cloudstack.apache.org' 
> > Subject: Size of the snapshots volume
> >
> >
> > [X] This message came from outside your organization
> >
> >
> > Hi,
> >
> > I've a question about the snapshots volume in Cloudstack
> >
> > When we take a snapshot of a volume, this create a VHD file on the 
> > secondary storage.
> > Snapshot size doesn't match volume size used.
> >
> > Imagine a volume of 20GB, we fill the volume and empty it just after.
> > We take a snapshot of the volume from Cloudstack frontend and its 
> > size is 20GB on the secondary storage while the volume is empty.
> >
> > We've made the same test with volume provisioning in thin, sparse 
> > and
> fat.
> > The results are the same.
> >
> > We use Cloudstack 4.15.1 with XCP-NG 8.1. The LUNs are connected in 
> > iSCSI on the hypervisors XCP.
> >
> > Thanks for your help.
> >
> > Best regards.
> >
> >
> > [Logo Web et Solutions]<
> > https://urldefense.com/v3/__https://cloud.letsignit

RE: Usage server not collecting data

2021-10-19 Thread Yordan Kostov 
Thank you.
Issue is opened (https://github.com/apache/cloudstack/issues/5587) and full 
usage.log is attached.

Regards,
Jordan

-Original Message-
From: Wei ZHOU  
Sent: Tuesday, October 19, 2021 1:40 PM
To: users 
Subject: Re: Usage server not collecting data


[X] This message came from outside your organization


Hi,

It looks like a bug. Please file an issue on github, with more details and logs.

-Wei

On Tue, 19 Oct 2021 at 12:32, Yordan Kostov  wrote:

> Hey everyone,
>
> ACS 4.15.2 + XCP-NG 8.2.
> The usage server is configured a few months ago 
> according to this guide - 
> https://urldefense.com/v3/__http://docs.cloudstack.apache.org/en/latest/adminguide/usage.html?*configuring-the-usage-server__;Iw!!A6UyJA!z1Dr6BSwnLR6bhB5MsK92Ej2KjU6c1SDaW01Fx1XyvnDO6zCH0dkCj4rdpi0GSBYjC2SlN3Kbfqw$
> Decided to start working on some reports recenetly but 
> it seems data is not being collected properly.
> In cloud_usage table there are entries between 
> 2021-04-22
> 23:59:59 and 2021-05-19 23:59:59 but nothing after that.
>
> Here is /usage.log Warns and Errors:
>
> 2021-10-19 12:17:03,491 WARN  [db.Transaction.Transaction]
> (Usage-Job-1:null) (logid:) txn: Commit called when it is not a
> transaction:
> -UsageManagerImpl.parse:858-UsageManagerImpl.runInContextInternal:405-
> UsageManagerImpl$1.runInContext:347-ManagedContextRunnable$1.run:48-De
> faultManagedContext$1.call:55-DefaultManagedContext.callWithContext:10
> 2-DefaultManagedContext.runWithContext:52-ManagedContextRunnable.run:4
> 5-UsageManagerImpl.run:349-Executors$RunnableAdapter.call:515-FutureTa
> sk.run:264-ScheduledThreadPoolExecutor$ScheduledFutureTask.run:304
> 2021-10-19 12:17:03,491 WARN  [apache.cloudstack.alerts]
> (Usage-Job-1:null) (logid:)  alertType:: 20 // dataCenterId:: 0 // podId::
> 0 // clusterId:: null // message:: Usage job failed. Job id: 250784
>
>
> 2021-10-19 12:21:18,343 ERROR [cloud.usage.UsageManagerImpl]
> (Usage-Job-1:null) (logid:) Exception in usage manager 
> java.lang.NullPointerException
>
> Any idea what can be the issue here?
>
> Regards,
> Jordan
>

Usage server not collecting data

2021-10-19 Thread Yordan Kostov 
Hey everyone,

ACS 4.15.2 + XCP-NG 8.2.
The usage server is configured a few months ago according to 
this guide - 
http://docs.cloudstack.apache.org/en/latest/adminguide/usage.html?#configuring-the-usage-server
Decided to start working on some reports recenetly but it seems 
data is not being collected properly.
In cloud_usage table there are entries between 2021-04-22 
23:59:59 and 2021-05-19 23:59:59 but nothing after that.

Here is /usage.log Warns and Errors:

2021-10-19 12:17:03,491 WARN  [db.Transaction.Transaction] (Usage-Job-1:null) 
(logid:) txn: Commit called when it is not a transaction: 
-UsageManagerImpl.parse:858-UsageManagerImpl.runInContextInternal:405-UsageManagerImpl$1.runInContext:347-ManagedContextRunnable$1.run:48-DefaultManagedContext$1.call:55-DefaultManagedContext.callWithContext:102-DefaultManagedContext.runWithContext:52-ManagedContextRunnable.run:45-UsageManagerImpl.run:349-Executors$RunnableAdapter.call:515-FutureTask.run:264-ScheduledThreadPoolExecutor$ScheduledFutureTask.run:304
2021-10-19 12:17:03,491 WARN  [apache.cloudstack.alerts] (Usage-Job-1:null) 
(logid:)  alertType:: 20 // dataCenterId:: 0 // podId:: 0 // clusterId:: null 
// message:: Usage job failed. Job id: 250784


2021-10-19 12:21:18,343 ERROR [cloud.usage.UsageManagerImpl] (Usage-Job-1:null) 
(logid:) Exception in usage manager
java.lang.NullPointerException

Any idea what can be the issue here?

Regards,
Jordan

RE: Size of the snapshots volume

2021-10-19 Thread Yordan Kostov 
Hello Benoit,

Here are some results - 4.15.2 + XCP-NG. I made 2 VMs from template - 
Centos 7, 46 GB hdd, 4% full
- VM1 - root disk is as full as template.
- VM2 - root disk is made full up to ~90%  ( cat /dev/zero > test_file1 
)then the file was removed so the used space is again 4%.
- scheduled backup goes through both VMs. First snapshot size is
- VM1 -  2.3G
- VM2 -  41G 
- Then on VM2 this script was run to fill and empty the disk again - 
cat /dev/zero > /opt/test_file1; sync; rm /opt/ test_file1.
- scheduled backup goes through both VMs. All snapshots size is:
- VM1 - 2.3G
- VM2 - 88G

Once the disk is filled you will get a snapshot with size no less than 
the size of the whole disk. 
May be there is a way to shrink it but I could not find it.

Best regards,
Jordan

-Original Message-
From: Yordan Kostov  
Sent: Tuesday, October 12, 2021 3:58 PM
To: users@cloudstack.apache.org
Subject: RE: Size of the snapshots volume


[X] This message came from outside your organization


Hello Benoit,

Unfortunately no.
When I do it I will make sure to drop a line here.

Best regards,
Jordan

-Original Message-
From: benoit lair 
Sent: Tuesday, October 12, 2021 3:40 PM
To: users@cloudstack.apache.org
Subject: Re: Size of the snapshots volume


[X] This message came from outside your organization


Hello Jordan,

Could you proceed to your tests ? Have you got the same results ?

Regards, Benoit Lair

Le lun. 4 oct. 2021 à 17:59, Yordan Kostov  a écrit :

> Here are a few considerations:
>
> - First snapshot of volume is always full snap.
> - XenServer/XCP-NG backups are always thin.
> - Thin provisioning calculations never go down. Even if you delete 
> data from disk.
>
> As you filled the disk of the VM to top the thin provisioning threats 
> it as full VM from that moment on even if data is deleted. So the full 
> snap that will be migrated to NFS will always be of max size.
>
> I am not 100% certain as I am yet to start running backup tests.
>
> Best regards,
> Jordan
>
> -Original Message-
> From: Florian Noel 
> Sent: Monday, October 4, 2021 6:22 PM
> To: 'users@cloudstack.apache.org' 
> Subject: Size of the snapshots volume
>
>
> [X] This message came from outside your organization
>
>
> Hi,
>
> I've a question about the snapshots volume in Cloudstack
>
> When we take a snapshot of a volume, this create a VHD file on the 
> secondary storage.
> Snapshot size doesn't match volume size used.
>
> Imagine a volume of 20GB, we fill the volume and empty it just after.
> We take a snapshot of the volume from Cloudstack frontend and its size 
> is 20GB on the secondary storage while the volume is empty.
>
> We've made the same test with volume provisioning in thin, sparse and fat.
> The results are the same.
>
> We use Cloudstack 4.15.1 with XCP-NG 8.1. The LUNs are connected in 
> iSCSI on the hypervisors XCP.
>
> Thanks for your help.
>
> Best regards.
>
>
> [Logo Web et Solutions]<
> https://urldefense.com/v3/__https://cloud.letsignit.com/collect/bc/60e
> 5c62f48323abd316580a3?p=NCQXXscJv3N-mDjmqdZzYH59ppVbYP3afFkR7SxQ1JaS_e
> v9TYs06R5yG_cSPe6tLuS3Bgn1EjTO39P6hIWtNhqUZ5n-wh878kG0mKc-TDzCgMKxZAoq
> vlt4NqCVlovo0bn9PcMUWFMak1jGIGRgGg==__;!!A6UyJA!zYKJBkzZPANfqT6kPkY_Mf
> o8xu_hnCJDzEIYjPMOvqs3MwyZUs0N9FX1Ln1zICtHKJKHCye42DjJ$
> >
>
> [Facebook]<
> https://urldefense.com/v3/__https://cloud.letsignit.com/collect/bc/60e
> 5c62f48323abd316580a3?p=NCQXXscJv3N-mDjmqdZzYH59ppVbYP3afFkR7SxQ1JaS_e
> v9TYs06R5yG_cSPe6tLuS3Bgn1EjTO39P6hIWtNhqUZ5n-wh878kG0mKc-TDyIo6EwBskR
> 6pg3M12nuwExu8D-tkYDv5BE1h2dA1rTOfbHIEta8XTaUC0Et-KgDBM=__;!!A6UyJA!zY
> KJBkzZPANfqT6kPkY_Mfo8xu_hnCJDzEIYjPMOvqs3MwyZUs0N9FX1Ln1zICtHKJKHC9_z
> SGk3$
> >
>
> [Twitter]<
> https://urldefense.com/v3/__https://cloud.letsignit.com/collect/bc/60e
> 5c62f48323abd316580a3?p=NCQXXscJv3N-mDjmqdZzYH59ppVbYP3afFkR7SxQ1JaS_e
> v9TYs06R5yG_cSPe6tLuS3Bgn1EjTO39P6hIWtNhqUZ5n-wh878kG0mKc-TDxVGISVA_Rn
> Jl21WVuzHCTH_v3e4PfK5YBq_Q228Kqxog==__;!!A6UyJA!zYKJBkzZPANfqT6kPkY_Mf
> o8xu_hnCJDzEIYjPMOvqs3MwyZUs0N9FX1Ln1zICtHKJKHC36OFkHl$
> >
>
> [LinkedIn]<
> https://urldefense.com/v3/__https://cloud.letsignit.com/collect/bc/60e
> 5c62f48323abd316580a3?p=NCQXXscJv3N-mDjmqdZzYH59ppVbYP3afFkR7SxQ1JaS_e
> v9TYs06R5yG_cSPe6tLuS3Bgn1EjTO39P6hIWtNhqUZ5n-wh878kG0mKc-TDz5UNyOTEm_
> EvRFXdshn5-xaylm0Ysa1fuL9vCg5uDKfouGPQSgwbQq28Nl7_fXFIA=__;!!A6UyJA!zY
> KJBkzZPANfqT6kPkY_Mfo8xu_hnCJDzEIYjPMOvqs3MwyZUs0N9FX1Ln1zICtHKJKHCzzS
> Dj-d$
> >
>
> [Youtube]<
> https://urldefense.com/v3/__https://cloud.letsignit.com/collect/bc/60e
> 5c62f

RE: [!!Mass Mail]RE: Cloudstack 4.15.2 upgrade fail

2021-10-18 Thread Yordan Kostov 
Indeed there is a space! Now services are working.

Slavka and Евгений thank you for reaching out!

Regards,
Jordan

-Original Message-
From: Дикевич Евгений Александрович  
Sent: Monday, October 18, 2021 12:49 PM
To: users@cloudstack.apache.org
Subject: RE: [!!Mass Mail]RE: Cloudstack 4.15.2 upgrade fail


[X] This message came from outside your organization


Does you have space before systemvm template name?

-Original Message-
From: Yordan Kostov [mailto:yord...@nsogroup.com]
Sent: Monday, October 18, 2021 12:42 PM
To: users@cloudstack.apache.org
Subject: [!!Mass Mail]RE: Cloudstack 4.15.2 upgrade fail

Thank you Slavka,

The template is already named that way:  
https://urldefense.com/v3/__https://imgur.com/aVQLpSY__;!!A6UyJA!y9uaCljyOXJAhwG-90ptMcDWjPwP1Y3Cm7iDm4q6ebk0tgYJqkPafPewPbaS_nA7gz7llcapUVLc$
From the screenshot you can see 2 entries - first one is the old 4.15 template 
and the second one is the new 4.15.1 template set with proper name.
Is there any other place the name should be changed?

Best regards,
Jordan


-Original Message-
From: Slavka Peleva 
Sent: Monday, October 18, 2021 12:38 PM
To: users@cloudstack.apache.org
Subject: Re: Cloudstack 4.15.2 upgrade fail


[X] This message came from outside your organization


Hi Yordan,

During the upgrade, CloudStack is looking for a specific template name - 
"systemvm-xenserver-4.15.1". You can rename the uploaded template directly in 
the DB, or I think you have to set for template's name - 
"systemvm-xenserver-4.15.1" while uploading it.

Best regards,
Slavka

On Mon, Oct 18, 2021 at 12:12 PM Yordan Kostov  wrote:

> Hello everyone,
>
> Environment is  4.15.0 ACS on Centos 7 in HA setup on
> 3 node galera cluster managing XCP-NG hosts.
> Today I performed upgrade of ACS from to 4.15.2 as per 
> this guide 
> https://urldefense.com/v3/__http://docs.cloudstack.apache.org/en/lates
> t/upgrading/upgrade/upgrade-4.15.html__;!!A6UyJA!1XHKwiVUKxx9w1MZaZS2G
> n9gPDucxWw1w3wUXtx5wMFBlhYesJ5XbhTbeMakyy3EhaJ2P4styS-H$
>
> After upgrade the management service is running but GUI gives this error:
> HTTP ERROR 503 Service Unavailable
> URI:
>
> /client/
>
> STATUS:
>
> 503
>
> MESSAGE:
>
> Service Unavailable
>
> SERVLET:
>
> -
>
>
> In management-server.log I see this error pops after starting the service:
> 2021-10-18 11:04:55,142 ERROR [c.c.u.DatabaseUpgradeChecker]
> (main:null)
> (logid:) Unable to upgrade the database
> com.cloud.utils.exception.CloudRuntimeException: 4.15.1.0XenServer 
> SystemVm template not found. Cannot upgrade system Vms
>
> I do registered the template upload as per the guide steps.
>
> Any advice?
>
> Best regards,
> Jordan
>
Внимание!
Это электронное письмо и все прикрепленные к нему файлы являются 
конфиденциальными и предназначены исключительно для использования лицом 
(лицами), которому (которым) оно предназначено. Если Вы не являетесь лицом 
(лицами), которому (которым) предназначено это письмо, не копируйте и не 
разглашайте его содержимое и удалите это сообщение и все вложения из Вашей 
почтовой системы. Любое несанкционированное использование, распространение, 
раскрытие, печать или копирование этого электронного письма и прикрепленных к 
нему файлов, кроме как лицом (лицами) которому (которым) они предназначены, 
является незаконным и запрещено. Принимая во внимание, что передача данных 
посредством Интернет не является безопасной, мы не несем никакой 
ответственности за любой потенциальный ущерб, причиненный в результате ошибок 
при передаче данных или этим сообщением и прикрепленными к нему файлами.

Attention!
This email and all attachments to it are confidential and are intended solely 
for use by the person (or persons) referred to (mentioned) as the intended 
recipient (recipients). If you are not the intended recipient of this email, do 
not copy or disclose its contents and delete the message and any attachments to 
it from your e-mail system. Any unauthorized use, dissemination, disclosure, 
printing or copying of this e-mail and files attached to it, except by the 
intended recipient, is illegal and is prohibited. Taking into account that data 
transmission via Internet is not secure, we assume no responsibility for any 
potential damage caused by data transmission errors or this message and the 
files attached to it.

RE: Cloudstack 4.15.2 upgrade fail

2021-10-18 Thread Yordan Kostov 
Thank you Slavka,

The template is already named that way:  https://imgur.com/aVQLpSY
From the screenshot you can see 2 entries - first one is the old 4.15 
template and the second one is the new 4.15.1 template set with proper name.
Is there any other place the name should be changed?

Best regards,
Jordan 


-Original Message-
From: Slavka Peleva  
Sent: Monday, October 18, 2021 12:38 PM
To: users@cloudstack.apache.org
Subject: Re: Cloudstack 4.15.2 upgrade fail


[X] This message came from outside your organization


Hi Yordan,

During the upgrade, CloudStack is looking for a specific template name - 
"systemvm-xenserver-4.15.1". You can rename the uploaded template directly in 
the DB, or I think you have to set for template's name - 
"systemvm-xenserver-4.15.1" while uploading it.

Best regards,
Slavka

On Mon, Oct 18, 2021 at 12:12 PM Yordan Kostov  wrote:

> Hello everyone,
>
> Environment is  4.15.0 ACS on Centos 7 in HA setup on 
> 3 node galera cluster managing XCP-NG hosts.
> Today I performed upgrade of ACS from to 4.15.2 as per 
> this guide 
> https://urldefense.com/v3/__http://docs.cloudstack.apache.org/en/lates
> t/upgrading/upgrade/upgrade-4.15.html__;!!A6UyJA!1XHKwiVUKxx9w1MZaZS2G
> n9gPDucxWw1w3wUXtx5wMFBlhYesJ5XbhTbeMakyy3EhaJ2P4styS-H$
>
> After upgrade the management service is running but GUI gives this error:
> HTTP ERROR 503 Service Unavailable
> URI:
>
> /client/
>
> STATUS:
>
> 503
>
> MESSAGE:
>
> Service Unavailable
>
> SERVLET:
>
> -
>
>
> In management-server.log I see this error pops after starting the service:
> 2021-10-18 11:04:55,142 ERROR [c.c.u.DatabaseUpgradeChecker] 
> (main:null)
> (logid:) Unable to upgrade the database
> com.cloud.utils.exception.CloudRuntimeException: 4.15.1.0XenServer 
> SystemVm template not found. Cannot upgrade system Vms
>
> I do registered the template upload as per the guide steps.
>
> Any advice?
>
> Best regards,
> Jordan
>

Cloudstack 4.15.2 upgrade fail

2021-10-18 Thread Yordan Kostov 
Hello everyone,

Environment is  4.15.0 ACS on Centos 7 in HA setup on 3 node 
galera cluster managing XCP-NG hosts.
Today I performed upgrade of ACS from to 4.15.2 as per this 
guide 
http://docs.cloudstack.apache.org/en/latest/upgrading/upgrade/upgrade-4.15.html

After upgrade the management service is running but GUI gives this error:
HTTP ERROR 503 Service Unavailable
URI:

/client/

STATUS:

503

MESSAGE:

Service Unavailable

SERVLET:

-


In management-server.log I see this error pops after starting the service: 
2021-10-18 11:04:55,142 ERROR [c.c.u.DatabaseUpgradeChecker] (main:null) 
(logid:) Unable to upgrade the database
com.cloud.utils.exception.CloudRuntimeException: 4.15.1.0XenServer SystemVm 
template not found. Cannot upgrade system Vms

I do registered the template upload as per the guide steps.

Any advice?

Best regards,
Jordan

RE: Size of the snapshots volume

2021-10-12 Thread Yordan Kostov 
Hello Benoit,

Unfortunately no. 
When I do it I will make sure to drop a line here.

Best regards,
Jordan

-Original Message-
From: benoit lair  
Sent: Tuesday, October 12, 2021 3:40 PM
To: users@cloudstack.apache.org
Subject: Re: Size of the snapshots volume


[X] This message came from outside your organization


Hello Jordan,

Could you proceed to your tests ? Have you got the same results ?

Regards, Benoit Lair

Le lun. 4 oct. 2021 à 17:59, Yordan Kostov  a écrit :

> Here are a few considerations:
>
> - First snapshot of volume is always full snap.
> - XenServer/XCP-NG backups are always thin.
> - Thin provisioning calculations never go down. Even if you delete 
> data from disk.
>
> As you filled the disk of the VM to top the thin provisioning threats 
> it as full VM from that moment on even if data is deleted. So the full 
> snap that will be migrated to NFS will always be of max size.
>
> I am not 100% certain as I am yet to start running backup tests.
>
> Best regards,
> Jordan
>
> -Original Message-
> From: Florian Noel 
> Sent: Monday, October 4, 2021 6:22 PM
> To: 'users@cloudstack.apache.org' 
> Subject: Size of the snapshots volume
>
>
> [X] This message came from outside your organization
>
>
> Hi,
>
> I've a question about the snapshots volume in Cloudstack
>
> When we take a snapshot of a volume, this create a VHD file on the 
> secondary storage.
> Snapshot size doesn't match volume size used.
>
> Imagine a volume of 20GB, we fill the volume and empty it just after.
> We take a snapshot of the volume from Cloudstack frontend and its size 
> is 20GB on the secondary storage while the volume is empty.
>
> We've made the same test with volume provisioning in thin, sparse and fat.
> The results are the same.
>
> We use Cloudstack 4.15.1 with XCP-NG 8.1. The LUNs are connected in 
> iSCSI on the hypervisors XCP.
>
> Thanks for your help.
>
> Best regards.
>
>
> [Logo Web et Solutions]<
> https://urldefense.com/v3/__https://cloud.letsignit.com/collect/bc/60e
> 5c62f48323abd316580a3?p=NCQXXscJv3N-mDjmqdZzYH59ppVbYP3afFkR7SxQ1JaS_e
> v9TYs06R5yG_cSPe6tLuS3Bgn1EjTO39P6hIWtNhqUZ5n-wh878kG0mKc-TDzCgMKxZAoq
> vlt4NqCVlovo0bn9PcMUWFMak1jGIGRgGg==__;!!A6UyJA!zYKJBkzZPANfqT6kPkY_Mf
> o8xu_hnCJDzEIYjPMOvqs3MwyZUs0N9FX1Ln1zICtHKJKHCye42DjJ$
> >
>
> [Facebook]<
> https://urldefense.com/v3/__https://cloud.letsignit.com/collect/bc/60e
> 5c62f48323abd316580a3?p=NCQXXscJv3N-mDjmqdZzYH59ppVbYP3afFkR7SxQ1JaS_e
> v9TYs06R5yG_cSPe6tLuS3Bgn1EjTO39P6hIWtNhqUZ5n-wh878kG0mKc-TDyIo6EwBskR
> 6pg3M12nuwExu8D-tkYDv5BE1h2dA1rTOfbHIEta8XTaUC0Et-KgDBM=__;!!A6UyJA!zY
> KJBkzZPANfqT6kPkY_Mfo8xu_hnCJDzEIYjPMOvqs3MwyZUs0N9FX1Ln1zICtHKJKHC9_z
> SGk3$
> >
>
> [Twitter]<
> https://urldefense.com/v3/__https://cloud.letsignit.com/collect/bc/60e
> 5c62f48323abd316580a3?p=NCQXXscJv3N-mDjmqdZzYH59ppVbYP3afFkR7SxQ1JaS_e
> v9TYs06R5yG_cSPe6tLuS3Bgn1EjTO39P6hIWtNhqUZ5n-wh878kG0mKc-TDxVGISVA_Rn
> Jl21WVuzHCTH_v3e4PfK5YBq_Q228Kqxog==__;!!A6UyJA!zYKJBkzZPANfqT6kPkY_Mf
> o8xu_hnCJDzEIYjPMOvqs3MwyZUs0N9FX1Ln1zICtHKJKHC36OFkHl$
> >
>
> [LinkedIn]<
> https://urldefense.com/v3/__https://cloud.letsignit.com/collect/bc/60e
> 5c62f48323abd316580a3?p=NCQXXscJv3N-mDjmqdZzYH59ppVbYP3afFkR7SxQ1JaS_e
> v9TYs06R5yG_cSPe6tLuS3Bgn1EjTO39P6hIWtNhqUZ5n-wh878kG0mKc-TDz5UNyOTEm_
> EvRFXdshn5-xaylm0Ysa1fuL9vCg5uDKfouGPQSgwbQq28Nl7_fXFIA=__;!!A6UyJA!zY
> KJBkzZPANfqT6kPkY_Mfo8xu_hnCJDzEIYjPMOvqs3MwyZUs0N9FX1Ln1zICtHKJKHCzzS
> Dj-d$
> >
>
> [Youtube]<
> https://urldefense.com/v3/__https://cloud.letsignit.com/collect/bc/60e
> 5c62f48323abd316580a3?p=NCQXXscJv3N-mDjmqdZzYH59ppVbYP3afFkR7SxQ1JaS_e
> v9TYs06R5yG_cSPe6tLuS3Bgn1EjTO39P6hIWtNhqUZ5n-wh878kG0mKc-TDyEop3qI2i2
> HFrm2U65Sd5oXm55IjnZsXt1s4eREvsJGMpsgNaX2L3OdByrUM3b4Xg=__;!!A6UyJA!zY
> KJBkzZPANfqT6kPkY_Mfo8xu_hnCJDzEIYjPMOvqs3MwyZUs0N9FX1Ln1zICtHKJKHC3f1
> vTjU$
> >
>
> Florian Noel
>
> Administrateur Systèmes Et Réseaux
>
> [
> https://urldefense.com/v3/__https://storage.letsignit.com/icons/design
> er/v2/phone-1.png__;!!A6UyJA!zYKJBkzZPANfqT6kPkY_Mfo8xu_hnCJDzEIYjPMOv
> qs3MwyZUs0N9FX1Ln1zICtHKJKHCxqW91pG$
> ] 02 35 78 11 90
>
> 705 Avenue Isaac Newton
>
> 76800 Saint-Etienne-Du-Rouvray
>
> [Payneo]<
> https://urldefense.com/v3/__https://cloud.letsignit.com/collect/b/60ed
> 92296e8c02bf93d4f9aa?p=NCQXXscJv3N-mDjmqdZzYH59ppVbYP3afFkR7SxQ1JaS_ev
> 9TYs06R5yG_cSPe6tLuS3Bgn1EjTO39P6hIWtNhqUZ5n-wh878kG0mKc-TDx4rIKe6rk37
> 4sFS07v0YLIvIF68SXTHzNmGDb3XO6dLQ==__;!!A6UyJA!zYKJBkzZPANfqT6kPkY_Mfo
> 8xu_hnCJDzEIYjPMOvqs3MwyZUs0N9FX1Ln1zICtHKJKHCyft4U9I$
> >
>
>
>
>

RE: Root disk resizing

2021-10-12 Thread Yordan Kostov 
Hey everyone,

I believe growpart works for EXT4 only and does not work on Centos 
because it is XFS so volume needs to be resized manually. Here is what I use to 
do configure the template scripts:

## Enable XFS root partition auto resize
echo "growpart:
mode: auto
devices:
- \"/dev/xvda2\"
ignore_growroot_disabled: false" > /etc/cloud/cloud.cfg.d/50_growpartion.cfg

echo "runcmd:
  - [ pvresize, /dev/xvda2 ]
  - [ lvresize, -l, '+100%FREE', /dev/centos/root ]
  - [ xfs_growfs, /dev/centos/root ]" > 
/etc/cloud/cloud.cfg.d/51_extend_volume.cfg


Full script you can find here -> 
https://github.com/dredknight/cloud_scripts/blob/master/CloudStack-Xen/templates/centos7_clean.bash

I also made an extended article regarding cloud-init features and their 
step-by-step config for CLoudstack but that is committed for 4.16 documentation 
but I am not sure if it is approved for merge or not.
http://qa.cloudstack.cloud/docs/WIP-PROOFING/pr/215/adminguide/templates/_cloud_init.html

Best regards,
Jordan

-Original Message-
From: K B Shiv Kumar  
Sent: Monday, October 11, 2021 6:51 PM
To: users@cloudstack.apache.org
Cc: d...@cloudstack.apache.org
Subject: Re: Root disk resizing


[X] This message came from outside your organization


I believe there's a section called boothook in cloud-init which is probably 
what you want.

We're also trying things on cloud-init. ☺️

Best Regards
Shiv
(Sent from mobile device. Apologies for brevity and typos)

On Mon, 11 Oct, 2021, 20:55 Marcus,  wrote:

> Cloud-init is always fun to debug :-). It will probably require some 
> playing with to get a pattern down.
>
> There is perhaps a way to get it to re-check and grow every reboot if 
> you adjust/override the module frequency, deleting the module 
> semaphore in /var/lib/cloud/sem or worst case clearing the metadata 
> via 'cloud-init clear' or  deleting the /var/lib/cloud.
>
> On Mon, Oct 11, 2021 at 3:07 AM Wido den Hollander  wrote:
>
> >
> >
> > On 10/10/21 10:35 AM, Ranjit Jadhav wrote:
> > > Hello folks,
> > >
> > > I have implemented cloudstack with Xenserver Host. The template 
> > > has
> been
> > > made out of VM with basic centos 7 and following package installed 
> > > on
> it
> > > 
> > > sudo yum -y cloud-init
> > > sudo yum -y install cloud-utils-growpart sudo yum -y install gdisk
> > > 
> > >
> > > After creating new VM with this template, root disk is created as 
> > > per
> > size
> > > mention in template or we are able to increase it at them time of
> > creation.
> > >
> > > But later when we try to increase root disk again, it increases 
> > > disk
> > space
> > > but "/" partiton do not get autoresize.
> > >
> >
> > As far as I know it only grows the partition once, eg, upon first boot.
> > I won't do it again afterwards.
> >
> > Wido
> >
> > >
> > > Following parameters were passed in userdata
> > > 
> > > #cloud-config
> > > growpart:
> > > mode: auto
> > > devices: ["/"]
> > > ignore_growroot_disabled: true
> > > 
> > >
> > > Thanks & Regards,
> > > Ranjit
> > >
> >
>

RE: VR swap on disk

2021-10-06 Thread Yordan Kostov 
Thanks Wei,

After some troubleshooting. Journal gives the following errors:

- user@0.service: Failed at step PAM spawning
- Failed to start User Manager for UID 0

This correlates with some systemd articles: 
https://github.com/coreos/bugs/issues/1498

Anyway I will do as you say and may be update the VRs to latest version 
as it may be indeed systemd issue.

Regards,
Jordan


-Original Message-
From: Wei ZHOU  
Sent: Monday, October 4, 2021 8:24 PM
To: users 
Subject: Re: VR swap on disk


[X] This message came from outside your organization


Hi Jordan,

I have no idea what caused the issue. The default cpu/ram for virtual routers 
is small, but enough for most cases.

There are two options to change the service offering of VR:
(1) create a new network offering, with specified router offering, then update 
the network to the new offering. It looks a bit complicated. you can also 
choose option 2:
(2) create a new system service offering, go to account settings and change 
router.service.offering to the UUID of the new service offering. restart 
network with cleanup.

Hope it helps.

-Wei

On Mon, 4 Oct 2021 at 17:25, Yordan Kostov  wrote:

> Hey everyone,
>
>Environment is 4.15 ACS + XCP-NG 8.2 on fiber shared 
> storage.
>
> I notice a strange VR behavior happening once in a 
> while
> (~10 mins or so) . The virtual router is generating significant amount 
> of usage on the storage for about 1 min or so.
> Storage usage window corelates with CPU 100% usage as well.
>
> After some troubleshooting - the process that does the 
> CPU load is kswapd0. it looks like the VR is swapping memory on the storage.
> An error message pops up once in a while in the cli - 
> https://urldefense.com/v3/__https://imgur.com/a/K2Tthi0__;!!A6UyJA!wE9xCvCO5LnRzMg-atmrahnfDUPxs2Dcq7L1blk6uqaal0o-Hm1bkFtCpg8phWDsQ9orQ2-jpMv2$
> The disk of the VR is not full - 
> https://urldefense.com/v3/__https://imgur.com/37JU1Dg__;!!A6UyJA!wE9xC
> vCO5LnRzMg-atmrahnfDUPxs2Dcq7L1blk6uqaal0o-Hm1bkFtCpg8phWDsQ9orQ7jyX2H
> V$
>
> It has happened a few times now and usually what I do 
> is delete the VR and let ACS put a new instance, but that postpones 
> the issue and does not resolve it.
> Any idea of the root cause and how to fix ?
>
> Regards,
> Jordan
>
>

RE: Size of the snapshots volume

2021-10-04 Thread Yordan Kostov 
Here are a few considerations:

- First snapshot of volume is always full snap.
- XenServer/XCP-NG backups are always thin. 
- Thin provisioning calculations never go down. Even if you delete data from 
disk.

As you filled the disk of the VM to top the thin provisioning threats it as 
full VM from that moment on even if data is deleted. So the full snap that will 
be migrated to NFS will always be of max size.

I am not 100% certain as I am yet to start running backup tests.

Best regards,
Jordan

-Original Message-
From: Florian Noel  
Sent: Monday, October 4, 2021 6:22 PM
To: 'users@cloudstack.apache.org' 
Subject: Size of the snapshots volume


[X] This message came from outside your organization


Hi,

I've a question about the snapshots volume in Cloudstack

When we take a snapshot of a volume, this create a VHD file on the secondary 
storage.
Snapshot size doesn't match volume size used.

Imagine a volume of 20GB, we fill the volume and empty it just after.
We take a snapshot of the volume from Cloudstack frontend and its size is 20GB 
on the secondary storage while the volume is empty.

We've made the same test with volume provisioning in thin, sparse and fat. The 
results are the same.

We use Cloudstack 4.15.1 with XCP-NG 8.1. The LUNs are connected in iSCSI on 
the hypervisors XCP.

Thanks for your help.

Best regards.


[Logo Web et 
Solutions]

[Facebook]

[Twitter]

[LinkedIn]

[Youtube]

Florian Noel

Administrateur Systèmes Et Réseaux

[https://urldefense.com/v3/__https://storage.letsignit.com/icons/designer/v2/phone-1.png__;!!A6UyJA!zYKJBkzZPANfqT6kPkY_Mfo8xu_hnCJDzEIYjPMOvqs3MwyZUs0N9FX1Ln1zICtHKJKHCxqW91pG$
 ] 02 35 78 11 90

705 Avenue Isaac Newton

76800 Saint-Etienne-Du-Rouvray

[Payneo]

VR swap on disk

2021-10-04 Thread Yordan Kostov 
Hey everyone,

   Environment is 4.15 ACS + XCP-NG 8.2 on fiber shared storage.

I notice a strange VR behavior happening once in a while (~10 
mins or so) . The virtual router is generating significant amount of usage on 
the storage for about 1 min or so.
Storage usage window corelates with CPU 100% usage as well.

After some troubleshooting - the process that does the CPU load 
is kswapd0. it looks like the VR is swapping memory on the storage.
An error message pops up once in a while in the cli - 
https://imgur.com/a/K2Tthi0
The disk of the VR is not full - https://imgur.com/37JU1Dg

It has happened a few times now and usually what I do is delete 
the VR and let ACS put a new instance, but that postpones the issue and does 
not resolve it.
Any idea of the root cause and how to fix ?

Regards,
Jordan

RE: Problems setting up HTTPS on CS Managementserver GUI / recommadations relizing

2021-09-21 Thread Yordan Kostov 
You are welcome !

Regards,
Jordan

-Original Message-
From: vas...@gmx.de  
Sent: Tuesday, September 21, 2021 12:21 AM
To: users@cloudstack.apache.org
Subject: Re: Problems setting up HTTPS on CS Managementserver GUI / 
recommadations relizing


[X] This message came from outside your organization


UPDATE:

@yordan
Sir - you made my day!
It is working.

What i've done:
- Checking the initial certificates for additonal blanks (even if this 
shouldn't bother - but safety first :-D)
- Stick to the nameing convention for the keystore.pkcs12  - literally

I scipped the automatic redirect part, as this is currently handled by my 
firewall. Also i didn't changend port-numbers. Nevertheless it works!
So thank you once again

Am Mo., 20. Sept. 2021 um 20:55 Uhr schrieb vas...@gmx.de :

> Hi everyone, sorry for getting back with quiet a delay.
>
> Short update:
> Seems i got at least as far to secure SSVM and CPVM with the 
> certificates needed. But thats another topic :-D
>
> @wei
> Thanks for your advice, as said above i am currently "done" with 
> points 1 & 3 of your setup list. will take a look into a suitable 
> nginx configuration  i guess. My last attemps ended with a "to many redirects"
> error - i am not to much into the webserver business at all
>
> @Yordan
> Thanks for sharing this. I took a look into that, but sadly i didn't 
> found a different approach in all the things i have tried until now.
> I guess i will take a look into the certificates again, as i could 
> imagine that something went wrong while writing them into the 
> keystore... Will keep you updated.
>
> Am Fr., 17. Sept. 2021 um 14:33 Uhr schrieb Yordan Kostov <
> yord...@nsogroup.com>:
>
>> Hi,
>>
>> I do remember having issues with the steps in Shapeblue guide.
>> Eventually I threw some notes for a future guide you can 
>> check here -> 
>> https://urldefense.com/v3/__https://github.com/dredknight/cloud_scripts/blob/master/CloudStack-Xen/ACS-ssl-gui-guide.sh__;!!A6UyJA!39wKNbwTatkPL0reqblk1gYzIaxCFJT7gQOHjgtQfVwLPcDWYMcq_2XlJE5c3VAdfz0ZygqzKzsa$
>> I hope that helps.
>>
>> Best regards,
>> Jordan
>>
>> -Original Message-
>> From: Wei ZHOU 
>> Sent: Thursday, September 16, 2021 10:20 PM
>> To: users ; vas...@gmx.de
>> Subject: Re: Problems setting up HTTPS on CS Managementserver GUI / 
>> recommadations relizing
>>
>>
>> [X] This message came from outside your organization
>>
>>
>> Hi,
>>
>> afaik the most common setup is
>> (1) start (multiple) cloudstack management server with port 8080
>> (2) setup a reverse proxy (nginx/pfsense/haproxy, etc) which supports 
>> SSL termination and transparent LB.
>> (3) upload ssl certificate in cloudstack GUI, and enable SSL for 
>> cloudsack console proxy and secondary storage.
>>
>> -Wei
>>
>>
>> On Tue, 14 Sept 2021 at 19:19, vas...@gmx.de  wrote:
>>
>> > Hi,
>> >
>> > at the moment I am trying to setting up https - access for the 
>> > management server with my own certificates. Sadly i wasn't 
>> > successfull
>> until now.
>> > OS: Ubuntu 20.04
>> > Standard Cloudstack
>> > Basically i was following the documentation (
>> >
>> > https://urldefense.com/v3/__http://docs.cloudstack.apache.org/en/la
>> > tes 
>> > t/installguide/optional_installation.html*ssl-optional__;Iw!!A6UyJA
>> > !0d 
>> > TT8fqOaTGELyheFRnbrYw22T34WaEoPMbmxwezYicKr808oddMvJAwxkY7LIC7IuZy3
>> > pTq
>> > DCm-$
>> > )
>> > as well as following guide from shapeblue ( 
>> > https://urldefense.com/v3/__https://www.shapeblue.com/securing-clou
>> > dst
>> >
>> ack-4-11-with-https-tls/__;!!A6UyJA!0dTT8fqOaTGELyheFRnbrYw22T34WaEoP
>> MbmxwezYicKr808oddMvJAwxkY7LIC7IuZy3n-PQYEK$
>> ) for setting up https for the GUI.
>> >
>> > At the moment i am stuck, as i didn't really have clue where and 
>> > how to proceed onwards, as i am not finding any problems, warinings 
>> > or errors in the cloudstack log's.
>> > Usage of netstat shows, that currently no service is listening on 
>> > port 8443.
>> >
>> > Which leads me to a assumption that i maybe messed up 
>> > access-priviledges for the actual keystore-file, as the 
>> > server.properties noted sais, that the https configuration will  
>> > only be used when the keystorefile exists and is readable by the
>> managementserver.
>> > Therefore  which permissions are normally used for the keystore to 
>

lower case VM hostname

2021-09-20 Thread Yordan Kostov 
Dear all,

Is it possible to force Linux VMs hostnames to be lower case no 
matter of how the user named the VM in Cloudstack GUI?
Is there such custom option in Cloudstack and if that is not 
the case, is there a way to achieve that with cloud-init set-hostname module?

Best regards,
Jordan

RE: Problems setting up HTTPS on CS Managementserver GUI / recommadations relizing

2021-09-17 Thread Yordan Kostov 
Hi,

I do remember having issues with the steps in Shapeblue guide.
Eventually I threw some notes for a future guide you can check here -> 
https://github.com/dredknight/cloud_scripts/blob/master/CloudStack-Xen/ACS-ssl-gui-guide.sh
I hope that helps.

Best regards,
Jordan

-Original Message-
From: Wei ZHOU  
Sent: Thursday, September 16, 2021 10:20 PM
To: users ; vas...@gmx.de
Subject: Re: Problems setting up HTTPS on CS Managementserver GUI / 
recommadations relizing


[X] This message came from outside your organization


Hi,

afaik the most common setup is
(1) start (multiple) cloudstack management server with port 8080
(2) setup a reverse proxy (nginx/pfsense/haproxy, etc) which supports SSL 
termination and transparent LB.
(3) upload ssl certificate in cloudstack GUI, and enable SSL for cloudsack 
console proxy and secondary storage.

-Wei


On Tue, 14 Sept 2021 at 19:19, vas...@gmx.de  wrote:

> Hi,
>
> at the moment I am trying to setting up https - access for the 
> management server with my own certificates. Sadly i wasn't successfull until 
> now.
> OS: Ubuntu 20.04
> Standard Cloudstack
> Basically i was following the documentation (
>
> https://urldefense.com/v3/__http://docs.cloudstack.apache.org/en/lates
> t/installguide/optional_installation.html*ssl-optional__;Iw!!A6UyJA!0d
> TT8fqOaTGELyheFRnbrYw22T34WaEoPMbmxwezYicKr808oddMvJAwxkY7LIC7IuZy3pTq
> DCm-$
> )
> as well as following guide from shapeblue ( 
> https://urldefense.com/v3/__https://www.shapeblue.com/securing-cloudst
> ack-4-11-with-https-tls/__;!!A6UyJA!0dTT8fqOaTGELyheFRnbrYw22T34WaEoPMbmxwezYicKr808oddMvJAwxkY7LIC7IuZy3n-PQYEK$
>  ) for setting up https for the GUI.
>
> At the moment i am stuck, as i didn't really have clue where and how 
> to proceed onwards, as i am not finding any problems, warinings or 
> errors in the cloudstack log's.
> Usage of netstat shows, that currently no service is listening on port 
> 8443.
>
> Which leads me to a assumption that i maybe messed up 
> access-priviledges for the actual keystore-file, as the 
> server.properties noted sais, that the https configuration will  only 
> be used when the keystorefile exists and is readable by the managementserver.
> Therefore  which permissions are normally used for the keystore to be 
> accessed by the management server?
>
> As the documentation states, that more or less every site has it's own 
> practices on providing webservices to actual users, i would like to 
> ask for some experiences with different appoaches?
> Till now i "stumbled" over some ways the set up a reverseproxy based 
> on nginx / apache "in front" of the actual CS-Management WebServer, 
> which shall take care of the certificate handling. Another idea i have 
> read on a side would be to "by pass" the CS-Management Webserver, 
> targetting directly to the "root"-volume. Which seems to be a aventures 
> appoach...
>
> So i am highly interested in your approaches and experiences 
> regardning this topic.
>
> Thanks in advance!
>

RE: RE: Remove host from MySQL?

2021-09-08 Thread Yordan Kostov 
Just saw Wei response,

I suggest you take his approach as it is safer than mine.

Best regards,
Jordan

-Original Message-
From: Yordan Kostov  
Sent: 09 септември 2021 г. 8:41
To: users@cloudstack.apache.org
Subject: RE: RE: Remove host from MySQL?


[X] This message came from outside your organization


This means in table vm_instance there are VM instances that are still noted to 
reside on that host. From what I have seen that is a common ACS behavior.
What you need to do is go to that table, filter by host and make a list of 
those VMs.
Find if they really exist as you don’t want to remove real ones.

After that is  verified you can delete them one by one based on VM id or all of 
them at once based on last_host_id.

Regards,
Jordan

-Original Message-
From: James Steele 
Sent: 07 септември 2021 г. 12:00
To: users@cloudstack.apache.org
Subject: Re: RE: Remove host from MySQL?


[X] This message came from outside your organization


Thanks for that reply Jordan,

when I did that, I got:

mysql> delete from host where id=12;
ERROR 1451 (23000): Cannot delete or update a parent row: a foreign key 
constraint fails (`cloud`.`vm_instance`, CONSTRAINT 
`fk_vm_instance__last_host_id` FOREIGN KEY (`last_host_id`) REFERENCES `host` 
(`id`))
mysql>

Any idea? Thanks, Jim

RE: RE: Remove host from MySQL?

2021-09-08 Thread Yordan Kostov 
This means in table vm_instance there are VM instances that are still noted to 
reside on that host. From what I have seen that is a common ACS behavior.
What you need to do is go to that table, filter by host and make a list of 
those VMs.
Find if they really exist as you don’t want to remove real ones.

After that is  verified you can delete them one by one based on VM id or all of 
them at once based on last_host_id.

Regards,
Jordan

-Original Message-
From: James Steele  
Sent: 07 септември 2021 г. 12:00
To: users@cloudstack.apache.org
Subject: Re: RE: Remove host from MySQL?


[X] This message came from outside your organization


Thanks for that reply Jordan,

when I did that, I got:

mysql> delete from host where id=12;
ERROR 1451 (23000): Cannot delete or update a parent row: a foreign key 
constraint fails (`cloud`.`vm_instance`, CONSTRAINT 
`fk_vm_instance__last_host_id` FOREIGN KEY (`last_host_id`) REFERENCES `host` 
(`id`))
mysql>

Any idea? Thanks, Jim

RE: Remove host from MySQL?

2021-09-07 Thread Yordan Kostov 
Hello James,

If this is production be very cautious about touching the base.

This will do the trick:
USE cloud;
DELETE FROM host WHERE id=12;

Best regards,
Jordan

-Original Message-
From: James Steele  
Sent: 03 септември 2021 г. 17:28
To: users@cloudstack.apache.org
Subject: Remove host from MySQL?


[X] This message came from outside your organization


Hi all,

We have a host that was removed from the webUI, but it somehow still exists in 
the cloudstack MySQL database.

I wanted to remove the host, reinstall the OS and then re-add back to CS - 
keeping the same name & IP.

What is the MySQL command to remove the existing host entry? Would be something 
like:

use cloud;
select * from host;
update host set removed=now() where id=12;

FYI: this is the same Host 12 mentioned here: 
https://urldefense.com/v3/__https://github.com/apache/cloudstack/issues/5300__;!!A6UyJA!xxSOzkY4Lt4gw1sCqCER6DHC-Cvdc4dEl_df2vKC_ldCsQl1Mu0jn5iHGzR4VsCR7b_nNb6verIS$

Thanks, Jim

RE: XCP-ng Backup Cloudstack 4.15

2021-09-03 Thread Yordan Kostov 
Hey Benoit,

I am also interested is such integration to external vendor for XCP 
hypervisor.
Lately my attention is in other matters but I do begun thinking on an 
external solution for a cold backup. Here is a design concept:

Backup:
1. ACS framework does occasional volume backups and keeps them 
on NFS share (hot backup)
2. Veeam collects the backup folder structure and contents once 
every X and keeps it on tape (cold backup)

In this case ACS framework is what the backup solution for hot backup 
and Veeam is for cold.

Hot restore: 
1. Happens through ACS Framework and is done by the end user.

Cold restore:
1. admin dumps a cold backup to a NFS
2. in an automated manner single or all volumes are imported 
into ACS and assigned to the proper account owners of the original VMs.
3. ACS user restore VMs from volumes as Hot restore.

From everything above what is not possible is how the restored folder structure 
and volumes can be automatically imported and assigned to the proper accounts?
What I came up it as least effort solution that also is resilient is on the 
backup NFS server to make a cron script that executes once an hour and scans 
the /backup partition.

ACS NFS backup partition has the following structure
//snapshots/account_id/VOLUME_ID 
/master_and_delta_files

In each VOLUME_ID directory a YAML file will be created listing:
- owner acc id
- origin volume id
- origin volume name (taken from ACS DB)
- list of mater and delta files

Consecutive runs of the script will compare if VOLUME_ID folder 
contents are different than the YAML and will update it. Usually that will 
before Veeam backup occurs.
Then Veeam backup will occur. 
There is one caveat here - hot backups can occur anytime depending on 
user settings while cold backup happens once per time frame. There can be the 
case where cold backup occurs while hot backup jobs are running. This should be 
avoided.

When restore is required specific volume will be restored from Veeam 
and with restore shell script it will take the volume YAML conif:
- converge deltas
- set new volume name as RESTORED_
- import the volume to ACS under the origin account ID

Moreover a secondary script can create VMs from volumes for a case of 
mass cold restore but that will be at later stage.
Again that is just a concept and if anyone has an idea on how to 
improve or simplify that will be great!

Best regards,
Jordan


 
-Original Message-
From: benoit lair  
Sent: 02 септември 2021 г. 18:36
To: users@cloudstack.apache.org
Subject: Re: XCP-ng Backup Cloudstack 4.15


[X] This message came from outside your organization


Is there a way to implement ourself a custom external provider in order to 
backup VMs ?

Le jeu. 2 sept. 2021 à 15:52, benoit lair  a écrit :

> Hello,
>
> I am interested too in doing Backup VM for Xcp-NG Would you have a 
> solution for using Veeam like Yordan aims ?
>
> Le lun. 12 juil. 2021 à 13:30, Abishek Budhathoki  
> a écrit :
>
>> Thank You for the response. Really apricated.
>>
>> On 2021/07/12 09:41:07, Rohit Yadav  wrote:
>> > Hi Abishek,
>> >
>> > That's right, the current Backup & Recovery framework only supports
>> Veeam provider on VMware.
>> >
>> > For XenServer/xcpng, we don't have a plugin/provider, however 
>> > volume
>> snapshots can be used to backup snapshots on secondary storage.
>> >
>> > Regards.
>> >
>> > Regards,
>> > Rohit Yadav
>> >
>> > 
>> > From: Abishek Budhathoki 
>> > Sent: Saturday, July 10, 2021 7:42:12 PM
>> > To: users@cloudstack.apache.org 
>> > Subject: XCP-ng Backup Cloudstack 4.15
>> >
>> > Hello EveryOne,
>> >
>> > I am trying cloudstack with xen environment. I was trying out the
>> backup feature of the cloudstack and was not able to achieve it. Does 
>> the backup work in xen environment or it strictly only works with vmware 
>> only.
>> >
>> >
>> >
>> >
>> >
>> >
>>
>

RE: unsupported: rootdisksize override is smaller than template size

2021-08-10 Thread Yordan Kostov 
You are welcome !

-Original Message-
From: Piotr Pisz  
Sent: 10 август 2021 г. 12:46
To: users@cloudstack.apache.org
Subject: RE: unsupported: rootdisksize override is smaller than template size


[X] This message came from outside your organization


Yordan,

It seems you are right, sometimes it is enough to ask the question out loud
:-)

Root disk size (GB)
100 GB

Thanks!

Regards,
Piotr

-Original Message-
From: Yordan Kostov 
Sent: Tuesday, August 10, 2021 11:36 AM
To: users@cloudstack.apache.org; pi...@piszki.pl
Subject: RE: unsupported: rootdisksize override is smaller than template size

May be it has something to do with specific disk offering of size 150 GB?
Is there a step in the process where you match the imported VM specs to 
offerings?

Best regards,
Jordan

-Original Message-
From: Piotr Pisz 
Sent: 10 август 2021 г. 12:28
To: users@cloudstack.apache.org
Subject: unsupported: rootdisksize override is smaller than template size


[X] This message came from outside your organization


Hello,



I am now running a series of VM migrations from vSphere to CloudStack and 
generally there is no problem with that.

From time to time, after importing the old VM as template, I can't start a new 
one, I get the following message:



unsupported: rootdisksize override is smaller than template size "(150,00
GB) 161061273600"



I do not fully understand what is going on, could someone help explain it?



Regards,m

Piotr

RE: slow vm start and dhcp log full?

2021-08-10 Thread Yordan Kostov 
Hey everyone,

 I figured it out. It was a faulty SFP that caused a bottleneck of IOPS 
so VRs could not write in the log dir which cascaded into DHCP outage.

Best regards,
Jordan  

-Original Message-
From: Yordan Kostov  
Sent: 09 август 2021 г. 14:50
To: users@cloudstack.apache.org
Subject: slow vm start and dhcp log full?


[X] This message came from outside your organization


Hello everyone,

Cloudstack 4.15 + XCP-NG 82 + Virtual router template 4.15. We 
got just about 15 VMs or so running. Mostly doing some backup tests or people 
trying it out.

Recently I noticed quite some sluggishness on our environment. 
It took about 5-10 mins to create a new VM or start existing one.
One of our networks stopped creating VMs where it seems the 
Virtual router was not giving addresses.

After some troubleshooting  I found the following issues:

  *   The Virtual router that did not give IP addresses had his 
/run/log/journal directory fill in the whole /run partition with logs.  It 
seems when this happen the Router stops giving IP addresses.
  *   The same Virtual router + one more were putting heavy load on the storage 
(20-25 MB/s) squeezing all the IOPS they can get.


Lets say issue number one is by design. What causes issue number 2?
VR logs  ( journalctl -p 3 -x --file 
/run/log/journal/5212989feea04bb6b13843e7b0c9d2b3/system.journal )  show this 
issue repeating:

Aug 09 11:41:22 r-39-VM systemd[1]: Failed to start User Manager for UID 0.
-- Subject: A start job for unit user@0.service has failed
-- Defined-By: systemd
-- Support: 
https://urldefense.com/v3/__https://www.debian.org/support__;!!A6UyJA!wCf6hAHLa6AftXnrRfqcu9NkyxpVWGHy_xO0Bxz2lPUzny2fOmjNxxkOFmN4WsBnk9u5yxTvRxGj$
--
-- A start job for unit user@0.service has finished with a failure.
--
-- The job identifier is 588 and the job result is failed.
Aug 09 11:41:29 r-39-VM systemd[1607]: PAM _pam_load_conf_file: unable to open 
config for /etc/pam.d/null Aug 09 11:41:29 r-39-VM systemd[1607]: PAM error 
loading (null) Aug 09 11:41:29 r-39-VM systemd[1607]: PAM _pam_init_handlers: 
error reading /etc/pam.d/systemd-user Aug 09 11:41:29 r-39-VM systemd[1607]: 
PAM _pam_init_handlers: [Critical error - immediate abort] Aug 09 11:41:29 
r-39-VM systemd[1607]: PAM error reading PAM configuration file Aug 09 11:41:29 
r-39-VM systemd[1607]: PAM pam_start: failed to initialize handlers Aug 09 
11:41:29 r-39-VM systemd[1607]: PAM failed: Critical error - immediate abort 
Aug 09 11:41:29 r-39-VM systemd[1607]: user@0.service: Failed to set up PAM 
session: Operation not permitted Aug 09 11:41:29 r-39-VM systemd[1607]: 
user@0.service: Failed at step PAM spawning /lib/systemd/systemd: Operation not 
permitted
-- Subject: Process /lib/systemd/systemd could not be executed
-- Defined-By: systemd
-- Support: 
https://urldefense.com/v3/__https://www.debian.org/support__;!!A6UyJA!wCf6hAHLa6AftXnrRfqcu9NkyxpVWGHy_xO0Bxz2lPUzny2fOmjNxxkOFmN4WsBnk9u5yxTvRxGj$
--
-- The process /lib/systemd/systemd could not be executed and failed.
--
-- The error number returned by this process is ERRNO.

After rebooting the VMs things are back to normal, at least for 
now.
Any advice on why VRs behave like that and why PAM is 
complaining ?

Best regards,
Jordan

RE: unsupported: rootdisksize override is smaller than template size

2021-08-10 Thread Yordan Kostov 
May be it has something to do with specific disk offering of size 150 GB?
Is there a step in the process where you match the imported VM specs to 
offerings?

Best regards,
Jordan

-Original Message-
From: Piotr Pisz  
Sent: 10 август 2021 г. 12:28
To: users@cloudstack.apache.org
Subject: unsupported: rootdisksize override is smaller than template size


[X] This message came from outside your organization


Hello,



I am now running a series of VM migrations from vSphere to CloudStack and 
generally there is no problem with that.

>From time to time, after importing the old VM as template, I can't start a new 
>one, I get the following message:



unsupported: rootdisksize override is smaller than template size "(150,00
GB) 161061273600"



I do not fully understand what is going on, could someone help explain it?



Regards,m

Piotr

slow vm start and dhcp log full?

2021-08-09 Thread Yordan Kostov 
Hello everyone,

Cloudstack 4.15 + XCP-NG 82 + Virtual router template 4.15. We 
got just about 15 VMs or so running. Mostly doing some backup tests or people 
trying it out.

Recently I noticed quite some sluggishness on our environment. 
It took about 5-10 mins to create a new VM or start existing one.
One of our networks stopped creating VMs where it seems the 
Virtual router was not giving addresses.

After some troubleshooting  I found the following issues:

  *   The Virtual router that did not give IP addresses had his 
/run/log/journal directory fill in the whole /run partition with logs.  It 
seems when this happen the Router stops giving IP addresses.
  *   The same Virtual router + one more were putting heavy load on the storage 
(20-25 MB/s) squeezing all the IOPS they can get.


Lets say issue number one is by design. What causes issue number 2?
VR logs  ( journalctl -p 3 -x --file 
/run/log/journal/5212989feea04bb6b13843e7b0c9d2b3/system.journal )  show this 
issue repeating:

Aug 09 11:41:22 r-39-VM systemd[1]: Failed to start User Manager for UID 0.
-- Subject: A start job for unit user@0.service has failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A start job for unit user@0.service has finished with a failure.
--
-- The job identifier is 588 and the job result is failed.
Aug 09 11:41:29 r-39-VM systemd[1607]: PAM _pam_load_conf_file: unable to open 
config for /etc/pam.d/null
Aug 09 11:41:29 r-39-VM systemd[1607]: PAM error loading (null)
Aug 09 11:41:29 r-39-VM systemd[1607]: PAM _pam_init_handlers: error reading 
/etc/pam.d/systemd-user
Aug 09 11:41:29 r-39-VM systemd[1607]: PAM _pam_init_handlers: [Critical error 
- immediate abort]
Aug 09 11:41:29 r-39-VM systemd[1607]: PAM error reading PAM configuration file
Aug 09 11:41:29 r-39-VM systemd[1607]: PAM pam_start: failed to initialize 
handlers
Aug 09 11:41:29 r-39-VM systemd[1607]: PAM failed: Critical error - immediate 
abort
Aug 09 11:41:29 r-39-VM systemd[1607]: user@0.service: Failed to set up PAM 
session: Operation not permitted
Aug 09 11:41:29 r-39-VM systemd[1607]: user@0.service: Failed at step PAM 
spawning /lib/systemd/systemd: Operation not permitted
-- Subject: Process /lib/systemd/systemd could not be executed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- The process /lib/systemd/systemd could not be executed and failed.
--
-- The error number returned by this process is ERRNO.

After rebooting the VMs things are back to normal, at least for 
now.
Any advice on why VRs behave like that and why PAM is 
complaining ?

Best regards,
Jordan

RE: [!!Mass Mail]Re: Extend Public IP Range

2021-07-14 Thread Yordan Kostov 
It should not be a problem. Unique IDs in the IP table doesn’t care for the 
order of the IPs they are holding.
I will suggest to fire up 5-10 new test vms just to test how IPs are assigned 
afterwards.

Best regards,
Jordan

-Original Message-
From: Дикевич Евгений Александрович  
Sent: 14 юли 2021 г. 14:46
To: users@cloudstack.apache.org
Subject: RE: [!!Mass Mail]Re: Extend Public IP Range


[X] This message came from outside your organization


Thx.
In mail chain they are extend network from XXX.XXX.XXX.10 - XXX.XXX.XXX.11 ---> 
XXX.XXX.XXX.10 - XXX.XXX.XXX.12 but I want to XXX.XXX.XXX.150 - XXX.XXX.XXX.254 
---> XXX.XXX.XXX.130 - XXX.XXX.XXX.254 (I want to add addresses Before existing 
pool) It's problem for this method or not?

-Original Message-
From: Yordan Kostov [mailto:yord...@nsogroup.com]
Sent: Wednesday, July 14, 2021 2:23 PM
To: users@cloudstack.apache.org
Subject: RE: [!!Mass Mail]Re: Extend Public IP Range

Hey Evgeny,

Check mail chain from June with subject  "Alter Shared Guest Network?" 
it has all you need in terms of DB editing and considerations that should be 
taken under account when editing the DB.

Best regards,
Jordan

-Original Message-
From: Дикевич Евгений Александрович 
Sent: 14 юли 2021 г. 14:11
To: users@cloudstack.apache.org
Subject: RE: [!!Mass Mail]Re: Extend Public IP Range


[X] This message came from outside your organization


HI. Thx for answer.
How I can fix It in DB?

-Original Message-
From: Alexey Samarin [mailto:nrg3...@gmail.com]
Sent: Wednesday, July 14, 2021 1:55 PM
To: users@cloudstack.apache.org
Subject: [!!Mass Mail]Re: Extend Public IP Range

 Evgeny, hi!
you can fix it in two ways:
1 - fix it directly in the database (assuming it's not a production system)
2 - try to add another subnet of external addresses

ср, 14 июл. 2021 г. в 13:47, Дикевич Евгений Александрович <
evgeniy.dikev...@becloud.by>:

> Hi All!
> How I can extend Public IP Range?
> I have network XXX.XXX.XXX.128/25 but when I configured public ip 
> range I made a mistake and used only XXX.XXX.XXX.160  -
> XXX.XXX.XXX.254 I want to use all my addresses.
> How I can correct this?
> Внимание!
> Это электронное письмо и все прикрепленные к нему файлы являются 
> конфиденциальными и предназначены исключительно для использования 
> лицом (лицами), которому (которым) оно предназначено. Если Вы не 
> являетесь лицом (лицами), которому (которым) предназначено это письмо, 
> не копируйте и не разглашайте его содержимое и удалите это сообщение и 
> все вложения из Вашей почтовой системы. Любое несанкционированное 
> использование, распространение, раскрытие, печать или копирование 
> этого электронного письма и прикрепленных к нему файлов, кроме как 
> лицом (лицами) которому (которым) они предназначены, является 
> незаконным и запрещено. Принимая во внимание, что передача данных 
> посредством Интернет не является безопасной, мы не несем никакой 
> ответственности за любой потенциальный ущерб, причиненный в результате 
> ошибок при передаче данных или этим сообщением и прикрепленными к нему 
> файлами.
>
> Attention!
> This email and all attachments to it are confidential and are intended 
> solely for use by the person (or persons) referred to (mentioned) as 
> the intended recipient (recipients). If you are not the intended 
> recipient of this email, do not copy or disclose its contents and 
> delete the message and any attachments to it from your e-mail system.
> Any unauthorized use, dissemination, disclosure, printing or copying 
> of this e-mail and files attached to it, except by the intended 
> recipient, is illegal and is prohibited. Taking into account that data 
> transmission via Internet is not secure, we assume no responsibility 
> for any potential damage caused by data transmission errors or this message 
> and the files attached to it.
>
Внимание!
Это электронное письмо и все прикрепленные к нему файлы являются 
конфиденциальными и предназначены исключительно для использования лицом 
(лицами), которому (которым) оно предназначено. Если Вы не являетесь лицом 
(лицами), которому (которым) предназначено это письмо, не копируйте и не 
разглашайте его содержимое и удалите это сообщение и все вложения из Вашей 
почтовой системы. Любое несанкционированное использование, распространение, 
раскрытие, печать или копирование этого электронного письма и прикрепленных к 
нему файлов, кроме как лицом (лицами) которому (которым) они предназначены, 
является незаконным и запрещено. Принимая во внимание, что передача данных 
посредством Интернет не является безопасной, мы не несем никакой 
ответственности за любой потенциальный ущерб, причиненный в результате ошибок 
при передаче данных или этим сообщением и прикрепленными к нему файлами.

Attention!
This email and all attachments to it are confidential and are intended solely

RE: XCP-ng HA with cloudstack.

2021-07-14 Thread Yordan Kostov 
Hey Abishek,

There is HA for pool and HA for VMs:
- HA for pool should be done this way - 
https://docs.cloudstack.apache.org/en/latest/upgrading/upgrade/_xenserver_upg.html?highlight=ha
- to HA a VM do it from cloudstack GUI, it is the ACS that keep track of what 
is up and what is not, instead of the XenServer. 
https://docs.cloudstack.apache.org/en/latest/adminguide/reliability.html#ha-enabled-virtual-machines

Best regards,
Jordan

-Original Message-
From: Abishek Budhathoki  
Sent: 14 юли 2021 г. 14:18
To: users@cloudstack.apache.org
Subject: XCP-ng HA with cloudstack.


[X] This message came from outside your organization


Can we achieve HA in XCP-ng host via cloudstack 4.15.1?
If its posssible I will be very grateful if someone can point me to any kind of 
documentation regarding HA with xcp-ng.

Thank You.

RE: [!!Mass Mail]Re: Extend Public IP Range

2021-07-14 Thread Yordan Kostov 
Hey Evgeny,

Check mail chain from June with subject  "Alter Shared Guest Network?" 
it has all you need in terms of DB editing and considerations that should be 
taken under account when editing the DB.

Best regards,
Jordan 

-Original Message-
From: Дикевич Евгений Александрович  
Sent: 14 юли 2021 г. 14:11
To: users@cloudstack.apache.org
Subject: RE: [!!Mass Mail]Re: Extend Public IP Range


[X] This message came from outside your organization


HI. Thx for answer.
How I can fix It in DB?

-Original Message-
From: Alexey Samarin [mailto:nrg3...@gmail.com]
Sent: Wednesday, July 14, 2021 1:55 PM
To: users@cloudstack.apache.org
Subject: [!!Mass Mail]Re: Extend Public IP Range

 Evgeny, hi!
you can fix it in two ways:
1 - fix it directly in the database (assuming it's not a production system)
2 - try to add another subnet of external addresses

ср, 14 июл. 2021 г. в 13:47, Дикевич Евгений Александрович <
evgeniy.dikev...@becloud.by>:

> Hi All!
> How I can extend Public IP Range?
> I have network XXX.XXX.XXX.128/25 but when I configured public ip 
> range I made a mistake and used only XXX.XXX.XXX.160  -
> XXX.XXX.XXX.254 I want to use all my addresses.
> How I can correct this?
> Внимание!
> Это электронное письмо и все прикрепленные к нему файлы являются 
> конфиденциальными и предназначены исключительно для использования 
> лицом (лицами), которому (которым) оно предназначено. Если Вы не 
> являетесь лицом (лицами), которому (которым) предназначено это письмо, 
> не копируйте и не разглашайте его содержимое и удалите это сообщение и 
> все вложения из Вашей почтовой системы. Любое несанкционированное 
> использование, распространение, раскрытие, печать или копирование 
> этого электронного письма и прикрепленных к нему файлов, кроме как 
> лицом (лицами) которому (которым) они предназначены, является 
> незаконным и запрещено. Принимая во внимание, что передача данных 
> посредством Интернет не является безопасной, мы не несем никакой 
> ответственности за любой потенциальный ущерб, причиненный в результате 
> ошибок при передаче данных или этим сообщением и прикрепленными к нему 
> файлами.
>
> Attention!
> This email and all attachments to it are confidential and are intended 
> solely for use by the person (or persons) referred to (mentioned) as 
> the intended recipient (recipients). If you are not the intended 
> recipient of this email, do not copy or disclose its contents and 
> delete the message and any attachments to it from your e-mail system.
> Any unauthorized use, dissemination, disclosure, printing or copying 
> of this e-mail and files attached to it, except by the intended 
> recipient, is illegal and is prohibited. Taking into account that data 
> transmission via Internet is not secure, we assume no responsibility 
> for any potential damage caused by data transmission errors or this message 
> and the files attached to it.
>
Внимание!
Это электронное письмо и все прикрепленные к нему файлы являются 
конфиденциальными и предназначены исключительно для использования лицом 
(лицами), которому (которым) оно предназначено. Если Вы не являетесь лицом 
(лицами), которому (которым) предназначено это письмо, не копируйте и не 
разглашайте его содержимое и удалите это сообщение и все вложения из Вашей 
почтовой системы. Любое несанкционированное использование, распространение, 
раскрытие, печать или копирование этого электронного письма и прикрепленных к 
нему файлов, кроме как лицом (лицами) которому (которым) они предназначены, 
является незаконным и запрещено. Принимая во внимание, что передача данных 
посредством Интернет не является безопасной, мы не несем никакой 
ответственности за любой потенциальный ущерб, причиненный в результате ошибок 
при передаче данных или этим сообщением и прикрепленными к нему файлами.

Attention!
This email and all attachments to it are confidential and are intended solely 
for use by the person (or persons) referred to (mentioned) as the intended 
recipient (recipients). If you are not the intended recipient of this email, do 
not copy or disclose its contents and delete the message and any attachments to 
it from your e-mail system. Any unauthorized use, dissemination, disclosure, 
printing or copying of this e-mail and files attached to it, except by the 
intended recipient, is illegal and is prohibited. Taking into account that data 
transmission via Internet is not secure, we assume no responsibility for any 
potential damage caused by data transmission errors or this message and the 
files attached to it.

RE: thank you :)

2021-07-12 Thread Yordan Kostov 
Got you now ! 
Presenting solutions to non technical people has put a mark on my language for 
sure...

Regards,
Jordan 


-Original Message-
From: Daan Hoogland  
Sent: 12 юли 2021 г. 14:28
To: users 
Subject: Re: thank you :)


[X] This message came from outside your organization


I don't mean much by it, I'm just trying to hide my curiosity behind hip 
internet age words ;)

On Mon, Jul 12, 2021 at 1:17 PM Yordan Kostov  wrote:

> What do you mean by blog? Its not worthy for blogging (;.
>
> Best regards,
> Jordan
>
> -Original Message-
> From: Daan Hoogland 
> Sent: 12 юли 2021 г. 10:36
> To: users 
> Subject: Re: thank you :)
>
>
> [X] This message came from outside your organization
>
>
> good to hear Yordan,
> will you blog or report back here?
>
> On Fri, Jul 9, 2021 at 11:11 AM Yordan Kostov 
> wrote:
>
> > Hey everyone,
> >
> > I just wanted to say thank you to everyone that 
> > helped me remediate Cloudstack issues or delve into architecture 
> > details last few weeks!
> > POC launch and user feedback was excellent!
> >
> > Best regards,
> > Jordan
> >
>
>
> --
> Daan
>


--
Daan

RE: thank you :)

2021-07-12 Thread Yordan Kostov 
What do you mean by blog? Its not worthy for blogging (;.

Best regards,
Jordan 

-Original Message-
From: Daan Hoogland  
Sent: 12 юли 2021 г. 10:36
To: users 
Subject: Re: thank you :)


[X] This message came from outside your organization


good to hear Yordan,
will you blog or report back here?

On Fri, Jul 9, 2021 at 11:11 AM Yordan Kostov  wrote:

> Hey everyone,
>
> I just wanted to say thank you to everyone that helped 
> me remediate Cloudstack issues or delve into architecture details last 
> few weeks!
> POC launch and user feedback was excellent!
>
> Best regards,
> Jordan
>


--
Daan

RE: XCP-ng Backup Cloudstack 4.15

2021-07-12 Thread Yordan Kostov 
I will be digging into that this matter week.

We are trying to do some kind of disaster recovery setup for XCP-NG/XenServer 
setup and Veeam.

The raw design idea we are having is Backup is done through ACS, Veeam collects 
the backup once every X days for DR purposes.
Restore is a bit more problematic because dumping the VHDs back is fine but it 
wont show in ACS GUI under the proper volume.
A good thing is that when volume backup is removed due to retention policy 
expiration the ACS DB entry in table " snapshots" is kept but marked from 
"Backup" to "Destroyed" 
So during restore of the VHD if the name of the VHD can be used to revert that 
entry change in the DB will probably make the backup appear in the GUI.

What I mention above is the worst case scenario where every step should be 
automated.
I need to dig into the backup framework and the api to see how they can aid 
this process.

Best regards,
Jordan

-Original Message-
From: Rohit Yadav  
Sent: 12 юли 2021 г. 12:41
To: users@cloudstack.apache.org
Subject: Re: XCP-ng Backup Cloudstack 4.15


[X] This message came from outside your organization


Hi Abishek,

That's right, the current Backup & Recovery framework only supports Veeam 
provider on VMware.

For XenServer/xcpng, we don't have a plugin/provider, however volume snapshots 
can be used to backup snapshots on secondary storage.

Regards.

Regards,
Rohit Yadav


From: Abishek Budhathoki 
Sent: Saturday, July 10, 2021 7:42:12 PM
To: users@cloudstack.apache.org 
Subject: XCP-ng Backup Cloudstack 4.15

Hello EveryOne,

I am trying cloudstack with xen environment. I was trying out the backup 
feature of the cloudstack and was not able to achieve it. Does the backup work 
in xen environment or it strictly only works with vmware only.

thank you :)

2021-07-09 Thread Yordan Kostov 
Hey everyone,

I just wanted to say thank you to everyone that helped me 
remediate Cloudstack issues or delve into architecture details last few weeks!
POC launch and user feedback was excellent!

Best regards,
Jordan

RE: Need some clarification on | expunge.interval | expunge.delay

2021-07-08 Thread Yordan Kostov 
You got that right.
Expunge process for that VM will be done in the time range from 24 to 48 hours 
depending on when the thread runs.

Regards,
Jordan

-Original Message-
From: Vivek Kumar  
Sent: 08 юли 2021 г. 14:31
To: users@cloudstack.apache.org
Subject: Re: Need some clarification on | expunge.interval | expunge.delay 


[X] This message came from outside your organization


Hey Jordan,

Thanks for the response..!! It clarifies my doubt.


So basically, after expunge.delay ( 24 hours in my case ), expunge.interval 
will be execute. So if I delete the VM now, it will be qualified to be expunged 
after 24 hours, and later after 24 hours, it will be deleted whenever expunge 
thread will run.

So  it will be deleted in 48 hours ..!  correct  ?

Regards,
Vivek Kumar



> On 08-Jul-2021, at 4:48 PM, Yordan Kostov  wrote:
>
> Hi Vivek,
>
>   Expunge delay - means after what time the VM will be qualified to be 
> deleted. If you set this value to  604800 (7 days). This means the VM that is 
> destroyed will be kept for no less than 7 days in cloudstack before being 
> expunged.
>
>   Expunge interval - is responsible for how often the expunge procedure 
> is run. If the value is set to 86400 (24 hours) it will check once every 24 
> if any VMs qualify for expunge process.
>
>   If you combine the two examples above - every 24 hours expunge thread 
> will launch and check if there are VMs in destroyed state longer than 7 days. 
> VMs that qualify the filter will be expunged.
>
>
> Best regards,
> Jordan
>
>
>
>
> -Original Message-
> From: Vivek Kumar 
> Sent: 08 юли 2021 г. 14:03
> To: users@cloudstack.apache.org
> Subject: Need some clarification on | expunge.interval | expunge.delay
>
>
> [X] This message came from outside your organization
>
>
> Hey Guys,
>
> I need some clarification on the global setting i.e expunge.delay and 
> expunge.intervals - So how does this both work. Let’s say if I set values 
> 86400( 24 hours) in both settings. So When I destroy my VM today, it will get 
> expunged after 24 hours as per the expunge.intervel. So what’s this 
> expunge.delay ?
>
>
> Regards,
> Vivek Kumar

RE: Need some clarification on | expunge.interval | expunge.delay

2021-07-08 Thread Yordan Kostov 
Hi Vivek,

Expunge delay - means after what time the VM will be qualified to be 
deleted. If you set this value to  604800 (7 days). This means the VM that is 
destroyed will be kept for no less than 7 days in cloudstack before being 
expunged.

Expunge interval - is responsible for how often the expunge procedure 
is run. If the value is set to 86400 (24 hours) it will check once every 24 if 
any VMs qualify for expunge process.

If you combine the two examples above - every 24 hours expunge thread 
will launch and check if there are VMs in destroyed state longer than 7 days. 
VMs that qualify the filter will be expunged.


Best regards,
Jordan




-Original Message-
From: Vivek Kumar  
Sent: 08 юли 2021 г. 14:03
To: users@cloudstack.apache.org
Subject: Need some clarification on | expunge.interval | expunge.delay 


[X] This message came from outside your organization


Hey Guys,

I need some clarification on the global setting i.e expunge.delay and 
expunge.intervals - So how does this both work. Let’s say if I set values 
86400( 24 hours) in both settings. So When I destroy my VM today, it will get 
expunged after 24 hours as per the expunge.intervel. So what’s this 
expunge.delay ?


Regards,
Vivek Kumar

RE: Cloudstack backup framework

2021-07-05 Thread Yordan Kostov 
Thank you  Daan,

I will do some tests this week!

Best regards,
Jordan

-Original Message-
From: Daan Hoogland  
Sent: Friday, July 2, 2021 11:41 AM
To: users 
Subject: Re: Cloudstack backup framework


[X] This message came from outside your organization


Yourdan, please look at the API [1]. I'm not sure what your hypervisor 
supports. This is documented to only work on KVM.

In general I wouldn't concern myself with umount when reverting volume, but 1. 
shutdown the VM 2. attach the reverted volume and 3. boot up again.

Hope you're successful with your design,

[1] 
https://urldefense.com/v3/__https://cloudstack.apache.org/api/apidocs-4.15/apis/revertSnapshot.html__;!!A6UyJA!xxTF2WVDoreH8JnOAuOMbsE-H01kuUXKAkLUGQ7fDZMqoPuPRT-LLjVFRNQBCxcBMXFPUr9sObZP$


On Tue, Jun 29, 2021 at 1:05 PM Yordan Kostov  wrote:

> Wondering if that is on purpose (technical issue or design flaw due to 
> which it is better this way)?
>
> While looking into how volume backup (VB) functions will it be 
> possible to design a revert this way:
>
>   1.On the volume snapshot page a button that allows reverting
> original disk to this state
>   2.   When button is pressed
> 2.1. New volume is created from the VB on the backup NFS storage
> 2.2. VM existing partition is unmounted
> 2.3.  the newly created volume is attached on its place
> 2.4. (not sure about this step) unmounted partition is removed
>
> Is this design valid? It does not look that complicated, I will ditch 
> in ACS development files next week and see if it is suitable task for me.
>
> Best regards,
> Jordan
>
>
>
> -Original Message-
> From: Yordan Kostov 
> Sent: Tuesday, June 29, 2021 12:29 PM
> To: users@cloudstack.apache.org
> Subject: Cloudstack backup framework
>
>
> [X] This message came from outside your organization
>
>
> Dear all,
>
> I have been playing around ACS backup capabilities 
> (4.15 with XCP-NG) and noticed the following:
>
>   1.  Full  VM snapshot is short term solution for immediate revert 
> after bad patch change
>   2.  Volume snapshot is long term backup solution of VM data but 
> metadata is not stored
>
> Did  some tests with Volume snaps as follow:
>
>   *   Made some root partition schedule snaps
>   *   Converted one snap to volume
>   *   I could not find a way to create a new instance with that volume. Is
> there a direct way (GUI and API)?  It is possible to create a template 
> but that seems like a bit too much unnecessary steps to revert a VM.
>
>
> Is it possible to revert existing VM volume from snapshot directly 
> (from a user perspective through the GUI.
>
>
>
> I read the documentation – (
> https://urldefense.com/v3/__http://docs.cloudstack.apache.org/en/lates
> t/adminguide/storage.html?highlight=Snapshot*snapshot-restore__;Iw!!A6
> UyJA!w7oYtaRN24lFJreApwzhpLbWG_V1LHlsIfqocukmbOCLIRdtOCGGN_vIuBxUe84U$
> ) which also say that direct volume revert is not possible ☹.
>
>
> Best regards,
> Jordan
>
> 11!
>
>

--
Daan

RE: Cloudstack backup framework

2021-06-29 Thread Yordan Kostov 
Wondering if that is on purpose (technical issue or design flaw due to which it 
is better this way)?

While looking into how volume backup (VB) functions will it be possible to 
design a revert this way:

  1.On the volume snapshot page a button that allows reverting original 
disk to this state
  2.   When button is pressed 
2.1. New volume is created from the VB on the backup NFS storage
2.2. VM existing partition is unmounted
2.3.  the newly created volume is attached on its place
2.4. (not sure about this step) unmounted partition is removed

Is this design valid? It does not look that complicated, I will ditch in ACS 
development files next week and see if it is suitable task for me.

Best regards,
Jordan



-Original Message-
From: Yordan Kostov  
Sent: Tuesday, June 29, 2021 12:29 PM
To: users@cloudstack.apache.org
Subject: Cloudstack backup framework


[X] This message came from outside your organization


Dear all,

I have been playing around ACS backup capabilities (4.15 with 
XCP-NG) and noticed the following:

  1.  Full  VM snapshot is short term solution for immediate revert after bad 
patch change
  2.  Volume snapshot is long term backup solution of VM data but metadata is 
not stored

Did  some tests with Volume snaps as follow:

  *   Made some root partition schedule snaps
  *   Converted one snap to volume
  *   I could not find a way to create a new instance with that volume. Is 
there a direct way (GUI and API)?  It is possible to create a template but that 
seems like a bit too much unnecessary steps to revert a VM.


Is it possible to revert existing VM volume from snapshot directly (from a user 
perspective through the GUI.



I read the documentation – 
(https://urldefense.com/v3/__http://docs.cloudstack.apache.org/en/latest/adminguide/storage.html?highlight=Snapshot*snapshot-restore__;Iw!!A6UyJA!w7oYtaRN24lFJreApwzhpLbWG_V1LHlsIfqocukmbOCLIRdtOCGGN_vIuBxUe84U$
 ) which also say that direct volume revert is not possible ☹.


Best regards,
Jordan

11!

Cloudstack backup framework

2021-06-29 Thread Yordan Kostov 
Dear all,

I have been playing around ACS backup capabilities (4.15 with 
XCP-NG) and noticed the following:

  1.  Full  VM snapshot is short term solution for immediate revert after bad 
patch change
  2.  Volume snapshot is long term backup solution of VM data but metadata is 
not stored

Did  some tests with Volume snaps as follow:

  *   Made some root partition schedule snaps
  *   Converted one snap to volume
  *   I could not find a way to create a new instance with that volume. Is 
there a direct way (GUI and API)?  It is possible to create a template but that 
seems like a bit too much unnecessary steps to revert a VM.


Is it possible to revert existing VM volume from snapshot directly (from a user 
perspective through the GUI.



I read the documentation – 
(http://docs.cloudstack.apache.org/en/latest/adminguide/storage.html?highlight=Snapshot#snapshot-restore)
 which also say that direct volume revert is not possible ☹.


Best regards,
Jordan

RE: RE: XCP-NG 8.2 LTS

2021-06-28 Thread Yordan Kostov 
Its on my to-do list to update it.

Best regards,
Jordan 

-Original Message-
From: Jermaine Kendall  
Sent: Friday, June 25, 2021 11:46 PM
To: users@cloudstack.apache.org
Subject: Re: RE: XCP-NG 8.2 LTS


[X] This message came from outside your organization


Thank you for the reply. It is very much appreciated. Can the documentation be 
upgraded for XCP-NG hypervisor setup and let me know it's done

On 2021/06/25 20:33:08, Yordan Kostov  wrote:
> Hello Jermaine,
>
>   Long story short:
>   1. Install XCP-NG 8.2
>   1.1. Make a a note of the name of the interface OR bond that is 
> going to be used for management traffic (this can be seen when you go to 
> CLUSTER -> networking tab
>   1.2. Make a note of the name of the interface OR bond that is 
> going to be used for user/public traffic if it is different then the 
> management
>   For example I use ETH0 for management and have bonded eth2 and eth3 and 
> use that bond for Public and user traffic - 
> https://urldefense.com/v3/__https://imgur.com/nbV2aAu__;!!A6UyJA!wDUMW6z5oiy9Dn5sjnQg0lEHza62apzb8T-x4oNAB42Sh99wLL6e3w9RjmN59FNHoLQ2vcyqdMZ2$
>   So the labels here are MGMT and DATA.
>   2. If you use presetup storage (for example fiber) attach it as you 
> usually do to the XCP cluster and note the name of the LUN in XenCenter.
>   3. Install Cloudstack somewhere (4.15) and deploy a zone by filling up 
> the guide from start to end using the interface labels and the LUN name for 
> primary storage.
>   4. Launch the zone deployment and wait for it to fail.
>   5. Cancel the wizard and go to Infrastruture tab. You will see that 
> Zone, Pod, cluster and hosts are deployed.
>   6. select primary storage tab. Add new one with presetup type and fill 
> in the storage LUN name. It will be added properly.
>   7. Deploy secondary storage (it was not deployed initially 
> because the zone wizard was interrupted before that step)
>
>   You environment is now ready!
>
>   Note: the deployment guide should be edited as it says XenServer switch 
> needs to be in bridge mode in order the system to work which is not correct 
> as ACS fully supports OVS.
>   May be bridge mode is required for some specific network design setting 
> which I am not aware of at the moment.
>
> Best regards,
> Jordan
>
>
> -Original Message-
> From: Jermaine Kendall 
> Sent: Friday, June 25, 2021 10:49 PM
> To: users@cloudstack.apache.org
> Subject: Re: XCP-NG 8.2 LTS
>
>
> [X] This message came from outside your organization
>
>
> On 2021/05/05 09:50:58, Andrija Panic  wrote:
> > If you use officially unsupported hypevisor with 4.14 (XCP-ng 8.2), 
> > you will be missing the records in the guest_os_hypervisor table, 
> > and that means your VMs would be i.e. started as PV instead of HVM etc.
> >
> > Be warned :)
> >
> > Best,
> > Andrija
> >
> > On Wed, 5 May 2021 at 09:09, Yordan Kostov  wrote:
> >
> > > One more problem is that if you deploy a zone with presetup 
> > > storage it will give an error when it is at the step when the storage is 
> > > configured.
> > > It is already fixed in 4.15.1:
> > >
> > > https://urldefense.com/v3/__https://github.com/apache/cloudstack/p
> > > ul 
> > > l/4845__;!!A6UyJA!xbgZNCFeV-go7cGrUjQ---_MlaAER2Fdumg-cMdW4msQVKLQ
> > > Oh
> > > yt15t8yi-mQoUBNEaGjZ6RgICA$
> > >
> > > Best regards,
> > > Jordan
> > >
> > > -Original Message-
> > > From: Dominik Czerepiński 
> > > Sent: Tuesday, May 4, 2021 3:06 PM
> > > To: users@cloudstack.apache.org
> > > Subject: Re: XCP-NG 8.2 LTS
> > >
> > >
> > > [X] This message came from outside your organization
> > >
> > >
> > > Me. Works stable. One problem is if You don’t use SSL for 
> > > consoleproxy change noVNC to older version.
> > >
> > > Wysłane z iPhone'a
> > >
> > > > Wiadomość napisana przez Matheus Fontes  w 
> > > > dniu
> > > 04.05.2021, o godz. 03:18:
> > > >
> > > > I saw in cloudstack 4.15 documentation that it supports xcp-ng
> > > > 8.1 Does someone tried 8.2 LTS version?
> > > >
> > > > thanks
> > > > Matheus Fontes
> > >
> >
> >
> > --
> >
> > Andrija Panić
> > Hi, I have a few questions with regard to setting up xcp-ng with 
> > cloudstack, I have never been successful so far. I followed the xenserver 
> > hypervisor setup and ran into some issues. Do you have any instructions 
> > specifically for setting up XCP-NG with cloudstack? Also is the CSP package 
> > needed for XCP-NG becuase the download link is no longer available. The 
> > network labels, are they necessary and why can't I use the default 
> > networking for XCP-NG which is OVS?
>

RE: XCP-NG 8.2 LTS

2021-06-25 Thread Yordan Kostov 
Hello Jermaine,

Long story short:
1. Install XCP-NG 8.2 
1.1. Make a a note of the name of the interface OR bond that is 
going to be used for management traffic (this can be seen when you go to 
CLUSTER -> networking tab
1.2. Make a note of the name of the interface OR bond that is 
going to be used for user/public traffic if it is different then the management
For example I use ETH0 for management and have bonded eth2 and eth3 and 
use that bond for Public and user traffic - https://imgur.com/nbV2aAu
So the labels here are MGMT and DATA.
2. If you use presetup storage (for example fiber) attach it as you 
usually do to the XCP cluster and note the name of the LUN in XenCenter.
3. Install Cloudstack somewhere (4.15) and deploy a zone by filling up 
the guide from start to end using the interface labels and the LUN name for 
primary storage.
4. Launch the zone deployment and wait for it to fail.
5. Cancel the wizard and go to Infrastruture tab. You will see that 
Zone, Pod, cluster and hosts are deployed.
6. select primary storage tab. Add new one with presetup type and fill 
in the storage LUN name. It will be added properly.
7. Deploy secondary storage (it was not deployed initially because the 
zone wizard was interrupted before that step)

You environment is now ready!

Note: the deployment guide should be edited as it says XenServer switch 
needs to be in bridge mode in order the system to work which is not correct as 
ACS fully supports OVS.
May be bridge mode is required for some specific network design setting 
which I am not aware of at the moment.

Best regards,
Jordan


-Original Message-
From: Jermaine Kendall  
Sent: Friday, June 25, 2021 10:49 PM
To: users@cloudstack.apache.org
Subject: Re: XCP-NG 8.2 LTS


[X] This message came from outside your organization


On 2021/05/05 09:50:58, Andrija Panic  wrote:
> If you use officially unsupported hypevisor with 4.14 (XCP-ng 8.2), 
> you will be missing the records in the guest_os_hypervisor table, and 
> that means your VMs would be i.e. started as PV instead of HVM etc.
>
> Be warned :)
>
> Best,
> Andrija
>
> On Wed, 5 May 2021 at 09:09, Yordan Kostov  wrote:
>
> > One more problem is that if you deploy a zone with presetup storage 
> > it will give an error when it is at the step when the storage is configured.
> > It is already fixed in 4.15.1:
> >
> > https://urldefense.com/v3/__https://github.com/apache/cloudstack/pul
> > l/4845__;!!A6UyJA!xbgZNCFeV-go7cGrUjQ---_MlaAER2Fdumg-cMdW4msQVKLQOh
> > yt15t8yi-mQoUBNEaGjZ6RgICA$
> >
> > Best regards,
> > Jordan
> >
> > -Original Message-
> > From: Dominik Czerepiński 
> > Sent: Tuesday, May 4, 2021 3:06 PM
> > To: users@cloudstack.apache.org
> > Subject: Re: XCP-NG 8.2 LTS
> >
> >
> > [X] This message came from outside your organization
> >
> >
> > Me. Works stable. One problem is if You don’t use SSL for 
> > consoleproxy change noVNC to older version.
> >
> > Wysłane z iPhone'a
> >
> > > Wiadomość napisana przez Matheus Fontes  w 
> > > dniu
> > 04.05.2021, o godz. 03:18:
> > >
> > > I saw in cloudstack 4.15 documentation that it supports xcp-ng 
> > > 8.1 Does someone tried 8.2 LTS version?
> > >
> > > thanks
> > > Matheus Fontes
> >
>
>
> --
>
> Andrija Panić
> Hi, I have a few questions with regard to setting up xcp-ng with cloudstack, 
> I have never been successful so far. I followed the xenserver hypervisor 
> setup and ran into some issues. Do you have any instructions specifically for 
> setting up XCP-NG with cloudstack? Also is the CSP package needed for XCP-NG 
> becuase the download link is no longer available. The network labels, are 
> they necessary and why can't I use the default networking for XCP-NG which is 
> OVS?

RE: [!!Mass Mail]RE: Securing CloudStack

2021-06-25 Thread Yordan Kostov 
Alright here is what I came up with. This is NOT tested. Let me know if it 
works or where issues arise if it does not.

Prerequisites:
- URL of choice for our landing page - https://acs.sarifindustries.com
- public network range 10.10.10.10 to 10.10.10.19 for the zone
- Generate a key and certificate where during generation process specify the 
common name as wildcard  *. acs.sarifindustries.com
--- # openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem

### SECURING SYSTEM VM COMMUNICATION VIA SELF-SIGNED CERTIFICATE ###

1. Setup communication between ACS and SSVM and user and SSVM to encrypted 
channel
  In ACS global config;
- set consoleproxy.url.domain to *. acs.sarifindustries.com
- consoleproxy.sslEnabled to true
- secstorage.ssl.cert.domain to *. acs.sarifindustries.com
- secstorage.ssl.cert.domain to true

  Restart the management service
  # systemctl restart cloudstack-management

Now users will access SSVMs (for console proxy or ISO/template upload 
purposes) through FQDN instead of IP so put the ip to fqdn matches listed below 
in your DNS.
This must be the DNS the alternative is to put it in the host file of 
the ACS and of every-user-that-will-access-it host file.
10.10.10.10 10-10-10-10.acs.sarifindustries.com
10.10.10.11 10-10-10-11.acs.sarifindustries.com
10.10.10.12 10-10-10-12.acs.sarifindustries.com
10.10.10.13 10-10-10-13.acs.sarifindustries.com
10.10.10.14 10-10-10-14.acs.sarifindustries.com
10.10.10.15 10-10-10-15.acs.sarifindustries.com
10.10.10.16 10-10-10-16.acs.sarifindustries.com
10.10.10.17 10-10-10-17.acs.sarifindustries.com
10.10.10.18 10-10-10-18.acs.sarifindustries.com
10.10.10.19 10-10-10-19.acs.sarifindustries.com

2. Upload keys/certificates from step 1 via cloudmonkey:
 Here the certificate chain should be uploaded (Server -> SUB-CA -> 
ROOT-CA) but as this is self-signed certificate use just that.  
NOTE: This is the step that I consider the caveat as the first 
certificate import requires a chain of certificates. If this guide does not 
work the issue is probably here as if you do this step in the GUI, ROOT 
certificate must be imported.

cloudmonkey upload customcertificate id=1 
name=sarifindustriescert certificate='-BEGIN CERTIFICATE-
IIE0DCCsdf8HqjeIHgkqhkiG9w0BAQsF
-END CERTIFICATE-'
domainsuffix='*. acs.sarifindustries.com'

Upload certificate + private key pair:

cloudmonkey upload customcertificate id=2 
certificate='-BEGIN CERTIFICATE-
MIIGrjCCBZagAwIBAgIJAJ
...xKjPTkOLfwMVWXc8Ul25t7lkyi0+a9jZxFAuDXFRgkQnbw==
-END CERTIFICATE-'
privatekey='-BEGIN PRIVATE KEY-
MIIEvEbidvik1gkqhkiG9w0BAQEFAASCBK
.rEF5Qyuyserre87d234jj/Uddf
-END PRIVATE KEY-'
domainsuffix='*. acs.sarifindustries.com'

3. Reboot system VMs 
4. Import the Sarrifindustries certificates in the user PC truststore so the 
browser can acknowledge the connection as secure.
5. Test according to step "Testing the TLS protected system VMs" in this guide 
- https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/

### SECURING GUI VIA SELF-SIGNED CERTIFICATE ###

1. Convert key/certificate to PKCS12
# openssl pkcs12 -export -inkey sarifindustries.key -in sarifindustries.crt 
-out sarifindustries.pkcs12

2. Convert the PKCS12 into java keystore
# keytool -importkeystore -srckeystore sarifindustries.pkcs12 -srcstoretype 
PKCS12 -destkeystore /etc/cloudstack/management/keystore.pkcs12 -deststoretype 
pkcs12

During the convertions you will be asked to set a password. Keep that around.

3. Enable ACS GUI HTTPS by editing the following rows in 
/etc/cloudstack/management/server.properties:
https.enable=true
https.keystore=/etc/cloudstack/management/keystore.pkcs12
https.keystore.password=

4. Restart the management service
# systemctl restart cloudstack-management

5. Import the Sarrifindustries certificates in the user PC truststore (unless 
done from the first guide) so the browser can acknowledge the connection as 
secure.
6. Open GUI and verify secure connection.

Best regards,
Jordan 

-Original Message-----
From: Yordan Kostov 
Sent: Thursday, June 24, 2021 12:16 PM
To: 'users@cloudstack.apache.org' 
Subject: RE: [!!Mass Mail]RE: Securing CloudStack

Sorry for no reply I will check and get back to you.

Regards,
Jordan


-Original Message-
From: Дикевич Евгений Александрович  
Sent: Tuesday, June 22, 2021 6:27 PM
To: users@cloudstack.apache.org
Subject: RE: [!!Mass Mail]RE: Securing CloudStack


[X] This message came from outside your organization


HI
Thx for the answer but I stuck on early steps) I generate priv

RE: Management server reboot appears to cause vms on other hosts to shutdown?

2021-06-25 Thread Yordan Kostov 
Hello Brian,

May be I did not understand very well but from what you say I get that 
the management server + SQL and NFS are on the same physical hosts that are 
being managed by cloudstack?
If those VMs are not visible in Cloudstack, the system is not aware 
that they exist so it wont try to roll them to another host if you perform 
hypervisor host reboot.

Best regards,
Jordan

-Original Message-
From: Brian Fitzpatrick  
Sent: Friday, June 25, 2021 12:06 PM
To: users@cloudstack.apache.org
Subject: Management server reboot appears to cause vms on other hosts to 
shutdown?


[X] This message came from outside your organization


Hi all,

Still relatively new to CloudStack and learning, testing etc.

I have created 1 management server with mysql on it and created 2 clusters with 
a nfs primary storage server in each and a number of hosts in each.

I have been working through the servers, putting them in maintenance mode 
(noting the vm migrations), updating and rebooting them. All working fine

I then wanted to update and reboot the server running the management and mysql. 
It is also a host, so I set it in maintenance mode so no vms running on it.

I thought if I update it and reboot, all I would lose for a period of time was 
access to the management server, the vms should keep running on their various 
hosts

The reboot, took longer than usual, it seemed to hang for 15-20mins before 
shutting down and rebooting. To my surprise though I lost contact to all the 
vms on the other hosts.

They all shut down.

Apologies, if I have missed something here, I thought I understood. All virtual 
routers and system vms appeared to be running on the other hosts.

Is it because the management server took a while to reboot, the other hosts 
have lost contact and shutdown their vms? seems odd?

Any suggestions, help welcome. As I say, still learning!

Thanks

Brian

RE: [!!Mass Mail]RE: Securing CloudStack

2021-06-24 Thread Yordan Kostov 
Sorry for no reply I will check and get back to you.

Regards,
Jordan

-Original Message-
From: Дикевич Евгений Александрович  
Sent: Tuesday, June 22, 2021 6:27 PM
To: users@cloudstack.apache.org
Subject: RE: [!!Mass Mail]RE: Securing CloudStack


[X] This message came from outside your organization


HI
Thx for the answer but I stuck on early steps) I generate private.key:
openssl genrsa -des3 -out private.key 2048 then I generate cert:
openssl req -new -key private.key -out certificate.csr convert private key to 
pkcs8:
openssl pkcs8 -topk8 -in private.key -out private.pkcs8.encrypted.key openssl 
pkcs8 -in private.pkcs8.encrypted.key -out private.pkcs8.key and then I try to 
add key and cert in ACS UI but have error.
Mb I miss smth?

-Original Message-
From: Yordan Kostov [mailto:yord...@nsogroup.com]
Sent: Tuesday, June 22, 2021 12:38 PM
To: users@cloudstack.apache.org
Subject: [!!Mass Mail]RE: Securing CloudStack

Hello Evgeniy,

I can confirm that these are the steps that work in later ACS versions 
(tested on 4.15).
The only issue with it is the part where it says how to combine the 
certificate chain:

# order - server_key server_cert CA_cert  cat myprivatekey.key 
mycertificate.crt gd_bundle-g2-g1.crt > mycombinedcert.crt

Where it actually should be
# order - server_crt, CA_SUB_crt, CA_ROOT_crt cat mycertificate.key 
gd_bundle-g2-g1.crt  CA-ROOT.crt > mycombinedcert.crt

ACS is using Jetty as certificate management platform.
You can take a look at this article how to handle self-signed certs - 
https://urldefense.com/v3/__http://wiki.eclipse.org/Jetty/Howto/Configure_SSL*Configuring_Jetty__;Iw!!A6UyJA!0CgjfpsBXOaEoCSJ93lin21HvGCNhmthI7yAGXia_grO7Bw4kO1dt3tV99TG0Enl$

I have not done it and to be fair features like ISO upload and console 
proxy will probably not work for the user even if ACS is properly configured.
Certificate should be still verified for the user in some way.

If you make it work please let us know, it is in my to-do plan to 
migrate the Certificate configuration guide into docs.cloudstack.apache.org

Best regards,
Jordan


-Original Message-
From: Дикевич Евгений Александрович 
Sent: Tuesday, June 22, 2021 12:19 PM
To: users@cloudstack.apache.org
Subject: Securing CloudStack


[X] This message came from outside your organization


Hi All!

ACS 4.14.1

Mb someone use self-signed certificates with ACS?
I saw article from Shapeblue: 
https://urldefense.com/v3/__https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/__;!!A6UyJA!3VgftDioHyHM0Te2quEsb7s7sQHP_WSi6NH7cdycSZcumZtsRg2i6RKYYxU-vHNQW6_LCFLA5l1e$
  but they use wildcard certificate.
Mb someone have valid instructions?
Внимание!
Это электронное письмо и все прикрепленные к нему файлы являются 
конфиденциальными и предназначены исключительно для использования лицом 
(лицами), которому (которым) оно предназначено. Если Вы не являетесь лицом 
(лицами), которому (которым) предназначено это письмо, не копируйте и не 
разглашайте его содержимое и удалите это сообщение и все вложения из Вашей 
почтовой системы. Любое несанкционированное использование, распространение, 
раскрытие, печать или копирование этого электронного письма и прикрепленных к 
нему файлов, кроме как лицом (лицами) которому (которым) они предназначены, 
является незаконным и запрещено. Принимая во внимание, что передача данных 
посредством Интернет не является безопасной, мы не несем никакой 
ответственности за любой потенциальный ущерб, причиненный в результате ошибок 
при передаче данных или этим сообщением и прикрепленными к нему файлами.

Attention!
This email and all attachments to it are confidential and are intended solely 
for use by the person (or persons) referred to (mentioned) as the intended 
recipient (recipients). If you are not the intended recipient of this email, do 
not copy or disclose its contents and delete the message and any attachments to 
it from your e-mail system. Any unauthorized use, dissemination, disclosure, 
printing or copying of this e-mail and files attached to it, except by the 
intended recipient, is illegal and is prohibited. Taking into account that data 
transmission via Internet is not secure, we assume no responsibility for any 
potential damage caused by data transmission errors or this message and the 
files attached to it.

11!

RE: Securing CloudStack

2021-06-22 Thread Yordan Kostov 
Hello Evgeniy,

I can confirm that these are the steps that work in later ACS versions 
(tested on 4.15).
The only issue with it is the part where it says how to combine the 
certificate chain:

# order - server_key server_cert CA_cert
 cat myprivatekey.key mycertificate.crt gd_bundle-g2-g1.crt > mycombinedcert.crt

Where it actually should be
# order - server_crt, CA_SUB_crt, CA_ROOT_crt
cat mycertificate.key gd_bundle-g2-g1.crt  CA-ROOT.crt > mycombinedcert.crt

ACS is using Jetty as certificate management platform.
You can take a look at this article how to handle self-signed certs - 
http://wiki.eclipse.org/Jetty/Howto/Configure_SSL#Configuring_Jetty

I have not done it and to be fair features like ISO upload and console 
proxy will probably not work for the user even if ACS is properly configured.
Certificate should be still verified for the user in some way.

If you make it work please let us know, it is in my to-do plan to 
migrate the Certificate configuration guide into docs.cloudstack.apache.org

Best regards,
Jordan


-Original Message-
From: Дикевич Евгений Александрович  
Sent: Tuesday, June 22, 2021 12:19 PM
To: users@cloudstack.apache.org
Subject: Securing CloudStack


[X] This message came from outside your organization


Hi All!

ACS 4.14.1

Mb someone use self-signed certificates with ACS?
I saw article from Shapeblue: 
https://urldefense.com/v3/__https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/__;!!A6UyJA!3VgftDioHyHM0Te2quEsb7s7sQHP_WSi6NH7cdycSZcumZtsRg2i6RKYYxU-vHNQW6_LCFLA5l1e$
  but they use wildcard certificate.
Mb someone have valid instructions?
Внимание!
Это электронное письмо и все прикрепленные к нему файлы являются 
конфиденциальными и предназначены исключительно для использования лицом 
(лицами), которому (которым) оно предназначено. Если Вы не являетесь лицом 
(лицами), которому (которым) предназначено это письмо, не копируйте и не 
разглашайте его содержимое и удалите это сообщение и все вложения из Вашей 
почтовой системы. Любое несанкционированное использование, распространение, 
раскрытие, печать или копирование этого электронного письма и прикрепленных к 
нему файлов, кроме как лицом (лицами) которому (которым) они предназначены, 
является незаконным и запрещено. Принимая во внимание, что передача данных 
посредством Интернет не является безопасной, мы не несем никакой 
ответственности за любой потенциальный ущерб, причиненный в результате ошибок 
при передаче данных или этим сообщением и прикрепленными к нему файлами.

Attention!
This email and all attachments to it are confidential and are intended solely 
for use by the person (or persons) referred to (mentioned) as the intended 
recipient (recipients). If you are not the intended recipient of this email, do 
not copy or disclose its contents and delete the message and any attachments to 
it from your e-mail system. Any unauthorized use, dissemination, disclosure, 
printing or copying of this e-mail and files attached to it, except by the 
intended recipient, is illegal and is prohibited. Taking into account that data 
transmission via Internet is not secure, we assume no responsibility for any 
potential damage caused by data transmission errors or this message and the 
files attached to it.

change ntp server of the SSVMs

2021-06-21 Thread Yordan Kostov 
Hey everyone,

ACS 4.15 here. We noticed that SSVMs try to go to internet for 
NTP sync.
Decided to change that to local ntps so went to ACS GUI -> 
Global settings -> "ntp.server.list"

  *   Set the value to "1.1.1.1,2.2.2.2" without the semi columns
  *   Restarted ACS
  *   Destroyed the SSVMs

After SSVMs rebooted they still tried to access the same internet NTPs.
Is there anything that is done wrong here or am I missing something?

Best regards,
Jordan

RE: instance backup designs?

2021-06-18 Thread Yordan Kostov 
Thank you Rohit,

I am all over it .

Regards,
Jordan

-Original Message-
From: Rohit Yadav  
Sent: Thursday, June 17, 2021 6:21 PM
To: users@cloudstack.apache.org
Subject: Re: instance backup designs?


[X] This message came from outside your organization


Hi Yordan,

We do have a backup & recovery framework which can be extended to implement 
support for new solutions, the current provider/plugin is available only for 
Vmware/Veeam and which can be used to implement support for other backup 
solutions for other hypervisors.

While there is no choice now, for XenServer/XCP-NG you can use volume snapshots 
as a way to have backups volumes on secondary storage.


Regards.


From: Yordan Kostov 
Sent: Wednesday, June 16, 2021 18:46
To: users@cloudstack.apache.org 
Subject: instance backup designs?

Hey everyone,

I was wondering what choice does one have for backup when 
underlying hypervisor is XenServer/XCP-NG?
Any high level ideas or just sharing any doc that may exist 
will be great!

Best regards,
Jordan

RE: Centos 7.9 - cloud-init password reset?

2021-06-18 Thread Yordan Kostov 
Thank you Andrija! 

-Original Message-
From: Andrija Panic  
Sent: Friday, June 18, 2021 1:43 AM
To: users 
Cc: d...@cloudstack.apache.org
Subject: Re: Centos 7.9 - cloud-init password reset?


[X] This message came from outside your organization


Thanks Yordan, nice PR!

Best,

On Sun, 30 May 2021 at 16:03, Yordan Kostov  wrote:

> Dear everyone,
>
> Did a draft on Creating Linux template guide you can find it 
> here
> - 
> https://urldefense.com/v3/__https://github.com/apache/cloudstack-documentation/pull/215__;!!A6UyJA!yBkFZKYEQ0biiKlqGRgoZZ0POAned4gHp0UeERIghPOB_ewcwPc2BnhhCS8oOWC74MP8Ecg0tMZQ$
>  .
> A separate page has been done that can be considered as 
> additions to the basic Linux guide. It relates to cloud-init and its 
> features that serve as a middleware to Cloudstack instances GUI functions.
>
> Guides are based on the following scripts:
> - Centos 7 -
> https://urldefense.com/v3/__https://github.com/dredknight/cloud_scripts/blob/master/CloudStack-Xen/templates/centos7_clean.bash__;!!A6UyJA!yBkFZKYEQ0biiKlqGRgoZZ0POAned4gHp0UeERIghPOB_ewcwPc2BnhhCS8oOWC74MP8EUxMWpy6$
> - Ubuntu 20 -
> https://urldefense.com/v3/__https://github.com/dredknight/cloud_script
> s/blob/master/CloudStack-Xen/templates/ubuntu20_prep_clean.bash__;!!A6
> UyJA!yBkFZKYEQ0biiKlqGRgoZZ0POAned4gHp0UeERIghPOB_ewcwPc2BnhhCS8oOWC74
> MP8EUfiWW6F$
>
> Could you take a look and let me know if anything needs to be 
> changed - technical or format wise?
>
> During tests all features seem to work fine with the following 
> peculiarity.
> - When ssh keys are reset in coudstack, the public key is 
> added in /home/cloud-user/.ssh/authorized_keys but the old one is not removed.
> This means that users having previous private keys will still 
> be able to login is there a way Cloudstack to delete the old key?
>
> Best regards,
> Jordan
>
> -Original Message-
> From: Alireza Eskandari 
> Sent: Sunday, May 23, 2021 1:53 AM
> To: users@cloudstack.apache.org
> Subject: Re: Centos 7.9 - cloud-init password reset?
>
>
> [X] This message came from outside your organization
>
>
> It seems cloud-init cannot execute the script so it shows an error but 
> the script is running fine standalone.
> I'll try it on centos stream.
> Notice that cloud-init can handle password and ssh key from user data 
> server without extra script, but it can't reset ssh key or set 
> password from configdrive.
> The script resolves these problems.
>
> On Fri, May 21, 2021 at 12:45 AM 조대형  wrote:
>
> > Hi,
> >
> > I have attached the logs that I execute the password script and
> cloud-init.
> >
> > # ./password.bash
> >
> >  Results : executed password reset file.
> >
> > Cloud Password Manager: Searching for ConfigDrive Cloud Password
> > Manager: ConfigDrive not found Cloud Password Manager: Detecting 
> > primary network Cloud Password Manager: Trying to find userdata 
> > server Cloud Password Manager: Operating System is using 
> > NetworkManager Cloud Password Manager: Found userdata server IP VR's 
> > IP address in NetworkManager config Cloud Password Manager: Sending 
> > request to userdata server at VR's IP address  to get public key 
> > Cloud Password
> > Manager: Got response from userdata server at VR's IP address Cloud 
> > Password Manager: Did not receive any public keys from userdata 
> > server Cloud Password Manager: Sending request to userdata server at 
> > VR's IP address  to get the password Cloud Password Manager: Got 
> > response from userdata server at VR's IP address Cloud Password 
> > Manager: VM has already saved a password from the userdata server at 
> > VR's IP address
> >
> >
> >
> > # cloud-init init
> >
> > Cloud-init v. 20.3-10.el8 running 'init' at Fri, 21 May 2021 
> > 04:40:34
> > +. Up 268624.75 seconds.
> > ci-info: +++Net device
> > info
> > ci-info:
> >
> ++--+-+-++---+
> > ci-info: | Device |  Up  |   Address   |   Mask
> |
> > Scope  | Hw-Address|
> > ci-info:
> >
> ++--+-+-++---+
> > ci-info: |  eth0  | True | VR'S IP address1 |
> > 255.255.255.192 | global | 1e:00:8f:00:02:8f |
> > ci-info: |  eth0  | True | fe80::1c00:8fff:fe00:28f/64 |.
> > |  link  | 1e:00:8f:00:02:8f |
&g

instance backup designs?

2021-06-16 Thread Yordan Kostov 
Hey everyone,

I was wondering what choice does one have for backup when 
underlying hypervisor is XenServer/XCP-NG?
Any high level ideas or just sharing any doc that may exist 
will be great!

Best regards,
Jordan

RE: Alter Shared Guest Network?

2021-06-15 Thread Yordan Kostov 
FYI tested this on 4.15 with specifics:
 - Shared network with 2 ip range for example 10.10.10.10 - 10.10.10.11
- created as much VMs as ACS allows me which is 1 (first ip gets assigned to 
the VR)
- expanded the the range of the shared network in table "VLAN" from 
10.10.10.10-10.10.10.11 to 10.10.10.10-10.10.10.12
- Dublicated existing entry in table "user_ip_address" for ip in that specific 
shared network. Changed the following columns with new entries:
--- ID to the next unreserved
--- UUID to unique one for the table
--- public_ip_address to 10.10.10.12
--- allocated - make it NULL 
--- state - make it Free
--- mac_address - look at the whole table and set it to the next one that is 
not used

Back to ACS gui I can create a new VM in that network and Ip is assigned. But 
there are some underwater stones that are created this way.
As IDs are created manually ACS DB is not updating its sequence so I was 
wondering if new network is created would it take the same MAC ID.
After creating a new network and looking again in the table - the answer to 
this question is  yes - https://imgur.com/YnGMGRE.

So besides the 2 tables another one should be edited but so far I cannot find 
where is the sequence kept.

Best regards,
Jordan

-Original Message-
From: Andrija Panic  
Sent: Monday, June 14, 2021 10:24 PM
To: users 
Subject: Re: Alter Shared Guest Network?


[X] This message came from outside your organization


ANother is is the, if not mistaken, the VLAN table. which will contain the 
range as x.x.x.1-x.x.x.10 - etc - this is needed to be updated as well (if you 
manually add records in the user_ip_address table)

best,

On Thu, 10 Jun 2021 at 18:23, Jeremy Hansen  wrote:

> Thanks. I’ll take a look table.
>
> -jeremy
>
> > On Jun 10, 2021, at 6:57 AM, Yordan Kostov  wrote:
> >
> > Hello Jeremy,
> >
> >Once a shared network with DHCP offering is created the IPs 
> > fitting
> into the defined range are created in table called "user_ip_address".
> >They are created one by one so if range between x.x.x.x.11 and
> x.x.x.210 is created this will add 200 entries. So if you want to 
> expand that you need to add more entries manually, which is a bit unfortunate.
> >
> > Best regards,
> > Jordan
> >
> > -Original Message-
> > From: Jeremy Hansen 
> > Sent: Thursday, June 10, 2021 12:12 AM
> > To: users@cloudstack.apache.org
> > Subject: Re: Alter Shared Guest Network?
> >
> >
> > [X] This message came from outside your organization
> >
> >
> >> On Jun 9, 2021, at 1:39 PM, Wido den Hollander  wrote:
> >>
> >> 
> >>
> >>>> On 6/9/21 3:55 PM, Jeremy Hansen wrote:
> >>> When I created my shared network config, I specified too narrow of 
> >>> an
> IP range.
> >>>
> >>> I can’t seem to figure out how to alter this config via the web
> interface. Is this possible?
> >>>
> >>
> >> Not via de UI nor API. You will need to hack this in the database. 
> >> Or remove the network and create it again. But this is only 
> >> possible if there are no VMs in the network.
> >>
> >> Wido
> >
> > Thanks, recreating it seems like the easiest option since I’m only 
> > in
> testing phase right now, but I’m curious what it would take to alter 
> tables to fix this. Any clues as to what tables/fields would need to be 
> updated?
> >
> >>
> >>> -jeremy
> >>>
> >
>
>

--

Andrija Panić

Re: NFS version for ISO

2021-06-11 Thread Yordan Kostov 
Hey Andrija,

As I was experimenting with Acs deployments I noted that since operations mount 
the secondary storage through NFS3 while other operation types mount it through 
NFS4. I cannot remember which operations used v3 or v4 but next week I will 
check my history with the networking team and report.

Best regards,
Jordan

From: Andrija Panic 
Date: Fri, Jun 11, 2021, 19:35
To: users 
Subject: Re: NFS version for ISO


[X] This message came from outside your organization


Yes, NFSv4 is probably not supported for Secondary Storage - though some
ACS documentation states that there is support for it (perhaps just for
Primary Storage)

Perhaps someone else can also advise


On Fri, 11 Jun 2021 at 13:13, Дикевич Евгений Александрович <
evgeniy.dikev...@becloud.by> wrote:

> Hi all.
> I think I have an issue.
> I have ACS 4.14.1 + XCP-NG 8.2
> I configured my Secondary Storage NFS for NFSv4 only.
> When I tried deploy VM from ISO It tied to mount in NFSv3 and I saw error
> on host:
> FAILED in util.pread: (rc 32) stdout: '', stderr: 'mount.nfs: Protocol not
> supported
> I tried to set secstorage.nfs.version to version 4.2/4.1 but had error (I
> saw issue on GitHub)
> After than I set it to 4 but ISO steel mounted in NFSv3.
> Mb someone can help me with this issue?
> Внимание!
> Это электронное письмо и все прикрепленные к нему файлы являются
> конфиденциальными и предназначены исключительно для использования лицом
> (лицами), которому (которым) оно предназначено. Если Вы не являетесь лицом
> (лицами), которому (которым) предназначено это письмо, не копируйте и не
> разглашайте его содержимое и удалите это сообщение и все вложения из Вашей
> почтовой системы. Любое несанкционированное использование, распространение,
> раскрытие, печать или копирование этого электронного письма и прикрепленных
> к нему файлов, кроме как лицом (лицами) которому (которым) они
> предназначены, является незаконным и запрещено. Принимая во внимание, что
> передача данных посредством Интернет не является безопасной, мы не несем
> никакой ответственности за любой потенциальный ущерб, причиненный в
> результате ошибок при передаче данных или этим сообщением и прикрепленными
> к нему файлами.
>
> Attention!
> This email and all attachments to it are confidential and are intended
> solely for use by the person (or persons) referred to (mentioned) as the
> intended recipient (recipients). If you are not the intended recipient of
> this email, do not copy or disclose its contents and delete the message and
> any attachments to it from your e-mail system. Any unauthorized use,
> dissemination, disclosure, printing or copying of this e-mail and files
> attached to it, except by the intended recipient, is illegal and is
> prohibited. Taking into account that data transmission via Internet is not
> secure, we assume no responsibility for any potential damage caused by data
> transmission errors or this message and the files attached to it.
>


--

Andrija Panić

RE: Alter Shared Guest Network?

2021-06-10 Thread Yordan Kostov 
Hello Jeremy,

Once a shared network with DHCP offering is created the IPs fitting 
into the defined range are created in table called "user_ip_address".
They are created one by one so if range between x.x.x.x.11 and 
x.x.x.210 is created this will add 200 entries. So if you want to expand that 
you need to add more entries manually, which is a bit unfortunate. 

Best regards,
Jordan

-Original Message-
From: Jeremy Hansen  
Sent: Thursday, June 10, 2021 12:12 AM
To: users@cloudstack.apache.org
Subject: Re: Alter Shared Guest Network?


[X] This message came from outside your organization


> On Jun 9, 2021, at 1:39 PM, Wido den Hollander  wrote:
>
> 
>
>> On 6/9/21 3:55 PM, Jeremy Hansen wrote:
>> When I created my shared network config, I specified too narrow of an IP 
>> range.
>>
>> I can’t seem to figure out how to alter this config via the web interface. 
>> Is this possible?
>>
>
> Not via de UI nor API. You will need to hack this in the database. Or 
> remove the network and create it again. But this is only possible if 
> there are no VMs in the network.
>
> Wido

Thanks, recreating it seems like the easiest option since I’m only in testing 
phase right now, but I’m curious what it would take to alter tables to fix 
this. Any clues as to what tables/fields would need to be updated?

>
>> -jeremy
>>

ldaps config settings

2021-06-07 Thread Yordan Kostov 
Dear community,

Currently trying to reconfigure working ACS LDAP authentication 
to LDAPs but I believe something of importance may be missing in the guide 
(https://docs.cloudstack.apache.org/en/latest/adminguide/accounts.html#ldap-ssl).
It says that if ldap.truststore and ldap.truststore.password 
are configured it will switch working to LDAPS but that is not the case.
The logs confirm LDAP protocol is used when adding host after 
updating the config  - "(logid:aafbef8a) initializing ldap with provider url: 
ldap://X.X.X.X:636;

Here are a few questions to round the issue:

  *   API docs (LDAPCONFIG - 
https://cloudstack.apache.org/api/apidocs-4.15/apis/ldapConfig.html) mention 
the ability to enable SSL and bind certificate for an ldap host but there is no 
option to define the domain for the specific ldap configuration.
  *   What if multiple domains are present and their configs use the same ldap 
server. Can the SSL of one domain ldap config be changed one at a time or is 
this based on ldap host level
  *   ldap.truststore - is syntax something like /opt/CAROOT.crt going to work 
or it originates from a default directory?
  *   ldap.truststore.password - what if the certificate is without password, 
is it going to work?

Any example commands on how this can be done through cloudmonkey will be much 
appreciated!

Best regards,
Jordan

RE: Issue uploading templates/isos

2021-06-04 Thread Yordan Kostov 
Hello Jeremy,

Uploading option does not work unless TLS is enabled.
https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/

https://docs.cloudstack.apache.org/en/latest/adminguide/templates.html#uploading-templates-and-isos-from-a-local-computer

Best regards,
Jordan

From: Jeremy Hansen 
Sent: Friday, June 4, 2021 12:14 PM
To: users@cloudstack.apache.org
Subject: Issue uploading templates/isos


The event log makes it look as if it was successful:

[cid:image001.png@01D7593C.C69A9BD0]


But it definitely fails with these errors.  I don’t really see anything in the 
manager logs.


Network Error
Unable to reach the management server or a browser extension may be blocking 
the network request.
Upload Failed
Failed to upload ISO - Error: Network Error

RE: 2 networks with DHCP in the same subnet?

2021-06-03 Thread Yordan Kostov 
Ah I see now. Network A and B are shared so users cannot create them on their 
own.
It seems shared networks cannot be hidden from accounts in the same domain in 
advanced zone config (from the online documentation).
I will have to think this through.

Best regards,
Jordan

-Original Message-
From: Andrija Panic  
Sent: Thursday, June 3, 2021 1:35 PM
To: users 
Subject: Re: 2 networks with DHCP in the same subnet?


[X] This message came from outside your organization


Sounds like you are complicating the setup (or feel the need to do so, for 
whatever reason).

Did you test:

parent domain with domain admin "admin" - then just regular users accounts
(QA/DEV) - so each QA and DEV can create their own resources (networks, VMs, 
etc) - QA and DEV are separate accounts/tenants so can't access each other's 
resources (i.e. different tenants) THe domain admin account for that domain 
("admin" account), being the domain admin, should be able to manage resources 
of all user's inside his own domain. - but if you provision a resource as ADMIN 
user (domain admin user), those resources will be owned by ADMIN account only 
(as expected) - so keep that in mind.

Best,

On Thu, 3 Jun 2021 at 11:04, Yordan Kostov  wrote:

> Thank you Andrija,
>
> Indeed tested that, if ON  "bypass vlan overlap" option, it is 
> possible to create 2 shared networks in the same vlan.
> IP gets assigned but for some reason the interface is shutdown 
> in some time(Ubuntu 20). I am now troubleshooting the reason for this.
>
> The design I am trying to create current is - 3 groups of 
> users - lets call them QA and DEV and ADMIN teams.
> - Network A is for QAs.
> - Network B is for DEVs.
> - ADMIN should have access to both networks.
>
> I tried that setup with one parent domain (admins) and to child (QA 
> and DEV). Assigning a network to child domain DEV hides the network from QA.
> ADMIN domain see the network but cannot create instances inside.
>
> If those 3 accounts are under one domain is it possible to:
> -  assign Network A to be operated and visible only to QA  and 
> Admins
> -  assign Network B to be operated and visible only to DEV and 
> Admins
>
> The only solution I have found so far is the following:
> - Define 2 networks - A and B with VR (DHCP, DNS, USERDATA) only 
> available to ADMINS so nobody sees them
> - Define L2 network AA with USERDATA assigned to QA that overlaps vlan 
> id A
> - Define L2 network BB with USERDATA assigned to DEV that overlaps 
> vlan id B
>
> Both users and admins can create instances. Users will not be able to 
> change or choose IP address.
>
> Regards,
> Jordan
>
>
>
>
> -Original Message-
> From: Andrija Panic 
> Sent: Thursday, June 3, 2021 10:38 AM
> To: users 
> Subject: Re: 2 networks with DHCP in the same subnet?
>
>
> [X] This message came from outside your organization
>
>
> Considering you are trying to create 2 shared networks (irrelevant of 
> their IP range), and I ASSUME you want them on the same VLAN? - then I 
> don't think this alone is possible (2 network with the same VLAN)
>
> If you can do it, then it's easy to test what you are asking and 
> have first hand-answer :)
>
> IN ACS workdl, in theory, 2 DHCP CAN operate in the same network, 
> since ACS provisions explicit DHCP reservations for each IP - i.e. you 
> can't just boot another VM (provisionined manually, outside ACS) in 
> the same VLAN - as DHCP will reject to give it an IP.
>
> Best,
>
> On Wed, 2 Jun 2021 at 15:43, Yordan Kostov  wrote:
>
> > Dear all,
> >
> > Is it possible to have one /24 network - for example
> > 10.10.10.0/24 where it is divided into 2 shared networks as follow:
> >
> >   *   Network A - 10.10.10.2-50 where 2 is Virtual router with DHCP for
> > the ip range mentioned
> >   *   Network B - 10.10.10.51-200 where 51 is Virtual router with DHCP
> for
> > the ip range mentioned
> >
> > I understand 2 DHCPs cannot operate in the same network but I was 
> > wondering if this can be achieved somehow?
> >
> > Best regards,
> > Jordan
> >
>
>
> --
>
> Andrija Panić
>


--

Andrija Panić

RE: 2 networks with DHCP in the same subnet?

2021-06-03 Thread Yordan Kostov 
Thank you Andrija,

Indeed tested that, if ON  "bypass vlan overlap" option, it is possible 
to create 2 shared networks in the same vlan.
IP gets assigned but for some reason the interface is shutdown in some 
time(Ubuntu 20). I am now troubleshooting the reason for this.

The design I am trying to create current is - 3 groups of users - lets 
call them QA and DEV and ADMIN teams.
- Network A is for QAs.
- Network B is for DEVs.
- ADMIN should have access to both networks.

I tried that setup with one parent domain (admins) and to child (QA and DEV). 
Assigning a network to child domain DEV hides the network from QA. ADMIN domain 
see the network but cannot create instances inside.

If those 3 accounts are under one domain is it possible to:
-  assign Network A to be operated and visible only to QA  and Admins
-  assign Network B to be operated and visible only to DEV and Admins

The only solution I have found so far is the following:
- Define 2 networks - A and B with VR (DHCP, DNS, USERDATA) only available to 
ADMINS so nobody sees them
- Define L2 network AA with USERDATA assigned to QA that overlaps vlan id A
- Define L2 network BB with USERDATA assigned to DEV that overlaps vlan id B

Both users and admins can create instances. Users will not be able to change or 
choose IP address.

Regards,
Jordan




-Original Message-
From: Andrija Panic  
Sent: Thursday, June 3, 2021 10:38 AM
To: users 
Subject: Re: 2 networks with DHCP in the same subnet?


[X] This message came from outside your organization


Considering you are trying to create 2 shared networks (irrelevant of their IP 
range), and I ASSUME you want them on the same VLAN? - then I don't think this 
alone is possible (2 network with the same VLAN)

If you can do it, then it's easy to test what you are asking and have first 
hand-answer :)

IN ACS workdl, in theory, 2 DHCP CAN operate in the same network, since ACS 
provisions explicit DHCP reservations for each IP - i.e. you can't just boot 
another VM (provisionined manually, outside ACS) in the same VLAN - as DHCP 
will reject to give it an IP.

Best,

On Wed, 2 Jun 2021 at 15:43, Yordan Kostov  wrote:

> Dear all,
>
> Is it possible to have one /24 network - for example
> 10.10.10.0/24 where it is divided into 2 shared networks as follow:
>
>   *   Network A - 10.10.10.2-50 where 2 is Virtual router with DHCP for
> the ip range mentioned
>   *   Network B - 10.10.10.51-200 where 51 is Virtual router with DHCP for
> the ip range mentioned
>
> I understand 2 DHCPs cannot operate in the same network but I was 
> wondering if this can be achieved somehow?
>
> Best regards,
> Jordan
>


--

Andrija Panić

2 networks with DHCP in the same subnet?

2021-06-02 Thread Yordan Kostov 
Dear all,

Is it possible to have one /24 network - for example 
10.10.10.0/24 where it is divided into 2 shared networks as follow:

  *   Network A - 10.10.10.2-50 where 2 is Virtual router with DHCP for the ip 
range mentioned
  *   Network B - 10.10.10.51-200 where 51 is Virtual router with DHCP for the 
ip range mentioned

I understand 2 DHCPs cannot operate in the same network but I was wondering if 
this can be achieved somehow?

Best regards,
Jordan

RE: "Bypass VLAN id/range overlap" argument missing?

2021-06-02 Thread Yordan Kostov 
Thank you Pearl!

Regards,
Jordan

-Original Message-
From: Pearl d'Silva  
Sent: Wednesday, June 2, 2021 9:04 AM
To: users@cloudstack.apache.org
Subject: Re: "Bypass VLAN id/range overlap" argument missing?


[X] This message came from outside your organization


Hi Jordan,

The 'bypassVlanOverlapCheck' parameter does exist in the createNetwork API, but 
during API discovery the parameters sometimes get overwritten. This has been 
addressed by 
https://urldefense.com/v3/__https://github.com/apache/cloudstack/pull/4609__;!!A6UyJA!ySwV0l15_vMrBz5I0SBGZ_JwIjCYgtm_RiDxyRfK4Ty8TBrSGZxyop2FGtjqNoLV0FQBSY4-NRFw$
  and will be available as part of 4.15.1.

Thanks,
Pearl

____
From: Yordan Kostov 
Sent: Wednesday, June 2, 2021 11:01 AM
To: users@cloudstack.apache.org 
Subject: "Bypass VLAN id/range overlap" argument missing?

Dear everyone,

I would like to use "Bypass VLAN id/range overlap" to create 2 
shared networks that span across one VLAN.
Looking in "cloudmonkey create network" help menu I cannot see 
such argument.
Is there something I am missing or it is not implemented?

Parameters
==
startip = (string) the beginning IP address in the network IP range externalid 
= (string) ID of the network in an external system.
networkdomain = (string) network domain
account = (string) account that will own the network isolatedpvlantype = 
(string) the isolated private VLAN type for this network ip6cidr = (string) the 
CIDR of IPv6 network, must be at least /64 displaytext = (string) the display 
text of the network acltype = (string) Access control type; supported values 
are account and domain. In 3.0 all shared networks should have aclType=Domain, 
and all isolated networks - Account. Account means that only the account owner 
can use the network, domain - all accounts in the domain can use the network 
zoneid = (uuid) the zone ID for the network name = (string) the name of the 
network netmask = (string) the netmask of the network. Required for shared 
networks and isolated networks when it belongs to VPC endip = (string) the 
ending IP address in the network IP range. If not specified, will be defaulted 
to startIP networkofferingid = (uuid) the network offering ID displaynetwork = 
(boolean) an optional field, whether to the display the network to the end user 
or not.
aclid = (uuid) Network ACL ID associated for the network
endipv6 = (string) the ending IPv6 address in the IPv6 network range ip6gateway 
= (string) the gateway of the IPv6 network. Required for Shared networks 
gateway = (string) the gateway of the network. Required for shared networks and 
isolated networks when it belongs to VPC domainid = (uuid) domain ID of the 
account owning a network
startipv6 = (string) the beginning IPv6 address in the IPv6 network range 
subdomainaccess = (boolean) Defines whether to allow subdomains to use networks 
dedicated to their parent domain(s). Should be used with aclType=Domain, 
defaulted to allow.subdomain.network.access global config if not specified 
projectid = (uuid) an optional project for the SSH key physicalnetworkid = 
(uuid) the physical network ID the network belongs to vpcid = (uuid) the VPC 
network belongs to isolatedpvlan = (string) the isolated private VLAN for this 
network

Regards,
Jordan

"Bypass VLAN id/range overlap" argument missing?

2021-06-01 Thread Yordan Kostov 
Dear everyone,

I would like to use "Bypass VLAN id/range overlap" to create 2 
shared networks that span across one VLAN.
Looking in "cloudmonkey create network" help menu I cannot see 
such argument.
Is there something I am missing or it is not implemented?

Parameters
==
startip = (string) the beginning IP address in the network IP range
externalid = (string) ID of the network in an external system.
networkdomain = (string) network domain
account = (string) account that will own the network
isolatedpvlantype = (string) the isolated private VLAN type for this network
ip6cidr = (string) the CIDR of IPv6 network, must be at least /64
displaytext = (string) the display text of the network
acltype = (string) Access control type; supported values are account and 
domain. In 3.0 all shared networks should have aclType=Domain, and all isolated 
networks - Account. Account means that only the account owner can use the 
network, domain - all accounts in the domain can use the network
zoneid = (uuid) the zone ID for the network
name = (string) the name of the network
netmask = (string) the netmask of the network. Required for shared networks and 
isolated networks when it belongs to VPC
endip = (string) the ending IP address in the network IP range. If not 
specified, will be defaulted to startIP
networkofferingid = (uuid) the network offering ID
displaynetwork = (boolean) an optional field, whether to the display the 
network to the end user or not.
aclid = (uuid) Network ACL ID associated for the network
endipv6 = (string) the ending IPv6 address in the IPv6 network range
ip6gateway = (string) the gateway of the IPv6 network. Required for Shared 
networks
gateway = (string) the gateway of the network. Required for shared networks and 
isolated networks when it belongs to VPC
domainid = (uuid) domain ID of the account owning a network
startipv6 = (string) the beginning IPv6 address in the IPv6 network range
subdomainaccess = (boolean) Defines whether to allow subdomains to use networks 
dedicated to their parent domain(s). Should be used with aclType=Domain, 
defaulted to allow.subdomain.network.access global config if not specified
projectid = (uuid) an optional project for the SSH key
physicalnetworkid = (uuid) the physical network ID the network belongs to
vpcid = (uuid) the VPC network belongs to
isolatedpvlan = (string) the isolated private VLAN for this network

Regards,
Jordan

RE: hide network from lower domains?

2021-06-01 Thread Yordan Kostov 
FYI I figured it out!

Cloudmonkey create network command has attribute subdomainaccess (Boolean) if 
set to true child domains will not see the network.
I just tested it and shared network on Root level is not seen by its subdomains!

Best regards,
Jordan

-Original Message-
From: Yordan Kostov  
Sent: Tuesday, June 1, 2021 8:10 PM
To: users@cloudstack.apache.org
Subject: RE: hide network from lower domains?


[X] This message came from outside your organization


Hey Dan,

The problem is that the network itself is managed by external firewall 
and not by the virtual Router.
The VR only provides DNS, DHCP and USERDATA services.

What I am working towards is - lets say we have 2 teams and 2 networks 
managed by external firewall.
Each team should be able to see and deploy VMs in their own network but 
not have access or visibility to the other team network.

Regards,
Jordan

-Original Message-
From: Daan Hoogland 
Sent: Tuesday, June 1, 2021 6:59 PM
To: users 
Subject: Re: hide network from lower domains?


[X] This message came from outside your organization


Jordan, is there a reason it must be a shared network? It seems to me you want 
an isolated network or a VPC.

On Tue, Jun 1, 2021 at 5:19 PM Yordan Kostov  wrote:

> Hey everyone,
>
> I am playing around with shared networks and I noticed 
> that when network is created for the ROOT user the lower level domains 
> see it too.
> Is there a way to hide that network from the lower 
> level domain users?
>
> Here is my setup:
>
>   *   Domains
>  *   ROOT
>  *   ROOT/DEVELOPERS
>   *   Accounts - there is a separate account ACC-DEV for ROOT/DEVELOPERS
> domain
>
> One thing I tried was to create a network with offering that is not 
> public but the result is the same.
>
> Best regards,
> Jordan
>


--
Daan

11!

RE: hide network from lower domains?

2021-06-01 Thread Yordan Kostov 
Hey Dan,

The problem is that the network itself is managed by external firewall 
and not by the virtual Router.
The VR only provides DNS, DHCP and USERDATA services.

What I am working towards is - lets say we have 2 teams and 2 networks 
managed by external firewall.
Each team should be able to see and deploy VMs in their own network but 
not have access or visibility to the other team network.

Regards,
Jordan

-Original Message-
From: Daan Hoogland  
Sent: Tuesday, June 1, 2021 6:59 PM
To: users 
Subject: Re: hide network from lower domains?


[X] This message came from outside your organization


Jordan, is there a reason it must be a shared network? It seems to me you want 
an isolated network or a VPC.

On Tue, Jun 1, 2021 at 5:19 PM Yordan Kostov  wrote:

> Hey everyone,
>
> I am playing around with shared networks and I noticed 
> that when network is created for the ROOT user the lower level domains 
> see it too.
> Is there a way to hide that network from the lower 
> level domain users?
>
> Here is my setup:
>
>   *   Domains
>  *   ROOT
>  *   ROOT/DEVELOPERS
>   *   Accounts - there is a separate account ACC-DEV for ROOT/DEVELOPERS
> domain
>
> One thing I tried was to create a network with offering that is not 
> public but the result is the same.
>
> Best regards,
> Jordan
>


--
Daan

hide network from lower domains?

2021-06-01 Thread Yordan Kostov 
Hey everyone,

I am playing around with shared networks and I noticed that 
when network is created for the ROOT user the lower level domains see it too.
Is there a way to hide that network from the lower level domain 
users?

Here is my setup:

  *   Domains
 *   ROOT
 *   ROOT/DEVELOPERS
  *   Accounts - there is a separate account ACC-DEV for ROOT/DEVELOPERS domain

One thing I tried was to create a network with offering that is not public but 
the result is the same.

Best regards,
Jordan

VM snapshot is not working

2021-05-31 Thread Yordan Kostov 
Dear all,

At ACS User Group Virtual day on Thursday somebody mentioned that VM snapshot 
revert functionality is not working for ACS 4.15 + XCP-NG.
After some tests similar results were observed.


  *   ACS 4.15 + XCP-NG 8.2.
  *   OS tested:
 *   Centos 7 latest installed as "Centos Other 64 bit"
 *   Ubuntu 20.04 LTS server installed as "Ubuntu Other 64"
  *   VM Snapshot (disk only) can be made but when reverted:
 *   the following error appears in GU: Unexpected exception
 *   When reverting Centos snapshot - the following error appears in logs: 
Revert VM: i-2-4002-VM to snapshot: i-2-4002-VM_VS_20210531124241 failed due to 
 Hypervisor com.cloud.hypervisor.xenserver.resource.XenServer650Resource 
doesn't support guest OS type Other CentOS (64-bit). you can choose 'Other 
install media' to run it as HVM
 *   When reverting Ubuntu snapshot - Caused by: 
com.cloud.utils.exception.CloudRuntimeException: Revert VM: i-2-4003-VM to 
snapshot: i-2-4003-VM_VS_20210531125227 failed due to  Hypervisor 
com.cloud.hypervisor.xenserver.resource.XenServer650Resource doesn't support 
guest OS type Other Ubuntu (64-bit). you can choose 'Other install media' to 
run it as HVM

However snapshots that include disk and memory can be reverted without any 
issue. Any idea why this happens and how to approach the issue?

Snapshot of volumes works properly. Btw what does "Async backup" option for 
volume snapshots do exactly? I could not find it in documentation nor it 
presents any specific options when enabled?

Best regards,
Jordan

RE: when removing an account linked to ldap and re-adding it, login fails

2021-05-31 Thread Yordan Kostov 
I will play with more this week and definitely will open one if reproducible.
Thank you for the heads up .

Regards,
Jordan


-Original Message-
From: Daan Hoogland  
Sent: Monday, May 31, 2021 10:31 AM
To: users 
Subject: Re: when removing an account linked to ldap and re-adding it, login 
fails


[X] This message came from outside your organization


ok Jordan,
tnx, if you can reproduce, please enter an issue on github.

On Mon, May 31, 2021 at 9:19 AM Yordan Kostov  wrote:

> Hello Dan,
>
> No it is 4.15 installation connection to XCP-NG cluster.
> All I did is a lot of testing - creating domains + accounts 
> connected to LDAP and then deleting them.
> At some point that issue occurred.
>
> Best regards,
> Jordan
>
> -Original Message-
> From: Daan Hoogland 
> Sent: Monday, May 31, 2021 10:08 AM
> To: users 
> Subject: Re: when removing an account linked to ldap and re-adding it, 
> login fails
>
>
> [X] This message came from outside your organization
>
>
> Tnx for reporting Yordan,
> Just one question, This issue you link to is supposed to have been 
> solved in 4.14, did you create and delete the account before in an older 
> version?
> tnx
>
> On Fri, May 28, 2021 at 3:59 PM Yordan Kostov 
> wrote:
>
> > Figured it out.
> > For anyone having this issue:
> >
> > Go to "ldap_trust_map" and correlate the entries with the accounts 
> > in "Account" table.
> > Delete the irrelevant ones in "ldap_trust_map" and login is successful.
> >
> > Regards,
> > Jordan
> >
> >
> > -Original Message-
> > From: Yordan Kostov 
> > Sent: Friday, May 28, 2021 4:43 PM
> > To: users@cloudstack.apache.org
> > Subject: when removing an account linked to ldap and re-adding it, 
> > login fails
> >
> >
> > [X] This message came from outside your organization
> >
> >
> > Hey everyone,
> >
> > ACD version  4.15.
> >
> > I am playing with LDAP and after some tests I cannot 
> > login with ldap account anymore.
> > This is what I get as error messages:
> >
> > 2021-05-28 15:31:40,645 INFO  [o.a.c.l.LdapAuthenticator]
> > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) user 'acstest01'
> > is mapped to more then one account in domain and will be disabled.
> > 2021-05-28 15:31:40,646 DEBUG [o.a.c.s.SAML2UserAuthenticator]
> > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Trying SAML2 
> > auth for
> > user: acstest01
> > 2021-05-28 15:31:40,647 DEBUG [o.a.c.s.SAML2UserAuthenticator]
> > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to find 
> > user with acstest01 in domain 18, or user source is not SAML2
> > 2021-05-28 15:31:40,647 DEBUG [c.c.u.AccountManagerImpl]
> > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to 
> > authenticate user with username acstest01 in domain 18
> > 2021-05-28 15:31:40,647 WARN  [c.c.u.AccountManagerImpl]
> > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to find 
> > an user with username acstest01 in domain 18
> > 2021-05-28 15:31:40,648 DEBUG [c.c.u.AccountManagerImpl]
> > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) User: acstest01 
> > in domain 18 has failed to log in
> > 2021-05-28 15:31:40,648 DEBUG [c.c.a.ApiServlet]
> > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Authentication
> failure:
> > {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed 
> > to authenticate user acstest01 in domain 18; please provide valid 
> > credentials"}}
> >
> > I have only 1 account mapped in that domain so from 
> > what I see it looks like this issue here -> 
> > https://urldefense.com/v3/__https://github.com/apache/cloudstack/iss
> > ue 
> > s/3661__;!!A6UyJA!wUcsBGPDJa5V-jfcXEGNQxhPCdJnumEo-mNFlnPMdDUi75-rkz
> > TT
> > a7A6dNOdYWqn$
> >
> > Any idea what should be cleaned in the DB to allow 
> > login
> ?
> >
> > Regards,
> > Jordan
> >
> > 11!
> >
> >
>
> --
> Daan
>


--
Daan

RE: when removing an account linked to ldap and re-adding it, login fails

2021-05-31 Thread Yordan Kostov 
Hello Dan,

No it is 4.15 installation connection to XCP-NG cluster.
All I did is a lot of testing - creating domains + accounts connected 
to LDAP and then deleting them.
At some point that issue occurred.

Best regards,
Jordan 

-Original Message-
From: Daan Hoogland  
Sent: Monday, May 31, 2021 10:08 AM
To: users 
Subject: Re: when removing an account linked to ldap and re-adding it, login 
fails


[X] This message came from outside your organization


Tnx for reporting Yordan,
Just one question, This issue you link to is supposed to have been solved in 
4.14, did you create and delete the account before in an older version?
tnx

On Fri, May 28, 2021 at 3:59 PM Yordan Kostov  wrote:

> Figured it out.
> For anyone having this issue:
>
> Go to "ldap_trust_map" and correlate the entries with the accounts in 
> "Account" table.
> Delete the irrelevant ones in "ldap_trust_map" and login is successful.
>
> Regards,
> Jordan
>
>
> -Original Message-
> From: Yordan Kostov 
> Sent: Friday, May 28, 2021 4:43 PM
> To: users@cloudstack.apache.org
> Subject: when removing an account linked to ldap and re-adding it, 
> login fails
>
>
> [X] This message came from outside your organization
>
>
> Hey everyone,
>
> ACD version  4.15.
>
> I am playing with LDAP and after some tests I cannot 
> login with ldap account anymore.
> This is what I get as error messages:
>
> 2021-05-28 15:31:40,645 INFO  [o.a.c.l.LdapAuthenticator]
> (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) user 'acstest01' 
> is mapped to more then one account in domain and will be disabled.
> 2021-05-28 15:31:40,646 DEBUG [o.a.c.s.SAML2UserAuthenticator]
> (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Trying SAML2 auth 
> for
> user: acstest01
> 2021-05-28 15:31:40,647 DEBUG [o.a.c.s.SAML2UserAuthenticator]
> (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to find 
> user with acstest01 in domain 18, or user source is not SAML2
> 2021-05-28 15:31:40,647 DEBUG [c.c.u.AccountManagerImpl]
> (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to 
> authenticate user with username acstest01 in domain 18
> 2021-05-28 15:31:40,647 WARN  [c.c.u.AccountManagerImpl]
> (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to find an 
> user with username acstest01 in domain 18
> 2021-05-28 15:31:40,648 DEBUG [c.c.u.AccountManagerImpl]
> (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) User: acstest01 in 
> domain 18 has failed to log in
> 2021-05-28 15:31:40,648 DEBUG [c.c.a.ApiServlet]
> (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Authentication failure:
> {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed to 
> authenticate user acstest01 in domain 18; please provide valid 
> credentials"}}
>
> I have only 1 account mapped in that domain so from  
> what I see it looks like this issue here -> 
> https://urldefense.com/v3/__https://github.com/apache/cloudstack/issue
> s/3661__;!!A6UyJA!wUcsBGPDJa5V-jfcXEGNQxhPCdJnumEo-mNFlnPMdDUi75-rkzTT
> a7A6dNOdYWqn$
>
> Any idea what should be cleaned in the DB to allow login ?
>
> Regards,
> Jordan
>
> 11!
>
>

--
Daan

RE: Centos 7.9 - cloud-init password reset?

2021-05-30 Thread Yordan Kostov 
-+---+---+
> ci-info: |   1   |  fe80::/64  |::   |eth0   |   U   |
> ci-info: |   3   |local|::   |eth0   |   U   |
> ci-info: |   4   |   ff00::/8  |::   |eth0   |   U   |
> ci-info: +---+-+-+---+---+
> [root@CentOS8pass ~]# cd /var/log/cloud-init
> cloud-init.log cloud-init-output.log
> [root@CentOS8pass ~]# cd /var/log/cloud-init.log
> -bash: cd: /var/log/cloud-init.log: Not a directory [root@CentOS8pass 
> ~]# cat /var/log/cloud-init.log | grep password
> 2021-05-18 02:03:39,575 - subp.py[DEBUG]: Running command ['wget', 
> '--quiet', '--tries', '3', '--timeout', '20', '--output-document', 
> '-', '--header', 'DomU_Request: send_my_password', 'VR'S IP 
> address:8080'] with allowed return codes [0] (shell=False, 
> capture=True)
> 2021-05-18 02:03:39,598 - subp.py[DEBUG]: Running command ['wget', 
> '--quiet', '--tries', '3', '--timeout', '20', '--output-document', 
> '-', '--header', 'DomU_Request: saved_password', 'VR'S IP 
> address:8080'] with allowed return codes [0] (shell=False, 
> capture=True)
> 2021-05-18 02:03:40,785 - subp.py[DEBUG]: Running command 
> ['/var/lib/cloud/scripts/per-instance/password.bash'] with allowed 
> return codes [0] (shell=False, capture=False)
> Command: ['/var/lib/cloud/scripts/per-instance/password.bash']
> Reason: [Errno 8] Exec format error:
> b'/var/lib/cloud/scripts/per-instance/password.bash'
> RuntimeError: Runparts: 1 failures (password.bash) in 1 attempted 
> commands
> 2021-05-21 04:40:34,599 - subp.py[DEBUG]: Running command ['wget', 
> '--quiet', '--tries', '3', '--timeout', '20', '--output-document', 
> '-', '--header', 'DomU_Request: send_my_password', 'VR'S IP 
> address:8080'] with allowed return codes [0] (shell=False, 
> capture=True)
>
>
> -Original Message-
> From: Alireza Eskandari [mailto:astro.alir...@gmail.com]
> Sent: Thursday, May 20, 2021 9:46 PM
> To: users@cloudstack.apache.org
> Subject: Re: Centos 7.9 - cloud-init password reset?
>
> Before trying to run it by cloud-init, run the script manually and 
> examine the output log so ensure it is working as expected.
> Are you sure that cloud-init is running correctly? You can check the 
> log of cloid-init
>
> On Thu, May 20, 2021, 11:23 조대형  wrote:
>
> > Hi, All
> >
> > #1 Issue.  Tested on CentOS8-Stream.
> > I have tested the script this;
> > https://urldefense.com/v3/__https://github.com/apache/cloudstack/pul
> > l/4890/files__;!!A6UyJA!yR2trQHUBLsjM1ZHCvV4rHbvZtqjfKew-I37A9mNtMlk
> > nz8k9iGFBp7Yzc9XLEuRVgWVAngjieId$
> >
> > I put this script into 
> > /var/lib/cloud/scripts/per-instance/password.bash
> > file which is executable.
> > And turn off the VM. Then Create the template.
> >
> > Resetting the root Password on Cloudstack, it was not worked.
> >
> > Did I miss something?
> >
> >
> >
> > #2 Issue.
> > On Cloudstack, I can't use VNC console.
> > The following error message is poped up.
> >
> >
> >
> https://urldefense.com/v3/__https://drive.google.com/file/d/1AR8ijZ9K3
> ZCseIM7069-d589o8AM76gT/view?usp=sharing__;!!A6UyJA!yR2trQHUBLsjM1ZHCv
> V4rHbvZtqjfKew-I37A9mNtMlknz8k9iGFBp7Yzc9XLEuRVgWVAuU7pDba$
> >
> >
> > Please, give me some advice to resolve those issues.
> >
> >
> >
> >
> > Thanks,
> >
> >
> >
> >
> > -Original Message-
> > From: Alireza Eskandari [mailto:astro.alir...@gmail.com]
> > Sent: Saturday, May 15, 2021 12:32 AM
> > To: users@cloudstack.apache.org
> > Subject: Re: Centos 7.9 - cloud-init password reset?
> >
> > Take a look at this pr:
> > https://urldefense.com/v3/__https://github.com/apache/cloudstack/pul
> > l/4890__;!!A6UyJA!yR2trQHUBLsjM1ZHCvV4rHbvZtqjfKew-I37A9mNtMlknz8k9i
> > GFBp7Yzc9XLEuRVgWVAhGhCv2d$
> >
> > On Fri, May 14, 2021, 17:08 Yordan Kostov  wrote:
> >
> > > Hey Andrija and 조대형,
> > >
> > > Here is a script a threw
> > >
> >
> https://urldefense.com/v3/__https://github.com/dredknight/cloud_script
> s/blob/master/CloudStack-Xen/centos7_prep.bash__;!!A6UyJA!yR2trQHUBLsj
> M1ZHCvV4rHbvZtqjfKew-I37A9mNtMlknz8k9iGFBp7Yzc9XLEuRVgWVAr2oXtYa$
> > > It implements the following features:
> > > - some OS prep + install some packets
> > > - install cloud-init related packets
> > >
> > > Cloud-init features:
> > > - datasources -  sets as ConfigDrive and CloudStack as 
> > > default datasources
> > > - password + reset
> > &

RE: VMware Instance Error

2021-05-28 Thread Yordan Kostov 
Regarding the capacity issue with CPUs, make sure the service offering GHZ/MHZ 
CPU value is equal or less than the value shown in vCenter.
If it is more Cloudstack will spill "not enough capacity" error because 
offering requires cores with higher frequency than what is currently available.

I hope that helps.

Regards,
Jordan 

-Original Message-
From: Corey, Mike  
Sent: Friday, May 28, 2021 6:07 PM
To: users@cloudstack.apache.org
Subject: RE: VMware Instance Error


[X] This message came from outside your organization


I'll update this email distro in parallel to my ShapeBlue GURU ticket...

I continue to have trouble deploying VMs from template.  A few more 
observations to hopefully bring light to the problem.

1 - The VM instance in vCenter shows as having the same CPU/RAM as the template 
- NOT what the service offering selected.  Shouldn't the VM instance be built 
with the specs of the service offering?  It also is not being provisioned a NIC 
(template does not include nic).

2 - I have entries regarding host capacity not being enough, even though these 
are BEEFY @ 96cores and 750GB RAM...
2021-05-28 09:00:45,987 DEBUG [c.c.c.CapacityManagerImpl] 
(Work-Job-Executor-4:ctx-338f46d9 job-135/job-137 ctx-312869ec) 
(logid:8bef4350) Host does not have enough reserved CPU available, cannot 
allocate to this host.
2021-05-28 09:00:45,987 DEBUG [c.c.c.CapacityManagerImpl] 
(Work-Job-Executor-4:ctx-338f46d9 job-135/job-137 ctx-312869ec) 
(logid:8bef4350) Checking if host: 2 has enough capacity for requested CPU: 
1000 and requested RAM: (1.00 GB) 1073741824 , cpuOverprovisioningFactor: 3.0
2021-05-28 09:00:45,988 DEBUG [c.c.c.CapacityManagerImpl] 
(Work-Job-Executor-4:ctx-338f46d9 job-135/job-137 ctx-312869ec) 
(logid:8bef4350) Hosts's actual total CPU: 229824 and CPU after applying 
overprovisioning: 689472

3 - I've been told that template settings (VMware specifically) should be 
populated by ACS during the upload of a template.  This is not the case for me 
- either Win10 or CentOS templates.  Could someone answer what is the expected 
behavior during the install of a template?

4 - Even though ACS says the VM instance is in ERROR status - the VM in vCenter 
powers on and starts into Windows.

5- Invalid root disk error: even though global setting is set to scsi.  NO 
settings are on the template though because they aren't being populated during 
template installation (item 3)
2021-05-28 09:00:44,442 WARN  [c.c.a.m.DirectAgentAttache] 
(DirectAgent-29:ctx-70d83f01) (logid:8bef4350) Seq 1-6066630173044768803: 
Throwable caught while executing command
com.cloud.utils.exception.CloudRuntimeException: Invalid root disk controller 
detected : none

2021-05-28 09:00:44,443 DEBUG [c.c.a.t.Request] (DirectAgent-29:ctx-70d83f01) 
(logid:8bef4350) Seq 1-6066630173044768803: Processing:  { Ans: , MgmtId: 
345050012965, via: 1(host), Ver: v1, Flags: 110, 
[{"com.cloud.agent.api.Answer":{"result":"false","details":"com.cloud.utils.exception.CloudRuntimeException:
 Invalid root disk controller detected : none","wait":"0"}}] }

2021-05-28 09:00:44,520 DEBUG [c.c.v.VmWorkJobHandlerProxy] 
(Work-Job-Executor-3:ctx-1aea8c24 job-135/job-136 ctx-f15549a6) 
(logid:8bef4350) Done executing VM work job: 
com.cloud.vm.VmWorkStart{"dcId":1,"podId":1,"clusterId":1,"hostId":1,"rawParams":{"VmPassword":"rO0ABXQADnNhdmVkX3Bhc3N3b3Jk"},"userId":2,"accountId":2,"vmId":22,"handlerName":"VirtualMachineManagerImpl"}
2021-05-28 09:00:44,521 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl] 
(Work-Job-Executor-3:ctx-1aea8c24 job-135/job-136 ctx-f15549a6) 
(logid:8bef4350) Complete async job-136, jobStatus: FAILED, resultCode: 0, 
result:

RE: Cloudstack Kubernetes service

2021-05-28 Thread Yordan Kostov 
Thank you Pearl,

I will check this out .

Regards,
Jordan

-Original Message-
From: Pearl d'Silva  
Sent: Thursday, May 27, 2021 12:31 PM
To: users@cloudstack.apache.org
Subject: Re: Cloudstack Kubernetes service


[X] This message came from outside your organization


Hi Jordan,

CNI_VERSION can be set to the latest available one. 
(https://urldefense.com/v3/__https://github.com/containernetworking/cni/tags__;!!A6UyJA!0wFkpz5u9SrLNu3MD1r5y46O9V1Q8b1zMbZdcr7ssijj8oQzSnb2_otQomqjH2VI5CBQaxYBAoSM$
 ) CRICTL_VERSION should be set to the Kubernetes version that you want to 
build the iso for - you may refer to 
https://urldefense.com/v3/__https://github.com/kubernetes-sigs/cri-tools/tags__;!!A6UyJA!0wFkpz5u9SrLNu3MD1r5y46O9V1Q8b1zMbZdcr7ssijj8oQzSnb2_otQomqjH2VI5CBQaxTMtLb4$
  to get the corresponding version.
WEAVENET_NETWORK_YAML_CONFIG - to get the correct weave net config file, pass 
the corresponding kubernetes version as part of the query string as shown in 
the example 
(https://urldefense.com/v3/__https://cloud.weave.works/k8s/net?k8s-version=1.12.5__;!!A6UyJA!0wFkpz5u9SrLNu3MD1r5y46O9V1Q8b1zMbZdcr7ssijj8oQzSnb2_otQomqjH2VI5CBQa3gKYxMd$
 ) For DASHBOARD_YAML_CONFIG, you can use the one as specified in the doc, or 
you can use any version of your choice by updating the specific version into 
the url: 
https://urldefense.com/v3/__https://raw.githubusercontent.com/kubernetes/dashboard/__;!!A6UyJA!0wFkpz5u9SrLNu3MD1r5y46O9V1Q8b1zMbZdcr7ssijj8oQzSnb2_otQomqjH2VI5CBQa6VAftFj$
 
/aio/deploy/recommended.yaml<https://urldefense.com/v3/__https://raw.githubusercontent.com/kubernetes/dashboard/__;!!A6UyJA!0wFkpz5u9SrLNu3MD1r5y46O9V1Q8b1zMbZdcr7ssijj8oQzSnb2_otQomqjH2VI5CBQa6VAftFj$
  (you can refer to the following tags to choose 
the version: 
https://urldefense.com/v3/__https://github.com/kubernetes/dashboard/tags__;!!A6UyJA!0wFkpz5u9SrLNu3MD1r5y46O9V1Q8b1zMbZdcr7ssijj8oQzSnb2_otQomqjH2VI5CBQa5T7U2lv$
 )

Regards,
Pearl


From: Yordan Kostov 
Sent: Tuesday, May 25, 2021 8:13 PM
To: users@cloudstack.apache.org 
Subject: Cloudstack Kubernetes service

Hello everyone,

I am looking around the Kubernetes service for Cloudstack -> 
https://urldefense.com/v3/__http://docs.cloudstack.apache.org/en/latest/plugins/cloudstack-kubernetes-service.html__;!!A6UyJA!0wFkpz5u9SrLNu3MD1r5y46O9V1Q8b1zMbZdcr7ssijj8oQzSnb2_otQomqjH2VI5CBQaxMmsySv$

During installation this command is executed:
# ./create-kubernetes-binaries-iso.sh OUTPUT_PATH KUBERNETES_VERSION 
CNI_VERSION CRICTL_VERSION WEAVENET_NETWORK_YAML_CONFIG DASHBOARD_YAML_CONFIG

Which is exemplified as
# ./create-kubernetes-binaries-iso.sh ./ 1.12.5 0.7.1 1.12.0 
"https://urldefense.com/v3/__https://cloud.weave.works/k8s/net?k8s-version=1.12.5__;!!A6UyJA!0wFkpz5u9SrLNu3MD1r5y46O9V1Q8b1zMbZdcr7ssijj8oQzSnb2_otQomqjH2VI5CBQa3gKYxMd$
 " 
https://urldefense.com/v3/__https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta1/aio/deploy/recommended.yaml__;!!A6UyJA!0wFkpz5u9SrLNu3MD1r5y46O9V1Q8b1zMbZdcr7ssijj8oQzSnb2_otQomqjH2VI5CBQa1pchjN_$

My question is where do I collect the values for command attributes? and how 
should I find what is their configuration when it I files that should be 
pointed to?

  *   CNI_VERSION
  *   CRICTL_VERSION
  *   WEAVENET_NETWORK_YAML_CONFIG
  *   DASHBOARD_YAML_CONFIG

Best regards,
Jordan

RE: when removing an account linked to ldap and re-adding it, login fails

2021-05-28 Thread Yordan Kostov 
Figured it out.
For anyone having this issue:

Go to "ldap_trust_map" and correlate the entries with the accounts in "Account" 
table.
Delete the irrelevant ones in "ldap_trust_map" and login is successful.

Regards,
Jordan 


-----Original Message-
From: Yordan Kostov  
Sent: Friday, May 28, 2021 4:43 PM
To: users@cloudstack.apache.org
Subject: when removing an account linked to ldap and re-adding it, login fails 


[X] This message came from outside your organization


Hey everyone,

ACD version  4.15.

I am playing with LDAP and after some tests I cannot login with 
ldap account anymore.
This is what I get as error messages:

2021-05-28 15:31:40,645 INFO  [o.a.c.l.LdapAuthenticator] 
(qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) user 'acstest01' is mapped 
to more then one account in domain and will be disabled.
2021-05-28 15:31:40,646 DEBUG [o.a.c.s.SAML2UserAuthenticator] 
(qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Trying SAML2 auth for user: 
acstest01
2021-05-28 15:31:40,647 DEBUG [o.a.c.s.SAML2UserAuthenticator] 
(qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to find user with 
acstest01 in domain 18, or user source is not SAML2
2021-05-28 15:31:40,647 DEBUG [c.c.u.AccountManagerImpl] 
(qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to authenticate user 
with username acstest01 in domain 18
2021-05-28 15:31:40,647 WARN  [c.c.u.AccountManagerImpl] 
(qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to find an user with 
username acstest01 in domain 18
2021-05-28 15:31:40,648 DEBUG [c.c.u.AccountManagerImpl] 
(qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) User: acstest01 in domain 
18 has failed to log in
2021-05-28 15:31:40,648 DEBUG [c.c.a.ApiServlet] 
(qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Authentication failure: 
{"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed to 
authenticate user acstest01 in domain 18; please provide valid credentials"}}

I have only 1 account mapped in that domain so from  what I see 
it looks like this issue here -> 
https://urldefense.com/v3/__https://github.com/apache/cloudstack/issues/3661__;!!A6UyJA!wUcsBGPDJa5V-jfcXEGNQxhPCdJnumEo-mNFlnPMdDUi75-rkzTTa7A6dNOdYWqn$

Any idea what should be cleaned in the DB to allow login ?

Regards,
Jordan

11!

when removing an account linked to ldap and re-adding it, login fails

2021-05-28 Thread Yordan Kostov 
Hey everyone,

ACD version  4.15.

I am playing with LDAP and after some tests I cannot login with 
ldap account anymore.
This is what I get as error messages:

2021-05-28 15:31:40,645 INFO  [o.a.c.l.LdapAuthenticator] 
(qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) user 'acstest01' is mapped 
to more then one account in domain and will be disabled.
2021-05-28 15:31:40,646 DEBUG [o.a.c.s.SAML2UserAuthenticator] 
(qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Trying SAML2 auth for user: 
acstest01
2021-05-28 15:31:40,647 DEBUG [o.a.c.s.SAML2UserAuthenticator] 
(qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to find user with 
acstest01 in domain 18, or user source is not SAML2
2021-05-28 15:31:40,647 DEBUG [c.c.u.AccountManagerImpl] 
(qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to authenticate user 
with username acstest01 in domain 18
2021-05-28 15:31:40,647 WARN  [c.c.u.AccountManagerImpl] 
(qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to find an user with 
username acstest01 in domain 18
2021-05-28 15:31:40,648 DEBUG [c.c.u.AccountManagerImpl] 
(qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) User: acstest01 in domain 
18 has failed to log in
2021-05-28 15:31:40,648 DEBUG [c.c.a.ApiServlet] 
(qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Authentication failure: 
{"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed to 
authenticate user acstest01 in domain 18; please provide valid credentials"}}

I have only 1 account mapped in that domain so from  what I see 
it looks like this issue here -> 
https://github.com/apache/cloudstack/issues/3661

Any idea what should be cleaned in the DB to allow login ?

Regards,
Jordan

Cloudstack Kubernetes service

2021-05-25 Thread Yordan Kostov 
Hello everyone,

I am looking around the Kubernetes service for Cloudstack -> 
http://docs.cloudstack.apache.org/en/latest/plugins/cloudstack-kubernetes-service.html

During installation this command is executed:
# ./create-kubernetes-binaries-iso.sh OUTPUT_PATH KUBERNETES_VERSION 
CNI_VERSION CRICTL_VERSION WEAVENET_NETWORK_YAML_CONFIG DASHBOARD_YAML_CONFIG

Which is exemplified as
# ./create-kubernetes-binaries-iso.sh ./ 1.12.5 0.7.1 1.12.0 
"https://cloud.weave.works/k8s/net?k8s-version=1.12.5; 
https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta1/aio/deploy/recommended.yaml

My question is where do I collect the values for command attributes? and how 
should I find what is their configuration when it I files that should be 
pointed to?

  *   CNI_VERSION
  *   CRICTL_VERSION
  *   WEAVENET_NETWORK_YAML_CONFIG
  *   DASHBOARD_YAML_CONFIG

Best regards,
Jordan

RE: Change host IP

2021-05-20 Thread Yordan Kostov 
Hello Fariborz,

I am not experienced with ACS + KVM but here is something that may help.
If host is empty of VMs, can you force-remove it and add it again?

Regards,
Jordan

-Original Message-
From: Fariborz Navidan  
Sent: Thursday, May 20, 2021 11:23 AM
To: users@cloudstack.apache.org
Subject: Re: Change host IP


[X] This message came from outside your organization


When I restart agent the old IP gets back to agent.properties

Please help[ me/

On Thu, May 20, 2021 at 2:42 AM Fariborz Navidan 
wrote:

> I use cloudstack 4.14.0
>
> Please help me
>
> On Thu, May 20, 2021 at 2:34 AM Fariborz Navidan 
> 
> wrote:
>
>> Hello,
>>
>> We have migrated our server and as a result, we need to change the IP 
>> address. I have modified agent.properties and all ip address fields 
>> of host record to match the new IP address. But unfortunately, 
>> management server is unable to connect to it. I forced the host to go 
>> for maintenance checking "force". Now when I disable maintenance mode 
>> I get error " Failed to prepare host for maintenance due to: Unable 
>> to prepare for maintenance host 1".
>>
>> Bellow is the agent log:
>>
>> 2021-05-19 23:57:41,985 WARN  [utils.nio.NioConnection] (main:null)
>> (logid:) Unable to connect to remote: is there a server running on 
>> port 8250
>> 2021-05-19 23:57:46,986 INFO  [cloud.agent.Agent] (main:null) 
>> (logid:) Connecting to host:79.143.86.149
>> 2021-05-19 23:57:46,987 INFO  [utils.nio.NioClient] (ma
>>
>> Bellow is management server log:
>>
>> ] (Cluster-Heartbeat-1:ctx-f4e82537) (logid:c1947b66) Management node 
>> 11 is detected inactive by timestamp but is pingable
>> 2021-05-20 00:02:52,857 DEBUG [c.c.a.ApiServlet]
>> (qtp1609124502-279:ctx-17009f08) (logid:7e8b8325) ===START===
>>  2.190.171.255 -- GET
>>  
>> command=prepareHostForMaintenance=49bbd35c-9e33-48a5-ba38-41452429
>> 986b=json&_=1621461469563
>> 2021-05-20 00:02:52,870 DEBUG [c.c.a.ApiServer]
>> (qtp1609124502-279:ctx-17009f08 ctx-e209aafe) (logid:7e8b8325) CIDRs 
>> from which account 'Acct[97f4b3a5-a631-11ea-84fb-002590c1a7d4-admin]' 
>> is allowed to perform API calls: 0.0.0.0/0,::/0
>> 2021-05-20 00:02:52,893 INFO  [o.a.c.f.j.i.AsyncJobMonitor] 
>> (API-Job-Executor-8:ctx-4599c29b job-594) (logid:176b8386) Add 
>> job-594 into job monitoring
>> 2021-05-20 00:02:52,897 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
>> (qtp1609124502-279:ctx-17009f08 ctx-e209aafe) (logid:7e8b8325) submit 
>> async job-594, details: AsyncJobVO {id:594, userId: 2, accountId: 2,
>> instanceType: Host, instanceId: 1, cmd:
>> org.apache.cloudstack.api.command.admin.host.PrepareForMaintenanceCmd
>> ,
>> cmdInfo:
>> {"response":"json","ctxUserId":"2","httpmethod":"GET","ctxStartEventI
>> d":"23778","id":"49bbd35c-9e33-48a5-ba38-41452429986b","ctxDetails":"
>> {\"interface 
>> com.cloud.host.Host\":\"49bbd35c-9e33-48a5-ba38-41452429986b\"}","ctx
>> AccountId":"2","uuid":"49bbd35c-9e33-48a5-ba38-41452429986b","cmdEven
>> tType":"MAINT.PREPARE","_":"1621461469563"},
>> cmdVersion: 0, status: IN_PROGRESS, processStatus: 0, resultCode: 0,
>> result: null, initMsid: 279278805467174, completeMsid: null, lastUpdated:
>> null, lastPolled: null, created: null, removed: null}
>> 2021-05-20 00:02:52,899 DEBUG [c.c.a.ApiServlet]
>> (qtp1609124502-279:ctx-17009f08 ctx-e209aafe) (logid:7e8b8325) 
>> ===END===
>>  2.190.171.255 -- GET
>>  
>> command=prepareHostForMaintenance=49bbd35c-9e33-48a5-ba38-41452429
>> 986b=json&_=1621461469563
>> 2021-05-20 00:02:52,899 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl] 
>> (API-Job-Executor-8:ctx-4599c29b job-594) (logid:33d9ad1e) Executing 
>> AsyncJobVO {id:594, userId: 2, accountId: 2, instanceType: Host,
>> instanceId: 1, cmd:
>> org.apache.cloudstack.api.command.admin.host.PrepareForMaintenanceCmd
>> ,
>> cmdInfo:
>> {"response":"json","ctxUserId":"2","httpmethod":"GET","ctxStartEventI
>> d":"23778","id":"49bbd35c-9e33-48a5-ba38-41452429986b","ctxDetails":"
>> {\"interface 
>> com.cloud.host.Host\":\"49bbd35c-9e33-48a5-ba38-41452429986b\"}","ctx
>> AccountId":"2","uuid":"49bbd35c-9e33-48a5-ba38-41452429986b","cmdEven
>> tType":"MAINT.PREPARE","_":"1621461469563"},
>> cmdVersion: 0, status: IN_PROGRESS, processStatus: 0, resultCode: 0,
>> result: null, initMsid: 279278805467174, completeMsid: null, lastUpdated:
>> null, lastPolled: null, created: null, removed: null}
>> 2021-05-20 00:02:52,924 INFO  [c.c.r.ResourceManagerImpl] 
>> (API-Job-Executor-8:ctx-4599c29b job-594 ctx-50530646) 
>> (logid:33d9ad1e)
>> Maintenance: attempting maintenance of host 
>> 49bbd35c-9e33-48a5-ba38-41452429986b
>> 2021-05-20 00:02:52,926 DEBUG [c.c.a.m.AgentManagerImpl] 
>> (API-Job-Executor-8:ctx-4599c29b job-594 ctx-50530646) 
>> (logid:33d9ad1e) Can not send command 
>> com.cloud.agent.api.MaintainCommand due to Host 1 is not up
>> 2021-05-20 00:02:52,926 WARN  [c.c.r.ResourceManagerImpl] 
>> (API-Job-Executor-8:ctx-4599c29b job-594 ctx-50530646) 
>> (logid:33d9ad1e) Unable to send

RE: I Need Help 

2021-05-20 Thread Yordan Kostov 
JA!0NBHWxzRtEZ_M21vL9NVJmr9t45lM4HCNW9MvjJVlR5Mg4uEi05DaTrXoSr7FSsY0YXURkqLLJzW$
>>>> https://urldefense.com/v3/__https://ibb.co/j6SnXFf__;!!A6UyJA!0NBHWxzRtEZ_M21vL9NVJmr9t45lM4HCNW9MvjJVlR5Mg4uEi05DaTrXoSr7FSsY0YXURj-_6e6e$
>>>> https://urldefense.com/v3/__https://ibb.co/sQFpKVF__;!!A6UyJA!0NBHWxzRtEZ_M21vL9NVJmr9t45lM4HCNW9MvjJVlR5Mg4uEi05DaTrXoSr7FSsY0YXURuZ2SUm5$
>>>> https://urldefense.com/v3/__https://ibb.co/7CbQwcz__;!!A6UyJA!0NBHWxzRtEZ_M21vL9NVJmr9t45lM4HCNW9MvjJVlR5Mg4uEi05DaTrXoSr7FSsY0YXURuXicyVC$
>>>> https://urldefense.com/v3/__https://ibb.co/mvPkQSG__;!!A6UyJA!0NBHWxzRtEZ_M21vL9NVJmr9t45lM4HCNW9MvjJVlR5Mg4uEi05DaTrXoSr7FSsY0YXURouldo0j$
>>>>
>>>>
>>>> They contain network configurations  you can compare with the network
>>>> configuration on both servers below
>>>>
>>>> 1st computer :
>>>>
>>>> ifconfig :
>>>>
>>>> [root@srvr1 ~]# ifconfig
>>>> eno1: flags=4163  mtu 1500
>>>> inet 192.168.1.8  netmask 255.255.255.0  broadcast 192.168.1.255
>>>> inet6 fe80::7a31:44f5:6cbd:f97e  prefixlen 64  scopeid
>>>> 0x20
>>>> ether 68:1d:ef:24:d2:bb  txqueuelen 1000  (Ethernet)
>>>> RX packets 683346  bytes 450075162 (429.2 MiB)
>>>> RX errors 0  dropped 31958  overruns 0  frame 0
>>>> TX packets 483540  bytes 464984616 (443.4 MiB)
>>>> TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>>>>
>>>> lo: flags=73  mtu 65536
>>>> inet 127.0.0.1  netmask 255.0.0.0
>>>> inet6 ::1  prefixlen 128  scopeid 0x10
>>>> loop  txqueuelen 1000  (Local Loopback)
>>>> RX packets 11164675  bytes 2804166400 (2.6 GiB)
>>>> RX errors 0  dropped 0  overruns 0  frame 0
>>>> TX packets 11164675  bytes 2804166400 (2.6 GiB)
>>>> TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>>>>
>>>> [root@srvr1 ~]#
>>>>
>>>>
>>>> [root@srvr1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-cloudbr0
>>>> DEVICE=cloudbr0
>>>> TYPE=Bridge
>>>> ONBOOT=yes
>>>> BOOTPROTO=static
>>>> IPV6INIT=no
>>>> IPV6_AUTOCONF=no
>>>> DELAY=5
>>>> IPADDR=192.168.1.8
>>>> GATEWAY=192.168.1.1
>>>> NETMASK=255.255.255.0
>>>> DNS1=8.8.8.8
>>>> DNS2=8.8.4.4
>>>> STP=yes
>>>> USERCTL=no
>>>> NM_CONTROLLED=no
>>>> [root@srvr1 ~]#
>>>>
>>>>
>>>> [root@srvr1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eno1
>>>> TYPE=Ethernet
>>>> BOOTPRO=static
>>>> NAME=eno1
>>>> UUID=7dad60c5-e259-4fb9-9f5a-aac0ec29435f
>>>> DEVICE=eno1
>>>> ONBOOT=yes
>>>> IPADDR-192.168.1.8
>>>> PREFIX=24
>>>> GATEWAY=192.168.1.1
>>>> USRCTL=no
>>>> BRIDGE=cloudbr0
>>>> [root@srvr1 ~]#
>>>>
>>>>
>>>> 2nd computer :
>>>>
>>>> The 2nd computer has 2 NICs :
>>>>
>>>> [root@srvr2 ~]# ifconfig
>>>> cloud0: flags=4163  mtu 1500
>>>> inet 169.254.0.1  netmask 255.255.0.0  broadcast 0.0.0.0
>>>> inet6 fe80::f89d:edff:fe9c:e90b  prefixlen 64  scopeid
>>>> 0x20
>>>> ether fa:9d:ed:9c:e9:0b  txqueuelen 1000  (Ethernet)
>>>> RX packets 0  bytes 0 (0.0 B)
>>>> RX errors 0  dropped 0  overruns 0  frame 0
>>>> TX packets 1401  bytes 59862 (58.4 KiB)
>>>> TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>>>>
>>>> cloudbr0: flags=4163  mtu 1500
>>>> inet 192.168.1.7  netmask 255.255.255.0  broadcast 192.168.1.255
>>>> inet6 fe80::8040:8dff:fe57:4eb8  prefixlen 64  scopeid
>>>> 0x20
>>>> ether d0:50:99:81:89:f5  txqueuelen 1000  (Ethernet)
>>>> RX packets 220463  bytes 19759124 (18.8 MiB)
>>>> RX errors 0  dropped 22054  overruns 0  frame 0
>>>> TX packets 620  bytes 55228 (53.9 KiB)
>>>> TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>>>>
>>>> cloudbr1: flags=4099  mtu 1500
>>>> ether 32:7c:82:bc:0f:ce  txqueuelen 1000  (Ethernet)
>>>> RX packets 0  bytes 0 (0.0 B)
>>>>

RE: I Need Help 

2021-05-20 Thread Yordan Kostov 
Hey Serge,

We cannot see the screenshots because the mailing group 
protection strips them.
However you can provide a link to a hosted image.
If you doubt networking disable firewalls/iptables.
Cloudstack VM communicates with the hypervisor host through 
management.
Public network are required by SSVMs to access external sources 
such internet or as a entry/exit point for NAT-ed user networks.

Next go to ACS GUI and check if Zone is enabled? Then go to pod 
-> clusters -> hosts and check if any of those has any red alert instead of a 
green dot.
If such exists around cluster level and below – make sure you 
configured the network traffic labels correct. I have not played with ACS + KVM 
so  I cannot give specifics here.

Best regards,
Jordan

From: Serge Byishimo 
Sent: Thursday, May 20, 2021 11:02 AM
To: users@cloudstack.apache.org
Subject: Re: I Need Help 


[X]This message came from outside your organization

This is the Host Information

[Screenshot 2021-05-20 at 10-01-32 Hosts - CloudStack.png]

On Thu, May 20, 2021 at 9:48 AM Serge Byishimo 
mailto:sergebyish...@gmail.com>> wrote:
I mounted the secondary storage on the management server /export/secondary from 
192.168.1.7:/export/secondary

[root@srvr1 secondary]# ll
total 20
drwx--. 2 root root 16384 May 18 16:18 lost+found
drwxr-xr-x. 3 root root  4096 May 19 11:56 template
[root@srvr1 secondary]#

there is a template directory with template files

[root@srvr1 secondary]# ll template/tmpl/1/3
total 365536
-rw-r--r--. 1 root root 374303744 May 19 11:58 
1e6e90ea-c7e8-421f-b403-7a5e4bce848c.qcow2
-rw-r--r--. 1 root root   287 May 19 11:58 template.properties
[root@srvr1 secondary]#

It is downloaded as you can see on the attached screenshots
I think it might be a networking issue coz I got confused with the public IP 
range and I put one IP that I have 209.150.129—, but it doesn’t have anything 
to do with this set up, except that I use it to access resources on the outside 
by port forwarding them

Attached also is the console proxy and secondary storage VM,

they are all stuck starting as shown in another screenshot


[Screenshot 2021-05-20 at 09-39-43 Templates - CloudStack.png]
[Screenshot 2021-05-20 at 09-41-25 System VMs - CloudStack.png]
[Screenshot 2021-05-20 at 09-41-41 System VMs - CloudStack.png]
[Screen Shot 2021-05-20 at 09.47.20.png]


On Thu, May 20, 2021 at 9:31 AM Yordan Kostov 
mailto:yord...@nsogroup.com>> wrote:
Did you by any chance download and update the system vm templates?
http://docs.cloudstack.apache.org/en/latest/installguide/management-server/index.html#prepare-the-system-vm-template<https://urldefense.com/v3/__http:/docs.cloudstack.apache.org/en/latest/installguide/management-server/index.html*prepare-the-system-vm-template__;Iw!!A6UyJA!xdMOpDgufOBL1WXIgUcUxgTcbsdp8WmZnpUB-DBK4ReGRx8n17VhUmhYJTvKy6me5hqQCYLdQ3Ow$>
That is another reason for the SSVM not starting.

Regards,
Jordan

From: Serge Byishimo mailto:sergebyish...@gmail.com>>
Sent: Thursday, May 20, 2021 10:14 AM
To: users@cloudstack.apache.org<mailto:users@cloudstack.apache.org>
Subject: Re: I Need Help 


[X]This message came from outside your organization

Another thing I forgot to mention is :

On the dashboard, it shows 0.00GB of Secondary Storage

I mounted a partition on the Host and used NFS to connect it with the 
management server :

[root@srvr1 ~]# showmount -e 192.168.1.7
Export list for 
192.168.1.7<https://urldefense.com/v3/__http:/192.168.1.7__;!!A6UyJA!0q19bVFm1wSBf0d9m2u4EiU0ugEkSxsNy6ecVs3JXSIhmsTYAZ3IpQrFxJf0SHRqggbVrSdyvvvt$>:
/export/primary   *
/export/primary2  *
/export/secondary *

and then added it on the UI


[Screen Shot 2021-05-20 at 09.05.30.png]

On Thu, May 20, 2021 at 9:12 AM Serge Byishimo 
mailto:sergebyish...@gmail.com><mailto:sergebyish...@gmail.com<mailto:sergebyish...@gmail.com>>>
 wrote:

This is the message I get when the Host 192.168.1.7 is trying to SSH in System 
VM Link Local IP

[root@srvr2 ~]# ssh -i /root/.ssh/id_rsa.cloud 169.254.51.113 -p 3922
ssh: connect to host 169.254.51.113 port 3922: No route to host
[root@srvr2 ~]#

On the host 192.168.1.7, there is no /var/log/cloud

There is only /var/log/cloudstack/agent/agent.log, let me show you its logs

[root@srvr2 log]# ls /var/log
anaconda   btmp   cron-20210509 dnf.log 
 hawkey.log-20210502  maillog-20210502   messages-20210516  secure-20210516   
swtpm
audit  btmp-20210501  cron-20210516 dnf.log.1   
 hawkey.log-20210509  maillog-20210509   privatespooler   
tuned
boot.log   chrony dnf.librepo.log   dnf.rpm.log 
 hawkey.log-20210516  maillog-20210516   samba  spooler-20210425  
wtmp
boot.log-20210411  cloudstack dnf.librepo.log-20210425  firewall

RE: I Need Help 

2021-05-20 Thread Yordan Kostov 
:40,883 INFO  [kvm.storage.LibvirtStorageAdaptor] 
(agentRequest-Handler-4:null) (logid:0934a268) Trying to fetch storage pool 
26a9efbf-fb80-3f0d-a292-43bd0a3eec9d from libvirt
2021-05-20 03:09:07,105 INFO  [kvm.storage.LibvirtStorageAdaptor] 
(agentRequest-Handler-3:null) (logid:e74f962b) Trying to fetch storage pool 
26a9efbf-fb80-3f0d-a292-43bd0a3eec9d from libvirt
2021-05-20 03:09:07,120 INFO  [kvm.storage.LibvirtStorageAdaptor] 
(agentRequest-Handler-3:null) (logid:e74f962b) Asking libvirt to refresh 
storage pool 26a9efbf-fb80-3f0d-a292-43bd0a3eec9d
2021-05-20 03:09:07,174 INFO  [kvm.storage.LibvirtStorageAdaptor] 
(agentRequest-Handler-1:null) (logid:e74f962b) Trying to fetch storage pool 
39e1d532-590f-3d17-9b5a-10c1644e09f6 from libvirt
2021-05-20 03:09:07,176 INFO  [kvm.storage.LibvirtStorageAdaptor] 
(agentRequest-Handler-1:null) (logid:e74f962b) Asking libvirt to refresh 
storage pool 39e1d532-590f-3d17-9b5a-10c1644e09f6
2021-05-20 03:09:10,900 INFO  [kvm.storage.LibvirtStorageAdaptor] 
(agentRequest-Handler-4:null) (logid:0934a268) Trying to fetch storage pool 
26a9efbf-fb80-3f0d-a292-43bd0a3eec9d from libvirt
2021-05-20 03:09:40,921 INFO  [kvm.storage.LibvirtStorageAdaptor] 
(agentRequest-Handler-2:null) (logid:17b8f397) Trying to fetch storage pool 
39e1d532-590f-3d17-9b5a-10c1644e09f6 from libvirt
2021-05-20 03:09:40,935 INFO  [kvm.storage.LibvirtStorageAdaptor] 
(agentRequest-Handler-2:null) (logid:17b8f397) Trying to fetch storage pool 
39e1d532-590f-3d17-9b5a-10c1644e09f6 from libvirt
2021-05-20 03:09:44,076 INFO  [kvm.resource.LibvirtConnection] 
(agentRequest-Handler-5:null) (logid:0934a268) No existing libvirtd connection 
found. Opening a new one
2021-05-20 03:09:44,078 WARN  [kvm.resource.LibvirtConnection] 
(agentRequest-Handler-5:null) (logid:0934a268) Can not find a connection for 
Instance v-550-VM. Assuming the default connection.
2021-05-20 03:09:44,161 WARN  [kvm.resource.LibvirtKvmAgentHook] 
(agentRequest-Handler-5:null) (logid:0934a268) Groovy script 
'/etc/cloudstack/agent/hooks/libvirt-vm-state-change.groovy' is not available. 
Transformations will not be applied.
2021-05-20 03:09:44,161 WARN  [kvm.resource.LibvirtKvmAgentHook] 
(agentRequest-Handler-5:null) (logid:0934a268) Groovy scripting engine is not 
initialized. Data transformation skipped.
2021-05-20 03:10:07,275 INFO  [kvm.storage.LibvirtStorageAdaptor] 
(agentRequest-Handler-1:null) (logid:0e198ea0) Trying to fetch storage pool 
26a9efbf-fb80-3f0d-a292-43bd0a3eec9d from libvirt
2021-05-20 03:10:07,277 INFO  [kvm.storage.LibvirtStorageAdaptor] 
(agentRequest-Handler-1:null) (logid:0e198ea0) Asking libvirt to refresh 
storage pool 26a9efbf-fb80-3f0d-a292-43bd0a3eec9d
2021-05-20 03:10:07,371 INFO  [kvm.storage.LibvirtStorageAdaptor] 
(agentRequest-Handler-4:null) (logid:0e198ea0) Trying to fetch storage pool 
39e1d532-590f-3d17-9b5a-10c1644e09f6 from libvirt
2021-05-20 03:10:07,372 INFO  [kvm.storage.LibvirtStorageAdaptor] 
(agentRequest-Handler-4:null) (logid:0e198ea0) Asking libvirt to refresh 
storage pool 39e1d532-590f-3d17-9b5a-10c1644e09f6
2021-05-20 03:10:10,939 INFO  [kvm.storage.LibvirtStorageAdaptor] 
(agentRequest-Handler-2:null) (logid:17b8f397) Trying to fetch storage pool 
39e1d532-590f-3d17-9b5a-10c1644e09f6 from libvirt
2021-05-20 03:10:40,955 INFO  [kvm.storage.LibvirtStorageAdaptor] 
(agentRequest-Handler-2:null) (logid:17b8f397) Trying to fetch storage pool 
39e1d532-590f-3d17-9b5a-10c1644e09f6 from libvirt




Thank you

Regards,

On Thu, May 20, 2021 at 9:05 AM Yordan Kostov 
mailto:yord...@nsogroup.com>> wrote:
System VMs SSH available only through the hypervisor.
You can read more about it here -> 
http://docs.cloudstack.apache.org/en/latest/adminguide/systemvm.html#accessing-system-vms<https://urldefense.com/v3/__http:/docs.cloudstack.apache.org/en/latest/adminguide/systemvm.html*accessing-system-vms__;Iw!!A6UyJA!0q19bVFm1wSBf0d9m2u4EiU0ugEkSxsNy6ecVs3JXSIhmsTYAZ3IpQrFxJf0SHRqggbVrbQdEv7i$>
On the hypervisor host  192.168.1.7 what do you see in /var/log/cloud/cloud.log

Any issues reported?

Regards,
Jordan

From: Serge Byishimo mailto:sergebyish...@gmail.com>>
Sent: Thursday, May 20, 2021 9:55 AM
To: users@cloudstack.apache.org<mailto:users@cloudstack.apache.org>
Subject: Re: I Need Help 


[X]This message came from outside your organization

Thank you Yordan,

I have 6TB of primary storage available on the dashboard,

But one of the problem I have is I can’t SSH through the SystemVMs to see that 
log, I’m thinking It might a networking Issue, so let me show you my 
configuration :

I have 2 computers : 1st management server, 2nd Host



They are on a private network, they don’t have public IP addresses, so I was 
confused when cloudstack kept asking me about public IP addresses

1st computer :

ifconfig :

[root@srvr1 ~]# ifconfig
eno1: flags=4163  mtu 1500
inet 192.168.1.8  netmask 255.255.255.0  broadcast 192.168.1.255
inet6 fe80::7a31:44f

RE: I Need Help 

2021-05-20 Thread Yordan Kostov 
ork-scripts/ifcfg-cloudbr0
DEVICE=cloudbr0
TYPE=Bridge
ONBOOT=yes
BOOTPROTO=none
IPV6INIT=no
DELAY=5
IPADDR=192.168.1.7
GATEWAY=192.168.1.1
NETMASK=255.255.255.0
STP=yes
BRIDGING_OPTS=priority=32768
PROXY_METHOD=none
BROWSER_ONLY=no
PREFIX=24
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
NAME="Bridge cloudbr0"
UUID=d4b789ba-7321-548d-dabd-5c4150da0266
[root@srvr2 ~]#
[root@srvr2 ~]#







[root@srvr2 ~]# cat /etc/sysconfig/network-scripts/ifcfg-cloudbr1
DEVICE=cloudbr1
TYPE=Bridge
ONBOOT=yes
BOOTPROTO=none
IPV6INIT=no
IPV6_AUTOCONF=no
DELAY=5
STP=yes
[root@srvr2 ~]#



[root@srvr2 ~]# cat /etc/sysconfig/network-scripts/ifcfg-enp0s25
TYPE=Ethernet
NAME=enp0s25
UUID=93380612-3b97-4a34-ab9f-042b751cc468
DEVICE=enp0s25
ONBOOT=yes
BRIDGE=cloudbr0


# cat /etc/sysconfig/network-scripts/enp0s25.200
DEVICE=enp0s25.200
ONBOOT=yes
HOTPLUG=no
BOOTPROTO=none
TYPE=Ethernet
VLAN=yes
BRIDGE=cloudbr1

[Screen Shot 2021-05-20 at 08.52.21.png]
[Screen Shot 2021-05-20 at 08.52.47.png]
[Screen Shot 2021-05-20 at 08.53.12.png]
[Screen Shot 2021-05-20 at 08.53.18.png]

I need help figuring out what I did wrong!



On Thu, May 20, 2021 at 8:30 AM Yordan Kostov 
mailto:yord...@nsogroup.com>> wrote:
Hello Serge,

Check these snippets from your logs.
Line 61: 
com.cloud.exception.InsufficientServerCapacityException: Unable to create a 
deployment for VM[SecondaryStorageVm|s-454-VM]Scope=interface
Line 66: com.cloud.exception.InsufficientServerCapacityException: 
Unable to create a deployment for VM[SecondaryStorageVm|s-454-VM]Scope=interface
Line 72: (Work-Job-Executor-8:ctx-e9ad7a77 job-1107/job-1115) 
(logid:a9f8cbaf) Unable to complete AsyncJobVO {id:1115, userId: 1, accountId: 
1,
Line 80: com.cloud.exception.InsufficientServerCapacityException: 
Unable to create a deployment for VM[SecondaryStorageVm|s-454-VM]Scope=interface
Line 134: com.cloud.exception.InsufficientServerCapacityException: 
Unable to create a deployment for VM[SecondaryStorageVm|s-454-VM]Scope=interface
Line 175: (secstorage-1:ctx-694f5c71) (logid:a34366a8) Unable to start 
secondary storage vm for standby capacity, vm id : 454, will recycle it and 
start a new one

It seems the system cannot create the secondary VM thus the 
zone/pods/clusters are not functional.
Check the hypervisor logs at "/var/log/cloud/cloud.log and let us know 
what you see there.

Usually the cause of this issue is that primary storage cannot utilized 
(either not mounted or something else) on the hypervisor for usage.

Best regards,
Jordan

-Original Message-
From: Serge Byishimo mailto:sergebyish...@gmail.com>>
Sent: Wednesday, May 19, 2021 6:49 PM
To: users@cloudstack.apache.org<mailto:users@cloudstack.apache.org>
Subject: I Need Help 


[X] This message came from outside your organization


Cloudstack: 4.15
OS: Centos 8

Two computers: one for the Management Server and the other for the Host

Primary and Secondary storage is on the host and connected to the management 
through NFS,


2021-05-19 11:20:39,924 DEBUG [c.c.a.m.a.i.FirstFitAllocator]
(Work-Job-Executor-8:ctx-e9ad7a77 job-1107/job-1115 ctx-9c8114c8
FirstFitRoutingAllocator) (logid:a9f8cbaf) Found 1 hosts for allocation after 
prioritization: [Host[-1-Routing]]
2021-05-19 11:20:39,924 DEBUG [c.c.a.m.a.i.FirstFitAllocator]
(Work-Job-Executor-8:ctx-e9ad7a77 job-1107/job-1115 ctx-9c8114c8
FirstFitRoutingAllocator) (logid:a9f8cbaf) Looking for speed=500Mhz,
Ram=512 MB
2021-05-19 11:20:39,924 DEBUG [c.c.a.m.a.i.FirstFitAllocator]
(Work-Job-Executor-8:ctx-e9ad7a77 job-1107/job-1115 ctx-9c8114c8
FirstFitRoutingAllocator) (logid:a9f8cbaf) Host name: srvr2.cloud.priv,
hostId: 1 is in avoid set, skipping this and trying other available hosts
2021-05-19 11:20:39,924 DEBUG [c.c.a.m.a.i.FirstFitAllocator]
(Work-Job-Executor-8:ctx-e9ad7a77 job-1107/job-1115 ctx-9c8114c8
FirstFitRoutingAllocator) (logid:a9f8cbaf) Host Allocator returning 0 suitable 
hosts
2021-05-19 11:20:39,924 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
(Work-Job-Executor-8:ctx-e9ad7a77 job-1107/job-1115 ctx-9c8114c8)
(logid:a9f8cbaf) No suitable hosts found
2021-05-19 11:20:39,924 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
(Work-Job-Executor-8:ctx-e9ad7a77 job-1107/job-1115 ctx-9c8114c8)
(logid:a9f8cbaf) No suitable hosts found under this Cluster: 1
2021-05-19 11:20:39,927 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
(Work-Job-Executor-8:ctx-e9ad7a77 job-1107/job-1115 ctx-9c8114c8)
(logid:a9f8cbaf) Could not find suitable Deployment Destination for this VM 
under any clusters, returning.
2021-05-19 11:20:39,930 DEBUG [c.c.d.FirstFitPlanner]
(Work-Job-Executor-8:ctx-e9ad7a77 job-1107/job-1115 ctx-9c8114c8)
(logid:a9f8cbaf) Searching resources only under specified Pod: 1
2021-05-19 11:20:39,934 DEBUG [c.c.d.FirstFitPlanner]
(Work-Job-Executor-8:ctx-e9ad7a77 job-1107/job-1115 ctx-9c8114c8)
(logid:a9f8cbaf) Listing clusters in order of aggregate cap

RE: I Need Help 

2021-05-20 Thread Yordan Kostov 
Hello Serge,

Check these snippets from your logs.
Line 61: 
com.cloud.exception.InsufficientServerCapacityException: Unable to create a 
deployment for VM[SecondaryStorageVm|s-454-VM]Scope=interface
Line 66: com.cloud.exception.InsufficientServerCapacityException: 
Unable to create a deployment for VM[SecondaryStorageVm|s-454-VM]Scope=interface
Line 72: (Work-Job-Executor-8:ctx-e9ad7a77 job-1107/job-1115) 
(logid:a9f8cbaf) Unable to complete AsyncJobVO {id:1115, userId: 1, accountId: 
1,
Line 80: com.cloud.exception.InsufficientServerCapacityException: 
Unable to create a deployment for VM[SecondaryStorageVm|s-454-VM]Scope=interface
Line 134: com.cloud.exception.InsufficientServerCapacityException: 
Unable to create a deployment for VM[SecondaryStorageVm|s-454-VM]Scope=interface
Line 175: (secstorage-1:ctx-694f5c71) (logid:a34366a8) Unable to start 
secondary storage vm for standby capacity, vm id : 454, will recycle it and 
start a new one

It seems the system cannot create the secondary VM thus the 
zone/pods/clusters are not functional. 
Check the hypervisor logs at "/var/log/cloud/cloud.log and let us know 
what you see there.

Usually the cause of this issue is that primary storage cannot utilized 
(either not mounted or something else) on the hypervisor for usage.

Best regards,
Jordan

-Original Message-
From: Serge Byishimo  
Sent: Wednesday, May 19, 2021 6:49 PM
To: users@cloudstack.apache.org
Subject: I Need Help 


[X] This message came from outside your organization


Cloudstack: 4.15
OS: Centos 8

Two computers: one for the Management Server and the other for the Host

Primary and Secondary storage is on the host and connected to the management 
through NFS,


2021-05-19 11:20:39,924 DEBUG [c.c.a.m.a.i.FirstFitAllocator]
(Work-Job-Executor-8:ctx-e9ad7a77 job-1107/job-1115 ctx-9c8114c8
FirstFitRoutingAllocator) (logid:a9f8cbaf) Found 1 hosts for allocation after 
prioritization: [Host[-1-Routing]]
2021-05-19 11:20:39,924 DEBUG [c.c.a.m.a.i.FirstFitAllocator]
(Work-Job-Executor-8:ctx-e9ad7a77 job-1107/job-1115 ctx-9c8114c8
FirstFitRoutingAllocator) (logid:a9f8cbaf) Looking for speed=500Mhz,
Ram=512 MB
2021-05-19 11:20:39,924 DEBUG [c.c.a.m.a.i.FirstFitAllocator]
(Work-Job-Executor-8:ctx-e9ad7a77 job-1107/job-1115 ctx-9c8114c8
FirstFitRoutingAllocator) (logid:a9f8cbaf) Host name: srvr2.cloud.priv,
hostId: 1 is in avoid set, skipping this and trying other available hosts
2021-05-19 11:20:39,924 DEBUG [c.c.a.m.a.i.FirstFitAllocator]
(Work-Job-Executor-8:ctx-e9ad7a77 job-1107/job-1115 ctx-9c8114c8
FirstFitRoutingAllocator) (logid:a9f8cbaf) Host Allocator returning 0 suitable 
hosts
2021-05-19 11:20:39,924 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
(Work-Job-Executor-8:ctx-e9ad7a77 job-1107/job-1115 ctx-9c8114c8)
(logid:a9f8cbaf) No suitable hosts found
2021-05-19 11:20:39,924 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
(Work-Job-Executor-8:ctx-e9ad7a77 job-1107/job-1115 ctx-9c8114c8)
(logid:a9f8cbaf) No suitable hosts found under this Cluster: 1
2021-05-19 11:20:39,927 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
(Work-Job-Executor-8:ctx-e9ad7a77 job-1107/job-1115 ctx-9c8114c8)
(logid:a9f8cbaf) Could not find suitable Deployment Destination for this VM 
under any clusters, returning.
2021-05-19 11:20:39,930 DEBUG [c.c.d.FirstFitPlanner]
(Work-Job-Executor-8:ctx-e9ad7a77 job-1107/job-1115 ctx-9c8114c8)
(logid:a9f8cbaf) Searching resources only under specified Pod: 1
2021-05-19 11:20:39,934 DEBUG [c.c.d.FirstFitPlanner]
(Work-Job-Executor-8:ctx-e9ad7a77 job-1107/job-1115 ctx-9c8114c8)
(logid:a9f8cbaf) Listing clusters in order of aggregate capacity, that have (at 
least one host with) enough CPU and RAM capacity under this Pod: 1
2021-05-19 11:20:39,942 DEBUG [c.c.d.FirstFitPlanner]
(Work-Job-Executor-8:ctx-e9ad7a77 job-1107/job-1115 ctx-9c8114c8)
(logid:a9f8cbaf) Removing from the clusterId list these clusters from avoid
set: [1]
2021-05-19 11:20:39,947 DEBUG [c.c.d.FirstFitPlanner]
(Work-Job-Executor-8:ctx-e9ad7a77 job-1107/job-1115 ctx-9c8114c8)
(logid:a9f8cbaf) No clusters found after removing disabled clusters and 
clusters in avoid list, returning.
2021-05-19 11:20:39,974 DEBUG [c.c.c.CapacityManagerImpl]
(Work-Job-Executor-8:ctx-e9ad7a77 job-1107/job-1115 ctx-9c8114c8)
(logid:a9f8cbaf) VM state transitted from :Starting to Stopped with event:
OperationFailedvm's original host id: null new host id: null host id before 
state transition: 1
2021-05-19 11:20:39,997 DEBUG [c.c.c.CapacityManagerImpl]
(Work-Job-Executor-8:ctx-e9ad7a77 job-1107/job-1115 ctx-9c8114c8)
(logid:a9f8cbaf) Hosts's actual total CPU: 43200 and CPU after applying
overprovisioning: 43200
2021-05-19 11:20:39,997 DEBUG [c.c.c.CapacityManagerImpl]
(Work-Job-Executor-8:ctx-e9ad7a77 job-1107/job-1115 ctx-9c8114c8)
(logid:a9f8cbaf) Hosts's actual total RAM: (61.57 GB) 66114236416 and RAM after 
applying overprovisioning: (61.57 GB)

RE: alternative Active directory config?

2021-05-19 Thread Yordan Kostov 
I figured it out.

Regards,
Jordan

-Original Message-
From: Yordan Kostov  
Sent: Wednesday, May 19, 2021 11:03 AM
To: users@cloudstack.apache.org
Subject: RE: alternative Active directory config?


[X] This message came from outside your organization


Hey everyone,

Is there a CLI command that can query LDAP/active directory 
configuration?
For example to list all users that ACS see based on the current config?

Best regards,
Jordan

-Original Message-
From: Yordan Kostov 
Sent: Tuesday, May 18, 2021 3:52 PM
To: users@cloudstack.apache.org
Subject: RE: alternative Active directory config?


[X] This message came from outside your organization


Hey everyone,

I do work on adding ldap to CS 4.15 through CLI but there is something 
I do not understand.
From this guide -> 
https://urldefense.com/v3/__http://docs.cloudstack.apache.org/en/4.15.0.0/adminguide/accounts.html*using-an-ldap-server-for-user-authentication__;Iw!!A6UyJA!0Zv6ffRfmVx3Nf2cwDpJVh17jH9cC5Hvo2CIyFjRrN4RokV05GlJjNgHf1Mg2XcQ$
I do try to configure option 3 - autosync of user groups.

The actual mapping is done through this commands:
- cloudmonkey -d json ldap createaccount account='juniors' 
accounttype=0 domainid=$MAPPEDDOMAIN1 username=bystander
- cloudmonkey -d json link accounttoldap account='juniors' 
accounttype=0 domainid=$MAPPEDDOMAIN1 
ldapdomain='cn=AcsJuniorAdmins,ou=AcsGroups,dc=cloudstack,dc=apache,dc=org' 
type=GROUP

Here is the commands I use - cloudmonkey -d json ldap createaccount 
account='DEVTEST' accounttype=0 domainid=$DomainID username=testuser
After this one I do get the following error:
- from command line: "No LDAP user exists with the username of test"
- from logs - ldap Exception:
javax.naming.ConfigurationException: java.naming.provider.url property does not 
contain a URL

Does the command require the username variable to exist ? Example from 
the guide states username as "bystander" which does not look so.
Also as the group is mapped to account why a user is required anyway?

Best regards,
Jordan

-Original Message-----
From: Yordan Kostov 
Sent: Thursday, May 13, 2021 4:18 PM
To: users@cloudstack.apache.org
Subject: RE: alternative Active directory config?


[X] This message came from outside your organization


Thank you Nicolas,

I am on it!

Regards,
Jordan

-Original Message-
From: Nicolas Vazquez 
Sent: Thursday, May 13, 2021 4:15 PM
To: users@cloudstack.apache.org
Subject: Re: alternative Active directory config?


[X] This message came from outside your organization


Hi Yordan,

Indeed, that seems missing in the new UI, but you can still configure LDAP 
accounts through the API. For example by installing CloudMonkey 
https://urldefense.com/v3/__https://github.com/apache/cloudstack-cloudmonkey/wiki__;!!A6UyJA!w6Ptc3kG-4H7zG-etFeeNifc1DkoXDAMu2xMQLZFJgzfr6Pk99Pb8rgkr2qcj8VBrjGnboOeba1i$
  you could invoke the ldapCreateAccount API


Regards,

Nicolas Vazquez

________
From: Yordan Kostov 
Sent: Thursday, May 13, 2021 9:58 AM
To: users@cloudstack.apache.org 
Subject: alternative Active directory config?

Hey everyone,

In 4.15 it seems there is no LDAP config button in the new GUI 
or the old GUI, so after LDAP sources are pointed and global config is set 
there is no way to actually pin groups to accounts.

  *   New 
https://urldefense.com/v3/__https://imgur.com/K4fN2Ax__;!!A6UyJA!w6Ptc3kG-4H7zG-etFeeNifc1DkoXDAMu2xMQLZFJgzfr6Pk99Pb8rgkr2qcj8VBrjGnbqAf6Nl2$
  *   Old 
https://urldefense.com/v3/__https://imgur.com/WuAvq4N__;!!A6UyJA!w6Ptc3kG-4H7zG-etFeeNifc1DkoXDAMu2xMQLZFJgzfr6Pk99Pb8rgkr2qcj8VBrjGnbnSRMfiQ$

I was wondering if there is an alternative way to configure LDAP accounts?

Best regards,
Jordan




11!


11!

RE: alternative Active directory config?

2021-05-19 Thread Yordan Kostov 
Hey everyone,

Is there a CLI command that can query LDAP/active directory 
configuration?
For example to list all users that ACS see based on the current config?

Best regards,
Jordan

-Original Message-
From: Yordan Kostov  
Sent: Tuesday, May 18, 2021 3:52 PM
To: users@cloudstack.apache.org
Subject: RE: alternative Active directory config?


[X] This message came from outside your organization


Hey everyone,

I do work on adding ldap to CS 4.15 through CLI but there is something 
I do not understand.
From this guide -> 
https://urldefense.com/v3/__http://docs.cloudstack.apache.org/en/4.15.0.0/adminguide/accounts.html*using-an-ldap-server-for-user-authentication__;Iw!!A6UyJA!0Zv6ffRfmVx3Nf2cwDpJVh17jH9cC5Hvo2CIyFjRrN4RokV05GlJjNgHf1Mg2XcQ$
I do try to configure option 3 - autosync of user groups.

The actual mapping is done through this commands:
- cloudmonkey -d json ldap createaccount account='juniors' 
accounttype=0 domainid=$MAPPEDDOMAIN1 username=bystander
- cloudmonkey -d json link accounttoldap account='juniors' 
accounttype=0 domainid=$MAPPEDDOMAIN1 
ldapdomain='cn=AcsJuniorAdmins,ou=AcsGroups,dc=cloudstack,dc=apache,dc=org' 
type=GROUP

Here is the commands I use - cloudmonkey -d json ldap createaccount 
account='DEVTEST' accounttype=0 domainid=$DomainID username=testuser
After this one I do get the following error:
- from command line: "No LDAP user exists with the username of test"
- from logs - ldap Exception:
javax.naming.ConfigurationException: java.naming.provider.url property does not 
contain a URL

Does the command require the username variable to exist ? Example from 
the guide states username as "bystander" which does not look so.
Also as the group is mapped to account why a user is required anyway?

Best regards,
Jordan

-Original Message-----
From: Yordan Kostov 
Sent: Thursday, May 13, 2021 4:18 PM
To: users@cloudstack.apache.org
Subject: RE: alternative Active directory config?


[X] This message came from outside your organization


Thank you Nicolas,

I am on it!

Regards,
Jordan

-Original Message-
From: Nicolas Vazquez 
Sent: Thursday, May 13, 2021 4:15 PM
To: users@cloudstack.apache.org
Subject: Re: alternative Active directory config?


[X] This message came from outside your organization


Hi Yordan,

Indeed, that seems missing in the new UI, but you can still configure LDAP 
accounts through the API. For example by installing CloudMonkey 
https://urldefense.com/v3/__https://github.com/apache/cloudstack-cloudmonkey/wiki__;!!A6UyJA!w6Ptc3kG-4H7zG-etFeeNifc1DkoXDAMu2xMQLZFJgzfr6Pk99Pb8rgkr2qcj8VBrjGnboOeba1i$
  you could invoke the ldapCreateAccount API


Regards,

Nicolas Vazquez

________
From: Yordan Kostov 
Sent: Thursday, May 13, 2021 9:58 AM
To: users@cloudstack.apache.org 
Subject: alternative Active directory config?

Hey everyone,

In 4.15 it seems there is no LDAP config button in the new GUI 
or the old GUI, so after LDAP sources are pointed and global config is set 
there is no way to actually pin groups to accounts.

  *   New 
https://urldefense.com/v3/__https://imgur.com/K4fN2Ax__;!!A6UyJA!w6Ptc3kG-4H7zG-etFeeNifc1DkoXDAMu2xMQLZFJgzfr6Pk99Pb8rgkr2qcj8VBrjGnbqAf6Nl2$
  *   Old 
https://urldefense.com/v3/__https://imgur.com/WuAvq4N__;!!A6UyJA!w6Ptc3kG-4H7zG-etFeeNifc1DkoXDAMu2xMQLZFJgzfr6Pk99Pb8rgkr2qcj8VBrjGnbnSRMfiQ$

I was wondering if there is an alternative way to configure LDAP accounts?

Best regards,
Jordan




11!


11!

RE: alternative Active directory config?

2021-05-18 Thread Yordan Kostov 
Hey everyone,

I do work on adding ldap to CS 4.15 through CLI but there is something 
I do not understand.
From this guide -> 
http://docs.cloudstack.apache.org/en/4.15.0.0/adminguide/accounts.html#using-an-ldap-server-for-user-authentication
I do try to configure option 3 - autosync of user groups.

The actual mapping is done through this commands:
- cloudmonkey -d json ldap createaccount account='juniors' 
accounttype=0 domainid=$MAPPEDDOMAIN1 username=bystander
- cloudmonkey -d json link accounttoldap account='juniors' 
accounttype=0 domainid=$MAPPEDDOMAIN1 
ldapdomain='cn=AcsJuniorAdmins,ou=AcsGroups,dc=cloudstack,dc=apache,dc=org' 
type=GROUP

Here is the commands I use - cloudmonkey -d json ldap createaccount 
account='DEVTEST' accounttype=0 domainid=$DomainID username=testuser
After this one I do get the following error:
- from command line: "No LDAP user exists with the username of test"
- from logs - ldap Exception:
javax.naming.ConfigurationException: java.naming.provider.url property does not 
contain a URL

Does the command require the username variable to exist ? Example from 
the guide states username as "bystander" which does not look so.
Also as the group is mapped to account why a user is required anyway?

Best regards,
Jordan

-Original Message-----
From: Yordan Kostov  
Sent: Thursday, May 13, 2021 4:18 PM
To: users@cloudstack.apache.org
Subject: RE: alternative Active directory config?


[X] This message came from outside your organization


Thank you Nicolas,

I am on it!

Regards,
Jordan

-Original Message-
From: Nicolas Vazquez 
Sent: Thursday, May 13, 2021 4:15 PM
To: users@cloudstack.apache.org
Subject: Re: alternative Active directory config?


[X] This message came from outside your organization


Hi Yordan,

Indeed, that seems missing in the new UI, but you can still configure LDAP 
accounts through the API. For example by installing CloudMonkey 
https://urldefense.com/v3/__https://github.com/apache/cloudstack-cloudmonkey/wiki__;!!A6UyJA!w6Ptc3kG-4H7zG-etFeeNifc1DkoXDAMu2xMQLZFJgzfr6Pk99Pb8rgkr2qcj8VBrjGnboOeba1i$
  you could invoke the ldapCreateAccount API


Regards,

Nicolas Vazquez

________
From: Yordan Kostov 
Sent: Thursday, May 13, 2021 9:58 AM
To: users@cloudstack.apache.org 
Subject: alternative Active directory config?

Hey everyone,

In 4.15 it seems there is no LDAP config button in the new GUI 
or the old GUI, so after LDAP sources are pointed and global config is set 
there is no way to actually pin groups to accounts.

  *   New 
https://urldefense.com/v3/__https://imgur.com/K4fN2Ax__;!!A6UyJA!w6Ptc3kG-4H7zG-etFeeNifc1DkoXDAMu2xMQLZFJgzfr6Pk99Pb8rgkr2qcj8VBrjGnbqAf6Nl2$
  *   Old 
https://urldefense.com/v3/__https://imgur.com/WuAvq4N__;!!A6UyJA!w6Ptc3kG-4H7zG-etFeeNifc1DkoXDAMu2xMQLZFJgzfr6Pk99Pb8rgkr2qcj8VBrjGnbnSRMfiQ$

I was wondering if there is an alternative way to configure LDAP accounts?

Best regards,
Jordan




11!

RE: alternative Active directory config?

2021-05-18 Thread Yordan Kostov 
Hi David,

I added LDAP servers as well as some configuration in Global settings 
but nothing appeared after relogging to the system.
Reboot of management did not help either. This is on CS 4.15.
Any tips on how to verify LDAP is being connected properly? May be that 
is the cause?

Best regards,
Jordan

-Original Message-
From: David Jumani  
Sent: Monday, May 17, 2021 6:52 AM
To: users@cloudstack.apache.org
Subject: Re: alternative Active directory config?


[X] This message came from outside your organization


Hi Yordan,

LDAP is enabled in the UI, it'll show up after you add an LDAP server under 
Configurations -> LDAP Configurations. Once you've added it log out and log 
back in again. You'll then be able to add LDAP users in the accounts section 

From: Yordan Kostov 
Sent: Thursday, May 13, 2021 6:28 PM
To: users@cloudstack.apache.org 
Subject: alternative Active directory config?

Hey everyone,

In 4.15 it seems there is no LDAP config button in the new GUI 
or the old GUI, so after LDAP sources are pointed and global config is set 
there is no way to actually pin groups to accounts.

  *   New 
https://urldefense.com/v3/__https://imgur.com/K4fN2Ax__;!!A6UyJA!2jofJ4n37vUc_2DvJ48HQLuLnW7s4a1lzIpweetHQqz7GqaUMyyQoUrdSEzRCUhHqDCYuntS6Qas$
  *   Old 
https://urldefense.com/v3/__https://imgur.com/WuAvq4N__;!!A6UyJA!2jofJ4n37vUc_2DvJ48HQLuLnW7s4a1lzIpweetHQqz7GqaUMyyQoUrdSEzRCUhHqDCYuhaIU699$

I was wondering if there is an alternative way to configure LDAP accounts?

Best regards,
Jordan

RE: Centos 7.9 - cloud-init password reset?

2021-05-18 Thread Yordan Kostov 
Thank you!

I've bookmarked it and will inspect.

Best regards,
Jordan 

-Original Message-
From: Alireza Eskandari  
Sent: Friday, May 14, 2021 6:32 PM
To: users@cloudstack.apache.org
Subject: Re: Centos 7.9 - cloud-init password reset?


[X] This message came from outside your organization


Take a look at this pr:
https://urldefense.com/v3/__https://github.com/apache/cloudstack/pull/4890__;!!A6UyJA!zQJCrkccoKKIueIboO3LVTStoYlc492UmJs0gmsY6zCK1ZxDjbw5TBh_qX36xFvCicZuBfsxw402$

On Fri, May 14, 2021, 17:08 Yordan Kostov  wrote:

> Hey Andrija and 조대형,
>
> Here is a script a threw
> https://urldefense.com/v3/__https://github.com/dredknight/cloud_scripts/blob/master/CloudStack-Xen/centos7_prep.bash__;!!A6UyJA!zQJCrkccoKKIueIboO3LVTStoYlc492UmJs0gmsY6zCK1ZxDjbw5TBh_qX36xFvCicZuBd9iY0Gi$
> It implements the following features:
> - some OS prep + install some packets
> - install cloud-init related packets
>
> Cloud-init features:
> - datasources -  sets as ConfigDrive and CloudStack as default 
> datasources
> - password + reset
> - makes password module run on every boot instead of 
> once per instance - - cloud.cfg
> - assigns user with name cloud-user to be integrated 
> with Cloudstack (initial password set + reset) - 80_root.cfg
> - autoextend root partition (only) upon resize from Cloudstack GUI
> - uses growpart to rewrite MBR tables - 50_growpartion.cfg
> - adds additional commands to extend PVS, VGS and LVS 
> after that - 51_extend_volume.cfg
>
> Script is in a bit of raw shape but it works.
> Currently I am doing similar script for Ubuntu.
>
> Thanks for the heads up Andrija, I have to do a documentation for the 
> team anyway so I better contribute to what is already existing instead 
> of doing it from scratch .
>
> Btw if anyone has some tips on the cloud-init feature for the SSH keys 
> I would like to add that too to the bundle.
>
> Best regards,
> Jordan
>
>
> -Original Message-
> From: 조대형 
> Sent: Friday, May 14, 2021 7:14 AM
> To: users@cloudstack.apache.org
> Subject: RE: Centos 7.9 - cloud-init password reset?
>
>
> [X] This message came from outside your organization
>
>
> Hi, Jordan.
>
> I am the one who is testing the same solution and need a solution.
> Can you share the knowledge?
>
> Thanks in advance.
>
> Thanks,
>
>
> -Original Message-
> From: Andrija Panic [mailto:andrija.pa...@gmail.com]
> Sent: Friday, May 14, 2021 7:24 AM
> To: users
> Subject: Re: Centos 7.9 - cloud-init password reset?
>
> Would it be nice if you could update the ACS documentation on the 
> password-reset script, to very briefly explain how the same can be 
> achieved with cloud-init, and what to look-for (i.e. issues you had 
> etc)
>
> This would help the product and other users which might have the same 
> issue.
>
> Thanks,
>
> On Thu, 13 May 2021 at 11:27, Yordan Kostov  wrote:
>
> > Thank you Alireza!
> >
> > I tested it and it is working!
> >
> > Best regards,
> > Jordan
> >
> > -Original Message-
> > From: Yordan Kostov 
> > Sent: Wednesday, May 12, 2021 1:17 PM
> > To: users@cloudstack.apache.org
> > Subject: RE: Centos 7.9 - cloud-init password reset?
> >
> >
> > [X] This message came from outside your organization
> >
> >
> > Thank you Alireza,
> >
> > I am currently reconfiguring the template from scratch and 
> > will test!
> >
> > Best regards,
> > Jordan
> >
> > -Original Message-
> > From: Alireza Eskandari 
> > Sent: Tuesday, May 11, 2021 5:09 PM
> > To: users@cloudstack.apache.org
> > Subject: Re: Centos 7.9 - cloud-init password reset?
> >
> >
> > [X] This message came from outside your organization
> >
> >
> > Hi
> > You should check log files in /run/cloud-init directory for the root
> cause.
> > If cloud-init cannot find the datasource, it won't run.
> > The better way to configure datasource in cloud-init is using 
> > ds-identify.cfg file Delete "/etc/cloud/cloud.cfg.d/99_cloudstack.cfg"
> > and create "/etc/cloud/ds-identify.cfg" file with this content:
> > datasource: ConfigDrive, CloudStack
> > Then check output of this command:
> > DEBUG_LEVEL=2 DI_LOG=stderr /usr/lib/cloud-init/ds-identify --force 
> > Unfortunately cloud-init is poorly documented and you should do some 
> > try and error to fix it.
> > Take a look at this link:
> >
> > https://urldefense.com/v3/

RE: Centos 7.9 - cloud-init password reset?

2021-05-14 Thread Yordan Kostov 
Here is script for Ubuntu. 
https://github.com/dredknight/cloud_scripts/blob/master/CloudStack-Xen/ubuntu_prep.bash
It does the same as what is mentioned for the Centos below.

Regards,
Jordan

-Original Message-
From: Yordan Kostov  
Sent: Friday, May 14, 2021 3:39 PM
To: users@cloudstack.apache.org
Subject: RE: Centos 7.9 - cloud-init password reset?


[X] This message came from outside your organization


Hey Andrija and 조대형,

Here is a script a threw 
https://urldefense.com/v3/__https://github.com/dredknight/cloud_scripts/blob/master/CloudStack-Xen/centos7_prep.bash__;!!A6UyJA!1Roqt0EjpUVyh6avhJD8lSc0GlHc4RS-CglULKVe8YcRBj3C0HHc3kqIHv9KQu8VG0dKnHHpydnr$
It implements the following features:
- some OS prep + install some packets
- install cloud-init related packets

Cloud-init features:
- datasources -  sets as ConfigDrive and CloudStack as default 
datasources
- password + reset
- makes password module run on every boot instead of once per 
instance - - cloud.cfg
- assigns user with name cloud-user to be integrated with 
Cloudstack (initial password set + reset) - 80_root.cfg
- autoextend root partition (only) upon resize from Cloudstack GUI
- uses growpart to rewrite MBR tables - 50_growpartion.cfg
- adds additional commands to extend PVS, VGS and LVS after 
that - 51_extend_volume.cfg

Script is in a bit of raw shape but it works.
Currently I am doing similar script for Ubuntu.

Thanks for the heads up Andrija, I have to do a documentation for the team 
anyway so I better contribute to what is already existing instead of doing it 
from scratch .

Btw if anyone has some tips on the cloud-init feature for the SSH keys I would 
like to add that too to the bundle.

Best regards,
Jordan


-Original Message-
From: 조대형 
Sent: Friday, May 14, 2021 7:14 AM
To: users@cloudstack.apache.org
Subject: RE: Centos 7.9 - cloud-init password reset?


[X] This message came from outside your organization


Hi, Jordan.

I am the one who is testing the same solution and need a solution.
Can you share the knowledge?

Thanks in advance.

Thanks,


-Original Message-
From: Andrija Panic [mailto:andrija.pa...@gmail.com]
Sent: Friday, May 14, 2021 7:24 AM
To: users
Subject: Re: Centos 7.9 - cloud-init password reset?

Would it be nice if you could update the ACS documentation on the 
password-reset script, to very briefly explain how the same can be achieved 
with cloud-init, and what to look-for (i.e. issues you had etc)

This would help the product and other users which might have the same issue.

Thanks,

On Thu, 13 May 2021 at 11:27, Yordan Kostov  wrote:

> Thank you Alireza!
>
> I tested it and it is working!
>
> Best regards,
> Jordan
>
> -Original Message-----
> From: Yordan Kostov 
> Sent: Wednesday, May 12, 2021 1:17 PM
> To: users@cloudstack.apache.org
> Subject: RE: Centos 7.9 - cloud-init password reset?
>
>
> [X] This message came from outside your organization
>
>
> Thank you Alireza,
>
> I am currently reconfiguring the template from scratch and 
> will test!
>
> Best regards,
> Jordan
>
> -Original Message-
> From: Alireza Eskandari 
> Sent: Tuesday, May 11, 2021 5:09 PM
> To: users@cloudstack.apache.org
> Subject: Re: Centos 7.9 - cloud-init password reset?
>
>
> [X] This message came from outside your organization
>
>
> Hi
> You should check log files in /run/cloud-init directory for the root cause.
> If cloud-init cannot find the datasource, it won't run.
> The better way to configure datasource in cloud-init is using 
> ds-identify.cfg file Delete "/etc/cloud/cloud.cfg.d/99_cloudstack.cfg"
> and create "/etc/cloud/ds-identify.cfg" file with this content:
> datasource: ConfigDrive, CloudStack
> Then check output of this command:
> DEBUG_LEVEL=2 DI_LOG=stderr /usr/lib/cloud-init/ds-identify --force 
> Unfortunately cloud-init is poorly documented and you should do some 
> try and error to fix it.
> Take a look at this link:
>
> https://urldefense.com/v3/__https://cloudinit.readthedocs.io/en/latest
> /topics/faq.html__;!!A6UyJA!2vfkFVGQOoMM0mDg1l-3C6bstn_Yp1e6L5bcnqYmIw
> w2wWMz3EgdTU6-DlC5Z-6zLeBde_X0gZxc$
>
> On Tue, May 11, 2021 at 7:52 AM Yordan Kostov 
> wrote:
>
> > Hey everyone,
> >
> > I try to use cloud-init for password reset but for 
> > some reason it does not work. I thought it is out of the box ☹. Here 
> > is my
> > config:
> >
> > == Centos 7.9  minimal
> >
> > yum -y install cloud-init cloud-utils-growpart systemctl enable 
> > cloud-init
> >
> > echo "datasource:
> > CloudStack: {}
> > None: {}
> > datasource_li

RE: Centos 7.9 - cloud-init password reset?

2021-05-14 Thread Yordan Kostov 
Hey Andrija and 조대형,

Here is a script a threw 
https://github.com/dredknight/cloud_scripts/blob/master/CloudStack-Xen/centos7_prep.bash
It implements the following features:
- some OS prep + install some packets
- install cloud-init related packets

Cloud-init features:
- datasources -  sets as ConfigDrive and CloudStack as default 
datasources
- password + reset  
- makes password module run on every boot instead of once per 
instance - - cloud.cfg
- assigns user with name cloud-user to be integrated with 
Cloudstack (initial password set + reset) - 80_root.cfg
- autoextend root partition (only) upon resize from Cloudstack GUI
- uses growpart to rewrite MBR tables - 50_growpartion.cfg
- adds additional commands to extend PVS, VGS and LVS after 
that - 51_extend_volume.cfg

Script is in a bit of raw shape but it works.
Currently I am doing similar script for Ubuntu. 

Thanks for the heads up Andrija, I have to do a documentation for the team 
anyway so I better contribute to what is already existing instead of doing it 
from scratch .

Btw if anyone has some tips on the cloud-init feature for the SSH keys I would 
like to add that too to the bundle.

Best regards,
Jordan


-Original Message-
From: 조대형  
Sent: Friday, May 14, 2021 7:14 AM
To: users@cloudstack.apache.org
Subject: RE: Centos 7.9 - cloud-init password reset?


[X] This message came from outside your organization


Hi, Jordan.

I am the one who is testing the same solution and need a solution.
Can you share the knowledge?

Thanks in advance.

Thanks,


-Original Message-
From: Andrija Panic [mailto:andrija.pa...@gmail.com]
Sent: Friday, May 14, 2021 7:24 AM
To: users
Subject: Re: Centos 7.9 - cloud-init password reset?

Would it be nice if you could update the ACS documentation on the 
password-reset script, to very briefly explain how the same can be achieved 
with cloud-init, and what to look-for (i.e. issues you had etc)

This would help the product and other users which might have the same issue.

Thanks,

On Thu, 13 May 2021 at 11:27, Yordan Kostov  wrote:

> Thank you Alireza!
>
> I tested it and it is working!
>
> Best regards,
> Jordan
>
> -Original Message-----
> From: Yordan Kostov 
> Sent: Wednesday, May 12, 2021 1:17 PM
> To: users@cloudstack.apache.org
> Subject: RE: Centos 7.9 - cloud-init password reset?
>
>
> [X] This message came from outside your organization
>
>
> Thank you Alireza,
>
> I am currently reconfiguring the template from scratch and 
> will test!
>
> Best regards,
> Jordan
>
> -Original Message-
> From: Alireza Eskandari 
> Sent: Tuesday, May 11, 2021 5:09 PM
> To: users@cloudstack.apache.org
> Subject: Re: Centos 7.9 - cloud-init password reset?
>
>
> [X] This message came from outside your organization
>
>
> Hi
> You should check log files in /run/cloud-init directory for the root cause.
> If cloud-init cannot find the datasource, it won't run.
> The better way to configure datasource in cloud-init is using 
> ds-identify.cfg file Delete "/etc/cloud/cloud.cfg.d/99_cloudstack.cfg" 
> and create "/etc/cloud/ds-identify.cfg" file with this content:
> datasource: ConfigDrive, CloudStack
> Then check output of this command:
> DEBUG_LEVEL=2 DI_LOG=stderr /usr/lib/cloud-init/ds-identify --force 
> Unfortunately cloud-init is poorly documented and you should do some 
> try and error to fix it.
> Take a look at this link:
>
> https://urldefense.com/v3/__https://cloudinit.readthedocs.io/en/latest
> /topics/faq.html__;!!A6UyJA!2vfkFVGQOoMM0mDg1l-3C6bstn_Yp1e6L5bcnqYmIw
> w2wWMz3EgdTU6-DlC5Z-6zLeBde_X0gZxc$
>
> On Tue, May 11, 2021 at 7:52 AM Yordan Kostov 
> wrote:
>
> > Hey everyone,
> >
> > I try to use cloud-init for password reset but for 
> > some reason it does not work. I thought it is out of the box ☹. Here 
> > is my
> > config:
> >
> > == Centos 7.9  minimal
> >
> > yum -y install cloud-init cloud-utils-growpart systemctl enable 
> > cloud-init
> >
> > echo "datasource:
> > CloudStack: {}
> > None: {}
> > datasource_list:
> > CloudStack" > /etc/cloud/cloud.cfg.d/99_cloudstack.cfg
> >
> >
> > echo "system_info:
> > default_user:
> >  name: root
> > disable_root: 0
> > ssh_pwauth: 1" > /etc/cloud/cloud.cfg.d/80_root.cfg
> >
> > First and foremost cloud-init does not run at all. There is noting 
> > in the logs /var/logs/cloud-init.log When launched manual via 
> > cloud-init init, logs say it is all successful but root password is not 
> > changed.
> >
> > Not sure If I do something wrong but everyplace I do read says it 
> > should be working without pretty much complications.
> > Do I do something wrong?
> >
> > Regards,
> > Jordan
> >
>


--

Andrija Panić

RE: alternative Active directory config?

2021-05-13 Thread Yordan Kostov 
Thank you Nicolas,

I am on it!

Regards,
Jordan

-Original Message-
From: Nicolas Vazquez  
Sent: Thursday, May 13, 2021 4:15 PM
To: users@cloudstack.apache.org
Subject: Re: alternative Active directory config?


[X] This message came from outside your organization


Hi Yordan,

Indeed, that seems missing in the new UI, but you can still configure LDAP 
accounts through the API. For example by installing CloudMonkey 
https://urldefense.com/v3/__https://github.com/apache/cloudstack-cloudmonkey/wiki__;!!A6UyJA!w6Ptc3kG-4H7zG-etFeeNifc1DkoXDAMu2xMQLZFJgzfr6Pk99Pb8rgkr2qcj8VBrjGnboOeba1i$
  you could invoke the ldapCreateAccount API


Regards,

Nicolas Vazquez


From: Yordan Kostov 
Sent: Thursday, May 13, 2021 9:58 AM
To: users@cloudstack.apache.org 
Subject: alternative Active directory config?

Hey everyone,

In 4.15 it seems there is no LDAP config button in the new GUI 
or the old GUI, so after LDAP sources are pointed and global config is set 
there is no way to actually pin groups to accounts.

  *   New 
https://urldefense.com/v3/__https://imgur.com/K4fN2Ax__;!!A6UyJA!w6Ptc3kG-4H7zG-etFeeNifc1DkoXDAMu2xMQLZFJgzfr6Pk99Pb8rgkr2qcj8VBrjGnbqAf6Nl2$
  *   Old 
https://urldefense.com/v3/__https://imgur.com/WuAvq4N__;!!A6UyJA!w6Ptc3kG-4H7zG-etFeeNifc1DkoXDAMu2xMQLZFJgzfr6Pk99Pb8rgkr2qcj8VBrjGnbnSRMfiQ$

I was wondering if there is an alternative way to configure LDAP accounts?

Best regards,
Jordan

alternative Active directory config?

2021-05-13 Thread Yordan Kostov 
Hey everyone,

In 4.15 it seems there is no LDAP config button in the new GUI 
or the old GUI, so after LDAP sources are pointed and global config is set 
there is no way to actually pin groups to accounts.

  *   New https://imgur.com/K4fN2Ax
  *   Old https://imgur.com/WuAvq4N

I was wondering if there is an alternative way to configure LDAP accounts?

Best regards,
Jordan

RE: Centos 7.9 - cloud-init password reset?

2021-05-13 Thread Yordan Kostov 
Thank you Alireza!

I tested it and it is working! 

Best regards,
Jordan

-Original Message-
From: Yordan Kostov  
Sent: Wednesday, May 12, 2021 1:17 PM
To: users@cloudstack.apache.org
Subject: RE: Centos 7.9 - cloud-init password reset?


[X] This message came from outside your organization


Thank you Alireza,

I am currently reconfiguring the template from scratch and will test!

Best regards,
Jordan

-Original Message-
From: Alireza Eskandari 
Sent: Tuesday, May 11, 2021 5:09 PM
To: users@cloudstack.apache.org
Subject: Re: Centos 7.9 - cloud-init password reset?


[X] This message came from outside your organization


Hi
You should check log files in /run/cloud-init directory for the root cause.
If cloud-init cannot find the datasource, it won't run.
The better way to configure datasource in cloud-init is using ds-identify.cfg 
file Delete "/etc/cloud/cloud.cfg.d/99_cloudstack.cfg" and create 
"/etc/cloud/ds-identify.cfg" file with this content:
datasource: ConfigDrive, CloudStack
Then check output of this command:
DEBUG_LEVEL=2 DI_LOG=stderr /usr/lib/cloud-init/ds-identify --force 
Unfortunately cloud-init is poorly documented and you should do some try and 
error to fix it.
Take a look at this link:
https://urldefense.com/v3/__https://cloudinit.readthedocs.io/en/latest/topics/faq.html__;!!A6UyJA!2vfkFVGQOoMM0mDg1l-3C6bstn_Yp1e6L5bcnqYmIww2wWMz3EgdTU6-DlC5Z-6zLeBde_X0gZxc$

On Tue, May 11, 2021 at 7:52 AM Yordan Kostov  wrote:

> Hey everyone,
>
> I try to use cloud-init for password reset but for 
> some reason it does not work. I thought it is out of the box ☹. Here 
> is my
> config:
>
> == Centos 7.9  minimal
>
> yum -y install cloud-init cloud-utils-growpart systemctl enable 
> cloud-init
>
> echo "datasource:
> CloudStack: {}
> None: {}
> datasource_list:
> CloudStack" > /etc/cloud/cloud.cfg.d/99_cloudstack.cfg
>
>
> echo "system_info:
> default_user:
>  name: root
> disable_root: 0
> ssh_pwauth: 1" > /etc/cloud/cloud.cfg.d/80_root.cfg
>
> First and foremost cloud-init does not run at all. There is noting in 
> the logs /var/logs/cloud-init.log When launched manual via cloud-init 
> init, logs say it is all successful but root password is not changed.
>
> Not sure If I do something wrong but everyplace I do read says it 
> should be working without pretty much complications.
> Do I do something wrong?
>
> Regards,
> Jordan
>

RE: Failed to add VMware DC...

2021-05-12 Thread Yordan Kostov 
No problem Corey,

I don't think that is documented anywhere. Cloudstack marks the 
DCs that are under its supervision so when you re-add them it thinks they are 
already managed. To remove the mark:

  *   Go to vCenter
  *   Right click on the DC -> Tags and custom attributes -> Edit custom 
attributes.
  *   Delete the attribute with name cloud.zone
  *   Try to add the DC again to Cloudstack

Btw I am making a list of things that needs to be updated in the documentation 
so if anyone have any similar notes but do not have time to add, let me know.
I am working towards a POC in the end of the month but after that I will 
occasionally start contributing.

Regards,
Jordan

From: Corey, Mike 
Sent: Tuesday, May 11, 2021 6:08 PM
To: users@cloudstack.apache.org
Subject: Failed to add VMware DC...


[X]This message came from outside your organization

Sorry to keep you so busy today...

Needless to say my initial zone creation failed.  I have removed the custom 
attributes in vCenter; however I'm still getting the error below when trying to 
run through the zone wizard again.

"Failed to add VMware DC to zone due to : This DC is being managed by other 
CloudStack deployment. Cannot add this DC to zone."

As said, I removed the custom attributes and restarted ACS.

https://basu.co.in/2014/10/28/how-to-re-use-vcenter-in-cloudstack/
https://support.accelerite.com/hc/en-us/articles/360030933432-This-DC-is-already-part-of-other-CloudStack-zone-s-Cannot-add-this-DC-to-more-zones-

Is there something I need to clean up in the SQL?


Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E 
mike.co...@sap.com


[cid:image001.png@01D74655.E9BF6CC0]

RE: Centos 7.9 - cloud-init password reset?

2021-05-12 Thread Yordan Kostov 
Thank you Alireza,

I am currently reconfiguring the template from scratch and will test!

Best regards,
Jordan

-Original Message-
From: Alireza Eskandari  
Sent: Tuesday, May 11, 2021 5:09 PM
To: users@cloudstack.apache.org
Subject: Re: Centos 7.9 - cloud-init password reset?


[X] This message came from outside your organization


Hi
You should check log files in /run/cloud-init directory for the root cause.
If cloud-init cannot find the datasource, it won't run.
The better way to configure datasource in cloud-init is using ds-identify.cfg 
file Delete "/etc/cloud/cloud.cfg.d/99_cloudstack.cfg" and create 
"/etc/cloud/ds-identify.cfg" file with this content:
datasource: ConfigDrive, CloudStack
Then check output of this command:
DEBUG_LEVEL=2 DI_LOG=stderr /usr/lib/cloud-init/ds-identify --force 
Unfortunately cloud-init is poorly documented and you should do some try and 
error to fix it.
Take a look at this link:
https://urldefense.com/v3/__https://cloudinit.readthedocs.io/en/latest/topics/faq.html__;!!A6UyJA!2vfkFVGQOoMM0mDg1l-3C6bstn_Yp1e6L5bcnqYmIww2wWMz3EgdTU6-DlC5Z-6zLeBde_X0gZxc$

On Tue, May 11, 2021 at 7:52 AM Yordan Kostov  wrote:

> Hey everyone,
>
> I try to use cloud-init for password reset but for 
> some reason it does not work. I thought it is out of the box ☹. Here 
> is my
> config:
>
> == Centos 7.9  minimal
>
> yum -y install cloud-init cloud-utils-growpart systemctl enable 
> cloud-init
>
> echo "datasource:
> CloudStack: {}
> None: {}
> datasource_list:
> CloudStack" > /etc/cloud/cloud.cfg.d/99_cloudstack.cfg
>
>
> echo "system_info:
> default_user:
>  name: root
> disable_root: 0
> ssh_pwauth: 1" > /etc/cloud/cloud.cfg.d/80_root.cfg
>
> First and foremost cloud-init does not run at all. There is noting in 
> the logs /var/logs/cloud-init.log When launched manual via cloud-init 
> init, logs say it is all successful but root password is not changed.
>
> Not sure If I do something wrong but everyplace I do read says it 
> should be working without pretty much complications.
> Do I do something wrong?
>
> Regards,
> Jordan
>

RE: Initial Zone Setup Wizard

2021-05-12 Thread Yordan Kostov 
Hello Mike,

For VMware it should be the name of the standard switch. Usually it is 
vSwitch0 
You can also use the name of the vDS switch but I never tried that 
config so I don't know if further config is necessary.

Best regards,
Jordan

-Original Message-
From: Corey, Mike  
Sent: Tuesday, May 11, 2021 5:08 PM
To: users@cloudstack.apache.org
Subject: RE: Initial Zone Setup Wizard


[X] This message came from outside your organization


Thanks for the reply Harikrishna,

This information is helpful, but doesn't answer my question.  The "Traffic 
Label" is found on the physical network wizard screen - when you click the 
pencil "edit" on traffic type.  You have to provide a Traffic Label; however 
I'm not sure what to put here.  For VMware, is it the port group name of the 
network or anything I want to name it?

ERROR: "Error in configuration! All required traffic types should be added and 
with multiple physical networks each network should have a label."

Mike



-Original Message-
From: Harikrishna Patnala 
Sent: Monday, May 10, 2021 11:50 PM
To: users@cloudstack.apache.org
Subject: Re: Initial Zone Setup Wizard

Hi Mike,

In 4.15, new UI has only option to setup advanced zone. If you want to setup 
basic zone in 4.15 you can use legacy UI (x.x.x.x:8080/client/legacy/). FYI the 
basic zone wizard is restored in 4.15.1 version of CloudStack 
(https://urldefense.com/v3/__https://github.com/apache/cloudstack/pull/4882__;!!A6UyJA!wdtqZBpWfQPscWXAwWjozLLJvGe3SpF7H3isk3sXge57RXnvKTKYILxFlzk_ZHd06hho-7VAlQZn$
 )

I cannot see your images in the email, I guess you are talking about traffic 
labels for guest traffic for private gateway 
(https://urldefense.com/v3/__http://docs.cloudstack.apache.org/projects/archived-cloudstack-administration/en/latest/networking_and_traffic.html*guest-traffic-for-private-gateway__;Iw!!A6UyJA!wdtqZBpWfQPscWXAwWjozLLJvGe3SpF7H3isk3sXge57RXnvKTKYILxFlzk_ZHd06hho-6v3kdPY$
 ). If you want to understand the complete network concepts of CloudStack and 
decide on which zone to use (either basic or advanced) you can go through this 
link 
https://urldefense.com/v3/__http://docs.cloudstack.apache.org/projects/archived-cloudstack-administration/en/latest/networking_and_traffic.html*__;Iw!!A6UyJA!wdtqZBpWfQPscWXAwWjozLLJvGe3SpF7H3isk3sXge57RXnvKTKYILxFlzk_ZHd06hho-wLn12q_$
Managing Networks and Traffic - Apache CloudStack Administration Documentation 
4.11.0.0 documentation - Apache CloudStack 4.15.0.0 
documentation Managing Networks and Traffic¶. In a CloudStack, guest VMs can communicate 
with each other using shared infrastructure with the security and user 
perception that the guests have a private LAN.
docs.cloudstack.apache.org

Managing Networks and Traffic - Apache CloudStack Administration Documentation 
4.11.0.0 documentation - Apache CloudStack 4.15.0.0 
documentation Managing Networks and Traffic¶. In a CloudStack, guest VMs can communicate 
with each other using shared infrastructure with the security and user 
perception that the guests have a private LAN.
docs.cloudstack.apache.org
Regards,
Harikrishna


From: Corey, Mike 
Sent: Tuesday, May 11, 2021 2:02 AM
To: users@cloudstack.apache.org 
Subject: Initial Zone Setup Wizard


Hi,



I'm starting up the new 4.15 ui and trying to create my first zone.  The new UI 
is very nice; however, I'm not sure I can select the "Advanced" wizard option.  
The only "clickable" thing on this screen is NEXT.  Am I supposed to be able to 
click on "Advanced" to go through that wizard versus the basic wizard?



[cid:image003.jpg@01D745BA.0D550BF0]



Next question is regarding "Traffic Label" on the Physical Network window.  
What should the labels be?  Could I get some clarity on this please?



[cid:image006.jpg@01D745BA.0D550BF0]









Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com



[cid:image007.png@01D745BA.0D550BF0]

Centos 7.9 - cloud-init password reset?

2021-05-11 Thread Yordan Kostov 
Hey everyone,

I try to use cloud-init for password reset but for some reason 
it does not work. I thought it is out of the box ☹. Here is my config:

== Centos 7.9  minimal

yum -y install cloud-init cloud-utils-growpart
systemctl enable cloud-init

echo "datasource:
CloudStack: {}
None: {}
datasource_list:
CloudStack" > /etc/cloud/cloud.cfg.d/99_cloudstack.cfg


echo "system_info:
default_user:
 name: root
disable_root: 0
ssh_pwauth: 1" > /etc/cloud/cloud.cfg.d/80_root.cfg

First and foremost cloud-init does not run at all. There is noting in the logs 
/var/logs/cloud-init.log
When launched manual via cloud-init init, logs say it is all successful but 
root password is not changed.

Not sure If I do something wrong but everyplace I do read says it should be 
working without pretty much complications.
Do I do something wrong?

Regards,
Jordan

Re: Template is not being downloaded

2021-05-07 Thread Yordan Kostov 
Another cause for this is if the ssvm public ip do not have access to the 
internet (or to the internal resource) where the url resides.

Regards,
Jordan

From: Nicolas Vazquez 
Date: Fri, May 7, 2021, 20:01
To: users@cloudstack.apache.org
Subject: Re: Template is not being downloaded


[X] This message came from outside your organization


Hi Fariborz,

Can you try to destroy/recreate the SSVM? If then the issue persist please 
check and share the /var/log/cloud.log file in the SSVM which may indicate the 
error.


Regards,

Nicolas Vazquez


From: Fariborz Navidan 
Sent: Friday, May 7, 2021 1:14 PM
To: users@cloudstack.apache.org 
Subject: Template is not being downloaded

Hello,

CloudstAck does not download templates from a given URL. The status of the
template keeps to be Active but it does not start downloading. I have
already ran SSVM check script on SSVM and all tests are good. How do I
resolve it?

Thanks

RE: cannot create template?

2021-05-07 Thread Yordan Kostov 
NFS is now able to mount for template provisioning.
Updated the XCPNG hosts and reboot and voila it is working!

So little thing to cause so much trouble.
Thank you for the tips Harikrishna! 

By the way how do you find what command Cloudstack is using at such occasions?
It is a nice approach for troubleshooting purposes.

Regards,
Jordan

-Original Message-
From: Yordan Kostov  
Sent: Friday, May 7, 2021 11:10 AM
To: users@cloudstack.apache.org
Subject: RE: cannot create template?


[X] This message came from outside your organization


Thank you for the tip!
This command actually those not work - "mount -o soft,tcp,timeo=133,retrans=1 
 "
Verbose output reports:

mount.nfs: timeout set for Fri May  7 09:58:35 2021
mount.nfs: trying text-based options 
'soft,tcp,timeo=10,retrans=1,vers=4.1,addr=A.A.A.A,clientaddr=B.B.B.B'
mount.nfs: mount(2): Input/output error
mount.nfs: mount system call failed

My previous tests (and cloudstack mounts) that were working were all on NFSv3. 
This is very weird that certain  Cloudstack mounts are made through NFSv3 and 
others through v4.

I do tried to mount nfs v4 from XenCenter and it failed the same way.
- there is nothing in the XCPNG logs - SMlog or xensource log
- there is no traffic coming to the NFS server nor any traffic is seen on the 
firewall.

I believe there is something wrong with the XCP and Nfs v4 mount request, as 
soon as execute the command with NFS v3 specified it works "mount -o 
soft,tcp,timeo=133,retrans=1, vers=3  "

I will continue to investigate.

Regards,
Jordan


-Original Message-
From: Harikrishna Patnala 
Sent: Thursday, May 6, 2021 5:43 AM
To: users@cloudstack.apache.org
Subject: Re: cannot create template?


[X] This message came from outside your organization


Hi Jordon,

You can try running the below mount command on XCP host which runs during this 
operation to see what is the actual mount problem, you can check it in verbose 
mode too.
"mount -o soft,tcp,timeo=133,retrans=1  "

The other error raises a concern of adding unsupported XCP 8.2 version is added 
properly in CloudStack. I see your previous email thread about XCP-ng 8.2 
support.

"Failed to create templateUnsupported command issued: 
org.apache.cloudstack.storage.command.CopyCommand. Are you sure you got the 
right type of server?"

Can you check around the above exception if you get any clue around why exactly 
it failed. You can try the same operations with some lower versions of XCP-ng 
and see if it fails there too.

Regards,
Harikrishna
____
From: Yordan Kostov 
Sent: Wednesday, May 5, 2021 6:17 PM
To: users@cloudstack.apache.org 
Subject: RE: cannot create template?

It seems the host tries to mount the NFS and move the template there.
Unfortunately it cannot happen even though NFS can be mounted manualy or 
through Cloudstack when instances are deployed.

Output from XCPNG log files -> /var/log/cloud/cloud.log the following messages 
are seen.

DEBUG [root] Unexpected error while trying to mount x.x.x.x:/var/secondary to 
/var/run/cloud_mount/5c3a0c95-719c-4b1b-9d09-77f1dd475003
DEBUG [root] create_secondary_storage_folder failed.
DEBUG [root] CommandException raised while trying to umount 
/var/run/cloud_mount/5c3a0c95-719c-4b1b-9d09-77f1dd475003
DEBUG [root]  CLOUD enter  delete_secondary_storage_folder  DEBUG 
[root] delete_secondary_storage_folder, args: {'folder': 'template/tmpl/2/211', 
'remoteMountPath': 'x.x.x.x:/var/secondary'} DEBUG [root] Unexpected error 
while trying to mount x.x.x.x:/var/secondary to 
/var/run/cloud_mount/244482cf-48e4-4acf-bcd3-6c37bfac5014
DEBUG [root] delete_secondary_storage_folder failed.
DEBUG [root] CommandException raised while trying to umount 
/var/run/cloud_mount/244482cf-48e4-4acf-bcd3-6c37bfac5014

NFS firewall and XCPNG iptables are disabled.

Best regards,
Jordan




From: Yordan Kostov
Sent: Wednesday, May 5, 2021 1:15 PM
To: 'users@cloudstack.apache.org' 
Subject: cannot create template?

Hey everyone,

Bumped into the following error today while trying to create a 
template from ROOT volume.
Environment is: CS 4.15 + XCPNG 8.2 + presetup - Fiber storage

The process failed with the following error message in the 
management server logs:
callHostPlugin failed for cmd: create_secondary_storage_folder with args 
remoteMountPath: X.X.X.X:/var/secondary, newFolder: template/tmpl/2/206,  due 
to There was a failure communicating with the plugin.

GUI error is - (Centos 7) Failed to create templateUnsupported 
command issued: org.apache.cloudstack.storage.command.CopyCommand. Are you sure 
you got the right type of server?

I am not really sure where to start here, there are no 
blockages on the networking side, also the NFS can mount to the hosts 
successfully and instances can be deployed from ISOs.

Best Regards,
Jordan

11!

RE: cannot create template?

2021-05-07 Thread Yordan Kostov 
Thank you for the tip!
This command actually those not work - "mount -o soft,tcp,timeo=133,retrans=1 
 "
Verbose output reports:

mount.nfs: timeout set for Fri May  7 09:58:35 2021
mount.nfs: trying text-based options 
'soft,tcp,timeo=10,retrans=1,vers=4.1,addr=A.A.A.A,clientaddr=B.B.B.B'
mount.nfs: mount(2): Input/output error
mount.nfs: mount system call failed

My previous tests (and cloudstack mounts) that were working were all on NFSv3. 
This is very weird that certain  Cloudstack mounts are made through NFSv3 and 
others through v4. 

I do tried to mount nfs v4 from XenCenter and it failed the same way.
- there is nothing in the XCPNG logs - SMlog or xensource log
- there is no traffic coming to the NFS server nor any traffic is seen on the 
firewall.

I believe there is something wrong with the XCP and Nfs v4 mount request, as 
soon as execute the command with NFS v3 specified it works
"mount -o soft,tcp,timeo=133,retrans=1, vers=3  "

I will continue to investigate.

Regards,
Jordan


-Original Message-
From: Harikrishna Patnala  
Sent: Thursday, May 6, 2021 5:43 AM
To: users@cloudstack.apache.org
Subject: Re: cannot create template?


[X] This message came from outside your organization


Hi Jordon,

You can try running the below mount command on XCP host which runs during this 
operation to see what is the actual mount problem, you can check it in verbose 
mode too.
"mount -o soft,tcp,timeo=133,retrans=1  "

The other error raises a concern of adding unsupported XCP 8.2 version is added 
properly in CloudStack. I see your previous email thread about XCP-ng 8.2 
support.

"Failed to create templateUnsupported command issued: 
org.apache.cloudstack.storage.command.CopyCommand. Are you sure you got the 
right type of server?"

Can you check around the above exception if you get any clue around why exactly 
it failed. You can try the same operations with some lower versions of XCP-ng 
and see if it fails there too.

Regards,
Harikrishna
____
From: Yordan Kostov 
Sent: Wednesday, May 5, 2021 6:17 PM
To: users@cloudstack.apache.org 
Subject: RE: cannot create template?

It seems the host tries to mount the NFS and move the template there.
Unfortunately it cannot happen even though NFS can be mounted manualy or 
through Cloudstack when instances are deployed.

Output from XCPNG log files -> /var/log/cloud/cloud.log the following messages 
are seen.

DEBUG [root] Unexpected error while trying to mount x.x.x.x:/var/secondary to 
/var/run/cloud_mount/5c3a0c95-719c-4b1b-9d09-77f1dd475003
DEBUG [root] create_secondary_storage_folder failed.
DEBUG [root] CommandException raised while trying to umount 
/var/run/cloud_mount/5c3a0c95-719c-4b1b-9d09-77f1dd475003
DEBUG [root]  CLOUD enter  delete_secondary_storage_folder  DEBUG 
[root] delete_secondary_storage_folder, args: {'folder': 'template/tmpl/2/211', 
'remoteMountPath': 'x.x.x.x:/var/secondary'} DEBUG [root] Unexpected error 
while trying to mount x.x.x.x:/var/secondary to 
/var/run/cloud_mount/244482cf-48e4-4acf-bcd3-6c37bfac5014
DEBUG [root] delete_secondary_storage_folder failed.
DEBUG [root] CommandException raised while trying to umount 
/var/run/cloud_mount/244482cf-48e4-4acf-bcd3-6c37bfac5014

NFS firewall and XCPNG iptables are disabled.

Best regards,
Jordan




From: Yordan Kostov
Sent: Wednesday, May 5, 2021 1:15 PM
To: 'users@cloudstack.apache.org' 
Subject: cannot create template?

Hey everyone,

Bumped into the following error today while trying to create a 
template from ROOT volume.
Environment is: CS 4.15 + XCPNG 8.2 + presetup - Fiber storage

The process failed with the following error message in the 
management server logs:
callHostPlugin failed for cmd: create_secondary_storage_folder with args 
remoteMountPath: X.X.X.X:/var/secondary, newFolder: template/tmpl/2/206,  due 
to There was a failure communicating with the plugin.

GUI error is - (Centos 7) Failed to create templateUnsupported 
command issued: org.apache.cloudstack.storage.command.CopyCommand. Are you sure 
you got the right type of server?

I am not really sure where to start here, there are no 
blockages on the networking side, also the NFS can mount to the hosts 
successfully and instances can be deployed from ISOs.

Best Regards,
Jordan

RE: cannot create template?

2021-05-05 Thread Yordan Kostov 
It seems the host tries to mount the NFS and move the template there.
Unfortunately it cannot happen even though NFS can be mounted manualy or 
through Cloudstack when instances are deployed.

Output from XCPNG log files -> /var/log/cloud/cloud.log the following messages 
are seen.

DEBUG [root] Unexpected error while trying to mount x.x.x.x:/var/secondary to 
/var/run/cloud_mount/5c3a0c95-719c-4b1b-9d09-77f1dd475003
DEBUG [root] create_secondary_storage_folder failed.
DEBUG [root] CommandException raised while trying to umount 
/var/run/cloud_mount/5c3a0c95-719c-4b1b-9d09-77f1dd475003
DEBUG [root]  CLOUD enter  delete_secondary_storage_folder 
DEBUG [root] delete_secondary_storage_folder, args: {'folder': 
'template/tmpl/2/211', 'remoteMountPath': 'x.x.x.x:/var/secondary'}
DEBUG [root] Unexpected error while trying to mount x.x.x.x:/var/secondary to 
/var/run/cloud_mount/244482cf-48e4-4acf-bcd3-6c37bfac5014
DEBUG [root] delete_secondary_storage_folder failed.
DEBUG [root] CommandException raised while trying to umount 
/var/run/cloud_mount/244482cf-48e4-4acf-bcd3-6c37bfac5014

NFS firewall and XCPNG iptables are disabled.

Best regards,
Jordan

From: Yordan Kostov
Sent: Wednesday, May 5, 2021 1:15 PM
To: 'users@cloudstack.apache.org' 
Subject: cannot create template?

Hey everyone,

Bumped into the following error today while trying to create a 
template from ROOT volume.
Environment is: CS 4.15 + XCPNG 8.2 + presetup - Fiber storage

The process failed with the following error message in the 
management server logs:
callHostPlugin failed for cmd: create_secondary_storage_folder with args 
remoteMountPath: X.X.X.X:/var/secondary, newFolder: template/tmpl/2/206,  due 
to There was a failure communicating with the plugin.

GUI error is - (Centos 7) Failed to create templateUnsupported 
command issued: org.apache.cloudstack.storage.command.CopyCommand. Are you sure 
you got the right type of server?

I am not really sure where to start here, there are no 
blockages on the networking side, also the NFS can mount to the hosts 
successfully and instances can be deployed from ISOs.

Best Regards,
Jordan

cannot create template?

2021-05-05 Thread Yordan Kostov 
Hey everyone,

Bumped into the following error today while trying to create a 
template from ROOT volume.
Environment is: CS 4.15 + XCPNG 8.2 + presetup - Fiber storage

The process failed with the following error message in the 
management server logs:
callHostPlugin failed for cmd: create_secondary_storage_folder with args 
remoteMountPath: X.X.X.X:/var/secondary, newFolder: template/tmpl/2/206,  due 
to There was a failure communicating with the plugin.

GUI error is - (Centos 7) Failed to create templateUnsupported 
command issued: org.apache.cloudstack.storage.command.CopyCommand. Are you sure 
you got the right type of server?

I am not really sure where to start here, there are no 
blockages on the networking side, also the NFS can mount to the hosts 
successfully and instances can be deployed from ISOs.

Best Regards,
Jordan

  1   2   >