RE: plain text authenticator
Are all authentication plugins loaded by default and working in an authentication chain? Otherwise why should we keep the hash type in DB? -Original Message- From: Darren Shepherd [mailto:darren.s.sheph...@gmail.com] Sent: Thursday, September 12, 2013 9:56 AM To: dev@cloudstack.apache.org Subject: plain text authenticator So if you set your password as blah and it gets hashed to xyz and stored in the users table. Because of the plain text authenticator, you can use that hashed value as your password now. So specifically the below will work. http://localhost:8080/client/api?command=loginusername=userpassword=b lah http://localhost:8080/client/api?command=loginusername=userpassword=x yz This seems bad. Go and try it yourself (just be careful about URL encoding, + should be %2b). So because of the existence of the plain text authenticator, passwords are still plain text but they just happen to be long random strings. Typically in an auth system you store the hashing type with the hashed value. So then the plain text authenticator would not even attempt to compare values because it would see the value was hashed by a different authenticator. Darren
Problem with cloud.storage_pool's used_bytes
Hi, I just set up a single zone with one KVM host using master. My CPVM and SSVM are up and running nicely. When I look at the storage_pool table, however, I'm concerned with what I see for the used_bytes field: 18,218,356,736 (below). This seems way too large (almost consuming all of the local space on my KVM host). I wonder if this isn't instead available_bytes. I believe available_bytes was changed to used_bytes in 4.2 and it looks like this may not be working properly in this scenario. Thoughts? Thanks! 1 ubuntu Local Storage a4f6428e-8cfd-41f8-b755-b177ad0315f3 Filesystem 0 1 1 1 18218356736 20332810240 192.168.233.10 /var/lib/libvirt/images 2013-09-13 00:47:39 Up DefaultPrimary HOST 0 -- *Mike Tutkowski* *Senior CloudStack Developer, SolidFire Inc.* e: mike.tutkow...@solidfire.com o: 303.746.7302 Advancing the way the world uses the cloudhttp://solidfire.com/solution/overview/?video=play *™*
Re: Problem with cloud.storage_pool's used_bytes
So, being that I'm new to KVM, I'm wondering if I didn't somehow do this to myself by not restoring from a snapshot when I created a new CloudStack environment (I cleaned out the CS DB, but did not start over from a clean snapshot of my KVM host). It says my KVM local storage for CloudStack is here: /var/lib/libvirt/images When I look in Virtual Machine Manager, however, it only shows the VMs that I would expect to be running: CPVM and SSVM (one of each). Is it possible there are other old, unused VMs lying around from my previous CS install and, if so, how might I be able to detect those and delete them? It's easy to find out and delete with XenServer and ESX...I'm just not that familiar with how to do this with KVM. Thanks! On Thu, Sep 12, 2013 at 7:09 PM, Mike Tutkowski mike.tutkow...@solidfire.com wrote: Hi, I just set up a single zone with one KVM host using master. My CPVM and SSVM are up and running nicely. When I look at the storage_pool table, however, I'm concerned with what I see for the used_bytes field: 18,218,356,736 (below). This seems way too large (almost consuming all of the local space on my KVM host). I wonder if this isn't instead available_bytes. I believe available_bytes was changed to used_bytes in 4.2 and it looks like this may not be working properly in this scenario. Thoughts? Thanks! 1 ubuntu Local Storage a4f6428e-8cfd-41f8-b755-b177ad0315f3 Filesystem 0 1 1 1 18218356736 20332810240 192.168.233.10 /var/lib/libvirt/images 2013-09-13 00:47:39 Up DefaultPrimary HOST 0 -- *Mike Tutkowski* *Senior CloudStack Developer, SolidFire Inc.* e: mike.tutkow...@solidfire.com o: 303.746.7302 Advancing the way the world uses the cloudhttp://solidfire.com/solution/overview/?video=play *™* -- *Mike Tutkowski* *Senior CloudStack Developer, SolidFire Inc.* e: mike.tutkow...@solidfire.com o: 303.746.7302 Advancing the way the world uses the cloudhttp://solidfire.com/solution/overview/?video=play *™*
win7+cygwin+cloudstack having a problem
I am according to the github cloudstack source code for INSTANL.md 1、cygwin is goode 2、database is goode 3、mvn -pl :cloud-client-ui jetty:run exception detail: lassPostProcessor$ImportAwareBeanPostProcessor#0]; root of factory hierarchy ERROR [web.context.ContextLoader] (main:) Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'niciraNvpDaoImpl' defined in class path resource [componentContext.xml]: BeanPostProcessor before instantiation of bean failed; nested exception is net.sf.cglib.core.CodeGenerationException: java.lang.reflect.InvocationTargetException--null at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:452) at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294) at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193) at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:609) at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:918) what wrong? Thanks 云计算基础架构师 Github:https://github.com/heidsoftWeibo: http://weibo.com/liuganbin 研究方向:云计算(云安全)、大数据(数据处理分析) 主要学习: Linux / C / C++ / JAVA /Python Email:heids...@sina.com Tell:18601706743
Re: [DISCUSS] Gearing up for an official CloudMonkey independent release
On Tue, Aug 27, 2013 at 01:42:04PM +0530, Rohit Yadav wrote: On Mon, Aug 26, 2013 at 10:57 PM, Chip Childers chip.child...@sungard.com wrote: Hi all, I'm looking at what it's going to take to get CloudMonkey out as an official release. Thanks Chip for taking this further. Here's what I believe needs to be done: 1) Legal doc check (I think we're good here, since I just added the NOTICE file) I don't see any NOTICE file in tree? https://git-wip-us.apache.org/repos/asf?p=cloudstack-cloudmonkey.git;a=tree pushing helps. done 2) Release process document 3) Add an initial pre-cache file to the repo itself. I want to do this, so that it doesn't require you to have a running 4.1+ ACS install in order to do a CloudMonkey build. +1 I thought about doing it, but then decided not to within the repo but all existing cloudmonkey releases on pypi have the precache bundled with them, there is a build step in the Makefile which does that. The problem I have with that is that I require a target CS mgmt server to do the build. I'd like to be able to allow anyone to build, and then use, even if they don't have a version of CloudStack running that supports API discovery. Think about all of the 3.x or 4.0 users, and CloudMonkey works (sort of) well enough for them. 4) Kick out a release 5) Update the cloudstack.apache.org website to provide links to the cloudmonkey component's source repo and distinct artifacts. Once we get this first release out, we need to probably stop publishing to pypi outside of the *official release* process. That being said, it'll be easier to release CloudMonkey independently. Thoughts, comments, flames? Regards. -chip
How to modify cloudstack ui
I want to modify cloudstack ui version 4.1, how to run from the source cloustack ui works 云计算基础架构师 Github:https://github.com/heidsoftWeibo: http://weibo.com/liuganbin 研究方向:云计算(云安全)、大数据(数据处理分析) 主要学习: Linux / C / C++ / JAVA Email:heids...@sina.com Tell:18601706743 某云计算公司 Jake.liu@heidsoft黑洞 云计算系统架构师 840608792 heidso...@gmail.com weibo.com/liuganbin 上海 徐汇区 名片二维码
Re: Review Request 13701: Automation Tests for HA Proxy Stickiness
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/13701/#review26060 --- test/integration/component/test_haproxy.py https://reviews.apache.org/r/13701/#comment50871 def test_03_supported_policies_by_network This method is checking only tag supported Stickynessmethods but not checking displayed supported methods under this tag. script should retrive and compare the displayed value with supported values. if both matches then it should return true. - suresh sadhu On Aug. 27, 2013, 5:36 a.m., Girish Shilamkar wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/13701/ --- (Updated Aug. 27, 2013, 5:36 a.m.) Review request for cloudstack, suresh sadhu and Prasanna Santhanam. Repository: cloudstack-git Description --- Automation Tests for HA Proxy Stickiness Diffs - test/integration/component/test_haproxy.py PRE-CREATION Diff: https://reviews.apache.org/r/13701/diff/ Testing --- Thanks, Girish Shilamkar
cloudstack source code in build dir
The replace.properties file What is the role 云计算基础架构师 Github:https://github.com/heidsoftWeibo: http://weibo.com/liuganbin 研究方向:云计算(云安全)、大数据(数据处理分析) 主要学习: Linux / C / C++ / JAVA Email:heids...@sina.com Tell:18601706743 某云计算公司 Jake.liu@heidsoft黑洞 云计算系统架构师 840608792 heidso...@gmail.com weibo.com/liuganbin 上海 徐汇区 名片二维码
RE: Marvin tests for VPC - why create VPC offering?
My observations are 1. VPC offering is to tell what are all the services can be available if you create tiers in the vpc. 2. There should be some default providers for each service.(but currently its only VpcVR). Or set of providers for each service it can provider. When vpc_network_offering is created, when this network is getting implemented inside this vpc and those services/service providers are validated against what are the services/providers can be provided. I feel while creating VPC_Offering flexibility should be provided at VPC level such that what are the services provided and possible service providers. But currently there only only 3 possible providers one is VPcVR and Netscaler(only for External LB) and internalLB Provider. As there are fixed set of providers and the possible combination of VPC services offerings are created by default we should be using them to create a VPC. If user wants to create a new VPC offering it will become a copy of the existing VPC offering because possible VPC offerings are created by VPCManager. Thanks Rajesh Battala -Original Message- From: Sowmya Krishnan Sent: Thursday, September 12, 2013 8:13 PM To: dev@cloudstack.apache.org Cc: Rajesh Battala; Venkata SwamyBabu Budumuru Subject: RE: Marvin tests for VPC - why create VPC offering? -Original Message- From: Prasanna Santhanam [mailto:t...@apache.org] Sent: Thursday, September 12, 2013 11:55 AM To: dev@cloudstack.apache.org Cc: Rajesh Battala; Venkata SwamyBabu Budumuru Subject: Re: Marvin tests for VPC - why create VPC offering? See inline, there seems to be a bug in the design. On Thu, Sep 12, 2013 at 05:53:45AM +, Sowmya Krishnan wrote: -Original Message- From: Prasanna Santhanam [mailto:t...@apache.org] Sent: Thursday, September 12, 2013 11:07 AM To: dev@cloudstack.apache.org Subject: Re: Marvin tests for VPC - why create VPC offering? On Thu, Sep 12, 2013 at 05:15:16AM +, Sowmya Krishnan wrote: I find for most of the VPC tests we create a new VPC Offering which provides almost the same set of services as the Default VPC Offering already available by default. We also have a separate function to create this offering, enabling it and then create a VPC using this offering. I wonder why do we have to create vpc offerings for each test suite. Also, we don't expose create VPC offering in the UI. We do have an API for that, but I think we should just stick to the default ones available and then create network offerings as required for the test. Personally, I don't see the harm in that since any offering is lightweight. I prefer every test create it's own set of resources from scratch if possible. Today we don't track the trail of resources that are created by a test but we will do that. That should help with cleanup and audit. Do you see a problem though? I feel It's just redundant. API is anyway tested as part of the other test - test_vpc_offerings. Yeah DRY is a good reason to make the test simpler. I don't have an opinion either way. Problem I encounter is, when we try to create a VPC offering, we don't have the option of choosing the service provider. So by default, all services will be provided by VPCVR. The vpcOffering API only provides a service list which means it shouldn't map to a provider list. If it did, then there's some magic happening in the background. Now, when I try to create a VPC offering with NS as external LB provider, that's not possible through the API. I have to use the default offering only. This is a bug in the design. Rajesh would be best to comment on this since he included support of NS as LB provider in a VPC. So in effect, it's not going to be consistent across tests - you create an offering for one test, while use the default one for the other. Agreed. Also, I am not sure - but I wonder if there was a reason why creation of VPC offering, unlike network offering isn't exposed in the UI. No idea. I don't actually see the distinction between vpcofferings and networkofferings too. They're both defining a set of providers and a set of services mapped to those providers. I questioned this many times before internally and IMO, they should just be merged to make it less confusing. I'll raise a separate thread to figure out why it's designed the way it is. I generally don't like sticking to anything 'Default' and exposed only in our UI. Exercise all APIs, leave no stone unturned. Except for one test suite - test_vpc_offerings.py, where we are actually testing vpc offerings, I don't think we should be creating vpc offerings elsewhere. Comments? -- Prasanna., Powered by BigRock.com -- Prasanna., Powered by BigRock.com
Re: Review Request 14084: Updates to @ActionEvent to be compatible with Spring AOP
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/14084/#review26056 --- Darren, I saw you added the annotation for group of events and annotated in various places, is there any test done for the business logic validation? - Kelven Yang On Sept. 11, 2013, 5:07 p.m., Darren Shepherd wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/14084/ --- (Updated Sept. 11, 2013, 5:07 p.m.) Review request for cloudstack, Kelven Yang and Kishan Kavala. Repository: cloudstack-git Description --- Two fields were added to CallContext to allow call to dynamically change the event type and description. Additionally a @ActionEvents annotation was added to allow a method to specify multiple events Spring AOP will not intercept calls to this so @ActionEvent needs to be put on public methods that are externally invoked Annotations that needed to be changed were identified by doing byte code analysis using objectweb asm. Code for that is at https://github.com/ibuildthecloud/cloudstack-findbadactionevents and there are instructions to run it there. Diffs - api/src/com/cloud/event/ActionEvents.java PRE-CREATION api/src/org/apache/cloudstack/context/CallContext.java e3c1bf2a7b97573cdeb4f530d0afe74cb7e3e834 engine/components-api/src/com/cloud/configuration/ConfigurationManager.java 6e76b6ffb91c200127589831893d9d79970aafdb engine/components-api/src/com/cloud/network/rules/FirewallManager.java fa12cd804a67138740f9d9042709938871dc8629 server/src/com/cloud/configuration/ConfigurationManagerImpl.java fb727a1705487416b7069fc2aca5086fd726e700 server/src/com/cloud/event/ActionEventInterceptor.java ba7e270af90f7bc191b570a7cc131319f446e2f6 server/src/com/cloud/event/ActionEventUtils.java 60f5633fc3c53dac960247308de12b60b492de59 server/src/com/cloud/network/firewall/FirewallManagerImpl.java cd83c4e52f85adc9c9d9c7997c28838f2c15b323 server/src/com/cloud/server/ManagementServerImpl.java a3efd2129ce082023d79e55872e8134d1b6bd85c server/src/com/cloud/user/AccountManagerImpl.java 0602514fcf429b09a62edf65f4b0dc0e87d80b94 server/src/com/cloud/vm/UserVmManagerImpl.java c3a718ac55be05f123b062a627c2de042c4321ab server/test/com/cloud/network/MockFirewallManagerImpl.java c50459e98737eaf5662bb44c6e9a12fad54b4175 server/test/com/cloud/vpc/MockConfigurationManagerImpl.java 3ec146b953726c9480b1e15848a67e4746dd65a6 Diff: https://reviews.apache.org/r/14084/diff/ Testing --- Thanks, Darren Shepherd
RE: Marvin tests for VPC - why create VPC offering?
But we don't have an option to choose these service providers with createVPCOffering. It's always VPC VR. If let's say, I want to create a VPC Offering with LB as NS and say, the following services only: DNS, DHCP and SourceNat - it isn't possible.. However this mapping *is* being done internally as can be seen from vpc_offering_service_map table. So providing flexibility to create a VPC but without the ability to choose providers is confusing and perhaps limiting in a way? -Original Message- From: Alena Prokharchyk Sent: Thursday, September 12, 2013 10:54 PM To: dev@cloudstack.apache.org; Sowmya Krishnan Cc: Venkata SwamyBabu Budumuru Subject: Re: Marvin tests for VPC - why create VPC offering? On 9/12/13 10:12 AM, Rajesh Battala rajesh.batt...@citrix.com wrote: My observations are 1. VPC offering is to tell what are all the services can be available if you create tiers in the vpc. Correct 2. There should be some default providers for each service.(but currently its only VpcVR). Or set of providers for each service it can provider. When vpc_network_offering is created, when this network is getting implemented inside this vpc and those services/service providers are validated against what are the services/providers can be provided. Only VPC VR/NS/Internal LB vm are supported as VPC providers I feel while creating VPC_Offering flexibility should be provided at VPC level such that what are the services provided and possible service providers. But currently there only only 3 possible providers one is VPcVR and Netscaler(only for External LB) and internalLB Provider. As there are fixed set of providers and the possible combination of VPC services offerings are created by default we should be using them to create a VPC. If user wants to create a new VPC offering it will become a copy of the existing VPC offering because possible VPC offerings are created by VPCManager. Only Admin can create a VPC offering. And this offering doesn't become a copy. Thanks Rajesh Battala -Original Message- From: Sowmya Krishnan Sent: Thursday, September 12, 2013 8:13 PM To: dev@cloudstack.apache.org Cc: Rajesh Battala; Venkata SwamyBabu Budumuru Subject: RE: Marvin tests for VPC - why create VPC offering? -Original Message- From: Prasanna Santhanam [mailto:t...@apache.org] Sent: Thursday, September 12, 2013 11:55 AM To: dev@cloudstack.apache.org Cc: Rajesh Battala; Venkata SwamyBabu Budumuru Subject: Re: Marvin tests for VPC - why create VPC offering? See inline, there seems to be a bug in the design. On Thu, Sep 12, 2013 at 05:53:45AM +, Sowmya Krishnan wrote: -Original Message- From: Prasanna Santhanam [mailto:t...@apache.org] Sent: Thursday, September 12, 2013 11:07 AM To: dev@cloudstack.apache.org Subject: Re: Marvin tests for VPC - why create VPC offering? On Thu, Sep 12, 2013 at 05:15:16AM +, Sowmya Krishnan wrote: I find for most of the VPC tests we create a new VPC Offering which provides almost the same set of services as the Default VPC Offering already available by default. We also have a separate function to create this offering, enabling it and then create a VPC using this offering. I wonder why do we have to create vpc offerings for each test suite. Also, we don't expose create VPC offering in the UI. We do have an API for that, but I think we should just stick to the default ones available and then create network offerings as required for the test. Personally, I don't see the harm in that since any offering is lightweight. I prefer every test create it's own set of resources from scratch if possible. Today we don't track the trail of resources that are created by a test but we will do that. That should help with cleanup and audit. Do you see a problem though? I feel It's just redundant. API is anyway tested as part of the other test - test_vpc_offerings. Yeah DRY is a good reason to make the test simpler. I don't have an opinion either way. Problem I encounter is, when we try to create a VPC offering, we don't have the option of choosing the service provider. So by default, all services will be provided by VPCVR. The vpcOffering API only provides a service list which means it shouldn't map to a provider list. If it did, then there's some magic happening in the background. Now, when I try to create a VPC offering with NS as external LB provider, that's not possible through the API. I have to use the default offering only. This is a bug in the design. Rajesh would be best to comment on this since he included support of NS as LB provider in a VPC. So in effect, it's not going to be consistent across tests - you create an offering for one test, while use the default one for the other. Agreed.
RE: plain text authenticator
It's not a good idea to iterate on all authenticators, if the real authenticator fails for some reason( if it's not able to handle some exception properly) it will continue on invalid authenticators and may result in wrong value/result. Thanks Rajesh Battala -Original Message- From: Ian Duffy [mailto:i...@ianduffy.ie] Sent: Friday, September 13, 2013 2:52 AM To: CloudStack Dev Subject: Re: plain text authenticator Don't authenticators work as plugins in cloudstack with plain text authenticator as default? I think we should leave it for the customer to decide whether he wants to disable or keep the authenticator Couldn't agree more with this! Going through each authenticator until a successful result is found is horrible! On 12 September 2013 19:09, Frank Zhang frank.zh...@citrix.com wrote: Are all authentication plugins loaded by default and working in an authentication chain? Otherwise why should we keep the hash type in DB? -Original Message- From: Darren Shepherd [mailto:darren.s.sheph...@gmail.com] Sent: Thursday, September 12, 2013 9:56 AM To: dev@cloudstack.apache.org Subject: plain text authenticator So if you set your password as blah and it gets hashed to xyz and stored in the users table. Because of the plain text authenticator, you can use that hashed value as your password now. So specifically the below will work. http://localhost:8080/client/api?command=loginusername=userpasswor d=b lah http://localhost:8080/client/api?command=loginusername=userpasswor d=x yz This seems bad. Go and try it yourself (just be careful about URL encoding, + should be %2b). So because of the existence of the plain text authenticator, passwords are still plain text but they just happen to be long random strings. Typically in an auth system you store the hashing type with the hashed value. So then the plain text authenticator would not even attempt to compare values because it would see the value was hashed by a different authenticator. Darren
Re: plain text authenticator
Don't authenticators work as plugins in cloudstack with plain text authenticator as default? I think we should leave it for the customer to decide whether he wants to disable or keep the authenticator Couldn't agree more with this! Going through each authenticator until a successful result is found is horrible! On 12 September 2013 19:09, Frank Zhang frank.zh...@citrix.com wrote: Are all authentication plugins loaded by default and working in an authentication chain? Otherwise why should we keep the hash type in DB? -Original Message- From: Darren Shepherd [mailto:darren.s.sheph...@gmail.com] Sent: Thursday, September 12, 2013 9:56 AM To: dev@cloudstack.apache.org Subject: plain text authenticator So if you set your password as blah and it gets hashed to xyz and stored in the users table. Because of the plain text authenticator, you can use that hashed value as your password now. So specifically the below will work. http://localhost:8080/client/api?command=loginusername=userpassword=b lah http://localhost:8080/client/api?command=loginusername=userpassword=x yz This seems bad. Go and try it yourself (just be careful about URL encoding, + should be %2b). So because of the existence of the plain text authenticator, passwords are still plain text but they just happen to be long random strings. Typically in an auth system you store the hashing type with the hashed value. So then the plain text authenticator would not even attempt to compare values because it would see the value was hashed by a different authenticator. Darren
RE: Creating an instance with ssh key pair
Hi Gaurav, SSH to vm using keyPairFileLocation is template dependent .ie. template must have the script as mentioned in the doc. Thanks, Sanjeev -Original Message- From: Gaurav Aradhye [mailto:gaurav.arad...@clogeny.com] Sent: Thursday, September 12, 2013 5:30 PM To: dev@cloudstack.apache.org Subject: Creating an instance with ssh key pair Hello all, If I create an instance providing ssh key pair while creation, and using a normal template from the cloudstack setup, then will the SSH to vm using the keyPairFlieLocation always work? Or the template which I am using for creating the instance has to be supporting SSH keys? as explained in 5.2.1 section at http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Installation_Guide/using-sshkeys.html In short, Is the SSH using keyPairFileLocation - template dependent or will it always work if I provide ssh key pair while creating instance and use normal template? Regards, Gaurav
Re: listAccounts filter by name
Went and looked at the source. Due to same account names across different domains a domain id must be specified before it will filter by name. On 13 September 2013 06:16, Ian Duffy i...@ianduffy.ie wrote: Hi, Does the given scenario reflect expected functionality? I am an admin user I create an account with 1 user, lets call the account example and the user example. I query listAccounts with parameter listAll, all accounts are returned including the one I just created. I query listAccounts with parameter name and value admin, the admin account is returned. I query listAccounts with parameter name and value example, no accounts are returned. Should the last query not return the example account I created? Query by ID appears to work as *I* expected and returned the account information of the given ID.
what wrong? start cloudstack
when I execut mvn -pl :cloud-client-ui jetty:run hava follow exception: ERROR [web.context.ContextLoader] (main:) Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'niciraNvpDaoImpl' defined in class path resource [componentContext.xml]: BeanPostProcessor before instantiation of bean failed; nested exception is net.sf.cglib.core.CodeGenerationException: java.lang.reflect.InvocationTargetException--null at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:452) at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294) at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193) at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:609) at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:918) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:469) at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:383) at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:283) at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:111) at org.mortbay.jetty.handler.ContextHandler.startContext(ContextHandler.java:549) what Wrong? Thanks 云计算基础架构师 Github:https://github.com/heidsoftWeibo: http://weibo.com/liuganbin 研究方向:云计算(云安全)、大数据(数据处理分析) 主要学习: Linux / C / C++ / JAVA Email:heids...@sina.com Tell:18601706743 某云计算公司 Jake.liu@heidsoft黑洞 云计算系统架构师 840608792 heidso...@gmail.com weibo.com/liuganbin 上海 徐汇区 名片二维码 - 原始邮件 - 发件人:Mike Tutkowski mike.tutkow...@solidfire.com 收件人:dev@cloudstack.apache.org dev@cloudstack.apache.org 抄送人:Amit Das amit@cloudbyte.com 主题:Re: Which DevCloud2 Usage Mode is good for Development and Debugging 日期:2013年09月13日 07点33分
Re: Missing dependency not listed in docs for 4.1.1
On Thu, Sep 12, 2013 at 05:59:00PM +0100, Tony Stevenson wrote: Aloha, I'm just following - http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.1.1/pdf/Installation_Guide/Apache_CloudStack-4.1.1-Installation_Guide-en-US.pdf to install CS for the first time on Ubuntu 12.0.4. All has gone well, aside from the docs have missed on dependency. You just need to install jsvc too. This only becomes apparent once you start trying to install the resulting build .deb's. Thanks, I'll fix the docs for the dependency. I see CLOUDSTACK-78 [1] that should've become a doc bug for rpms. But I'm not sure whether you faced this issue when installing the agent or the management server. Could you file a bug report for docs? Keep up the good work folks. FWIW this evaluation is for both the ASF to consider using it, and my other employer lib.cam.ac.uk Awesome. This is great news! Hopefully we'll have more insight into operational aspects of CloudStack from within the ASF too. -- [1] https://issues.apache.org/jira/browse/CLOUDSTACK-78 Cheers, Tony -- Tony Stevenson t...@pc-tony.com pct...@apache.org http://www.pc-tony.com GPG - 1024D/51047D66 -- -- Prasanna., Powered by BigRock.com
Re: Q's about UserAuthenticators and getName()
So my problem is that LDAP currently has a null name on getName(). So which should I do? Add Go ahead and add it. I missed that override in error.
run cloustack have a exeception
INFO [utils.component.ComponentContext] (Timer-2:) Configuring com.cloud.server.ConfigurationServerImpl_EnhancerByCloudStack_e2a1f0b0 INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Processing updateSSLKeyStore INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) SSL keystore located at D:\clouddevelop\cloudstack-repo-debug\cloudstack\client\target\cloud-client-ui-4.2.0-SNAPSHOT\WEB-INF\classes/cloud.keystore WARN [utils.script.Script] (Timer-2:) Exception: sudo keytool -genkey -keystore D:\clouddevelop\cloudstack-repo-debug\cloudstack\client\target\cloud-client-ui-4.2.0-SNAPSHOT\WEB-INF\classes/cloud.keystore -storepass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn=Cloudstack User,ou=TYX-020,o=TYX-020,c=Unknown java.io.IOException: Cannot run program sudo: CreateProcess error=2, ? at java.lang.ProcessBuilder.start(ProcessBuilder.java:460) at com.cloud.utils.script.Script.execute(Script.java:183) at com.cloud.utils.script.Script.execute(Script.java:161) at com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(ConfigurationServerImpl.java:487) at com.cloud.server.ConfigurationServerImpl.updateSSLKeystore(ConfigurationServerImpl.java:510) at com.cloud.server.ConfigurationServerImpl.persistDefaultValues(ConfigurationServerImpl.java:272) at com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:125) at com.cloud.server.ConfigurationServerImpl.configure(ConfigurationServerImpl.java:148) at com.cloud.utils.component.ComponentContext.initComponentsLifeCycle(ComponentContext.java:111) at com.cloud.servlet.CloudStartupServlet$1.run(CloudStartupServlet.java:50) at java.util.TimerThread.mainLoop(Timer.java:512) at java.util.TimerThread.run(Timer.java:462) Caused by: java.io.IOException: CreateProcess error=2, ? at java.lang.ProcessImpl.create(Native Method) at java.lang.ProcessImpl.init(ProcessImpl.java:81) at java.lang.ProcessImpl.start(ProcessImpl.java:30) at java.lang.ProcessBuilder.start(ProcessBuilder.java:453) ... 15 more 云计算基础架构师 Github:https://github.com/heidsoftWeibo: http://weibo.com/liuganbin 研究方向:云计算(云安全)、大数据(数据处理分析) 主要学习: Linux / C / C++ / JAVA Email:heids...@sina.com Tell:18601706743 某云计算公司 Jake.liu@heidsoft黑洞 云计算系统架构师 840608792 heidso...@gmail.com weibo.com/liuganbin 上海 徐汇区 名片二维码
createVPCOffering (Was:RE: Marvin tests for VPC - why create VPC offering?)
But we don't have an option to choose service providers with createVPCOffering. It's always VPC VR for all services. If let's say, I want to create a VPC Offering with LB as Netscaler and say, the following services only: DNS, DHCP and SourceNat - it isn't possible from the API.. However this mapping *is* being done internally as can be seen from vpc_offering_service_map table. So providing flexibility to create a VPC with chosen set to services but without the ability to choose providers is confusing and perhaps limiting in a way? On the other hand, I am wondering what is the use case for exposing createVPCOffering at all? Can we not stick to the default offerings of VPC already provided? -Original Message- From: Alena Prokharchyk Sent: Thursday, September 12, 2013 10:54 PM To: dev@cloudstack.apache.org; Sowmya Krishnan Cc: Venkata SwamyBabu Budumuru Subject: Re: Marvin tests for VPC - why create VPC offering? On 9/12/13 10:12 AM, Rajesh Battala rajesh.batt...@citrix.com wrote: My observations are 1. VPC offering is to tell what are all the services can be available if you create tiers in the vpc. Correct 2. There should be some default providers for each service.(but currently its only VpcVR). Or set of providers for each service it can provider. When vpc_network_offering is created, when this network is getting implemented inside this vpc and those services/service providers are validated against what are the services/providers can be provided. Only VPC VR/NS/Internal LB vm are supported as VPC providers I feel while creating VPC_Offering flexibility should be provided at VPC level such that what are the services provided and possible service providers. But currently there only only 3 possible providers one is VPcVR and Netscaler(only for External LB) and internalLB Provider. As there are fixed set of providers and the possible combination of VPC services offerings are created by default we should be using them to create a VPC. If user wants to create a new VPC offering it will become a copy of the existing VPC offering because possible VPC offerings are created by VPCManager. Only Admin can create a VPC offering. And this offering doesn't become a copy. Thanks Rajesh Battala -Original Message- From: Sowmya Krishnan Sent: Thursday, September 12, 2013 8:13 PM To: dev@cloudstack.apache.org Cc: Rajesh Battala; Venkata SwamyBabu Budumuru Subject: RE: Marvin tests for VPC - why create VPC offering? -Original Message- From: Prasanna Santhanam [mailto:t...@apache.org] Sent: Thursday, September 12, 2013 11:55 AM To: dev@cloudstack.apache.org Cc: Rajesh Battala; Venkata SwamyBabu Budumuru Subject: Re: Marvin tests for VPC - why create VPC offering? See inline, there seems to be a bug in the design. On Thu, Sep 12, 2013 at 05:53:45AM +, Sowmya Krishnan wrote: -Original Message- From: Prasanna Santhanam [mailto:t...@apache.org] Sent: Thursday, September 12, 2013 11:07 AM To: dev@cloudstack.apache.org Subject: Re: Marvin tests for VPC - why create VPC offering? On Thu, Sep 12, 2013 at 05:15:16AM +, Sowmya Krishnan wrote: I find for most of the VPC tests we create a new VPC Offering which provides almost the same set of services as the Default VPC Offering already available by default. We also have a separate function to create this offering, enabling it and then create a VPC using this offering. I wonder why do we have to create vpc offerings for each test suite. Also, we don't expose create VPC offering in the UI. We do have an API for that, but I think we should just stick to the default ones available and then create network offerings as required for the test. Personally, I don't see the harm in that since any offering is lightweight. I prefer every test create it's own set of resources from scratch if possible. Today we don't track the trail of resources that are created by a test but we will do that. That should help with cleanup and audit. Do you see a problem though? I feel It's just redundant. API is anyway tested as part of the other test - test_vpc_offerings. Yeah DRY is a good reason to make the test simpler. I don't have an opinion either way. Problem I encounter is, when we try to create a VPC offering, we don't have the option of choosing the service provider. So by default, all services will be provided by VPCVR. The vpcOffering API only provides a service list which means it shouldn't map to a provider list. If it did, then there's some magic happening in the background. Now, when I try to create a VPC offering with NS as external LB provider, that's not possible through the API. I have to use the default offering only. This is a bug in the design. Rajesh would be best to comment on this
Re: Problem with cloud.storage_pool's used_bytes
Mike, it is already fixed in master and 4.2-forward branch. https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=commit;h=7bff499bd3625f8a75a1c93cb9e3e2c90955df5e 2013/9/13 Mike Tutkowski mike.tutkow...@solidfire.com Hi, I just set up a single zone with one KVM host using master. My CPVM and SSVM are up and running nicely. When I look at the storage_pool table, however, I'm concerned with what I see for the used_bytes field: 18,218,356,736 (below). This seems way too large (almost consuming all of the local space on my KVM host). I wonder if this isn't instead available_bytes. I believe available_bytes was changed to used_bytes in 4.2 and it looks like this may not be working properly in this scenario. Thoughts? Thanks! 1 ubuntu Local Storage a4f6428e-8cfd-41f8-b755-b177ad0315f3 Filesystem 0 1 1 1 18218356736 20332810240 192.168.233.10 /var/lib/libvirt/images 2013-09-13 00:47:39 Up DefaultPrimary HOST 0 -- *Mike Tutkowski* *Senior CloudStack Developer, SolidFire Inc.* e: mike.tutkow...@solidfire.com o: 303.746.7302 Advancing the way the world uses the cloudhttp://solidfire.com/solution/overview/?video=play *™*
Re: Problem with cloud.storage_pool's used_bytes
sorry, the url is https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=commit;h=5c141a46fc3f684fd633d8b1b18f708bcff4 2013/9/13 Wei ZHOU ustcweiz...@gmail.com Mike, it is already fixed in master and 4.2-forward branch. https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=commit;h=7bff499bd3625f8a75a1c93cb9e3e2c90955df5e 2013/9/13 Mike Tutkowski mike.tutkow...@solidfire.com Hi, I just set up a single zone with one KVM host using master. My CPVM and SSVM are up and running nicely. When I look at the storage_pool table, however, I'm concerned with what I see for the used_bytes field: 18,218,356,736 (below). This seems way too large (almost consuming all of the local space on my KVM host). I wonder if this isn't instead available_bytes. I believe available_bytes was changed to used_bytes in 4.2 and it looks like this may not be working properly in this scenario. Thoughts? Thanks! 1 ubuntu Local Storage a4f6428e-8cfd-41f8-b755-b177ad0315f3 Filesystem 0 1 1 1 18218356736 20332810240 192.168.233.10 /var/lib/libvirt/images 2013-09-13 00:47:39 Up DefaultPrimary HOST 0 -- *Mike Tutkowski* *Senior CloudStack Developer, SolidFire Inc.* e: mike.tutkow...@solidfire.com o: 303.746.7302 Advancing the way the world uses the cloudhttp://solidfire.com/solution/overview/?video=play *™*
Review Request 14119: Default null value in ConfigKey results in NPE on second start
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/14119/ --- Review request for cloudstack and Alex Huang. Repository: cloudstack-git Description --- If your ConfigKey has a default value, the second start of the mgmt server will result in a NPE when comparing if the persisted default should be updated java.lang.NullPointerException at org.apache.cloudstack.framework.config.impl.ConfigDepotImpl.populateConfigurations(ConfigDepotImpl.java:103) at com.cloud.server.ConfigurationServerImpl.persistDefaultValues(ConfigurationServerImpl.java:294) at com.cloud.server.ConfigurationServerImpl.configure(ConfigurationServerImpl.java:147) Diffs - framework/config/src/org/apache/cloudstack/framework/config/impl/ConfigDepotImpl.java b516596 Diff: https://reviews.apache.org/r/14119/diff/ Testing --- Thanks, Darren Shepherd
RE: Volunteers to Complete the 4.2 Release Notes
Who is volunteering to provide the list of Fixed issues for the RN? -Original Message- From: Animesh Chaturvedi [mailto:animesh.chaturv...@citrix.com] Sent: Wednesday, August 28, 2013 4:40 AM To: dev@cloudstack.apache.org; us...@cloudstack.apache.org Subject: RE: Volunteers to Complete the 4.2 Release Notes Community help is needed to fix up the release notes, any volunteers Animesh -Original Message- From: Radhika Puthiyetath [mailto:radhika.puthiyet...@citrix.com] Sent: Tuesday, August 13, 2013 1:01 AM To: dev@cloudstack.apache.org; us...@cloudstack.apache.org Subject: Volunteers to Complete the 4.2 Release Notes Hi, Looking for volunteers to help me with the 4.2 Release Notes. I have started filling in the new feature section, and checked in to the 4.2 branch. A defect is filed https://issues.apache.org/jira/browse/CLOUDSTACK-4245. Thanks for the help -Radhika
ConfigDepot and null values and defaults
If you have a configuration that the value is null and not dynamic, it still hits the database on every read. I'm thinking that's really not intentional. Additionally, if I have a key that is default value is 5, then I later change the default to 10. If the user never changed or set the value, I still get 5. So this is where I kind of disagree with the implementation. What I'd ideally like to see is that only when a value is explicitly changed do we ever persist an entry to the configuration table. Now I know that doesn't work with the current code as everything just hits the ConfigurationDao, but ideally I'd like to see it that way. With the current implementation we have no way of really knowing of the field which were changed by somebody. What I'd like to get to is that we can have a config page sort of like about:config in firefox. In firefox there is a status column that is default or user set. So as a user I know all the crap I changed, and easily I can revert to the defaults. So if we stick with the current implementation where we throw everything in the DB (which I assume we will), then maybe we should have a column for user set. And also randomly, why is updated column == null mean that its obsolete? I don't see any code to handle that, just the column description. Darren
com.cloud.ha.RecreatableFencer used?
com.cloud.ha.RecreatableFencer is registered in applicationContext.xml but never in a componentContext.xml. So it appears that fencer is never used. Is there a specific reason for this? Darren
Re: Security Groups
Hi, Can you please share your security group rules 'iptables -L -nv' output in pastebin So that see why it is happening. Thanks, Jayapal On 13-Sep-2013, at 9:25 AM, Jijun jiju...@gmail.com wrote: hi , i encounter the same problem, as i know, XenServer 6.2 need not the CSP. but the ingress not be blocked by default. i can ping all the Vms in that security group. i don't know why? Thanks. On 09/13/2013 02:02 AM, Michael Phillips wrote: So that is definitely going to be the issue. I missed that in the 8.2.7 section of the install guide. From: sangeetha.hariha...@citrix.com To: dev@cloudstack.apache.org Subject: RE: Security Groups Date: Thu, 12 Sep 2013 17:19:16 + If you are using Xenserver hosts , can you make sure you have the CSP packages installed? -Thanks Sangeetha -Original Message- From: Michael Phillips [mailto:mphilli7...@hotmail.com] Sent: Thursday, September 12, 2013 9:33 AM To: dev@cloudstack.apache.org Subject: Security Groups I posed this question in the user list, but I figured I would throw it out here as well...So If I have created a zone with the DefaultSharedNetworkOfferingWithSGService network offering, then created a VM using the default security group, which has 0 ingress rules, I should NOT be able to do things like PING that VM correct? The answer to the above question was answered correct...My next question is, in that case what are some things I could look at to see why it's not behaving as expected. -- Thanks, Jijun
RE: win7+cygwin+cloudstack having a problem
Build problem? Let me explain: Bean definitions cross reference .class files, e.g. Administrator@cc-svr10 ~/github/cifs $ grep -R iciraNvpDaoImpl * --include=*.xml.in cloudstack/client/tomcatconf/componentContext.xml.in: bean id=niciraNvpDaoImpl class=com.cloud.network.dao.NiciraNvpDaoImpl / cloudstack/client/tomcatconf/nonossComponentContext.xml.in: bean id=niciraNvpDaoImpl class=com.cloud.network.dao.NiciraNvpDaoImpl / Notice I’m using .xml.in above. The build copies these files and changes their extension to .xml Next, check that the bean’s class has been deployed to the folder that Jetty will use, e.g. Administrator@cc-svr10 ~/github/cifs $ grep -R iciraNvpDaoImpl\.class * Binary file cloudstack/client/target/cloud-client-ui-4.3.0-SNAPSHOT/WEB-INF/lib/cloud-plugin-network-nvp-4.3.0-SNAPSHOT.jar matches Binary file cloudstack/client/target/cloud-client-ui-4.3.0-SNAPSHOT.war matches Binary file cloudstack/plugins/network-elements/nicira-nvp/target/cloud-plugin-network-nvp-4.3.0-SNAPSHOT.jar matches If you don’t see any matches, then the command you used to build may be for an older version of CloudStack. :( This happens whenever we improve the build, because build updates are not backwards compatible. If you are using the Windows Development instructions https://cwiki.apache.org/confluence/display/CLOUDSTACK/Setting+up+a+CloudStack+dev+environment+on+Windows , take a look at the update just I made to “Step 13) Build”. If you have similar problems in the future, take a look at the most up to date build instructions, which are at https://cwiki.apache.org/confluence/display/CLOUDSTACK/How+to+build+CloudStack DL From: 黑洞 [mailto:heids...@sina.com] Sent: 13 September 2013 02:38 To: dev Subject: win7+cygwin+cloudstack having a problem I am according to the github cloudstack source code for INSTANL.md 1、cygwin is goode 2、database is goode 3、mvn -pl :cloud-client-ui jetty:run exception detail: lassPostProcessor$ImportAwareBeanPostProcessor#0]; root of factory hierarchy ERROR [web.context.ContextLoader] (main:) Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'niciraNvpDaoImpl' defined in class path resource [componentContext.xml]: BeanPostProcessor before instantiation of bean failed; nested exception is net.sf.cglib.core.CodeGenerationException: java.lang.reflect.InvocationTargetException--null at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:452) at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294) at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193) at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:609) at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:918) what wrong? Thanks 云计算基础架构师 Github:https://github.com/heidsoft Weibo: http://weibo.com/liuganbin 研究方向:云计算(云安全)、大数据(数据处理分析) 主要学习: Linux / C / C++ / JAVA /Python Email:heids...@sina.com Tell:18601706743
Re: Review Request 11626: Automation: Memory limits tests from Resource Limits Tests
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/11626/#review26076 --- Ship it! Ship It! - sailaja mada On Sept. 12, 2013, 10:19 a.m., Gaurav Aradhye wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/11626/ --- (Updated Sept. 12, 2013, 10:19 a.m.) Review request for cloudstack, sailaja mada, Sanjay Tripathi, and Prasanna Santhanam. Repository: cloudstack-git Description --- Adding resource limit tests related to Memory. Changes suggested in CPU resource limit tests which are applicable here are incorporated too. Updated test plan is available here: https://cwiki.apache.org/confluence/download/attachments/30757590/LimitResourcesTestPlanUpdate5.xlsx?version=1modificationDate=1366952352000 Diffs - test/integration/component/memory_limits/test_domain_limits.py PRE-CREATION test/integration/component/memory_limits/test_maximum_limits.py PRE-CREATION test/integration/component/memory_limits/test_memory_limits.py PRE-CREATION test/integration/component/memory_limits/test_project_limits.py PRE-CREATION Diff: https://reviews.apache.org/r/11626/diff/ Testing --- Thanks, Gaurav Aradhye
Re: Which DevCloud2 Usage Mode is good for Development and Debugging ????
hi guys , thanks a lot for the info , you guys are right , now i'm using #*3.host only mode *in devcloud2 , and i'm able to debug the MS from eclipse seamlessly in my localhost. and mike if you have such problems then you can try *full sandbox mode *in devcloud2 and connect to it remotely from eclipse by giving the ip of the MS (192.168.56.10) , but again it's pretty uncomfortable having everything inside devcloud but anyway its good to try new ways if things work , like how i switched from fullsandbox to host only mode. thanks again regards, punith s cloudbyte On Fri, Sep 13, 2013 at 5:03 AM, Mike Tutkowski mike.tutkow...@solidfire.com wrote: Here is a relevant link: https://cwiki.apache.org/CLOUDSTACK/using-eclipse-with-cloudstack.html The part at the bottom: Remote Debugging You can use Eclipse to attach to the Management Server and debug CloudStack. You setup a Remote Debug Session (Run Debug Configuration), connect to Port 8787. Typically you would use the project you want to debug as the target and include other projects that you need to debug, e.g. cloud-agent, cloud-api, cloud-core and cloud-server. ** Currently I am having trouble in 4.3 with remote debugging. I'm not sure why. I have my Remote Java Application configured and running. It connects to the CloudStack Management Server. I set a breakpoint and execute some logic on the front end that should hit this breakpoint on the back end, but it doesn't break. On Thu, Sep 12, 2013 at 12:41 PM, Mike Tutkowski mike.tutkow...@solidfire.com wrote: I should have been a bit more specific. Once you do what I wrote in my previous e-mail, then run your management server. Then run your Remote Java Application and set breakpoints. On Thu, Sep 12, 2013 at 12:27 PM, Mike Tutkowski mike.tutkow...@solidfire.com wrote: If you want to debug remotely, run the CloudStack Management Server with an environment variable such as the following: MAVEN_OPTS=-XX:MaxPermSize=512m -Xmx1024m -Xdebug -Xrunjdwp:transport=dt_socket,address=8787,server=y,suspend=n Then in Eclipse, go to Debug Configurations and create a new Remote Java Application. Browse and select cloud-server for the Project field. Enter you IP address for the Host field. Assuming you used 8787 in MAVEN_OPTS, use 8787 for the Port field. You may now run your management server and set breakpoints as need be. On Thu, Sep 12, 2013 at 12:19 PM, Mike Tutkowski mike.tutkow...@solidfire.com wrote: I prefer #3, as well. On Thu, Sep 12, 2013 at 10:09 AM, Chiradeep Vittal chiradeep.vit...@citrix.com wrote: #3 works best, I think On 9/12/13 2:19 AM, Punith s punit...@cloudbyte.com wrote: hi folks, i'm using Devcloud2 to build cloudstack 4.2 , currently i'm using *full sandbox mode* , devcloud allows following modes , *1.full sandbox mode - *build and deploy inside devcloud *2.deployment mode - *build code in localhost and deploying in devcloud *3.host only mode - *using devcloud only as host which mode do you think its feasible for development and interactive debugging ? can you elaborate more on setting up remote debugging in Devcloud2 (fullsandbox mode) using eclipse ?? thanks, punith s -- *Mike Tutkowski* *Senior CloudStack Developer, SolidFire Inc.* e: mike.tutkow...@solidfire.com o: 303.746.7302 Advancing the way the world uses the cloud http://solidfire.com/solution/overview/?video=play *™* -- *Mike Tutkowski* *Senior CloudStack Developer, SolidFire Inc.* e: mike.tutkow...@solidfire.com o: 303.746.7302 Advancing the way the world uses the cloud http://solidfire.com/solution/overview/?video=play *™* -- *Mike Tutkowski* *Senior CloudStack Developer, SolidFire Inc.* e: mike.tutkow...@solidfire.com o: 303.746.7302 Advancing the way the world uses the cloud http://solidfire.com/solution/overview/?video=play *™* -- *Mike Tutkowski* *Senior CloudStack Developer, SolidFire Inc.* e: mike.tutkow...@solidfire.com o: 303.746.7302 Advancing the way the world uses the cloudhttp://solidfire.com/solution/overview/?video=play *™*
Review Request 14124: CLOUDSTACK-4622 : If a VM from guest network is added to network tier of VPC then IP reservation allows the CIDR to be a superset of Network CIDR for that VPC tier
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/14124/ --- Review request for cloudstack and Sateesh Chodapuneedi. Bugs: CLOUDSTACK-4622 Repository: cloudstack-git Description --- Add a new utility method for comparing 2 CIDRs. The method takes in 2 cidrs, cidrA and cidrB and returns true if cidrA's IP range is equal or a subset of cidrB's IP range. Diffs - server/src/com/cloud/network/NetworkServiceImpl.java 4169d42 utils/src/com/cloud/utils/net/NetUtils.java 05b485b utils/test/com/cloud/utils/net/NetUtilsTest.java 3cfc98f Diff: https://reviews.apache.org/r/14124/diff/ Testing --- Added unit test for the utility. Tested locally. Build is successful. Patch applies cleanly. Thanks, Saksham Srivastava
Re: Review Request 14084: Updates to @ActionEvent to be compatible with Spring AOP
On Sept. 12, 2013, 5:28 p.m., Kelven Yang wrote: Darren, I saw you added the annotation for group of events and annotated in various places, is there any test done for the business logic validation? I added an annotation @ActionEvents and its used in only one place and that is on AccountManagerImpl.createUserAccount(). In general nested ActionEvents won't work with Spring AOP. So previously createUserAccount had an @ActionEvent and that internally called createUser which also had an @ActionEvent. With Spring AOP the second will not be called. So the @ActionEvents is to specify that two events should be recorded for that method invocation. In general the whole concept of nesting actionevents is somewhat broken. The eventDetails is stored on the CallContext which is a ThreadLocal. There is only one of those, so as you nest the child's details override the parent's. This is how things already were. I don't think the move to Spring AOP will be completely ideal for ActionEvents. It limits some things you can do. But I would argue that this whole ActionEvents framework should be reconcidered. Instead of all this ad-hoc based annotations and random strings of text the developers choose, a simple framework in the API can provide more precise and useful information for auditing. Billing is not based off of ActionEvents and that information is far more accurate and useful too. To further illustrate the complete uselessness (in my opinion) of these events, if you reboot a VM, for example, you get an VM.REBOOT event that has a description rebooting user vm: 7 What is VM 7? The user has no visibility to internal VM ids. I tested all changes to ensure that the same events were fired as before. There was some exceptions though. In some cases related to the firewall rule stuff you would make one change to a rule that would then fire an event for every single rule you had. In situations like that, since nesting is a problem, I ensured the top level event was still properly recorded. - Darren --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/14084/#review26056 --- On Sept. 11, 2013, 5:07 p.m., Darren Shepherd wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/14084/ --- (Updated Sept. 11, 2013, 5:07 p.m.) Review request for cloudstack, Kelven Yang and Kishan Kavala. Repository: cloudstack-git Description --- Two fields were added to CallContext to allow call to dynamically change the event type and description. Additionally a @ActionEvents annotation was added to allow a method to specify multiple events Spring AOP will not intercept calls to this so @ActionEvent needs to be put on public methods that are externally invoked Annotations that needed to be changed were identified by doing byte code analysis using objectweb asm. Code for that is at https://github.com/ibuildthecloud/cloudstack-findbadactionevents and there are instructions to run it there. Diffs - api/src/com/cloud/event/ActionEvents.java PRE-CREATION api/src/org/apache/cloudstack/context/CallContext.java e3c1bf2a7b97573cdeb4f530d0afe74cb7e3e834 engine/components-api/src/com/cloud/configuration/ConfigurationManager.java 6e76b6ffb91c200127589831893d9d79970aafdb engine/components-api/src/com/cloud/network/rules/FirewallManager.java fa12cd804a67138740f9d9042709938871dc8629 server/src/com/cloud/configuration/ConfigurationManagerImpl.java fb727a1705487416b7069fc2aca5086fd726e700 server/src/com/cloud/event/ActionEventInterceptor.java ba7e270af90f7bc191b570a7cc131319f446e2f6 server/src/com/cloud/event/ActionEventUtils.java 60f5633fc3c53dac960247308de12b60b492de59 server/src/com/cloud/network/firewall/FirewallManagerImpl.java cd83c4e52f85adc9c9d9c7997c28838f2c15b323 server/src/com/cloud/server/ManagementServerImpl.java a3efd2129ce082023d79e55872e8134d1b6bd85c server/src/com/cloud/user/AccountManagerImpl.java 0602514fcf429b09a62edf65f4b0dc0e87d80b94 server/src/com/cloud/vm/UserVmManagerImpl.java c3a718ac55be05f123b062a627c2de042c4321ab server/test/com/cloud/network/MockFirewallManagerImpl.java c50459e98737eaf5662bb44c6e9a12fad54b4175 server/test/com/cloud/vpc/MockConfigurationManagerImpl.java 3ec146b953726c9480b1e15848a67e4746dd65a6 Diff: https://reviews.apache.org/r/14084/diff/ Testing --- Thanks, Darren Shepherd
Re: Creating an instance with ssh key pair
Thanks Sangeetha. That was helpful. Regards, Gaurav On Thu, Sep 12, 2013 at 9:25 PM, Sangeetha Hariharan sangeetha.hariha...@citrix.com wrote: To deploy Vm using ssh key pairs you will need to use a template that has SSH Key Gen Scripts in it. Only then you will be able to ssh into the instance using ssh key. -Thanks Sangeetha -Original Message- From: Gaurav Aradhye [mailto:gaurav.arad...@clogeny.com] Sent: Thursday, September 12, 2013 5:00 AM To: dev@cloudstack.apache.org Subject: Creating an instance with ssh key pair Hello all, If I create an instance providing ssh key pair while creation, and using a normal template from the cloudstack setup, then will the SSH to vm using the keyPairFlieLocation always work? Or the template which I am using for creating the instance has to be supporting SSH keys? as explained in 5.2.1 section at http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Installation_Guide/using-sshkeys.html In short, Is the SSH using keyPairFileLocation - template dependent or will it always work if I provide ssh key pair while creating instance and use normal template? Regards, Gaurav
Re: Q's about UserAuthenticators and getName()
On 09/13/2013 03:48 AM, Abhinandan Prateek wrote: The code already has the name set to ³LDAP² in 4.2. What branch are you on ? Will also prefer if we can use getClass().getSimpleName() to get the classname, but we should check the possibility of the adapter classnames getting enhanced by underlying framework. I'm on master but that doesn't matter, its actually broke in 4.2 also. I originally stated that the DefaultUserAuthenticator masks _name in ComponentLifecycleBase so even though the XML is setting the property to LDAP it doesn't work. That was sort of my original question, why was it done like that? I can clean up all the authenticators and submit a patch if we want. Darren
Re: createVPCOffering (Was:RE: Marvin tests for VPC - why create VPC offering?)
On 9/12/13 11:39 PM, Sowmya Krishnan sowmya.krish...@citrix.com wrote: But we don't have an option to choose service providers with createVPCOffering. It's always VPC VR for all services. If let's say, I want to create a VPC Offering with LB as Netscaler and say, the following services only: DNS, DHCP and SourceNat - it isn¹t possible from the API.. However this mapping *is* being done internally as can be seen from vpc_offering_service_map table. So providing flexibility to create a VPC with chosen set to services but without the ability to choose providers is confusing and perhaps limiting in a way? Sounds like an api bug to me. We should allow having NS and internal LB as a provider. Please file it. On the other hand, I am wondering what is the use case for exposing createVPCOffering at all? Can we not stick to the default offerings of VPC already provided? The original intent for introducing VPC offering was - push all the services/providers from network offerings of the tiers to the VPC offering, and make it serve the services for VPC just like network offering does for network. Due to lack of time, it was easier back then to proxy services for VPC tiers via network offering of the tier using existing implementation of NetworkAsAService. In the future all services/providers should be defined on the VPC level instead of network level. By then, createVPCOffering functionality shouldn't be exposed in the UI. -Original Message- From: Alena Prokharchyk Sent: Thursday, September 12, 2013 10:54 PM To: dev@cloudstack.apache.org; Sowmya Krishnan Cc: Venkata SwamyBabu Budumuru Subject: Re: Marvin tests for VPC - why create VPC offering? On 9/12/13 10:12 AM, Rajesh Battala rajesh.batt...@citrix.com wrote: My observations are 1. VPC offering is to tell what are all the services can be available if you create tiers in the vpc. Correct 2. There should be some default providers for each service.(but currently its only VpcVR). Or set of providers for each service it can provider. When vpc_network_offering is created, when this network is getting implemented inside this vpc and those services/service providers are validated against what are the services/providers can be provided. Only VPC VR/NS/Internal LB vm are supported as VPC providers I feel while creating VPC_Offering flexibility should be provided at VPC level such that what are the services provided and possible service providers. But currently there only only 3 possible providers one is VPcVR and Netscaler(only for External LB) and internalLB Provider. As there are fixed set of providers and the possible combination of VPC services offerings are created by default we should be using them to create a VPC. If user wants to create a new VPC offering it will become a copy of the existing VPC offering because possible VPC offerings are created by VPCManager. Only Admin can create a VPC offering. And this offering doesn't become a copy. Thanks Rajesh Battala -Original Message- From: Sowmya Krishnan Sent: Thursday, September 12, 2013 8:13 PM To: dev@cloudstack.apache.org Cc: Rajesh Battala; Venkata SwamyBabu Budumuru Subject: RE: Marvin tests for VPC - why create VPC offering? -Original Message- From: Prasanna Santhanam [mailto:t...@apache.org] Sent: Thursday, September 12, 2013 11:55 AM To: dev@cloudstack.apache.org Cc: Rajesh Battala; Venkata SwamyBabu Budumuru Subject: Re: Marvin tests for VPC - why create VPC offering? See inline, there seems to be a bug in the design. On Thu, Sep 12, 2013 at 05:53:45AM +, Sowmya Krishnan wrote: -Original Message- From: Prasanna Santhanam [mailto:t...@apache.org] Sent: Thursday, September 12, 2013 11:07 AM To: dev@cloudstack.apache.org Subject: Re: Marvin tests for VPC - why create VPC offering? On Thu, Sep 12, 2013 at 05:15:16AM +, Sowmya Krishnan wrote: I find for most of the VPC tests we create a new VPC Offering which provides almost the same set of services as the Default VPC Offering already available by default. We also have a separate function to create this offering, enabling it and then create a VPC using this offering. I wonder why do we have to create vpc offerings for each test suite. Also, we don't expose create VPC offering in the UI. We do have an API for that, but I think we should just stick to the default ones available and then create network offerings as required for the test. Personally, I don't see the harm in that since any offering is lightweight. I prefer every test create it's own set of resources from scratch if possible. Today we don't track the trail of resources that are created by a test but we will do that. That should help with cleanup and audit. Do you see a problem though? I feel It's just redundant. API is anyway tested as
RE: run cloustack have a exeception
This is a known error on windows. CloudStack tries to generate a key store but on windows, it is not possible. For windows, before launching CloudStack, I always have to manually change the developer to false in order to have it run. You'll still see this error but it would be meaningless. UPDATE cloud.configuration set value='false' where name='developer'; If you forgot to do that and started cloudstack, you have to reset the database. --Alex -Original Message- From: 黑洞 [mailto:heids...@sina.com] Sent: Thursday, September 12, 2013 11:18 PM To: dev Subject: run cloustack have a exeception INFO [utils.component.ComponentContext] (Timer-2:) Configuring com.cloud.server.ConfigurationServerImpl_EnhancerByCloudStack_e2a1f0b 0 INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Processing updateSSLKeyStore INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) SSL keystore located at D:\clouddevelop\cloudstack-repo- debug\cloudstack\client\target\cloud-client-ui-4.2.0-SNAPSHOT\WEB- INF\classes/cloud.keystore WARN [utils.script.Script] (Timer-2:) Exception: sudo keytool -genkey - keystore D:\clouddevelop\cloudstack-repo- debug\cloudstack\client\target\cloud-client-ui-4.2.0-SNAPSHOT\WEB- INF\classes/cloud.keystore -storepass vmops.com -keypass vmops.com - keyalg RSA -validity 3650 -dname cn=Cloudstack User,ou=TYX- 020,o=TYX-020,c=Unknown java.io.IOException: Cannot run program sudo: CreateProcess error=2, ? at java.lang.ProcessBuilder.start(ProcessBuilder.java:460) at com.cloud.utils.script.Script.execute(Script.java:183) at com.cloud.utils.script.Script.execute(Script.java:161) at com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(Config urationServerImpl.java:487) at com.cloud.server.ConfigurationServerImpl.updateSSLKeystore(Configuratio nServerImpl.java:510) at com.cloud.server.ConfigurationServerImpl.persistDefaultValues(Configurati onServerImpl.java:272) at com.cloud.utils.component.ComponentInstantiationPostProcessor$Intercep torDispatcher.intercept(ComponentInstantiationPostProcessor.java:125) at com.cloud.server.ConfigurationServerImpl.configure(ConfigurationServerIm pl.java:148) at com.cloud.utils.component.ComponentContext.initComponentsLifeCycle(Co mponentContext.java:111) at com.cloud.servlet.CloudStartupServlet$1.run(CloudStartupServlet.java:50) at java.util.TimerThread.mainLoop(Timer.java:512) at java.util.TimerThread.run(Timer.java:462) Caused by: java.io.IOException: CreateProcess error=2, ? at java.lang.ProcessImpl.create(Native Method) at java.lang.ProcessImpl.init(ProcessImpl.java:81) at java.lang.ProcessImpl.start(ProcessImpl.java:30) at java.lang.ProcessBuilder.start(ProcessBuilder.java:453) ... 15 more 云计算基础架构师 Github:https://github.com/heidsoftWeibo: http://weibo.com/liuganbin 研究方向:云计算(云安全)、大数据(数据处理分析) 主要学习: Linux / C / C++ / JAVA Email:heids...@sina.com Tell:18601706743 某云计算公司 Jake.liu@heidsoft黑洞 云计算系统架构师 840608792 heidso...@gmail.com weibo.com/liuganbin 上海 徐汇区 名片二维码
test - please ignore
Problems replying to this newsgroup... testing that I can post :(
Re: run cloustack have a exeception
hey don't use fullsandbox mode in devcloud2, its recommended to use devcloud as only host(hypervisor) switching to this might solve your problem . regards, punith s On Fri, Sep 13, 2013 at 11:48 AM, 黑洞 heids...@sina.com wrote: INFO [utils.component.ComponentContext] (Timer-2:) Configuring com.cloud.server.ConfigurationServerImpl_EnhancerByCloudStack_e2a1f0b0 INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Processing updateSSLKeyStore INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) SSL keystore located at D:\clouddevelop\cloudstack-repo-debug\cloudstack\client\target\cloud-client-ui-4.2.0-SNAPSHOT\WEB-INF\classes/cloud.keystore WARN [utils.script.Script] (Timer-2:) Exception: sudo keytool -genkey -keystore D:\clouddevelop\cloudstack-repo-debug\cloudstack\client\target\cloud-client-ui-4.2.0-SNAPSHOT\WEB-INF\classes/cloud.keystore -storepass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn=Cloudstack User,ou=TYX-020,o=TYX-020,c=Unknown java.io.IOException: Cannot run program sudo: CreateProcess error=2, ? at java.lang.ProcessBuilder.start(ProcessBuilder.java:460) at com.cloud.utils.script.Script.execute(Script.java:183) at com.cloud.utils.script.Script.execute(Script.java:161) at com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(ConfigurationServerImpl.java:487) at com.cloud.server.ConfigurationServerImpl.updateSSLKeystore(ConfigurationServerImpl.java:510) at com.cloud.server.ConfigurationServerImpl.persistDefaultValues(ConfigurationServerImpl.java:272) at com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:125) at com.cloud.server.ConfigurationServerImpl.configure(ConfigurationServerImpl.java:148) at com.cloud.utils.component.ComponentContext.initComponentsLifeCycle(ComponentContext.java:111) at com.cloud.servlet.CloudStartupServlet$1.run(CloudStartupServlet.java:50) at java.util.TimerThread.mainLoop(Timer.java:512) at java.util.TimerThread.run(Timer.java:462) Caused by: java.io.IOException: CreateProcess error=2, ? at java.lang.ProcessImpl.create(Native Method) at java.lang.ProcessImpl.init(ProcessImpl.java:81) at java.lang.ProcessImpl.start(ProcessImpl.java:30) at java.lang.ProcessBuilder.start(ProcessBuilder.java:453) ... 15 more 云计算基础架构师 Github:https://github.com/heidsoftWeibo: http://weibo.com/liuganbin 研究方向:云计算(云安全)、大数据(数据处理分析) 主要学习: Linux / C / C++ / JAVA Email:heids...@sina.com Tell:18601706743 某云计算公司 Jake.liu@heidsoft黑洞 云计算系统架构师 840608792 heidso...@gmail.com weibo.com/liuganbin 上海 徐汇区 名片二维码
[Proposal] Userdata Support for Hyper-V with KVP Data Exchange
IIRC, OpenStack puts userdata for Hyper-V guest VMs on a separate volume. The guest can mount the volume and extract the data. However, I suggest we use Hyper-V's KVP Data Exchange mechanism instead. Doing so keeps volume management and passing userdata cleanly separated. Feature Spec at https://cwiki.apache.org/confluence/display/CLOUDSTACK/Userdata+Support+for+Hyper-V+with+KVP+Data+Exchange
RE: what wrong? start cloudstack
Are you still getting this error? This is because niciria plugin was not compile somehow. How did you compile your cloudstack? --Alex -Original Message- From: 黑洞 [mailto:heids...@sina.com] Sent: Thursday, September 12, 2013 10:48 PM To: dev Subject: what wrong? start cloudstack when I execut mvn -pl :cloud-client-ui jetty:run hava follow exception: ERROR [web.context.ContextLoader] (main:) Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'niciraNvpDaoImpl' defined in class path resource [componentContext.xml]: BeanPostProcessor before instantiation of bean failed; nested exception is net.sf.cglib.core.CodeGenerationException: java.lang.reflect.InvocationTargetException--null at org.springframework.beans.factory.support.AbstractAutowireCapableBeanF actory.createBean(AbstractAutowireCapableBeanFactory.java:452) at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObje ct(AbstractBeanFactory.java:294) at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.g etSingleton(DefaultSingletonBeanRegistry.java:225) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBea n(AbstractBeanFactory.java:291) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(A bstractBeanFactory.java:193) at org.springframework.beans.factory.support.DefaultListableBeanFactory.preI nstantiateSingletons(DefaultListableBeanFactory.java:609) at org.springframework.context.support.AbstractApplicationContext.finishBea nFactoryInitialization(AbstractApplicationContext.java:918) at org.springframework.context.support.AbstractApplicationContext.refresh(A bstractApplicationContext.java:469) at org.springframework.web.context.ContextLoader.configureAndRefreshWeb ApplicationContext(ContextLoader.java:383) at org.springframework.web.context.ContextLoader.initWebApplicationContex t(ContextLoader.java:283) at org.springframework.web.context.ContextLoaderListener.contextInitialized( ContextLoaderListener.java:111) at org.mortbay.jetty.handler.ContextHandler.startContext(ContextHandler.jav a:549) what Wrong? Thanks 云计算基础架构师 Github:https://github.com/heidsoftWeibo: http://weibo.com/liuganbin 研究方向:云计算(云安全)、大数据(数据处理分析) 主要学习: Linux / C / C++ / JAVA Email:heids...@sina.com Tell:18601706743 某云计算公司 Jake.liu@heidsoft黑洞 云计算系统架构师 840608792 heidso...@gmail.com weibo.com/liuganbin 上海 徐汇区 名片二维码 - 原始邮件 - 发件人:Mike Tutkowski mike.tutkow...@solidfire.com 收件人:dev@cloudstack.apache.org dev@cloudstack.apache.org 抄送人:Amit Das amit@cloudbyte.com 主题:Re: Which DevCloud2 Usage Mode is good for Development and Debugging 日期:2013年09月13日 07点33分
Re: Q's about UserAuthenticators and getName()
Great. Applied it. You can mark it as submitted. On 13 September 2013 16:10, Darren Shepherd darren.s.sheph...@gmail.comwrote: On 09/12/2013 10:56 PM, Ian Duffy wrote: So my problem is that LDAP currently has a null name on getName(). So which should I do? Add Go ahead and add it. I missed that override in error. Okay I created https://reviews.apache.org/r/**14126/https://reviews.apache.org/r/14126/ Darren
Re: [Proposal] Userdata Support for Hyper-V with KVP Data Exchange
On 09/13/2013 08:51 AM, Donal Lafferty wrote: IIRC, OpenStack puts userdata for Hyper-V guest VMs on a separate volume. The guest can mount the volume and extract the data. However, I suggest we use Hyper-V's KVP Data Exchange mechanism instead. Doing so keeps volume management and passing userdata cleanly separated. Feature Spec at https://cwiki.apache.org/confluence/display/CLOUDSTACK/Userdata+Support+for+Hyper-V+with+KVP+Data+Exchange Why does Hyper-V need something specific? Is userdata really hypervisor specific? I though we just put the userdata on the VR? Darren
Review Request 14126: Return name for getName() on LdapAuthenticator
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/14126/ --- Review request for cloudstack and Donal Lafferty. Repository: cloudstack-git Description --- Currently getName() returns null, this patch just follows the style of the other authenticators in how they set and return their name. Diffs - plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapAuthenticator.java 559a979 Diff: https://reviews.apache.org/r/14126/diff/ Testing --- Thanks, Darren Shepherd
Re: Review Request 14126: Return name for getName() on LdapAuthenticator
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/14126/#review26081 --- Ship it! Ship It! - Ian Duffy On Sept. 13, 2013, 3:06 p.m., Darren Shepherd wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/14126/ --- (Updated Sept. 13, 2013, 3:06 p.m.) Review request for cloudstack and Donal Lafferty. Repository: cloudstack-git Description --- Currently getName() returns null, this patch just follows the style of the other authenticators in how they set and return their name. Diffs - plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapAuthenticator.java 559a979 Diff: https://reviews.apache.org/r/14126/diff/ Testing --- Thanks, Darren Shepherd
RE: [Proposal] Userdata Support for Hyper-V with KVP Data Exchange
Hi Darren, To bring up the system vm's on the hyperv host we need to pass the boot args from host to the systemvm's. To pass the data from hyperv host to systemvm guest we need this method. Thanks Rajesh Battala -Original Message- From: Darren Shepherd [mailto:darren.s.sheph...@gmail.com] Sent: Friday, September 13, 2013 10:10 PM To: dev@cloudstack.apache.org Subject: Re: [Proposal] Userdata Support for Hyper-V with KVP Data Exchange On 09/13/2013 08:51 AM, Donal Lafferty wrote: IIRC, OpenStack puts userdata for Hyper-V guest VMs on a separate volume. The guest can mount the volume and extract the data. However, I suggest we use Hyper-V's KVP Data Exchange mechanism instead. Doing so keeps volume management and passing userdata cleanly separated. Feature Spec at https://cwiki.apache.org/confluence/display/CLOUDSTACK/Userdata+Suppor t+for+Hyper-V+with+KVP+Data+Exchange Why does Hyper-V need something specific? Is userdata really hypervisor specific? I though we just put the userdata on the VR? Darren
Re: Problem with cloud.storage_pool's used_bytes
Thanks, Wei I assume this is also present in 4.2? If not, it seems like a serious problem. On Fri, Sep 13, 2013 at 12:45 AM, Wei ZHOU ustcweiz...@gmail.com wrote: sorry, the url is https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=commit;h=5c141a46fc3f684fd633d8b1b18f708bcff4 2013/9/13 Wei ZHOU ustcweiz...@gmail.com Mike, it is already fixed in master and 4.2-forward branch. https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=commit;h=7bff499bd3625f8a75a1c93cb9e3e2c90955df5e 2013/9/13 Mike Tutkowski mike.tutkow...@solidfire.com Hi, I just set up a single zone with one KVM host using master. My CPVM and SSVM are up and running nicely. When I look at the storage_pool table, however, I'm concerned with what I see for the used_bytes field: 18,218,356,736 (below). This seems way too large (almost consuming all of the local space on my KVM host). I wonder if this isn't instead available_bytes. I believe available_bytes was changed to used_bytes in 4.2 and it looks like this may not be working properly in this scenario. Thoughts? Thanks! 1 ubuntu Local Storage a4f6428e-8cfd-41f8-b755-b177ad0315f3 Filesystem 0 1 1 1 18218356736 20332810240 192.168.233.10 /var/lib/libvirt/images 2013-09-13 00:47:39 Up DefaultPrimary HOST 0 -- *Mike Tutkowski* *Senior CloudStack Developer, SolidFire Inc.* e: mike.tutkow...@solidfire.com o: 303.746.7302 Advancing the way the world uses the cloudhttp://solidfire.com/solution/overview/?video=play *™* -- *Mike Tutkowski* *Senior CloudStack Developer, SolidFire Inc.* e: mike.tutkow...@solidfire.com o: 303.746.7302 Advancing the way the world uses the cloudhttp://solidfire.com/solution/overview/?video=play *™*
Re: [Proposal] Userdata Support for Hyper-V with KVP Data Exchange
On 09/13/2013 10:25 AM, Rajesh Battala wrote: To bring up the system vm's on the hyperv host we need to pass the boot args from host to the systemvm's. To pass the data from hyperv host to systemvm guest we need this method. Oh maybe I'm getting terminology mixed up. When you say userdata I think of the userdata a user can set on VM deploy. What you are talking about is boot args, right? Like in the systemvm on xenserver they show up in /proc/cmdline. So which are we talking about? Darren
Re: Creating an instance with ssh key pair
SSH script pulls only the ssh public key that is associated with the vm instance. There is an API to reset the SSH key pair associated to the VM. This is will associate new ssh key pair to the vm and on reboot of vm this ssh script gets the new ssh public key into the VM. If you can modify the ssh script in the vm to append the new ssh public key to the authorised_keys file we can use both old and new ssh key pair. -Harikrishna On 12-Sep-2013, at 9:35 PM, Travis Graham tgra...@tgraham.us wrote: Will this only pull down one key pair or can it pull down many? We have a need to pull in our keys as well as all of our customers keys. If the script can only pull down one, we can make it work, but would be nice to pull down all keys from the project an instance is associated with. Travis On Sep 12, 2013, at 11:55 AM, Sangeetha Hariharan sangeetha.hariha...@citrix.com wrote: To deploy Vm using ssh key pairs you will need to use a template that has SSH Key Gen Scripts in it. Only then you will be able to ssh into the instance using ssh key. -Thanks Sangeetha -Original Message- From: Gaurav Aradhye [mailto:gaurav.arad...@clogeny.com] Sent: Thursday, September 12, 2013 5:00 AM To: dev@cloudstack.apache.org Subject: Creating an instance with ssh key pair Hello all, If I create an instance providing ssh key pair while creation, and using a normal template from the cloudstack setup, then will the SSH to vm using the keyPairFlieLocation always work? Or the template which I am using for creating the instance has to be supporting SSH keys? as explained in 5.2.1 section at http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Installation_Guide/using-sshkeys.html In short, Is the SSH using keyPairFileLocation - template dependent or will it always work if I provide ssh key pair while creating instance and use normal template? Regards, Gaurav
RE: win7+cygwin+cloudstack having a problem
Build problem? Let me explain: Bean definitions cross reference .class files, e.g. Administrator@cc-svr10 ~/github/cifs $ grep -R iciraNvpDaoImpl * --include=*.xml.in cloudstack/client/tomcatconf/componentContext.xml.in: bean id=niciraNvpDaoImpl class=com.cloud.network.dao.NiciraNvpDaoImpl / cloudstack/client/tomcatconf/nonossComponentContext.xml.in: bean id=niciraNvpDaoImpl class=com.cloud.network.dao.NiciraNvpDaoImpl / Notice I’m using .xml.in above. The build copies these files and changes their extension to .xml Next, check that the bean’s class has been deployed to the folder that Jetty will use, e.g. Administrator@cc-svr10 ~/github/cifs $ grep -R iciraNvpDaoImpl\.class * Binary file cloudstack/client/target/cloud-client-ui-4.3.0-SNAPSHOT/WEB-INF/lib/cloud-plugin-network-nvp-4.3.0-SNAPSHOT.jar matches Binary file cloudstack/client/target/cloud-client-ui-4.3.0-SNAPSHOT.war matches Binary file cloudstack/plugins/network-elements/nicira-nvp/target/cloud-plugin-network-nvp-4.3.0-SNAPSHOT.jar matches If you don’t see any matches, then the command you used to build may be for an older version of CloudStack. :( This happens whenever we improve the build, because build updates are not backwards compatible. If you are using the Windows Development instructions https://cwiki.apache.org/confluence/display/CLOUDSTACK/Setting+up+a+CloudStack+dev+environment+on+Windows , take a look at the update just I made to “Step 13) Build”. If you have similar problems in the future, take a look at the most up to date build instructions, which are at https://cwiki.apache.org/confluence/display/CLOUDSTACK/How+to+build+CloudStack DL From: 黑洞 [mailto:heids...@sina.com] Sent: 13 September 2013 02:38 To: dev Subject: win7+cygwin+cloudstack having a problem I am according to the github cloudstack source code for INSTANL.md 1、cygwin is goode 2、database is goode 3、mvn -pl :cloud-client-ui jetty:run exception detail: lassPostProcessor$ImportAwareBeanPostProcessor#0]; root of factory hierarchy ERROR [web.context.ContextLoader] (main:) Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'niciraNvpDaoImpl' defined in class path resource [componentContext.xml]: BeanPostProcessor before instantiation of bean failed; nested exception is net.sf.cglib.core.CodeGenerationException: java.lang.reflect.InvocationTargetException--null at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:452) at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294) at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193) at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:609) at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:918) what wrong? Thanks 云计算基础架构师 Github:https://github.com/heidsoft Weibo: http://weibo.com/liuganbin 研究方向:云计算(云安全)、大数据(数据处理分析) 主要学习: Linux / C / C++ / JAVA /Python Email:heids...@sina.com Tell:18601706743
Re: www.cloudstack.org not resolving
Hi Guys, Those nameservers are GoDaddy's, have we moved away from them? They are responding with SERVFAIL for any cloudstack.org lookup. Marty On Fri, Sep 13, 2013 at 6:02 PM, Tracy Phillips tracp...@mantoso.comwrote: Matt, Probably the contact listed in the whois Domain ID:D150572512-LROR Domain Name:CLOUDSTACK.ORG Created On:07-Jan-2008 15:12:00 UTC Last Updated On:12-Sep-2013 11:24:54 UTC Expiration Date:07-Jan-2018 15:12:00 UTC Sponsoring Registrar:Domain.com, LLC (R1915-LROR) Status:TRANSFER PROHIBITED Status:TRANSFERPERIOD Registrant ID:tu7wMGD9wRRhInik Registrant Name:Sheng Liang Registrant Street1:PO Box 1644 Registrant Street2: Registrant Street3: Registrant City:Mountain View Registrant State/Province:California Registrant Postal Code:94042 Registrant Country:US Registrant Phone:+1.6503945612 Registrant Phone Ext.: Registrant FAX: Registrant FAX Ext.: Registrant Email:shengli...@gmail.com Admin ID:tuwTxVMRjkR6lNM7 Admin Name:Sheng Liang Admin Street1:PO Box 1644 Admin Street2: Admin Street3: Admin City:Mountain View Admin State/Province:California Admin Postal Code:94042 Admin Country:US Admin Phone:+1.6503945612 Admin Phone Ext.: Admin FAX: Admin FAX Ext.: Admin Email:shengli...@gmail.com Tech ID:tuvYURg6jpeMiajb Tech Name:Sheng Liang Tech Street1:PO Box 1644 Tech Street2: Tech Street3: Tech City:Mountain View Tech State/Province:California Tech Postal Code:94042 Tech Country:US Tech Phone:+1.6503945612 Tech Phone Ext.: Tech FAX: Tech FAX Ext.: Tech Email:shengli...@gmail.com Name Server:NS71.DOMAINCONTROL.COM Name Server:NS72.DOMAINCONTROL.COM On Fri, Sep 13, 2013 at 10:04 AM, Mathias Mullins mathias.mull...@citrix.com wrote: David, Who do we need to reach out too? We are in day 3 of outage now? Matt On 9/11/13 9:58 PM, David Nalley da...@gnsa.us wrote: The ASF has taken charge of the domains, but I suspect DNS is lagging a bit. --David On Wed, Sep 11, 2013 at 9:03 PM, Mathias Mullins mathias.mull...@citrix.com wrote: Cloudstack.org isn't resolving. Cloudstack.apache.org is up and running. Do we need to get a hold of infrastructure? Matt Mullins Cloud Platforms Implementation Engineer Worldwide Cloud Services Citrix System, Inc. +1 (407) 920-1107 Office/Cell Phone matt.mull...@citrix.commailto:matt.mull...@citrix.com
Re: Review Request 13559: Automation: Portable IP test cases
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/13559/ --- (Updated Sept. 13, 2013, 4:12 p.m.) Review request for cloudstack, Murali Reddy, venkata swamy babu budumuru, and Prasanna Santhanam. Changes --- Last patch couldn't apply. Putting new patch as requested. Repository: cloudstack-git Description --- Adding new test cases for feature Portable IP Diffs (updated) - test/integration/component/test_portable_ip.py PRE-CREATION tools/marvin/marvin/integration/lib/base.py 3016ee4 tools/marvin/marvin/integration/lib/common.py 7e8d92d Diff: https://reviews.apache.org/r/13559/diff/ Testing --- Thanks, Gaurav Aradhye
Re: Security Groups
By default XenServer (6.x) disables iptable/arptable checking over bridges in /etc/sysctl.conf - you'll need to ensure those are enabled. net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-arptables = 1 On 13/09/2013 04:55, Jijun jiju...@gmail.com wrote: hi , i encounter the same problem, as i know, XenServer 6.2 need not the CSP. but the ingress not be blocked by default. i can ping all the Vms in that security group. i don't know why? Thanks. On 09/13/2013 02:02 AM, Michael Phillips wrote: So that is definitely going to be the issue. I missed that in the 8.2.7 section of the install guide. From: sangeetha.hariha...@citrix.com To: dev@cloudstack.apache.org Subject: RE: Security Groups Date: Thu, 12 Sep 2013 17:19:16 + If you are using Xenserver hosts , can you make sure you have the CSP packages installed? -Thanks Sangeetha -Original Message- From: Michael Phillips [mailto:mphilli7...@hotmail.com] Sent: Thursday, September 12, 2013 9:33 AM To: dev@cloudstack.apache.org Subject: Security Groups I posed this question in the user list, but I figured I would throw it out here as well...So If I have created a zone with the DefaultSharedNetworkOfferingWithSGService network offering, then created a VM using the default security group, which has 0 ingress rules, I should NOT be able to do things like PING that VM correct? The answer to the above question was answered correct...My next question is, in that case what are some things I could look at to see why it's not behaving as expected. -- Thanks, Jijun Information in this email including any attachments may be privileged, confidential and is intended exclusively for the addressee. The views expressed may not be official policy, but the personal views of the originator. If you have received it in error, please notify the sender by return e-mail and delete it from your system. You should not reproduce, distribute, store, retransmit, use or disclose its contents to anyone. Please note we reserve the right to monitor all e-mail communication through our internal and external networks. SKY and the SKY marks are trademarks of British Sky Broadcasting Group plc and Sky International AG and are used under licence. British Sky Broadcasting Limited (Registration No. 2906991), Sky-In-Home Service Limited (Registration No. 2067075) and Sky Subscribers Services Limited (Registration No. 2340150) are direct or indirect subsidiaries of British Sky Broadcasting Group plc (Registration No. 2247735). All of the companies mentioned in this paragraph are incorporated in England and Wales and share the same registered office at Grant Way, Isleworth, Middlesex TW7 5QD.
Re: Review Request 13559: Automation: Portable IP test cases
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/13559/ --- (Updated Sept. 13, 2013, 4:52 p.m.) Review request for cloudstack, Murali Reddy, venkata swamy babu budumuru, and Prasanna Santhanam. Changes --- Patch against 4.2-forward. Repository: cloudstack-git Description --- Adding new test cases for feature Portable IP Diffs (updated) - test/integration/component/test_portable_ip.py PRE-CREATION tools/marvin/marvin/integration/lib/base.py fa4cc82 tools/marvin/marvin/integration/lib/common.py 6ffe951 Diff: https://reviews.apache.org/r/13559/diff/ Testing --- Thanks, Gaurav Aradhye
Re: Q's about UserAuthenticators and getName()
The code already has the name set to ³LDAP² in 4.2. What branch are you on
?
Will also prefer if we can use getClass().getSimpleName() to get the
classname, but we should check the possibility of the adapter classnames
getting enhanced by underlying framework.
On 13/09/13 4:41 am, Darren Shepherd darren.s.sheph...@gmail.com wrote:
DefaultUserAuthenticator masks the _name variable in
ComponentLifecycleBase effectively making it so that no
UserAuthenticator gets the default name of getClass().getSimpleName().
Then each authenticator, except LDAP, does something like
if (name == null) {
name = MD5;
}
So instead of the default MD5UserAuthenticator it comes up with MD5 as
its name.
So my problem is that LDAP currently has a null name on getName(). So
which should I do? Add
if (name == null) {
name = LDAP;
}
Or remove the masked variable in DefaultUserAuthenticator such that all
authenticators names will become the classname. I just need it to be
consistent for what I'm doing at the moment. I'd personally prefer that
they all just get the default name of getSimpleName(). But I don't know
if there was some reason it was done this way.
Darren
Re: Build server was down?
Hi, This is due to DNS issues with cloudstack.org. We will continue to discuss this matter in the subject 'www.cloudstack.org not resolving'. Thanks, Marty On Fri, Sep 13, 2013 at 6:03 PM, Chip Childers chip.child...@sungard.comwrote: Use Jenkins.buildacloud.org Sent from my iPhone On Sep 13, 2013, at 12:08 PM, Gavin Lee gavin@gmail.com wrote: Seems http://jenkins.cloudstack.org/ could not be accessed all day. Will someone look on this? -- Gavin
Re: Which DevCloud2 Usage Mode is good for Development and Debugging ????
Yeah, remote debugging in Eclipse - whether the process I connect to is in a different VM, same VM, or on a different physical machine - usually works. Not sure what was going on yesterday and I haven't tried it yet today. On Fri, Sep 13, 2013 at 4:32 AM, Punith s punit...@cloudbyte.com wrote: hi guys , thanks a lot for the info , you guys are right , now i'm using #*3.host only mode *in devcloud2 , and i'm able to debug the MS from eclipse seamlessly in my localhost. and mike if you have such problems then you can try *full sandbox mode *in devcloud2 and connect to it remotely from eclipse by giving the ip of the MS (192.168.56.10) , but again it's pretty uncomfortable having everything inside devcloud but anyway its good to try new ways if things work , like how i switched from fullsandbox to host only mode. thanks again regards, punith s cloudbyte On Fri, Sep 13, 2013 at 5:03 AM, Mike Tutkowski mike.tutkow...@solidfire.com wrote: Here is a relevant link: https://cwiki.apache.org/CLOUDSTACK/using-eclipse-with-cloudstack.html The part at the bottom: Remote Debugging You can use Eclipse to attach to the Management Server and debug CloudStack. You setup a Remote Debug Session (Run Debug Configuration), connect to Port 8787. Typically you would use the project you want to debug as the target and include other projects that you need to debug, e.g. cloud-agent, cloud-api, cloud-core and cloud-server. ** Currently I am having trouble in 4.3 with remote debugging. I'm not sure why. I have my Remote Java Application configured and running. It connects to the CloudStack Management Server. I set a breakpoint and execute some logic on the front end that should hit this breakpoint on the back end, but it doesn't break. On Thu, Sep 12, 2013 at 12:41 PM, Mike Tutkowski mike.tutkow...@solidfire.com wrote: I should have been a bit more specific. Once you do what I wrote in my previous e-mail, then run your management server. Then run your Remote Java Application and set breakpoints. On Thu, Sep 12, 2013 at 12:27 PM, Mike Tutkowski mike.tutkow...@solidfire.com wrote: If you want to debug remotely, run the CloudStack Management Server with an environment variable such as the following: MAVEN_OPTS=-XX:MaxPermSize=512m -Xmx1024m -Xdebug -Xrunjdwp:transport=dt_socket,address=8787,server=y,suspend=n Then in Eclipse, go to Debug Configurations and create a new Remote Java Application. Browse and select cloud-server for the Project field. Enter you IP address for the Host field. Assuming you used 8787 in MAVEN_OPTS, use 8787 for the Port field. You may now run your management server and set breakpoints as need be. On Thu, Sep 12, 2013 at 12:19 PM, Mike Tutkowski mike.tutkow...@solidfire.com wrote: I prefer #3, as well. On Thu, Sep 12, 2013 at 10:09 AM, Chiradeep Vittal chiradeep.vit...@citrix.com wrote: #3 works best, I think On 9/12/13 2:19 AM, Punith s punit...@cloudbyte.com wrote: hi folks, i'm using Devcloud2 to build cloudstack 4.2 , currently i'm using *full sandbox mode* , devcloud allows following modes , *1.full sandbox mode - *build and deploy inside devcloud *2.deployment mode - *build code in localhost and deploying in devcloud *3.host only mode - *using devcloud only as host which mode do you think its feasible for development and interactive debugging ? can you elaborate more on setting up remote debugging in Devcloud2 (fullsandbox mode) using eclipse ?? thanks, punith s -- *Mike Tutkowski* *Senior CloudStack Developer, SolidFire Inc.* e: mike.tutkow...@solidfire.com o: 303.746.7302 Advancing the way the world uses the cloud http://solidfire.com/solution/overview/?video=play *™* -- *Mike Tutkowski* *Senior CloudStack Developer, SolidFire Inc.* e: mike.tutkow...@solidfire.com o: 303.746.7302 Advancing the way the world uses the cloud http://solidfire.com/solution/overview/?video=play *™* -- *Mike Tutkowski* *Senior CloudStack Developer, SolidFire Inc.* e: mike.tutkow...@solidfire.com o: 303.746.7302 Advancing the way the world uses the cloud http://solidfire.com/solution/overview/?video=play *™* -- *Mike Tutkowski* *Senior CloudStack Developer, SolidFire Inc.* e: mike.tutkow...@solidfire.com o: 303.746.7302 Advancing the way the world uses the cloudhttp://solidfire.com/solution/overview/?video=play *™* -- *Mike Tutkowski* *Senior CloudStack Developer, SolidFire Inc.* e: mike.tutkow...@solidfire.com o: 303.746.7302 Advancing the way the world uses the cloudhttp://solidfire.com/solution/overview/?video=play *™*
Re: Review Request 14084: Updates to @ActionEvent to be compatible with Spring AOP
On Sept. 13, 2013, 6:17 p.m., Kelven Yang wrote: Was this actually committed? - Darren --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/14084/#review26086 --- On Sept. 11, 2013, 5:07 p.m., Darren Shepherd wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/14084/ --- (Updated Sept. 11, 2013, 5:07 p.m.) Review request for cloudstack, Kelven Yang and Kishan Kavala. Repository: cloudstack-git Description --- Two fields were added to CallContext to allow call to dynamically change the event type and description. Additionally a @ActionEvents annotation was added to allow a method to specify multiple events Spring AOP will not intercept calls to this so @ActionEvent needs to be put on public methods that are externally invoked Annotations that needed to be changed were identified by doing byte code analysis using objectweb asm. Code for that is at https://github.com/ibuildthecloud/cloudstack-findbadactionevents and there are instructions to run it there. Diffs - api/src/com/cloud/event/ActionEvents.java PRE-CREATION api/src/org/apache/cloudstack/context/CallContext.java e3c1bf2a7b97573cdeb4f530d0afe74cb7e3e834 engine/components-api/src/com/cloud/configuration/ConfigurationManager.java 6e76b6ffb91c200127589831893d9d79970aafdb engine/components-api/src/com/cloud/network/rules/FirewallManager.java fa12cd804a67138740f9d9042709938871dc8629 server/src/com/cloud/configuration/ConfigurationManagerImpl.java fb727a1705487416b7069fc2aca5086fd726e700 server/src/com/cloud/event/ActionEventInterceptor.java ba7e270af90f7bc191b570a7cc131319f446e2f6 server/src/com/cloud/event/ActionEventUtils.java 60f5633fc3c53dac960247308de12b60b492de59 server/src/com/cloud/network/firewall/FirewallManagerImpl.java cd83c4e52f85adc9c9d9c7997c28838f2c15b323 server/src/com/cloud/server/ManagementServerImpl.java a3efd2129ce082023d79e55872e8134d1b6bd85c server/src/com/cloud/user/AccountManagerImpl.java 0602514fcf429b09a62edf65f4b0dc0e87d80b94 server/src/com/cloud/vm/UserVmManagerImpl.java c3a718ac55be05f123b062a627c2de042c4321ab server/test/com/cloud/network/MockFirewallManagerImpl.java c50459e98737eaf5662bb44c6e9a12fad54b4175 server/test/com/cloud/vpc/MockConfigurationManagerImpl.java 3ec146b953726c9480b1e15848a67e4746dd65a6 Diff: https://reviews.apache.org/r/14084/diff/ Testing --- Thanks, Darren Shepherd
Advanced Networking Public Network Service Providers
In the Advanced Networking use cases you have two physical networks (Public and Guest Networks). What is the reason for the GUI not providing Network Service Provider configuration for the Public Network? Thanks, -Soheil
Re: Review Request 14084: Updates to @ActionEvent to be compatible with Spring AOP
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/14084/#review26086 --- Ship it! - Kelven Yang On Sept. 11, 2013, 5:07 p.m., Darren Shepherd wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/14084/ --- (Updated Sept. 11, 2013, 5:07 p.m.) Review request for cloudstack, Kelven Yang and Kishan Kavala. Repository: cloudstack-git Description --- Two fields were added to CallContext to allow call to dynamically change the event type and description. Additionally a @ActionEvents annotation was added to allow a method to specify multiple events Spring AOP will not intercept calls to this so @ActionEvent needs to be put on public methods that are externally invoked Annotations that needed to be changed were identified by doing byte code analysis using objectweb asm. Code for that is at https://github.com/ibuildthecloud/cloudstack-findbadactionevents and there are instructions to run it there. Diffs - api/src/com/cloud/event/ActionEvents.java PRE-CREATION api/src/org/apache/cloudstack/context/CallContext.java e3c1bf2a7b97573cdeb4f530d0afe74cb7e3e834 engine/components-api/src/com/cloud/configuration/ConfigurationManager.java 6e76b6ffb91c200127589831893d9d79970aafdb engine/components-api/src/com/cloud/network/rules/FirewallManager.java fa12cd804a67138740f9d9042709938871dc8629 server/src/com/cloud/configuration/ConfigurationManagerImpl.java fb727a1705487416b7069fc2aca5086fd726e700 server/src/com/cloud/event/ActionEventInterceptor.java ba7e270af90f7bc191b570a7cc131319f446e2f6 server/src/com/cloud/event/ActionEventUtils.java 60f5633fc3c53dac960247308de12b60b492de59 server/src/com/cloud/network/firewall/FirewallManagerImpl.java cd83c4e52f85adc9c9d9c7997c28838f2c15b323 server/src/com/cloud/server/ManagementServerImpl.java a3efd2129ce082023d79e55872e8134d1b6bd85c server/src/com/cloud/user/AccountManagerImpl.java 0602514fcf429b09a62edf65f4b0dc0e87d80b94 server/src/com/cloud/vm/UserVmManagerImpl.java c3a718ac55be05f123b062a627c2de042c4321ab server/test/com/cloud/network/MockFirewallManagerImpl.java c50459e98737eaf5662bb44c6e9a12fad54b4175 server/test/com/cloud/vpc/MockConfigurationManagerImpl.java 3ec146b953726c9480b1e15848a67e4746dd65a6 Diff: https://reviews.apache.org/r/14084/diff/ Testing --- Thanks, Darren Shepherd
Re: www.cloudstack.org not resolving
Matt, Probably the contact listed in the whois Domain ID:D150572512-LROR Domain Name:CLOUDSTACK.ORG Created On:07-Jan-2008 15:12:00 UTC Last Updated On:12-Sep-2013 11:24:54 UTC Expiration Date:07-Jan-2018 15:12:00 UTC Sponsoring Registrar:Domain.com, LLC (R1915-LROR) Status:TRANSFER PROHIBITED Status:TRANSFERPERIOD Registrant ID:tu7wMGD9wRRhInik Registrant Name:Sheng Liang Registrant Street1:PO Box 1644 Registrant Street2: Registrant Street3: Registrant City:Mountain View Registrant State/Province:California Registrant Postal Code:94042 Registrant Country:US Registrant Phone:+1.6503945612 Registrant Phone Ext.: Registrant FAX: Registrant FAX Ext.: Registrant Email:shengli...@gmail.com Admin ID:tuwTxVMRjkR6lNM7 Admin Name:Sheng Liang Admin Street1:PO Box 1644 Admin Street2: Admin Street3: Admin City:Mountain View Admin State/Province:California Admin Postal Code:94042 Admin Country:US Admin Phone:+1.6503945612 Admin Phone Ext.: Admin FAX: Admin FAX Ext.: Admin Email:shengli...@gmail.com Tech ID:tuvYURg6jpeMiajb Tech Name:Sheng Liang Tech Street1:PO Box 1644 Tech Street2: Tech Street3: Tech City:Mountain View Tech State/Province:California Tech Postal Code:94042 Tech Country:US Tech Phone:+1.6503945612 Tech Phone Ext.: Tech FAX: Tech FAX Ext.: Tech Email:shengli...@gmail.com Name Server:NS71.DOMAINCONTROL.COM Name Server:NS72.DOMAINCONTROL.COM On Fri, Sep 13, 2013 at 10:04 AM, Mathias Mullins mathias.mull...@citrix.com wrote: David, Who do we need to reach out too? We are in day 3 of outage now? Matt On 9/11/13 9:58 PM, David Nalley da...@gnsa.us wrote: The ASF has taken charge of the domains, but I suspect DNS is lagging a bit. --David On Wed, Sep 11, 2013 at 9:03 PM, Mathias Mullins mathias.mull...@citrix.com wrote: Cloudstack.org isn't resolving. Cloudstack.apache.org is up and running. Do we need to get a hold of infrastructure? Matt Mullins Cloud Platforms Implementation Engineer Worldwide Cloud Services Citrix System, Inc. +1 (407) 920-1107 Office/Cell Phone matt.mull...@citrix.commailto:matt.mull...@citrix.com
RE: [Proposal] Userdata Support for Hyper-V with KVP Data Exchange
-Original Message- From: Darren Shepherd [mailto:darren.s.sheph...@gmail.com] Sent: 13 September 2013 17:40 To: dev@cloudstack.apache.org Subject: Re: [Proposal] Userdata Support for Hyper-V with KVP Data Exchange On 09/13/2013 08:51 AM, Donal Lafferty wrote: IIRC, OpenStack puts userdata for Hyper-V guest VMs on a separate volume. The guest can mount the volume and extract the data. However, I suggest we use Hyper-V's KVP Data Exchange mechanism instead. Doing so keeps volume management and passing userdata cleanly separated. Feature Spec at https://cwiki.apache.org/confluence/display/CLOUDSTACK/Userdata+Suppo r t+for+Hyper-V+with+KVP+Data+Exchange Why does Hyper-V need something specific? Is userdata really hypervisor specific? I though we just put the userdata on the VR? Darren The system VM gets its config before the network stack is initialised. This prevents the data coming from the VR. There is no specific approach to passing user data. In the case of Xen, the data is passed through pv_args. KVM used to attach a disk, but AFAIK it has changed to a KVP mechanism.
Re: Build server was down?
Use Jenkins.buildacloud.org Sent from my iPhone On Sep 13, 2013, at 12:08 PM, Gavin Lee gavin@gmail.com wrote: Seems http://jenkins.cloudstack.org/ could not be accessed all day. Will someone look on this? -- Gavin
Re: run cloustack have a exeception
你的运行环境是什么?
VirtualRouter MAC address NULL
I have not come across this when testing Basic Networking on 4.2, but on 4.3/master with Advanced Networking I have a call to create the Virtual Router with Mac Address is NULL on call to prepare(). Is this normal? -Soheil 2013-09-13 11:14:22,684 INFO [o.a.c.n.e.InfobloxElement] (Job-Executor-9:ctx-288d1882) InfobloxDeviceElement called to prepare Host Name r-9-VM with DNS Domain acme.com Gateway 192.168.11.1 Netmask 192.168.11.0/24 with MAC null with IPv4 192.168.11.1
Re: [Proposal] Userdata Support for Hyper-V with KVP Data Exchange
On 09/13/2013 11:56 AM, Donal Lafferty wrote: Ah, okay, so you're talking about this: http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.1.1/html/Admin_Guide/user-data-and-meta-data.html Okay, that leads me back to my original question. Why is that hypervisor specific? That data comes from the VR right? I know bootstrapping the VR with the boot args is hypervisor specific, but why user/metadata? Darren
Re: www.cloudstack.org not resolving
David, Who do we need to reach out too? We are in day 3 of outage now? Matt On 9/11/13 9:58 PM, David Nalley da...@gnsa.us wrote: The ASF has taken charge of the domains, but I suspect DNS is lagging a bit. --David On Wed, Sep 11, 2013 at 9:03 PM, Mathias Mullins mathias.mull...@citrix.com wrote: Cloudstack.org isn't resolving. Cloudstack.apache.org is up and running. Do we need to get a hold of infrastructure? Matt Mullins Cloud Platforms Implementation Engineer Worldwide Cloud Services Citrix System, Inc. +1 (407) 920-1107 Office/Cell Phone matt.mull...@citrix.commailto:matt.mull...@citrix.com
RE: [Proposal] Userdata Support for Hyper-V with KVP Data Exchange
-Original Message- From: Darren Shepherd [mailto:darren.s.sheph...@gmail.com] Sent: 13 September 2013 18:35 To: dev@cloudstack.apache.org Subject: Re: [Proposal] Userdata Support for Hyper-V with KVP Data Exchange On 09/13/2013 10:25 AM, Rajesh Battala wrote: To bring up the system vm's on the hyperv host we need to pass the boot args from host to the systemvm's. To pass the data from hyperv host to systemvm guest we need this method. Oh maybe I'm getting terminology mixed up. When you say userdata I think of the userdata a user can set on VM deploy. What you are talking about is boot args, right? Like in the systemvm on xenserver they show up in /proc/cmdline. So which are we talking about? Darren Ah, okay, so you're talking about this: http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.1.1/html/Admin_Guide/user-data-and-meta-data.html I'll have to clean up terminology in the proposal to clearly distinguish the data I'm talking about. Thanks for the feedback! DL
Build server was down?
Seems http://jenkins.cloudstack.org/ could not be accessed all day. Will someone look on this? -- Gavin
ConfigDepot initialization
ConfigDepot(Admin) really needs to be initialized fully before anything else really. I can move things around to get that to work almost. The problem is with populateConfigurations(). That gets called twice. Once in ConfigurationServerImpl.configure() and ConfigurationServerImpl.persistDefaultValues(). So the way the code is written it seems to specifically want to run populateConfigurations() after ConfigurationServerImpl does its thing. I need to reverse that. I need populateConfiguration() to run first (or really completely independent of ConfigurationServerImpl). Is there some problem with this? I haven't actually tried it yet. Darren
RE: ConfigDepot and null values and defaults
-Original Message- From: Darren Shepherd [mailto:darren.s.sheph...@gmail.com] Sent: Friday, September 13, 2013 1:10 AM To: dev@cloudstack.apache.org; Alex Huang Subject: ConfigDepot and null values and defaults If you have a configuration that the value is null and not dynamic, it still hits the database on every read. I'm thinking that's really not intentional. I'll have to look at that when I come back from vacation. I see a check in the code for dynamic before rereading from the dao. Not sure why it's hitting the db on every read. Additionally, if I have a key that is default value is 5, then I later change the default to 10. If the user never changed or set the value, I still get 5. So this is where I kind of disagree with the implementation. That's intentional. Think of an user who already deployed CloudStack and then he upgrades. The default has changed in the next version but it doesn't make sense for us to automatically adjust the value that the user was using before. It can significantly change their system's behavior. I've talked about this in the wiki. We do update the default value but not the value but we change the update column with a timestamp. They can use that to figure out whether a config parameter's default value has changed from the value that they were using before. Now, there's a difference in changing default values and a feature really need the value to be changed to the new default value in order for it to be useful. If a feature really needs the value to be now set to the new standard or else it has problems, that's an upgrade problem and should be handled in the upgrade portion of the feature. What I'd ideally like to see is that only when a value is explicitly changed do we ever persist an entry to the configuration table. Now I know that doesn't work with the current code as everything just hits the ConfigurationDao, but ideally I'd like to see it that way. With the current implementation we have no way of really knowing of the field which were changed by somebody. I think persisting everything to the configuration table does have its advantages. For one thing, it becomes a central place for everyone to look for config parameters. To achieve what you want, you can persist the row but always leave the value field empty to mean it was not edited by the sysadmin. Of course, I generally don't believe that should be the case due to what I said above. I think someone using a previous version can get a rude awakening if they just update and suddenly things changed on them. What I'd like to get to is that we can have a config page sort of like about:config in firefox. In firefox there is a status column that is default or user set. So as a user I know all the crap I changed, and easily I can revert to the defaults. So if we stick with the current implementation where we throw everything in the DB (which I assume we will), then maybe we should have a column for user set. And also randomly, why is updated column == null mean that its obsolete? I don't see any code to handle that, just the column description. This is documented as one of the todos. The code hasn't been added yet. --Alex
Re: Advanced Networking Public Network Service Providers
What services would you provide on the public network? I see a similar discussion here: http://goo.gl/eESveL On 9/13/13 11:35 AM, Soheil Eizadi seiz...@infoblox.com wrote: In the Advanced Networking use cases you have two physical networks (Public and Guest Networks). What is the reason for the GUI not providing Network Service Provider configuration for the Public Network? Thanks, -Soheil
security around api.log
I just noticed api.log which seems to log all the API access in a form like
2013-09-13 00:02:09,451 INFO [a.c.c.a.ApiServer]
(2011638958@qtp-657397168-0:ctx-81b1e088 ctx-174e4a62) (userId=2
accountId=2 sessionId=7asvmtwoesbc6ia3e4kxtzrl) 127.0.0.1 -- GET
command=listZonesresponse=jsonsessionkey=ec6h46Om8a1y3d%2BhrdIpQ85cAfc%3D_=1379055729422
200 { listzonesresponse : { count:1 ,zone : [
{id:cdaf82f1-3b57-4aa4-b3ce-b60173ed45f2,name:zone1,dns1:8.8.8.8,dns2:8.8.4.4,internaldns1:8.8.4.4,networktype:Basic,securitygroupsenabled:true,allocationstate:Enabled,zonetoken:6dce94e8-e8dc-3077-bfde-c6e8594bd449,dhcpprovider:VirtualRouter,localstorageenabled:false}
] } }
The sessionId and sessionKey is logged in the file. I haven't tried it
yet, but can't I use that info to hijack the session? That introduces a
security issue in that any server operator can now hijack anybody's
session. So that api.log file really needs to be protected in the same
way a file with a password in it would be.
I would suggest that we just don't log the sessionId or sessionKey.
Darren
Re: [Proposal] Userdata Support for Hyper-V with KVP Data Exchange
I believe DL is actually referring to boot args, not user/metadata On 9/13/13 12:41 PM, Darren Shepherd darren.s.sheph...@gmail.com wrote: On 09/13/2013 11:56 AM, Donal Lafferty wrote: Ah, okay, so you're talking about this: http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.1.1/html/Admi n_Guide/user-data-and-meta-data.html Okay, that leads me back to my original question. Why is that hypervisor specific? That data comes from the VR right? I know bootstrapping the VR with the boot args is hypervisor specific, but why user/metadata? Darren
Re: DhcpServiceProvider
Soheil, agree that it needs to moved to NetworkElement and also needs
complementary remove()
It seems half-thought-out.
On 9/13/13 11:31 AM, Soheil Eizadi seiz...@infoblox.com wrote:
Posting my questions again... -Soheil
From: Soheil Eizadi [seiz...@infoblox.com]
Sent: Friday, September 06, 2013 3:13 PM
To: dev@cloudstack.apache.org
Subject: DhcpServiceProvider
I had not looked at the DhcpServiceProvider NetworkElement before, but
after recent problem, I got a chance to look at it in more detail. I am
new to CloudStack and don't have a lot of the history and had some
questions.
Is there a link to documentation for the DhcpServiceProvider work?
I assume the main use case for DhcpServiceProvider is to support DHCP
Daemon like DNSMasq, are there other use cases?
The interface is simple enough:
public interface DhcpServiceProvider extends NetworkElement {
boolean addDhcpEntry(...) ...;
boolean configDhcpSupportForSubnet(...) ...;
boolean removeDhcpSupportForSubnet(...) ...;
}
Is there a reason why the companion entry to addDhcpEntry() e.g.
removeDhcpEntry() is missing?
What is the motivation in adding this code to the NetworkManager versus
contain it inside the NetworkElement providing the DHCP? (The logic I see
in NetworkManager does not seem to be adding any value. Also it is adding
a specific network function DHCP to the NetworkManager, where we are
moving functions e.g. IP Address Allocation out.)
RE: what wrong? start cloudstack
(Apologies if this was sent twice, I am having trouble responding to the message)... I sense a build problem, Let me explain: Bean definitions cross reference .class files, e.g. Administrator@cc-svr10 ~/github/cifs $ grep -R iciraNvpDaoImpl * --include=*.xml.in cloudstack/client/tomcatconf/componentContext.xml.in: bean id=niciraNvpDaoImpl class=com.cloud.network.dao.NiciraNvpDaoImpl / cloudstack/client/tomcatconf/nonossComponentContext.xml.in: bean id=niciraNvpDaoImpl class=com.cloud.network.dao.NiciraNvpDaoImpl / Notice I’m using .xml.in above. The build copies these files and changes their extension to .xml Next, check that the bean’s class has been deployed to the folder that Jetty will use, e.g. Administrator@cc-svr10 ~/github/cifs $ grep -R iciraNvpDaoImpl\.class * Binary file cloudstack/client/target/cloud-client-ui-4.3.0-SNAPSHOT/WEB-INF/lib/cloud-plugin-network-nvp-4.3.0-SNAPSHOT.jar matches Binary file cloudstack/client/target/cloud-client-ui-4.3.0-SNAPSHOT.war matches Binary file cloudstack/plugins/network-elements/nicira-nvp/target/cloud-plugin-network-nvp-4.3.0-SNAPSHOT.jar matches If you don’t see any matches, then the command you used to build may be for an older version of CloudStack. ☹ This happens whenever we improve the build, because build updates are not backwards compatible. If you are using the Windows Development instructions https://cwiki.apache.org/confluence/display/CLOUDSTACK/Setting+up+a+CloudStack+dev+environment+on+Windows , take a look at the update just I made to “Step 13) Build”. If you have similar problems in the future, take a look at the most up to date build instructions, which are at https://cwiki.apache.org/confluence/display/CLOUDSTACK/How+to+build+CloudStack DL -Original Message- From: 黑洞 [mailto:heids...@sina.com] Sent: 13 September 2013 06:48 To: dev Subject: what wrong? start cloudstack when I execut mvn -pl :cloud-client-ui jetty:run hava follow exception: ERROR [web.context.ContextLoader] (main:) Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'niciraNvpDaoImpl' defined in class path resource [componentContext.xml]: BeanPostProcessor before instantiation of bean failed; nested exception is net.sf.cglib.core.CodeGenerationException: java.lang.reflect.InvocationTargetException--null at org.springframework.beans.factory.support.AbstractAutowireCapableBeanF actory.createBean(AbstractAutowireCapableBeanFactory.java:452) at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObje ct(AbstractBeanFactory.java:294) at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.g etSingleton(DefaultSingletonBeanRegistry.java:225) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBea n(AbstractBeanFactory.java:291) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(A bstractBeanFactory.java:193) at org.springframework.beans.factory.support.DefaultListableBeanFactory.preI nstantiateSingletons(DefaultListableBeanFactory.java:609) at org.springframework.context.support.AbstractApplicationContext.finishBea nFactoryInitialization(AbstractApplicationContext.java:918) at org.springframework.context.support.AbstractApplicationContext.refresh(A bstractApplicationContext.java:469) at org.springframework.web.context.ContextLoader.configureAndRefreshWeb ApplicationContext(ContextLoader.java:383) at org.springframework.web.context.ContextLoader.initWebApplicationContex t(ContextLoader.java:283) at org.springframework.web.context.ContextLoaderListener.contextInitialized( ContextLoaderListener.java:111) at org.mortbay.jetty.handler.ContextHandler.startContext(ContextHandler.jav a:549) what Wrong? Thanks 云计算基础架构师 Github:https://github.com/heidsoftWeibo: http://weibo.com/liuganbin 研究方向:云计算(云安全)、大数据(数据处理分析) 主要学习: Linux / C / C++ / JAVA Email:heids...@sina.com Tell:18601706743 某云计算公司 Jake.liu@heidsoft黑洞 云计算系统架构师 840608792 heidso...@gmail.com weibo.com/liuganbin 上海 徐汇区 名片二维码 - 原始邮件 - 发件人:Mike Tutkowski mike.tutkow...@solidfire.com 收件人:dev@cloudstack.apache.org dev@cloudstack.apache.org 抄送人:Amit Das amit@cloudbyte.com 主题:Re: Which DevCloud2 Usage Mode is good for Development and Debugging 日期:2013年09月13日 07点33分
Re: Q's about UserAuthenticators and getName()
On 09/12/2013 10:56 PM, Ian Duffy wrote: So my problem is that LDAP currently has a null name on getName(). So which should I do? Add Go ahead and add it. I missed that override in error. Okay I created https://reviews.apache.org/r/14126/ Darren
Re: win7+cygwin+cloudstack having a problem
are you using a devcloud or a production evironment ?? regards, punith s cloudbyte On Fri, Sep 13, 2013 at 7:08 AM, 黑洞 heids...@sina.com wrote: I am according to the github cloudstack source code for INSTANL.md 1、cygwin is goode 2、database is goode 3、mvn -pl :cloud-client-ui jetty:run exception detail: lassPostProcessor$ImportAwareBeanPostProcessor#0]; root of factory hierarchy ERROR [web.context.ContextLoader] (main:) Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'niciraNvpDaoImpl' defined in class path resource [componentContext.xml]: BeanPostProcessor before instantiation of bean failed; nested exception is net.sf.cglib.core.CodeGenerationException: java.lang.reflect.InvocationTargetException--null at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:452) at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294) at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193) at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:609) at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:918) what wrong? Thanks 云计算基础架构师 Github:https://github.com/heidsoft Weibo: http://weibo.com/liuganbin 研究方向:云计算(云安全)、大数据(数据处理分析) 主要学习: Linux / C / C++ / JAVA /Python Email:heids...@sina.com Tell:18601706743
Re: security around api.log
I haven't tried it yet, but can't I use that info to hijack the session?
You can...
Create a cookie: (please excuse the full stops as spaces, didn't trust it
to render correctly)
Key... Value
JSESSIONID 7asvmtwoesbc6ia3e4kxtzrl
sessionKey ... ec6h46Om8a1y3d%252BhrdIpQ85cAfc%25**3D
and pass all requests with a parameter of:
sessionkey = ec6h46Om8a1y3d%2BhrdIpQ85cAfc%**3D
So that api.log file really needs to be protected in the same way a file
with a password in it would be
I don't have the manager deployed anywhere to test this but I would hope
the log file is read/write only to the owner user.
I would suggest that we just don't log the sessionId or sessionKey.
+1 to that.
On 13 September 2013 21:40, Darren Shepherd darren.s.sheph...@gmail.comwrote:
I just noticed api.log which seems to log all the API access in a form like
2013-09-13 00:02:09,451 INFO [a.c.c.a.ApiServer] (2011638958@qtp-
657397168-0:ctx-81b1e088 ctx-174e4a62) (userId=2 accountId=2
sessionId=**7asvmtwoesbc6ia3e4kxtzrl)
127.0.0.1 -- GET command=listZonesresponse=**jsonsessionkey=**
ec6h46Om8a1y3d%2BhrdIpQ85cAfc%**3D_=1379055729422 200 {
listzonesresponse : { count:1 ,zone : [ {id:cdaf82f1-3b57-4aa4-**
b3ce-b60173ed45f2,name:**zone1,dns1:8.8.8.8,dns2**
:8.8.4.4,internaldns1:8.**8.4.4,networktype:Basic,**
securitygroupsenabled:true,**allocationstate:Enabled,**
zonetoken:6dce94e8-e8dc-**3077-bfde-c6e8594bd449,**
dhcpprovider:VirtualRouter,**localstorageenabled:false} ] } }
The sessionId and sessionKey is logged in the file. I haven't tried it
yet, but can't I use that info to hijack the session? That introduces a
security issue in that any server operator can now hijack anybody's
session. So that api.log file really needs to be protected in the same way
a file with a password in it would be.
I would suggest that we just don't log the sessionId or sessionKey.
Darren
RE: Advanced Networking Public Network Service Providers
The main use case is providing DNS for the Public Network, but could also provide DHCP and IP Address Management once we work out the Interface for making External IPAM authoritative for CloudStack. Yes agree, much of the discussion on the thread you attached applies here also, is it more complicated than enabling the UI to prompt for a service offering to be bound to the public network and GUI to configure providers? -Soheil From: Chiradeep Vittal [chiradeep.vit...@citrix.com] Sent: Friday, September 13, 2013 1:26 PM To: dev@cloudstack.apache.org Subject: Re: Advanced Networking Public Network Service Providers What services would you provide on the public network? I see a similar discussion here: http://goo.gl/eESveL On 9/13/13 11:35 AM, Soheil Eizadi seiz...@infoblox.com wrote: In the Advanced Networking use cases you have two physical networks (Public and Guest Networks). What is the reason for the GUI not providing Network Service Provider configuration for the Public Network? Thanks, -Soheil
RE: [Proposal] Userdata Support for Hyper-V with KVP Data Exchange
Yep. I'll recirculate the proposal next week. DL -Original Message- From: Chiradeep Vittal [mailto:chiradeep.vit...@citrix.com] Sent: 13 September 2013 21:16 To: dev@cloudstack.apache.org Subject: Re: [Proposal] Userdata Support for Hyper-V with KVP Data Exchange I believe DL is actually referring to boot args, not user/metadata On 9/13/13 12:41 PM, Darren Shepherd darren.s.sheph...@gmail.com wrote: On 09/13/2013 11:56 AM, Donal Lafferty wrote: Ah, okay, so you're talking about this: http://cloudstack.apache.org/docs/en- US/Apache_CloudStack/4.1.1/html/A dmi n_Guide/user-data-and-meta-data.html Okay, that leads me back to my original question. Why is that hypervisor specific? That data comes from the VR right? I know bootstrapping the VR with the boot args is hypervisor specific, but why user/metadata? Darren
[VOTE] Apache CloudStack CloudMonkey 5.0.0 (first round)
I've created a 5.0.0 release of cloudmonkey, with the following artifacts up for a vote: Git Branch and Commit SH: https://git-wip-us.apache.org/repos/asf?p=cloudstack-cloudmonkey.git;a=shortlog;h=refs/heads/5.0 Commit: 767bfbe084e24d441f1ad73ace183c09f26a276b List of changes: https://git-wip-us.apache.org/repos/asf?p=cloudstack-cloudmonkey.git;a=blob;f=CHANGES;h=54f2e32357b0a726dc6f202e4897ed4af531f8ab;hb=refs/heads/5.0 Source release (checksums and signatures are available at the same location): https://dist.apache.org/repos/dist/dev/cloudstack/cloudmonkey-5.0.0/ PGP release keys (signed using 94BE0D7C): https://dist.apache.org/repos/dist/release/cloudstack/KEYS I have not created testing instructions for this release artifact, but would appreciate help documenting it as people to it. Vote will be open for at least 72 hours. For sanity in tallying the vote, can PMC members please be sure to indicate (binding) with their vote? [ ] +1 approve [ ] +0 no opinion [ ] -1 disapprove (and reason why) Thanks, -chip
Adding Domain name to the .header style
Is there a list of variables that can be added to the .header style ? As we have a deployment with multiple domains and subdomains, it will be very useful to add this in the header, to the left of the user name. Thanks
Managed storage with KVM
Hi, As you may remember, during the 4.2 release I developed a SolidFire (storage) plug-in for CloudStack. This plug-in was invoked by the storage framework at the necessary times so that I could dynamically create and delete volumes on the SolidFire SAN (among other activities). This is necessary so I can establish a 1:1 mapping between a CloudStack volume and a SolidFire volume for QoS. In the past, CloudStack always expected the admin to create large volumes ahead of time and those volumes would likely house many root and data disks (which is not QoS friendly). To make this 1:1 mapping scheme work, I needed to modify logic in the XenServer and VMware plug-ins so they could create/delete storage repositories/datastores as needed. For 4.3 I want to make this happen with KVM. I'm coming up to speed with how this might work on KVM, but I'm still pretty new to KVM. Does anyone familiar with KVM know how I will need to interact with the iSCSI target? For example, will I have to expect Open iSCSI will be installed on the KVM host and use it for this to work? Thanks for any suggestions, Mike -- *Mike Tutkowski* *Senior CloudStack Developer, SolidFire Inc.* e: mike.tutkow...@solidfire.com o: 303.746.7302 Advancing the way the world uses the cloudhttp://solidfire.com/solution/overview/?video=play *™*
Re: DhcpServiceProvider
In the original implementation, the new dhcp entry would automatically
override the old one, so the old entry hasn't been removed explicitly.
But still, it would be better to get it done explicitly of course.
--Sheng
On Fri, Sep 13, 2013 at 1:20 PM, Chiradeep Vittal
chiradeep.vit...@citrix.com wrote:
Soheil, agree that it needs to moved to NetworkElement and also needs
complementary remove()
It seems half-thought-out.
On 9/13/13 11:31 AM, Soheil Eizadi seiz...@infoblox.com wrote:
Posting my questions again... -Soheil
From: Soheil Eizadi [seiz...@infoblox.com]
Sent: Friday, September 06, 2013 3:13 PM
To: dev@cloudstack.apache.org
Subject: DhcpServiceProvider
I had not looked at the DhcpServiceProvider NetworkElement before, but
after recent problem, I got a chance to look at it in more detail. I am
new to CloudStack and don't have a lot of the history and had some
questions.
Is there a link to documentation for the DhcpServiceProvider work?
I assume the main use case for DhcpServiceProvider is to support DHCP
Daemon like DNSMasq, are there other use cases?
The interface is simple enough:
public interface DhcpServiceProvider extends NetworkElement {
boolean addDhcpEntry(...) ...;
boolean configDhcpSupportForSubnet(...) ...;
boolean removeDhcpSupportForSubnet(...) ...;
}
Is there a reason why the companion entry to addDhcpEntry() e.g.
removeDhcpEntry() is missing?
What is the motivation in adding this code to the NetworkManager versus
contain it inside the NetworkElement providing the DHCP? (The logic I see
in NetworkManager does not seem to be adding any value. Also it is adding
a specific network function DHCP to the NetworkManager, where we are
moving functions e.g. IP Address Allocation out.)
Re: Managed storage with KVM
Yes, my guess is that you will need the iscsi initiator utilities installed. There should be standard packages for any distro. Then you'd call an agent storage adaptor to do the initiator login. See the info I sent previously about LibvirtStorageAdaptor.java and libvirt iscsi storage type to see if that fits your need. On Sep 13, 2013 4:55 PM, Mike Tutkowski mike.tutkow...@solidfire.com wrote: Hi, As you may remember, during the 4.2 release I developed a SolidFire (storage) plug-in for CloudStack. This plug-in was invoked by the storage framework at the necessary times so that I could dynamically create and delete volumes on the SolidFire SAN (among other activities). This is necessary so I can establish a 1:1 mapping between a CloudStack volume and a SolidFire volume for QoS. In the past, CloudStack always expected the admin to create large volumes ahead of time and those volumes would likely house many root and data disks (which is not QoS friendly). To make this 1:1 mapping scheme work, I needed to modify logic in the XenServer and VMware plug-ins so they could create/delete storage repositories/datastores as needed. For 4.3 I want to make this happen with KVM. I'm coming up to speed with how this might work on KVM, but I'm still pretty new to KVM. Does anyone familiar with KVM know how I will need to interact with the iSCSI target? For example, will I have to expect Open iSCSI will be installed on the KVM host and use it for this to work? Thanks for any suggestions, Mike -- *Mike Tutkowski* *Senior CloudStack Developer, SolidFire Inc.* e: mike.tutkow...@solidfire.com o: 303.746.7302 Advancing the way the world uses the cloudhttp://solidfire.com/solution/overview/?video=play *™*
Re: Apache CloudStack 4.2.0 (fifth round)
+1. --Sheng On Fri, Sep 13, 2013 at 4:12 PM, Animesh Chaturvedi animesh.chaturv...@citrix.com wrote: I've created a 4.2.0 release, with the following artifacts up for a vote: Git Branch and Commit SH: https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=shortlog;h=refs/heads/4.2 Commit: c1e24ff89f6d14d6ae74d12dbca108c35449030f List of changes: https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob_plain;f=CHANGES;hb=4.2 Source release (checksums and signatures are available at the same location): https://dist.apache.org/repos/dist/dev/cloudstack/4.2.0/ PGP release keys (signed using 94BE0D7C): https://dist.apache.org/repos/dist/release/cloudstack/KEYS Testing instructions are here: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Release+test+procedure Vote will be open for 72 hours (Wednesday 9/18 End of Day PST). For sanity in tallying the vote, can PMC members please be sure to indicate (binding) with their vote? [ ] +1 approve [ ] +0 no opinion [ ] -1 disapprove (and reason why)
Re: Managed storage with KVM
OK, thanks, Marcus I am currently looking through some of the classes you pointed out last week or so. On Fri, Sep 13, 2013 at 5:26 PM, Marcus Sorensen shadow...@gmail.comwrote: Yes, my guess is that you will need the iscsi initiator utilities installed. There should be standard packages for any distro. Then you'd call an agent storage adaptor to do the initiator login. See the info I sent previously about LibvirtStorageAdaptor.java and libvirt iscsi storage type to see if that fits your need. On Sep 13, 2013 4:55 PM, Mike Tutkowski mike.tutkow...@solidfire.com wrote: Hi, As you may remember, during the 4.2 release I developed a SolidFire (storage) plug-in for CloudStack. This plug-in was invoked by the storage framework at the necessary times so that I could dynamically create and delete volumes on the SolidFire SAN (among other activities). This is necessary so I can establish a 1:1 mapping between a CloudStack volume and a SolidFire volume for QoS. In the past, CloudStack always expected the admin to create large volumes ahead of time and those volumes would likely house many root and data disks (which is not QoS friendly). To make this 1:1 mapping scheme work, I needed to modify logic in the XenServer and VMware plug-ins so they could create/delete storage repositories/datastores as needed. For 4.3 I want to make this happen with KVM. I'm coming up to speed with how this might work on KVM, but I'm still pretty new to KVM. Does anyone familiar with KVM know how I will need to interact with the iSCSI target? For example, will I have to expect Open iSCSI will be installed on the KVM host and use it for this to work? Thanks for any suggestions, Mike -- *Mike Tutkowski* *Senior CloudStack Developer, SolidFire Inc.* e: mike.tutkow...@solidfire.com o: 303.746.7302 Advancing the way the world uses the cloudhttp://solidfire.com/solution/overview/?video=play *™* -- *Mike Tutkowski* *Senior CloudStack Developer, SolidFire Inc.* e: mike.tutkow...@solidfire.com o: 303.746.7302 Advancing the way the world uses the cloudhttp://solidfire.com/solution/overview/?video=play *™*
Re: Managed storage with KVM
So, Marcus, I need to investigate libvirt more, but you figure it supports connecting to/disconnecting from iSCSI targets, right? On Fri, Sep 13, 2013 at 5:29 PM, Mike Tutkowski mike.tutkow...@solidfire.com wrote: OK, thanks, Marcus I am currently looking through some of the classes you pointed out last week or so. On Fri, Sep 13, 2013 at 5:26 PM, Marcus Sorensen shadow...@gmail.comwrote: Yes, my guess is that you will need the iscsi initiator utilities installed. There should be standard packages for any distro. Then you'd call an agent storage adaptor to do the initiator login. See the info I sent previously about LibvirtStorageAdaptor.java and libvirt iscsi storage type to see if that fits your need. On Sep 13, 2013 4:55 PM, Mike Tutkowski mike.tutkow...@solidfire.com wrote: Hi, As you may remember, during the 4.2 release I developed a SolidFire (storage) plug-in for CloudStack. This plug-in was invoked by the storage framework at the necessary times so that I could dynamically create and delete volumes on the SolidFire SAN (among other activities). This is necessary so I can establish a 1:1 mapping between a CloudStack volume and a SolidFire volume for QoS. In the past, CloudStack always expected the admin to create large volumes ahead of time and those volumes would likely house many root and data disks (which is not QoS friendly). To make this 1:1 mapping scheme work, I needed to modify logic in the XenServer and VMware plug-ins so they could create/delete storage repositories/datastores as needed. For 4.3 I want to make this happen with KVM. I'm coming up to speed with how this might work on KVM, but I'm still pretty new to KVM. Does anyone familiar with KVM know how I will need to interact with the iSCSI target? For example, will I have to expect Open iSCSI will be installed on the KVM host and use it for this to work? Thanks for any suggestions, Mike -- *Mike Tutkowski* *Senior CloudStack Developer, SolidFire Inc.* e: mike.tutkow...@solidfire.com o: 303.746.7302 Advancing the way the world uses the cloudhttp://solidfire.com/solution/overview/?video=play *™* -- *Mike Tutkowski* *Senior CloudStack Developer, SolidFire Inc.* e: mike.tutkow...@solidfire.com o: 303.746.7302 Advancing the way the world uses the cloudhttp://solidfire.com/solution/overview/?video=play *™* -- *Mike Tutkowski* *Senior CloudStack Developer, SolidFire Inc.* e: mike.tutkow...@solidfire.com o: 303.746.7302 Advancing the way the world uses the cloudhttp://solidfire.com/solution/overview/?video=play *™*
Re: Managed storage with KVM
Take a look at this: http://libvirt.org/storage.html#StorageBackendISCSI Volumes must be pre-allocated on the iSCSI server, and cannot be created via the libvirt APIs., which I believe your plugin will take care of. Libvirt just does the work of logging in and hooking it up to the VM (I believe the Xen api does that work in the Xen stuff). What I'm not sure about is whether this provides a 1:1 mapping, or if it just allows you to register 1 iscsi device as a pool. You may need to write some test code or read up a bit more about this. Let us know. If it doesn't, you may just have to write your own storage adaptor rather than changing LibvirtStorageAdaptor.java. We can cross that bridge when we get there. As far as interfacing with libvirt, see the java bindings doc. http://libvirt.org/sources/java/javadoc/ Normally, you'll see a connection object be made, then calls made to that 'conn' object. You can look at the LibvirtStorageAdaptor to see how that is done for other pool types, and maybe write some test java code to see if you can interface with libvirt and register iscsi storage pools before you get started. On Fri, Sep 13, 2013 at 5:31 PM, Mike Tutkowski mike.tutkow...@solidfire.com wrote: So, Marcus, I need to investigate libvirt more, but you figure it supports connecting to/disconnecting from iSCSI targets, right? On Fri, Sep 13, 2013 at 5:29 PM, Mike Tutkowski mike.tutkow...@solidfire.com wrote: OK, thanks, Marcus I am currently looking through some of the classes you pointed out last week or so. On Fri, Sep 13, 2013 at 5:26 PM, Marcus Sorensen shadow...@gmail.com wrote: Yes, my guess is that you will need the iscsi initiator utilities installed. There should be standard packages for any distro. Then you'd call an agent storage adaptor to do the initiator login. See the info I sent previously about LibvirtStorageAdaptor.java and libvirt iscsi storage type to see if that fits your need. On Sep 13, 2013 4:55 PM, Mike Tutkowski mike.tutkow...@solidfire.com wrote: Hi, As you may remember, during the 4.2 release I developed a SolidFire (storage) plug-in for CloudStack. This plug-in was invoked by the storage framework at the necessary times so that I could dynamically create and delete volumes on the SolidFire SAN (among other activities). This is necessary so I can establish a 1:1 mapping between a CloudStack volume and a SolidFire volume for QoS. In the past, CloudStack always expected the admin to create large volumes ahead of time and those volumes would likely house many root and data disks (which is not QoS friendly). To make this 1:1 mapping scheme work, I needed to modify logic in the XenServer and VMware plug-ins so they could create/delete storage repositories/datastores as needed. For 4.3 I want to make this happen with KVM. I'm coming up to speed with how this might work on KVM, but I'm still pretty new to KVM. Does anyone familiar with KVM know how I will need to interact with the iSCSI target? For example, will I have to expect Open iSCSI will be installed on the KVM host and use it for this to work? Thanks for any suggestions, Mike -- Mike Tutkowski Senior CloudStack Developer, SolidFire Inc. e: mike.tutkow...@solidfire.com o: 303.746.7302 Advancing the way the world uses the cloud™ -- Mike Tutkowski Senior CloudStack Developer, SolidFire Inc. e: mike.tutkow...@solidfire.com o: 303.746.7302 Advancing the way the world uses the cloud™ -- Mike Tutkowski Senior CloudStack Developer, SolidFire Inc. e: mike.tutkow...@solidfire.com o: 303.746.7302 Advancing the way the world uses the cloud™
RE: Apache CloudStack 4.2.0 (fifth round)
+1 -Original Message- From: Animesh Chaturvedi [mailto:animesh.chaturv...@citrix.com] Sent: Friday, September 13, 2013 4:13 PM To: dev@cloudstack.apache.org Subject: Apache CloudStack 4.2.0 (fifth round) I've created a 4.2.0 release, with the following artifacts up for a vote: Git Branch and Commit SH: https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=shortlog;h=refs/heads/4.2 Commit: c1e24ff89f6d14d6ae74d12dbca108c35449030f List of changes: https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob_plain;f=CHANGES;hb=4.2 Source release (checksums and signatures are available at the same location): https://dist.apache.org/repos/dist/dev/cloudstack/4.2.0/ PGP release keys (signed using 94BE0D7C): https://dist.apache.org/repos/dist/release/cloudstack/KEYS Testing instructions are here: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Release+test+procedure Vote will be open for 72 hours (Wednesday 9/18 End of Day PST). For sanity in tallying the vote, can PMC members please be sure to indicate (binding) with their vote? [ ] +1 approve [ ] +0 no opinion [ ] -1 disapprove (and reason why)
Re: Apache CloudStack 4.2.0 (fifth round)
+1 (binding) Tested: Nicira NVP plugin with XenServer Nicira NVP plugin with VMWare VPC with other service providers (NiciraNVP) Cheers, Hugo Sent from my iPhone On 14 sep. 2013, at 08:17, Vijayendra Bhamidipati vijayendra.bhamidip...@citrix.com wrote: +1 -Original Message- From: Animesh Chaturvedi [mailto:animesh.chaturv...@citrix.com] Sent: Friday, September 13, 2013 4:13 PM To: dev@cloudstack.apache.org Subject: Apache CloudStack 4.2.0 (fifth round) I've created a 4.2.0 release, with the following artifacts up for a vote: Git Branch and Commit SH: https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=shortlog;h=refs/heads/4.2 Commit: c1e24ff89f6d14d6ae74d12dbca108c35449030f List of changes: https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob_plain;f=CHANGES;hb=4.2 Source release (checksums and signatures are available at the same location): https://dist.apache.org/repos/dist/dev/cloudstack/4.2.0/ PGP release keys (signed using 94BE0D7C): https://dist.apache.org/repos/dist/release/cloudstack/KEYS Testing instructions are here: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Release+test+procedure Vote will be open for 72 hours (Wednesday 9/18 End of Day PST). For sanity in tallying the vote, can PMC members please be sure to indicate (binding) with their vote? [ ] +1 approve [ ] +0 no opinion [ ] -1 disapprove (and reason why)
Re: ConfigDepot and null values and defaults
Honestly, doesn't really matter that much. Just as long as I understand the intended behavior. Darren On Sep 13, 2013, at 5:41 PM, Darren Shepherd darren.s.sheph...@gmail.com wrote: Alex, Here's my general problem. I like to make just about everything configurable, but the reality is that only about 5% of setting will ever matter to people. So these are really internal flags to tweak things. So for stuff like that I don't want the first ever default I chose to be saved forever. Or even the persisted to the DB really. So it's like the difference between the preferences dialog in Firefox and about:config. Where can I put my this may void your warranty settings? Darren On Sep 13, 2013, at 1:04 PM, Alex Huang alex.hu...@citrix.com wrote: -Original Message- From: Darren Shepherd [mailto:darren.s.sheph...@gmail.com] Sent: Friday, September 13, 2013 1:10 AM To: dev@cloudstack.apache.org; Alex Huang Subject: ConfigDepot and null values and defaults If you have a configuration that the value is null and not dynamic, it still hits the database on every read. I'm thinking that's really not intentional. I'll have to look at that when I come back from vacation. I see a check in the code for dynamic before rereading from the dao. Not sure why it's hitting the db on every read. Additionally, if I have a key that is default value is 5, then I later change the default to 10. If the user never changed or set the value, I still get 5. So this is where I kind of disagree with the implementation. That's intentional. Think of an user who already deployed CloudStack and then he upgrades. The default has changed in the next version but it doesn't make sense for us to automatically adjust the value that the user was using before. It can significantly change their system's behavior. I've talked about this in the wiki. We do update the default value but not the value but we change the update column with a timestamp. They can use that to figure out whether a config parameter's default value has changed from the value that they were using before. Now, there's a difference in changing default values and a feature really need the value to be changed to the new default value in order for it to be useful. If a feature really needs the value to be now set to the new standard or else it has problems, that's an upgrade problem and should be handled in the upgrade portion of the feature. What I'd ideally like to see is that only when a value is explicitly changed do we ever persist an entry to the configuration table. Now I know that doesn't work with the current code as everything just hits the ConfigurationDao, but ideally I'd like to see it that way. With the current implementation we have no way of really knowing of the field which were changed by somebody. I think persisting everything to the configuration table does have its advantages. For one thing, it becomes a central place for everyone to look for config parameters. To achieve what you want, you can persist the row but always leave the value field empty to mean it was not edited by the sysadmin. Of course, I generally don't believe that should be the case due to what I said above. I think someone using a previous version can get a rude awakening if they just update and suddenly things changed on them. What I'd like to get to is that we can have a config page sort of like about:config in firefox. In firefox there is a status column that is default or user set. So as a user I know all the crap I changed, and easily I can revert to the defaults. So if we stick with the current implementation where we throw everything in the DB (which I assume we will), then maybe we should have a column for user set. And also randomly, why is updated column == null mean that its obsolete? I don't see any code to handle that, just the column description. This is documented as one of the todos. The code hasn't been added yet. --Alex
Re: Managed storage with KVM
Hey Marcus,
I wonder if the iSCSI storage pool type for libvirt won't work when you
take into consideration hypervisor snapshots?
On XenServer, when you take a hypervisor snapshot, the VDI for the snapshot
is placed on the same storage repository as the volume is on.
Same idea for VMware, I believe.
So, what would happen in my case (let's say for XenServer and VMware for
4.3 because I don't support hypervisor snapshots in 4.2) is I'd make an
iSCSI target that is larger than what the user requested for the CloudStack
volume (which is fine because our SAN thinly provisions volumes, so the
space is not actually used unless it needs to be). The CloudStack volume
would be the only object on the SAN volume until a hypervisor snapshot is
taken. This snapshot would also reside on the SAN volume.
If this is also how KVM behaves and there is no creation of LUNs within an
iSCSI target from libvirt (which, even if there were support for this, our
SAN currently only allows one LUN per iSCSI target), then I don't see how
using this model will work.
Perhaps I will have to go enhance the current way this works with DIR?
What do you think?
Thanks
On Fri, Sep 13, 2013 at 6:28 PM, Mike Tutkowski
mike.tutkow...@solidfire.com wrote:
That appears to be the way it's used for iSCSI access today.
I suppose I could go that route, too, but I might as well leverage what
libvirt has for iSCSI instead.
On Fri, Sep 13, 2013 at 6:26 PM, Marcus Sorensen shadow...@gmail.comwrote:
To your question about SharedMountPoint, I believe it just acts like a
'DIR' storage type or something similar to that. The end-user is
responsible for mounting a file system that all KVM hosts can access,
and CloudStack is oblivious to what is providing the storage. It could
be NFS, or OCFS2, or some other clustered filesystem, cloudstack just
knows that the provided directory path has VM images.
On Fri, Sep 13, 2013 at 6:23 PM, Marcus Sorensen shadow...@gmail.com
wrote:
Oh yes, you can use NFS, LVM, and iSCSI all at the same time.
Multiples, in fact.
On Fri, Sep 13, 2013 at 6:19 PM, Mike Tutkowski
mike.tutkow...@solidfire.com wrote:
Looks like you can have multiple storage pools:
mtutkowski@ubuntu:~$ virsh pool-list
Name State Autostart
-
default active yes
iSCSIactive no
On Fri, Sep 13, 2013 at 6:12 PM, Mike Tutkowski
mike.tutkow...@solidfire.com wrote:
Reading through the docs you pointed out.
I see what you're saying now.
You can create an iSCSI (libvirt) storage pool based on an iSCSI
target.
In my case, the iSCSI target would only have one LUN, so there would
only
be one iSCSI (libvirt) storage volume in the (libvirt) storage pool.
As you say, my plug-in creates and destroys iSCSI targets/LUNs on the
SolidFire SAN, so it is not a problem that libvirt does not support
creating/deleting iSCSI targets/LUNs.
It looks like I need to test this a bit to see if libvirt supports
multiple iSCSI storage pools (as you mentioned, since each one of its
storage pools would map to one of my iSCSI targets/LUNs).
On Fri, Sep 13, 2013 at 5:58 PM, Mike Tutkowski
mike.tutkow...@solidfire.com wrote:
LibvirtStoragePoolDef has this type:
public enum poolType {
ISCSI(iscsi), NETFS(netfs), LOGICAL(logical),
DIR(dir),
RBD(rbd);
String _poolType;
poolType(String poolType) {
_poolType = poolType;
}
@Override
public String toString() {
return _poolType;
}
}
It doesn't look like the iSCSI type is currently being used, but I'm
understanding more what you were getting at.
Can you tell me for today (say, 4.2), when someone selects the
SharedMountPoint option and uses it with iSCSI, is that the netfs
option
above or is that just for NFS?
Thanks!
On Fri, Sep 13, 2013 at 5:50 PM, Marcus Sorensen
shadow...@gmail.com
wrote:
Take a look at this:
http://libvirt.org/storage.html#StorageBackendISCSI
Volumes must be pre-allocated on the iSCSI server, and cannot be
created via the libvirt APIs., which I believe your plugin will
take
care of. Libvirt just does the work of logging in and hooking it up
to
the VM (I believe the Xen api does that work in the Xen stuff).
What I'm not sure about is whether this provides a 1:1 mapping, or
if
it just allows you to register 1 iscsi device as a pool. You may
need
to write some test code or read up a bit more about this. Let us
know.
If it doesn't, you may just have to write your own storage adaptor
rather than changing LibvirtStorageAdaptor.java. We can cross that
bridge when we get there.
As far as interfacing with libvirt, see the java bindings doc.
http://libvirt.org/sources/java/javadoc/ Normally, you'll see a
connection object be made,
Re: Managed storage with KVM
Ideally volume snapshots can be handled by the SAN back end, if the SAN
supports it. The cloudstack mgmt server could call your plugin for volume
snapshot and it would be hypervisor agnostic. As far as space, that would
depend on how your SAN handles it. With ours, we carve out luns from a
pool, and the snapshot spave comes from the pool and is independent of the
LUN size the host sees.
On Sep 13, 2013 7:10 PM, Mike Tutkowski mike.tutkow...@solidfire.com
wrote:
Hey Marcus,
I wonder if the iSCSI storage pool type for libvirt won't work when you
take into consideration hypervisor snapshots?
On XenServer, when you take a hypervisor snapshot, the VDI for the
snapshot is placed on the same storage repository as the volume is on.
Same idea for VMware, I believe.
So, what would happen in my case (let's say for XenServer and VMware for
4.3 because I don't support hypervisor snapshots in 4.2) is I'd make an
iSCSI target that is larger than what the user requested for the CloudStack
volume (which is fine because our SAN thinly provisions volumes, so the
space is not actually used unless it needs to be). The CloudStack volume
would be the only object on the SAN volume until a hypervisor snapshot is
taken. This snapshot would also reside on the SAN volume.
If this is also how KVM behaves and there is no creation of LUNs within an
iSCSI target from libvirt (which, even if there were support for this, our
SAN currently only allows one LUN per iSCSI target), then I don't see how
using this model will work.
Perhaps I will have to go enhance the current way this works with DIR?
What do you think?
Thanks
On Fri, Sep 13, 2013 at 6:28 PM, Mike Tutkowski
mike.tutkow...@solidfire.com wrote:
That appears to be the way it's used for iSCSI access today.
I suppose I could go that route, too, but I might as well leverage what
libvirt has for iSCSI instead.
On Fri, Sep 13, 2013 at 6:26 PM, Marcus Sorensen shadow...@gmail.comwrote:
To your question about SharedMountPoint, I believe it just acts like a
'DIR' storage type or something similar to that. The end-user is
responsible for mounting a file system that all KVM hosts can access,
and CloudStack is oblivious to what is providing the storage. It could
be NFS, or OCFS2, or some other clustered filesystem, cloudstack just
knows that the provided directory path has VM images.
On Fri, Sep 13, 2013 at 6:23 PM, Marcus Sorensen shadow...@gmail.com
wrote:
Oh yes, you can use NFS, LVM, and iSCSI all at the same time.
Multiples, in fact.
On Fri, Sep 13, 2013 at 6:19 PM, Mike Tutkowski
mike.tutkow...@solidfire.com wrote:
Looks like you can have multiple storage pools:
mtutkowski@ubuntu:~$ virsh pool-list
Name State Autostart
-
default active yes
iSCSIactive no
On Fri, Sep 13, 2013 at 6:12 PM, Mike Tutkowski
mike.tutkow...@solidfire.com wrote:
Reading through the docs you pointed out.
I see what you're saying now.
You can create an iSCSI (libvirt) storage pool based on an iSCSI
target.
In my case, the iSCSI target would only have one LUN, so there would
only
be one iSCSI (libvirt) storage volume in the (libvirt) storage pool.
As you say, my plug-in creates and destroys iSCSI targets/LUNs on the
SolidFire SAN, so it is not a problem that libvirt does not support
creating/deleting iSCSI targets/LUNs.
It looks like I need to test this a bit to see if libvirt supports
multiple iSCSI storage pools (as you mentioned, since each one of its
storage pools would map to one of my iSCSI targets/LUNs).
On Fri, Sep 13, 2013 at 5:58 PM, Mike Tutkowski
mike.tutkow...@solidfire.com wrote:
LibvirtStoragePoolDef has this type:
public enum poolType {
ISCSI(iscsi), NETFS(netfs), LOGICAL(logical),
DIR(dir),
RBD(rbd);
String _poolType;
poolType(String poolType) {
_poolType = poolType;
}
@Override
public String toString() {
return _poolType;
}
}
It doesn't look like the iSCSI type is currently being used, but I'm
understanding more what you were getting at.
Can you tell me for today (say, 4.2), when someone selects the
SharedMountPoint option and uses it with iSCSI, is that the netfs
option
above or is that just for NFS?
Thanks!
On Fri, Sep 13, 2013 at 5:50 PM, Marcus Sorensen
shadow...@gmail.com
wrote:
Take a look at this:
http://libvirt.org/storage.html#StorageBackendISCSI
Volumes must be pre-allocated on the iSCSI server, and cannot be
created via the libvirt APIs., which I believe your plugin will
take
care of. Libvirt just does the work of logging in and hooking it
up to
the VM (I believe the Xen api does that work in the Xen stuff).
What I'm not sure about is whether this provides a 1:1
Re: Managed storage with KVM
Let me back up and say I don't think you'd use a vdi style on an iscsi lun.
I think you'd want to treat it as a RAW format. Otherwise you're putting a
filesystem on your lun, mounting it, creating a QCOW2 disk image, and that
seems unnecessary and a performance killer.
So probably attaching the raw iscsi lun as a disk to the VM, and handling
snapshots on the San side via the storage plugin is best. My impression
from the storage plugin refactor was that there was a snapshot service that
would allow the San to handle snapshots.
On Sep 13, 2013 7:15 PM, Marcus Sorensen shadow...@gmail.com wrote:
Ideally volume snapshots can be handled by the SAN back end, if the SAN
supports it. The cloudstack mgmt server could call your plugin for volume
snapshot and it would be hypervisor agnostic. As far as space, that would
depend on how your SAN handles it. With ours, we carve out luns from a
pool, and the snapshot spave comes from the pool and is independent of the
LUN size the host sees.
On Sep 13, 2013 7:10 PM, Mike Tutkowski mike.tutkow...@solidfire.com
wrote:
Hey Marcus,
I wonder if the iSCSI storage pool type for libvirt won't work when you
take into consideration hypervisor snapshots?
On XenServer, when you take a hypervisor snapshot, the VDI for the
snapshot is placed on the same storage repository as the volume is on.
Same idea for VMware, I believe.
So, what would happen in my case (let's say for XenServer and VMware for
4.3 because I don't support hypervisor snapshots in 4.2) is I'd make an
iSCSI target that is larger than what the user requested for the CloudStack
volume (which is fine because our SAN thinly provisions volumes, so the
space is not actually used unless it needs to be). The CloudStack volume
would be the only object on the SAN volume until a hypervisor snapshot is
taken. This snapshot would also reside on the SAN volume.
If this is also how KVM behaves and there is no creation of LUNs within
an iSCSI target from libvirt (which, even if there were support for this,
our SAN currently only allows one LUN per iSCSI target), then I don't see
how using this model will work.
Perhaps I will have to go enhance the current way this works with DIR?
What do you think?
Thanks
On Fri, Sep 13, 2013 at 6:28 PM, Mike Tutkowski
mike.tutkow...@solidfire.com wrote:
That appears to be the way it's used for iSCSI access today.
I suppose I could go that route, too, but I might as well leverage what
libvirt has for iSCSI instead.
On Fri, Sep 13, 2013 at 6:26 PM, Marcus Sorensen shadow...@gmail.comwrote:
To your question about SharedMountPoint, I believe it just acts like a
'DIR' storage type or something similar to that. The end-user is
responsible for mounting a file system that all KVM hosts can access,
and CloudStack is oblivious to what is providing the storage. It could
be NFS, or OCFS2, or some other clustered filesystem, cloudstack just
knows that the provided directory path has VM images.
On Fri, Sep 13, 2013 at 6:23 PM, Marcus Sorensen shadow...@gmail.com
wrote:
Oh yes, you can use NFS, LVM, and iSCSI all at the same time.
Multiples, in fact.
On Fri, Sep 13, 2013 at 6:19 PM, Mike Tutkowski
mike.tutkow...@solidfire.com wrote:
Looks like you can have multiple storage pools:
mtutkowski@ubuntu:~$ virsh pool-list
Name State Autostart
-
default active yes
iSCSIactive no
On Fri, Sep 13, 2013 at 6:12 PM, Mike Tutkowski
mike.tutkow...@solidfire.com wrote:
Reading through the docs you pointed out.
I see what you're saying now.
You can create an iSCSI (libvirt) storage pool based on an iSCSI
target.
In my case, the iSCSI target would only have one LUN, so there
would only
be one iSCSI (libvirt) storage volume in the (libvirt) storage pool.
As you say, my plug-in creates and destroys iSCSI targets/LUNs on
the
SolidFire SAN, so it is not a problem that libvirt does not support
creating/deleting iSCSI targets/LUNs.
It looks like I need to test this a bit to see if libvirt supports
multiple iSCSI storage pools (as you mentioned, since each one of
its
storage pools would map to one of my iSCSI targets/LUNs).
On Fri, Sep 13, 2013 at 5:58 PM, Mike Tutkowski
mike.tutkow...@solidfire.com wrote:
LibvirtStoragePoolDef has this type:
public enum poolType {
ISCSI(iscsi), NETFS(netfs), LOGICAL(logical),
DIR(dir),
RBD(rbd);
String _poolType;
poolType(String poolType) {
_poolType = poolType;
}
@Override
public String toString() {
return _poolType;
}
}
It doesn't look like the iSCSI type is currently being used, but
I'm
understanding more what you were getting at.
Can you tell me for today (say, 4.2), when someone selects the
SharedMountPoint
Re: Managed storage with KVM
Oh, hypervisor snapshots are a bit different. I need to catch up on the
work done in KVM, but this is basically just disk snapshots + memory dump.
I still think disk snapshots would preferably be handled by the SAN, and
then memory dumps can go to secondary storage or something else. This is
relatively new ground with CS and KVM, so we will want to see how others
are planning theirs.
On Sep 13, 2013 7:20 PM, Marcus Sorensen shadow...@gmail.com wrote:
Let me back up and say I don't think you'd use a vdi style on an iscsi
lun. I think you'd want to treat it as a RAW format. Otherwise you're
putting a filesystem on your lun, mounting it, creating a QCOW2 disk image,
and that seems unnecessary and a performance killer.
So probably attaching the raw iscsi lun as a disk to the VM, and handling
snapshots on the San side via the storage plugin is best. My impression
from the storage plugin refactor was that there was a snapshot service that
would allow the San to handle snapshots.
On Sep 13, 2013 7:15 PM, Marcus Sorensen shadow...@gmail.com wrote:
Ideally volume snapshots can be handled by the SAN back end, if the SAN
supports it. The cloudstack mgmt server could call your plugin for volume
snapshot and it would be hypervisor agnostic. As far as space, that would
depend on how your SAN handles it. With ours, we carve out luns from a
pool, and the snapshot spave comes from the pool and is independent of the
LUN size the host sees.
On Sep 13, 2013 7:10 PM, Mike Tutkowski mike.tutkow...@solidfire.com
wrote:
Hey Marcus,
I wonder if the iSCSI storage pool type for libvirt won't work when you
take into consideration hypervisor snapshots?
On XenServer, when you take a hypervisor snapshot, the VDI for the
snapshot is placed on the same storage repository as the volume is on.
Same idea for VMware, I believe.
So, what would happen in my case (let's say for XenServer and VMware for
4.3 because I don't support hypervisor snapshots in 4.2) is I'd make an
iSCSI target that is larger than what the user requested for the CloudStack
volume (which is fine because our SAN thinly provisions volumes, so the
space is not actually used unless it needs to be). The CloudStack volume
would be the only object on the SAN volume until a hypervisor snapshot is
taken. This snapshot would also reside on the SAN volume.
If this is also how KVM behaves and there is no creation of LUNs within
an iSCSI target from libvirt (which, even if there were support for this,
our SAN currently only allows one LUN per iSCSI target), then I don't see
how using this model will work.
Perhaps I will have to go enhance the current way this works with DIR?
What do you think?
Thanks
On Fri, Sep 13, 2013 at 6:28 PM, Mike Tutkowski
mike.tutkow...@solidfire.com wrote:
That appears to be the way it's used for iSCSI access today.
I suppose I could go that route, too, but I might as well leverage what
libvirt has for iSCSI instead.
On Fri, Sep 13, 2013 at 6:26 PM, Marcus Sorensen
shadow...@gmail.comwrote:
To your question about SharedMountPoint, I believe it just acts like a
'DIR' storage type or something similar to that. The end-user is
responsible for mounting a file system that all KVM hosts can access,
and CloudStack is oblivious to what is providing the storage. It could
be NFS, or OCFS2, or some other clustered filesystem, cloudstack just
knows that the provided directory path has VM images.
On Fri, Sep 13, 2013 at 6:23 PM, Marcus Sorensen shadow...@gmail.com
wrote:
Oh yes, you can use NFS, LVM, and iSCSI all at the same time.
Multiples, in fact.
On Fri, Sep 13, 2013 at 6:19 PM, Mike Tutkowski
mike.tutkow...@solidfire.com wrote:
Looks like you can have multiple storage pools:
mtutkowski@ubuntu:~$ virsh pool-list
Name State Autostart
-
default active yes
iSCSIactive no
On Fri, Sep 13, 2013 at 6:12 PM, Mike Tutkowski
mike.tutkow...@solidfire.com wrote:
Reading through the docs you pointed out.
I see what you're saying now.
You can create an iSCSI (libvirt) storage pool based on an iSCSI
target.
In my case, the iSCSI target would only have one LUN, so there
would only
be one iSCSI (libvirt) storage volume in the (libvirt) storage
pool.
As you say, my plug-in creates and destroys iSCSI targets/LUNs on
the
SolidFire SAN, so it is not a problem that libvirt does not support
creating/deleting iSCSI targets/LUNs.
It looks like I need to test this a bit to see if libvirt supports
multiple iSCSI storage pools (as you mentioned, since each one of
its
storage pools would map to one of my iSCSI targets/LUNs).
On Fri, Sep 13, 2013 at 5:58 PM, Mike Tutkowski
mike.tutkow...@solidfire.com wrote:
LibvirtStoragePoolDef has this type:
public enum poolType {
ISCSI(iscsi), NETFS(netfs), LOGICAL(logical),
DIR(dir),
Re: Managed storage with KVM
Ah, OK, I didn't know that was such new ground in KVM with CS. So, the way people use our SAN with KVM and CS today is by selecting SharedMountPoint and specifying the location of the share. They can set up their share using Open iSCSI by discovering their iSCSI target, logging in to it, then mounting it somewhere on their file system. Would it make sense for me to just do that discovery, logging in, and mounting behind the scenes for them and letting the current code manage the rest as it currently does? On Fri, Sep 13, 2013 at 7:27 PM, Marcus Sorensen shadow...@gmail.comwrote: Oh, hypervisor snapshots are a bit different. I need to catch up on the work done in KVM, but this is basically just disk snapshots + memory dump. I still think disk snapshots would preferably be handled by the SAN, and then memory dumps can go to secondary storage or something else. This is relatively new ground with CS and KVM, so we will want to see how others are planning theirs. On Sep 13, 2013 7:20 PM, Marcus Sorensen shadow...@gmail.com wrote: Let me back up and say I don't think you'd use a vdi style on an iscsi lun. I think you'd want to treat it as a RAW format. Otherwise you're putting a filesystem on your lun, mounting it, creating a QCOW2 disk image, and that seems unnecessary and a performance killer. So probably attaching the raw iscsi lun as a disk to the VM, and handling snapshots on the San side via the storage plugin is best. My impression from the storage plugin refactor was that there was a snapshot service that would allow the San to handle snapshots. On Sep 13, 2013 7:15 PM, Marcus Sorensen shadow...@gmail.com wrote: Ideally volume snapshots can be handled by the SAN back end, if the SAN supports it. The cloudstack mgmt server could call your plugin for volume snapshot and it would be hypervisor agnostic. As far as space, that would depend on how your SAN handles it. With ours, we carve out luns from a pool, and the snapshot spave comes from the pool and is independent of the LUN size the host sees. On Sep 13, 2013 7:10 PM, Mike Tutkowski mike.tutkow...@solidfire.com wrote: Hey Marcus, I wonder if the iSCSI storage pool type for libvirt won't work when you take into consideration hypervisor snapshots? On XenServer, when you take a hypervisor snapshot, the VDI for the snapshot is placed on the same storage repository as the volume is on. Same idea for VMware, I believe. So, what would happen in my case (let's say for XenServer and VMware for 4.3 because I don't support hypervisor snapshots in 4.2) is I'd make an iSCSI target that is larger than what the user requested for the CloudStack volume (which is fine because our SAN thinly provisions volumes, so the space is not actually used unless it needs to be). The CloudStack volume would be the only object on the SAN volume until a hypervisor snapshot is taken. This snapshot would also reside on the SAN volume. If this is also how KVM behaves and there is no creation of LUNs within an iSCSI target from libvirt (which, even if there were support for this, our SAN currently only allows one LUN per iSCSI target), then I don't see how using this model will work. Perhaps I will have to go enhance the current way this works with DIR? What do you think? Thanks On Fri, Sep 13, 2013 at 6:28 PM, Mike Tutkowski mike.tutkow...@solidfire.com wrote: That appears to be the way it's used for iSCSI access today. I suppose I could go that route, too, but I might as well leverage what libvirt has for iSCSI instead. On Fri, Sep 13, 2013 at 6:26 PM, Marcus Sorensen shadow...@gmail.comwrote: To your question about SharedMountPoint, I believe it just acts like a 'DIR' storage type or something similar to that. The end-user is responsible for mounting a file system that all KVM hosts can access, and CloudStack is oblivious to what is providing the storage. It could be NFS, or OCFS2, or some other clustered filesystem, cloudstack just knows that the provided directory path has VM images. On Fri, Sep 13, 2013 at 6:23 PM, Marcus Sorensen shadow...@gmail.com wrote: Oh yes, you can use NFS, LVM, and iSCSI all at the same time. Multiples, in fact. On Fri, Sep 13, 2013 at 6:19 PM, Mike Tutkowski mike.tutkow...@solidfire.com wrote: Looks like you can have multiple storage pools: mtutkowski@ubuntu:~$ virsh pool-list Name State Autostart - default active yes iSCSIactive no On Fri, Sep 13, 2013 at 6:12 PM, Mike Tutkowski mike.tutkow...@solidfire.com wrote: Reading through the docs you pointed out. I see what you're saying now. You can create an iSCSI (libvirt) storage pool based on an iSCSI target. In my case, the iSCSI target would only have one LUN, so there would only be one iSCSI (libvirt) storage volume in the (libvirt) storage pool. As you say, my
Re: Managed storage with KVM
This would require that they put a clustered filesystem on the lun, right? Seems like it would be better for them to use CLVM and make a volume group from the luns, I'll bet some of your customers are doing that unless they are explicitly instructed otherwise, that's how others are doing iscsi or fibrechannel storage. On Sep 13, 2013 7:33 PM, Mike Tutkowski mike.tutkow...@solidfire.com wrote: Ah, OK, I didn't know that was such new ground in KVM with CS. So, the way people use our SAN with KVM and CS today is by selecting SharedMountPoint and specifying the location of the share. They can set up their share using Open iSCSI by discovering their iSCSI target, logging in to it, then mounting it somewhere on their file system. Would it make sense for me to just do that discovery, logging in, and mounting behind the scenes for them and letting the current code manage the rest as it currently does? On Fri, Sep 13, 2013 at 7:27 PM, Marcus Sorensen shadow...@gmail.comwrote: Oh, hypervisor snapshots are a bit different. I need to catch up on the work done in KVM, but this is basically just disk snapshots + memory dump. I still think disk snapshots would preferably be handled by the SAN, and then memory dumps can go to secondary storage or something else. This is relatively new ground with CS and KVM, so we will want to see how others are planning theirs. On Sep 13, 2013 7:20 PM, Marcus Sorensen shadow...@gmail.com wrote: Let me back up and say I don't think you'd use a vdi style on an iscsi lun. I think you'd want to treat it as a RAW format. Otherwise you're putting a filesystem on your lun, mounting it, creating a QCOW2 disk image, and that seems unnecessary and a performance killer. So probably attaching the raw iscsi lun as a disk to the VM, and handling snapshots on the San side via the storage plugin is best. My impression from the storage plugin refactor was that there was a snapshot service that would allow the San to handle snapshots. On Sep 13, 2013 7:15 PM, Marcus Sorensen shadow...@gmail.com wrote: Ideally volume snapshots can be handled by the SAN back end, if the SAN supports it. The cloudstack mgmt server could call your plugin for volume snapshot and it would be hypervisor agnostic. As far as space, that would depend on how your SAN handles it. With ours, we carve out luns from a pool, and the snapshot spave comes from the pool and is independent of the LUN size the host sees. On Sep 13, 2013 7:10 PM, Mike Tutkowski mike.tutkow...@solidfire.com wrote: Hey Marcus, I wonder if the iSCSI storage pool type for libvirt won't work when you take into consideration hypervisor snapshots? On XenServer, when you take a hypervisor snapshot, the VDI for the snapshot is placed on the same storage repository as the volume is on. Same idea for VMware, I believe. So, what would happen in my case (let's say for XenServer and VMware for 4.3 because I don't support hypervisor snapshots in 4.2) is I'd make an iSCSI target that is larger than what the user requested for the CloudStack volume (which is fine because our SAN thinly provisions volumes, so the space is not actually used unless it needs to be). The CloudStack volume would be the only object on the SAN volume until a hypervisor snapshot is taken. This snapshot would also reside on the SAN volume. If this is also how KVM behaves and there is no creation of LUNs within an iSCSI target from libvirt (which, even if there were support for this, our SAN currently only allows one LUN per iSCSI target), then I don't see how using this model will work. Perhaps I will have to go enhance the current way this works with DIR? What do you think? Thanks On Fri, Sep 13, 2013 at 6:28 PM, Mike Tutkowski mike.tutkow...@solidfire.com wrote: That appears to be the way it's used for iSCSI access today. I suppose I could go that route, too, but I might as well leverage what libvirt has for iSCSI instead. On Fri, Sep 13, 2013 at 6:26 PM, Marcus Sorensen shadow...@gmail.com wrote: To your question about SharedMountPoint, I believe it just acts like a 'DIR' storage type or something similar to that. The end-user is responsible for mounting a file system that all KVM hosts can access, and CloudStack is oblivious to what is providing the storage. It could be NFS, or OCFS2, or some other clustered filesystem, cloudstack just knows that the provided directory path has VM images. On Fri, Sep 13, 2013 at 6:23 PM, Marcus Sorensen shadow...@gmail.com wrote: Oh yes, you can use NFS, LVM, and iSCSI all at the same time. Multiples, in fact. On Fri, Sep 13, 2013 at 6:19 PM, Mike Tutkowski mike.tutkow...@solidfire.com wrote: Looks like you can have multiple storage pools: mtutkowski@ubuntu:~$ virsh pool-list Name State Autostart - default active yes iSCSIactive no
Re: Managed storage with KVM
You could do that, but as mentioned I think its a mistake to go to the trouble of creating a 1:1 mapping of CS volumes to luns and then putting a filesystem on it, mounting it, and then putting a QCOW2 or even RAW disk image on that filesystem. You'll lose a lot of iops along the way, and have more overhead with the filesystem and its journaling, etc. On Sep 13, 2013 7:33 PM, Mike Tutkowski mike.tutkow...@solidfire.com wrote: Ah, OK, I didn't know that was such new ground in KVM with CS. So, the way people use our SAN with KVM and CS today is by selecting SharedMountPoint and specifying the location of the share. They can set up their share using Open iSCSI by discovering their iSCSI target, logging in to it, then mounting it somewhere on their file system. Would it make sense for me to just do that discovery, logging in, and mounting behind the scenes for them and letting the current code manage the rest as it currently does? On Fri, Sep 13, 2013 at 7:27 PM, Marcus Sorensen shadow...@gmail.comwrote: Oh, hypervisor snapshots are a bit different. I need to catch up on the work done in KVM, but this is basically just disk snapshots + memory dump. I still think disk snapshots would preferably be handled by the SAN, and then memory dumps can go to secondary storage or something else. This is relatively new ground with CS and KVM, so we will want to see how others are planning theirs. On Sep 13, 2013 7:20 PM, Marcus Sorensen shadow...@gmail.com wrote: Let me back up and say I don't think you'd use a vdi style on an iscsi lun. I think you'd want to treat it as a RAW format. Otherwise you're putting a filesystem on your lun, mounting it, creating a QCOW2 disk image, and that seems unnecessary and a performance killer. So probably attaching the raw iscsi lun as a disk to the VM, and handling snapshots on the San side via the storage plugin is best. My impression from the storage plugin refactor was that there was a snapshot service that would allow the San to handle snapshots. On Sep 13, 2013 7:15 PM, Marcus Sorensen shadow...@gmail.com wrote: Ideally volume snapshots can be handled by the SAN back end, if the SAN supports it. The cloudstack mgmt server could call your plugin for volume snapshot and it would be hypervisor agnostic. As far as space, that would depend on how your SAN handles it. With ours, we carve out luns from a pool, and the snapshot spave comes from the pool and is independent of the LUN size the host sees. On Sep 13, 2013 7:10 PM, Mike Tutkowski mike.tutkow...@solidfire.com wrote: Hey Marcus, I wonder if the iSCSI storage pool type for libvirt won't work when you take into consideration hypervisor snapshots? On XenServer, when you take a hypervisor snapshot, the VDI for the snapshot is placed on the same storage repository as the volume is on. Same idea for VMware, I believe. So, what would happen in my case (let's say for XenServer and VMware for 4.3 because I don't support hypervisor snapshots in 4.2) is I'd make an iSCSI target that is larger than what the user requested for the CloudStack volume (which is fine because our SAN thinly provisions volumes, so the space is not actually used unless it needs to be). The CloudStack volume would be the only object on the SAN volume until a hypervisor snapshot is taken. This snapshot would also reside on the SAN volume. If this is also how KVM behaves and there is no creation of LUNs within an iSCSI target from libvirt (which, even if there were support for this, our SAN currently only allows one LUN per iSCSI target), then I don't see how using this model will work. Perhaps I will have to go enhance the current way this works with DIR? What do you think? Thanks On Fri, Sep 13, 2013 at 6:28 PM, Mike Tutkowski mike.tutkow...@solidfire.com wrote: That appears to be the way it's used for iSCSI access today. I suppose I could go that route, too, but I might as well leverage what libvirt has for iSCSI instead. On Fri, Sep 13, 2013 at 6:26 PM, Marcus Sorensen shadow...@gmail.com wrote: To your question about SharedMountPoint, I believe it just acts like a 'DIR' storage type or something similar to that. The end-user is responsible for mounting a file system that all KVM hosts can access, and CloudStack is oblivious to what is providing the storage. It could be NFS, or OCFS2, or some other clustered filesystem, cloudstack just knows that the provided directory path has VM images. On Fri, Sep 13, 2013 at 6:23 PM, Marcus Sorensen shadow...@gmail.com wrote: Oh yes, you can use NFS, LVM, and iSCSI all at the same time. Multiples, in fact. On Fri, Sep 13, 2013 at 6:19 PM, Mike Tutkowski mike.tutkow...@solidfire.com wrote: Looks like you can have multiple storage pools: mtutkowski@ubuntu:~$ virsh pool-list Name State Autostart - default active yes iSCSI
Re: Managed storage with KVM
Better to wire up the lun directly to the vm unless there is a good reason not to. On Sep 13, 2013 7:40 PM, Marcus Sorensen shadow...@gmail.com wrote: You could do that, but as mentioned I think its a mistake to go to the trouble of creating a 1:1 mapping of CS volumes to luns and then putting a filesystem on it, mounting it, and then putting a QCOW2 or even RAW disk image on that filesystem. You'll lose a lot of iops along the way, and have more overhead with the filesystem and its journaling, etc. On Sep 13, 2013 7:33 PM, Mike Tutkowski mike.tutkow...@solidfire.com wrote: Ah, OK, I didn't know that was such new ground in KVM with CS. So, the way people use our SAN with KVM and CS today is by selecting SharedMountPoint and specifying the location of the share. They can set up their share using Open iSCSI by discovering their iSCSI target, logging in to it, then mounting it somewhere on their file system. Would it make sense for me to just do that discovery, logging in, and mounting behind the scenes for them and letting the current code manage the rest as it currently does? On Fri, Sep 13, 2013 at 7:27 PM, Marcus Sorensen shadow...@gmail.comwrote: Oh, hypervisor snapshots are a bit different. I need to catch up on the work done in KVM, but this is basically just disk snapshots + memory dump. I still think disk snapshots would preferably be handled by the SAN, and then memory dumps can go to secondary storage or something else. This is relatively new ground with CS and KVM, so we will want to see how others are planning theirs. On Sep 13, 2013 7:20 PM, Marcus Sorensen shadow...@gmail.com wrote: Let me back up and say I don't think you'd use a vdi style on an iscsi lun. I think you'd want to treat it as a RAW format. Otherwise you're putting a filesystem on your lun, mounting it, creating a QCOW2 disk image, and that seems unnecessary and a performance killer. So probably attaching the raw iscsi lun as a disk to the VM, and handling snapshots on the San side via the storage plugin is best. My impression from the storage plugin refactor was that there was a snapshot service that would allow the San to handle snapshots. On Sep 13, 2013 7:15 PM, Marcus Sorensen shadow...@gmail.com wrote: Ideally volume snapshots can be handled by the SAN back end, if the SAN supports it. The cloudstack mgmt server could call your plugin for volume snapshot and it would be hypervisor agnostic. As far as space, that would depend on how your SAN handles it. With ours, we carve out luns from a pool, and the snapshot spave comes from the pool and is independent of the LUN size the host sees. On Sep 13, 2013 7:10 PM, Mike Tutkowski mike.tutkow...@solidfire.com wrote: Hey Marcus, I wonder if the iSCSI storage pool type for libvirt won't work when you take into consideration hypervisor snapshots? On XenServer, when you take a hypervisor snapshot, the VDI for the snapshot is placed on the same storage repository as the volume is on. Same idea for VMware, I believe. So, what would happen in my case (let's say for XenServer and VMware for 4.3 because I don't support hypervisor snapshots in 4.2) is I'd make an iSCSI target that is larger than what the user requested for the CloudStack volume (which is fine because our SAN thinly provisions volumes, so the space is not actually used unless it needs to be). The CloudStack volume would be the only object on the SAN volume until a hypervisor snapshot is taken. This snapshot would also reside on the SAN volume. If this is also how KVM behaves and there is no creation of LUNs within an iSCSI target from libvirt (which, even if there were support for this, our SAN currently only allows one LUN per iSCSI target), then I don't see how using this model will work. Perhaps I will have to go enhance the current way this works with DIR? What do you think? Thanks On Fri, Sep 13, 2013 at 6:28 PM, Mike Tutkowski mike.tutkow...@solidfire.com wrote: That appears to be the way it's used for iSCSI access today. I suppose I could go that route, too, but I might as well leverage what libvirt has for iSCSI instead. On Fri, Sep 13, 2013 at 6:26 PM, Marcus Sorensen shadow...@gmail.com wrote: To your question about SharedMountPoint, I believe it just acts like a 'DIR' storage type or something similar to that. The end-user is responsible for mounting a file system that all KVM hosts can access, and CloudStack is oblivious to what is providing the storage. It could be NFS, or OCFS2, or some other clustered filesystem, cloudstack just knows that the provided directory path has VM images. On Fri, Sep 13, 2013 at 6:23 PM, Marcus Sorensen shadow...@gmail.com wrote: Oh yes, you can use NFS, LVM, and iSCSI all at the same time. Multiples, in fact. On Fri, Sep 13, 2013 at 6:19 PM, Mike Tutkowski mike.tutkow...@solidfire.com wrote: Looks like you can have multiple storage pools:
