System VM Template

2018-04-02 Thread Tutkowski, Mike 
Hi,

I may have missed an e-mail about this recently.

Can someone provide me with the current URL I can use to download system VM 
templates for 4.12?

I’ve tried 4.11 from here:

http://cloudstack.apt-get.eu/systemvm/4.11/

and master from here:

https://builds.cloudstack.org/job/build-master-systemvm/

However, in neither case can I get the VR up and running on 4.12.

Thanks!
Mike

Re: Request to enable Github issues, wiki for apache/cloudstack* repos

2018-04-02 Thread Daniel Pono Takamori 
Enabled for your repos: https://issues.apache.org/jira/browse/INFRA-16186

Cheers

On Mon, Apr 2, 2018 at 1:23 PM, Rohit Yadav  wrote:
> Ping infra?
>
> - Rohit
>
> On Fri, Mar 30, 2018 at 1:51 PM, Rohit Yadav  wrote:
>>
>> All,
>>
>> Based on a vote [1] on Apache CloudStack MLs, I would like to request
>> infra to enable Github issue and wiki features for all cloudstack
>> repositories:
>>
>> https://github.com/apache?q=cloudstack+
>>
>> [1] https://markmail.org/message/y5zgkssmwp4sh43t
>>
>> Regards,
>> Rohit Yadav
>> PMC member and committer,
>> Apache CloudStack
>
>

[DISCUSS] New VPN implementation based on IKEv2 backed by Vault

2018-04-02 Thread Khosrow Moossavi 
Hi Community

I want to open up a discussion around the new Remote Access VPN
implementation on VRs. Currently
we have only L2TP implementation, which lacks different features (such as
verbos logging), so we
decided to start developing new implementation based on IKEv2 (on top of
the existing strongSwan).

We have this feature working locally for over a week now, and seems to be
ready for opening up a
PR on official repo. But before doing so we agreed to open up a discussion
here first.

The current implementation we use EAP + Public Key for authentication, so
we need to have a PKI
Engine somewhere. Rather than start re-inventing the wheel (and start
extending the current CA Framework
which was done by Rohit) we decided to delegate this functionality to
HashiCorp Vault, which will act as
a PKI backend engine for Cloudstack.

The way I implemented this specific part of the code, is that it can easily
be extended/implemented with other
concrete classes or designs (such as going forward with in-house PKI
engine, or even use external services
such as Let's Encrypt), but at the end of the day we strongly suggest to
use Vault, as it is really easy to use.


Please find the design document here[1], and share your feedback. I will
open up a PR -as is- soon to be able
to have a source code to discuss around it as well.

[1]:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/VPN+Implementation+based+on+IKEv2+backed+by+Vault+as+PKI+Engine


Thanks

Khosrow Moossavi

Cloud Infrastructure Developer

t 514.447.3456

Re: Request to enable Github issues, wiki for apache/cloudstack* repos

2018-04-02 Thread Rohit Yadav 
Ping infra?

- Rohit

On Fri, Mar 30, 2018 at 1:51 PM, Rohit Yadav  wrote:

> All,
>
> Based on a vote [1] on Apache CloudStack MLs, I would like to request
> infra to enable Github issue and wiki features for all cloudstack
> repositories:
>
> https://github.com/apache?q=cloudstack+
>
> [1] https://markmail.org/message/y5zgkssmwp4sh43t
>
> Regards,
> Rohit Yadav
> PMC member and committer,
> Apache CloudStack
>

[DISCUSS] VR upgrading workflow thoughts

2018-04-02 Thread Rene Moser 
Hi

One of the biggest challenges in cloudstack is upgrading VRs in an
advanced networking setup.

Even though with the latest efforts made by shapeblue and Rohit (nice
work) the replacement of a VR does not disconnect the services behind
the router anymore, there is still room for improvement.

Currently, the issue we still face for clouds in production using
advanced networking is, a valid roll back path.

Today upgrade path works like this (correct me when I am wrong)

1. upload new template
2. upgrade management service
3. rolling out new VRs

The issue is, the VRs can not be fully used until upgraded (new
instances, new firewall rules etc, are not possible)

Our vision is that a new VR template would also be compatible with
previous version of cloudstack management service. This would allow to
rolling out new VRs using _before_ upgrading the management service:

1. upload new template
2. rolling out new VRs
3. upgrade management service

What are the benefits of this?

It would allow to test the VRs before the management service upgrade and
roll back to previous template (or upload a fixed template) in case of
issues.

A rollback of the management service would not necessarily result in
redeployment of VRs as they were still compatible.

Any thoughts?

Re: 4.11.0.0 - Error to Register ISO in All Zones

2018-04-02 Thread Dag Sonstebo 
Hi Marcelo,

One thing I noticed - if you check 
http://cloudstack.apache.org/api/apidocs-4.11/apis/registerTemplate.html there 
is a difference between “zoneid” and “zoneids”, the latter taking the -1 
option. That doesn’t explain your GUI issue, but may explain your CloudMonkey 
run failure? 

Regards,
Dag Sonstebo
Cloud Architect
ShapeBlue

On 01/04/2018, 04:36, "Lotic Lists"  wrote:

Problem to register ISO in all zones

 

https://issues.apache.org/jira/browse/CLOUDSTACK-10349

 

Regards

Marcelo

 




dag.sonst...@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue