Re: Stop one of primary storage but no vm diskimg in it , All vm stoped.
when change the C storage to maintance , group normally ,no exception occured. when stop the NFS on C storage , all vm stoped and some hypervisors rebooted by cloudstack-agent. In C storage ,only one file that for VMC1, there aren’t disk image for other vms , so it stoped all vms to be beyond comprehension. > 在 2017年3月22日,11:39,Tutkowski, Mike 写道: > > Do you know if your other VMs shut down when you stopped the NFS service or > when you put the primary storage into maintenance mode? > > Putting a primary storage in maintenance mode should only shut down VMs that > have one or more disks running from that primary storage. > > For example, if you had your root disk on primary storage A and a data disk > on primary storage C and you put primary storage C into maintenance mode, > then this VM will be shut down. > > On 3/21/17, 9:12 PM, "Gust" wrote: > > Our cloudstack (4.9.1) group have 4 primary storage named as A/B/C/D, > almost all vm disk image in A storage. only one vm (name VMC1) disk image in > C storage. > > yesterday , > we close VMC1 and change the C storage to maintance state, > then stop the NFS service in C storage , > after that , all vm stoped , whatever vm disk image in A or in C, > we were stunned. > > In cloudstack website , we found follow doc , but it descripte stops all > VMs stored on C storage device in my situation, what happenned ? > > Primary Storage Outage and Data Loss¶ > When a primary storage outage occurs the hypervisor immediately stops all > VMs stored ——>on that storage device<—— . Guests that are > marked for HA will be restarted as soon as practical when the primary storage > comes back on line. With NFS, the hypervisor may allow the virtual machines > to continue running depending on the nature of the issue. For example, an NFS > hang will cause the guest VMs to be suspended until storage connectivity is > restored.Primary storage is not designed to be backed up. Individual volumes > in primary storage can be backed up using snapshots. > > > > >
Stop one of primary storage but no vm diskimg in it , All vm stoped.
Our cloudstack (4.9.1) group have 4 primary storage named as A/B/C/D, almost all vm disk image in A storage. only one vm (name VMC1) disk image in C storage. yesterday , we close VMC1 and change the C storage to maintance state, then stop the NFS service in C storage , after that , all vm stoped , whatever vm disk image in A or in C, we were stunned. In cloudstack website , we found follow doc , but it descripte stops all VMs stored on C storage device in my situation, what happenned ? Primary Storage Outage and Data Loss¶ When a primary storage outage occurs the hypervisor immediately stops all VMs stored ——>on that storage device<—— . Guests that are marked for HA will be restarted as soon as practical when the primary storage comes back on line. With NFS, the hypervisor may allow the virtual machines to continue running depending on the nature of the issue. For example, an NFS hang will cause the guest VMs to be suspended until storage connectivity is restored.Primary storage is not designed to be backed up. Individual volumes in primary storage can be backed up using snapshots.
Re: JuniperSRX firewall configure plugin source bug
I submitted PR:
https://github.com/apache/cloudstack/pull/1662
> 在 2016年8月24日,20:36,Will Stevens 写道:
>
> Hey Gust,
> Here are the details for contributing.
>
> https://github.com/apache/cloudstack/blob/master/CONTRIBUTING.md
>
> You need to fork cloudstack and the the change in your fork. Then you
> create a pull request from your fork to ACS.
>
> Let us know if you have problems following that guide.
>
> Cheers,
>
> Will
>
> On Aug 24, 2016 4:09 AM, "Gust" wrote:
>
>>
>> Hi, Jayapal
>>
>> why not submit a PR, in github desktop prompt:
>>
>> You may not have permission to access cloudstack. Check Preferences to
>> make sure you’re still logged in.
>>
>> I ensure i loved in.
>>
>>
>>
>>> 在 2016年8月24日,12:52,Jayapal Uradi > jayapal.ur...@accelerite.com>> 写道:
>>>
>>> Hi Gust,
>>>
>>> The changes look good please go head and raise a PR for it.
>>>
>>> Thanks,
>>> Jayapal
>>>> On Aug 24, 2016, at 8:14 AM, Gust > digitalg...@163.com>> wrote:
>>>>
>>>> Hi , all
>>>>
>>>> There is a bug in com.cloud.network.resource.JuniperSrxResource
>>>>
>>>> It will report syntax error when configure outgress rule to Juniper
>> srx hardware firewall.
>>>>
>>>>
>>>> begin line 2830 :
>>>>
>>>>if (type.equals(SecurityPolicyType.
>> SECURITYPOLICY_EGRESS_DEFAULT)) {
>>>>if (defaultEgressAction == false) {
>>>>//for default policy is false add default
>> deny rules
>>>>action = "";
>>>>} else {
>>>>action = "";
>>>>}
>>>>
>>>>} else {
>>>>if (defaultEgressAction == true) {
>>>>//configure egress rules to deny the traffic
>> when default egress is allow
>>>>action = "";
>>>>} else {
>>>>action = "";
>>>>}
>>>> //error here
>>>>xml = replaceXmlValue(xml, "action", action);
>>>>
>>>>}
>>>>
>>>> fix:
>>>>
>>>>if (type.equals(SecurityPolicyType.
>> SECURITYPOLICY_EGRESS_DEFAULT)) {
>>>>if (defaultEgressAction == false) {
>>>>//for default policy is false add default
>> deny rules
>>>>action = "";
>>>>} else {
>>>>action = "";
>>>>}
>>>>
>>>>} else {
>>>>if (defaultEgressAction == true) {
>>>>//configure egress rules to deny the traffic
>> when default egress is allow
>>>>action = "";
>>>>} else {
>>>>action = "";
>>>>}
>>>>}
>>>> //move replace out
>>>>xml = replaceXmlValue(xml, "action", action);
>>>>
>>>>
>>>>
>>>> gust
>>>>
>>>> Being china.
>>>> 2016-08-24
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>>
>>> DISCLAIMER
>>> ==
>>> This e-mail may contain privileged and confidential information which is
>> the property of Accelerite, a Persistent Systems business. It is intended
>> only for the use of the individual or entity to which it is addressed. If
>> you are not the intended recipient, you are not authorized to read, retain,
>> copy, print, distribute or use this message. If you have received this
>> communication in error, please notify the sender and delete all copies of
>> this message. Accelerite, a Persistent Systems business does not accept any
>> liability for virus infected mails.
>>
>>
Re: JuniperSRX firewall configure plugin source bug
Hi, Jayapal
why not submit a PR, in github desktop prompt:
You may not have permission to access cloudstack. Check Preferences to make
sure you’re still logged in.
I ensure i loved in.
> 在 2016年8月24日,12:52,Jayapal Uradi <mailto:jayapal.ur...@accelerite.com>> 写道:
>
> Hi Gust,
>
> The changes look good please go head and raise a PR for it.
>
> Thanks,
> Jayapal
>> On Aug 24, 2016, at 8:14 AM, Gust > <mailto:digitalg...@163.com>> wrote:
>>
>> Hi , all
>>
>> There is a bug in com.cloud.network.resource.JuniperSrxResource
>>
>> It will report syntax error when configure outgress rule to Juniper srx
>> hardware firewall.
>>
>>
>> begin line 2830 :
>>
>> if
>> (type.equals(SecurityPolicyType.SECURITYPOLICY_EGRESS_DEFAULT)) {
>> if (defaultEgressAction == false) {
>> //for default policy is false add default deny
>> rules
>> action = "";
>> } else {
>> action = "";
>> }
>>
>> } else {
>> if (defaultEgressAction == true) {
>> //configure egress rules to deny the traffic when
>> default egress is allow
>> action = "";
>> } else {
>> action = "";
>> }
>> //error here
>> xml = replaceXmlValue(xml, "action", action);
>>
>> }
>>
>> fix:
>>
>> if
>> (type.equals(SecurityPolicyType.SECURITYPOLICY_EGRESS_DEFAULT)) {
>> if (defaultEgressAction == false) {
>> //for default policy is false add default deny
>> rules
>> action = "";
>> } else {
>> action = "";
>> }
>>
>> } else {
>> if (defaultEgressAction == true) {
>> //configure egress rules to deny the traffic when
>> default egress is allow
>> action = "";
>> } else {
>> action = "";
>> }
>> }
>> //move replace out
>> xml = replaceXmlValue(xml, "action", action);
>>
>>
>>
>> gust
>>
>> Being china.
>> 2016-08-24
>>
>>
>>
>>
>
>
>
>
> DISCLAIMER
> ==
> This e-mail may contain privileged and confidential information which is the
> property of Accelerite, a Persistent Systems business. It is intended only
> for the use of the individual or entity to which it is addressed. If you are
> not the intended recipient, you are not authorized to read, retain, copy,
> print, distribute or use this message. If you have received this
> communication in error, please notify the sender and delete all copies of
> this message. Accelerite, a Persistent Systems business does not accept any
> liability for virus infected mails.
JuniperSRX firewall configure plugin source bug
Hi , all
There is a bug in com.cloud.network.resource.JuniperSrxResource
It will report syntax error when configure outgress rule to Juniper srx
hardware firewall.
begin line 2830 :
if
(type.equals(SecurityPolicyType.SECURITYPOLICY_EGRESS_DEFAULT)) {
if (defaultEgressAction == false) {
//for default policy is false add default deny rules
action = "";
} else {
action = "";
}
} else {
if (defaultEgressAction == true) {
//configure egress rules to deny the traffic when
default egress is allow
action = "";
} else {
action = "";
}
//error here
xml = replaceXmlValue(xml, "action", action);
}
fix:
if
(type.equals(SecurityPolicyType.SECURITYPOLICY_EGRESS_DEFAULT)) {
if (defaultEgressAction == false) {
//for default policy is false add default deny rules
action = "";
} else {
action = "";
}
} else {
if (defaultEgressAction == true) {
//configure egress rules to deny the traffic when
default egress is allow
action = "";
} else {
action = "";
}
}
//move replace out
xml = replaceXmlValue(xml, "action", action);
gust
Being china.
2016-08-24
Re: Virtual Router execute python slowly
A port forward rule operation spent:
not optimized 5min
optimized 3min
optmized+cProfile8min
top 30 :
Fri Aug 19 11:27:50 2016d:\temp\py_pro.data
614887355 function calls (614884838 primitive calls) in 548.846 seconds
Ordered by: cumulative time
List reduced from 404 to 30 due to restriction <30>
ncalls tottime percall cumtime percall filename:lineno(function)
10.0000.000 548.846 548.846 :1()
10.0000.000 548.846 548.846 update_config.py:114(mainp)
10.0000.000 548.846 548.846 update_config.py:50(process_file)
10.0010.001 548.837 548.837 update_config.py:44(finish_config)
10.0000.000 548.836 548.836 configure.py:903(main)
10.0000.000 546.228 546.228 configure.py:717(process)
1088 53.9360.050 536.6650.493 CsAddress.py:145(ip_in_subnet)
160.0000.000 364.540 22.784
configure.py:766(processForwardRule)
160.0010.000 364.540 22.784 configure.py:772(forward_vr)
325.8690.183 351.378 10.981 configure.py:747(getNetworkByIp)
68170816 65.4350.000 342.4270.000 __init__.py:1682(iter_iprange)
68177344 182.9250.000 277.0510.000 __init__.py:248(__init__)
483.6850.077 194.8454.059 configure.py:741(getDeviceByIp)
160.0010.000 181.689 11.356
configure.py:882(processStaticNatRule)
68170816 54.6550.000 140.1860.000 __init__.py:63(__hash__)
68170976 48.5770.000 69.1120.000 __init__.py:439(key)
68187121 42.9760.000 42.9760.000 {hasattr}
68188576 26.2020.000 26.2050.000 {isinstance}
68178432 24.9450.000 24.9450.000 __init__.py:34(__init__)
68177504 20.5370.000 20.5370.000 __init__.py:232(version)
68170816 16.4190.000 16.4190.000 {hash}
10.0200.0201.5221.522 CsNetfilter.py:134(compare)
3290.0070.0001.5130.005 CsHelper.py:182(execute)
3290.0020.0001.0600.003 subprocess.py:768(communicate)
3290.0040.0001.0570.003 subprocess.py:1400(_communicate)
3290.0120.0001.0460.003
subprocess.py:1433(_communicate_with_poll)
23521.0210.0001.0210.000 {built-in method poll}
10.0010.0011.0051.005 CsAddress.py:99(process)
220.0010.0000.9890.045 CsAddress.py:271(configure)
220.0010.0000.9370.043 CsAddress.py:285(post_configure)
> 在 2016年8月20日,09:41,ilya 写道:
>
> Hi Gust
>
> Are you proposing solution "optimized CsAddress.py in VR" or just
> analysis on where time is being spent?
>
> Regards
> ilya
> On 8/18/16 9:34 PM, Gust wrote:
>>
>> Hi,all
>>
>> we constructed a advance network in cloudstack , it work fine early , but
>> when I added some VR rules ,it execute slow more and more.
>>
>> About total 100 rules already exist , I add a port forward rule , it would
>> execute about 3 minutes , that we changed the agent source set more seconds
>> timeout ,else agent will timeout at 120s, and optimized CsAddress.py in VR.
>>
>> So I login to VR vm , and modify the update_config.pywith cProfile ,
>> and print out execute result . because add cProfile , python execute more
>> than 8 min.
>>
>> It shows too many netaddr object init invoked.
>>
>> vr hypervisor hardware : E3 1230v2 3.4GHz , vr alloc 3GHz
>>
>> --
>> Optimized CsAddress.py , execute 3 min, else 5 min
>>
>> CsAddress.py (line 145)
>> def ip_in_subnet(self, ip):
>> ipo = IPAddress(ip)
>> net = IPNetwork("%s/%s" % (self.get_ip(), self.get_size()))
>> aset = set(net)
>> return ipo in aset
>>
>> --
>> def mainp():
>> if not (os.path.isfile(jsonCmdConfigPath) and os.access(jsonCmdConfigPath,
>> os.R_OK)):
>> print "[ERROR] update_config.py :: You are telling me to process %s,
>> but i can't access it" % jsonCmdConfigPath
>> sys.exit(1)
>>
>> # If the command line json file is unprocessed process it
>> # This is important or, the control interfaces will get deleted!
>> if os.path.isfile(jsonPath % "cmd_line.json"):
>> qf = QueueFile()
>> qf.setFile("cmd_line.json")
>> qf.load(None)
>>
>> # If the guest network is already configured and have the same IP, do not
>> try to configure it again otherwise it will brea
Virtual Router execute python slowly
Hi,all
we constructed a advance network in cloudstack , it work fine early , but when
I added some VR rules ,it execute slow more and more.
About total 100 rules already exist , I add a port forward rule , it would
execute about 3 minutes , that we changed the agent source set more seconds
timeout ,else agent will timeout at 120s, and optimized CsAddress.py in VR.
So I login to VR vm , and modify the update_config.pywith cProfile , and
print out execute result . because add cProfile , python execute more than 8
min.
It shows too many netaddr object init invoked.
vr hypervisor hardware : E3 1230v2 3.4GHz , vr alloc 3GHz
--
Optimized CsAddress.py , execute 3 min, else 5 min
CsAddress.py (line 145)
def ip_in_subnet(self, ip):
ipo = IPAddress(ip)
net = IPNetwork("%s/%s" % (self.get_ip(), self.get_size()))
aset = set(net)
return ipo in aset
--
def mainp():
if not (os.path.isfile(jsonCmdConfigPath) and os.access(jsonCmdConfigPath,
os.R_OK)):
print "[ERROR] update_config.py :: You are telling me to process %s, but
i can't access it" % jsonCmdConfigPath
sys.exit(1)
# If the command line json file is unprocessed process it
# This is important or, the control interfaces will get deleted!
if os.path.isfile(jsonPath % "cmd_line.json"):
qf = QueueFile()
qf.setFile("cmd_line.json")
qf.load(None)
# If the guest network is already configured and have the same IP, do not
try to configure it again otherwise it will break
if sys.argv[1] == "guest_network.json":
if os.path.isfile(currentGuestNetConfig):
file = open(currentGuestNetConfig)
guestnet_dict = json.load(file)
if not is_guestnet_configured(guestnet_dict, ['eth1', 'eth2',
'eth3', 'eth4', 'eth5', 'eth6', 'eth7', 'eth8', 'eth9']):
print "[INFO] update_config.py :: Processing Guest Network."
process_file()
else:
print "[INFO] update_config.py :: No need to process Guest
Network."
finish_config()
else:
print "[INFO] update_config.py :: No GuestNetwork configured yet.
Configuring first one now."
process_file()
else:
print "[INFO] update_config.py :: Processing incoming file => %s" %
sys.argv[1]
process_file()
cProfile.run("mainp()", "/var/log/py_pro.data”)
--
Fri Aug 19 11:27:50 2016d:\temp\py_pro.data
614887355 function calls (614884838 primitive calls) in 548.846 seconds
Ordered by: internal time
ncalls tottime percall cumtime percall filename:lineno(function)
68177344 182.9250.000 277.0510.000 __init__.py:248(__init__)
68170816 65.4350.000 342.4270.000 __init__.py:1682(iter_iprange)
68170816 54.6550.000 140.1860.000 __init__.py:63(__hash__)
1088 53.9360.050 536.6650.493 CsAddress.py:145(ip_in_subnet)
68170976 48.5770.000 69.1120.000 __init__.py:439(key)
68187121 42.9760.000 42.9760.000 {hasattr}
68188576 26.2020.000 26.2050.000 {isinstance}
68178432 24.9450.000 24.9450.000 __init__.py:34(__init__)
68177504 20.5370.000 20.5370.000 __init__.py:232(version)
68170816 16.4190.000 16.4190.000 {hash}
325.8690.183 351.378 10.981 configure.py:747(getNetworkByIp)
483.6850.077 194.8454.059 configure.py:741(getDeviceByIp)
23521.0210.0001.0210.000 {built-in method poll}
2454410.3520.0000.5100.000 CsNetfilter.py:296(__eq__)
21490.2510.0000.2510.000 {posix.read}
7980.1110.0000.6080.001 CsNetfilter.py:116(has_rule)
4935850.0980.0000.0980.000 CsNetfilter.py:258(get_table)
3290.0770.0000.0770.000 {posix.fork}
24440.0590.0000.0590.000 {method 'flush' of 'file' objects}
24440.0390.0000.0740.000 __init__.py:243(__init__)
1139500.0300.0000.0300.000 CsNetfilter.py:270(get_chain)
3290.0280.0000.3670.001 subprocess.py:1195(_execute_child)
24440.0210.0000.0780.000 __init__.py:458(format)
20690.0210.0000.0390.000
CsNetfilter.py:236(__convert_to_dict)
10.0200.0201.5221.522 CsNetfilter.py:134(compare)
24440.0170.0000.0240.000 __init__.py:1226(findCaller)
24440.0160.0000.0170.000 __init__.py:318(getMessage)
417630.0150.0000.0150.000 {method 'items' of 'dict' objects}
24440.0150.0000.0150.000 {time.localtime}
10880.0140.0000.0280.000 __init__.py:737(parse_ip_network)
24440.013
Virtual Router execute python slowly
Hi,all
we constructed a advance network in cloudstack , it work fine early , but when
I added some VR rules ,it execute slow more and more.
About total 100 rules already exist , I add a port forward rule , it would
execute about 3 minutes , that we changed the agent source set more seconds
timeout ,else agent will timeout at 120s, and optimized CsAddress.py in VR.
So I login to VR vm , and modify the update_config.pywith cProfile , and
print out execute result . because add cProfile , python execute more than 8
min.
It shows too many netaddr object init invoked.
vr hypervisor hardware : E3 1230v2 3GHz
--
Optimized CsAddress.py , execute 3 min, else 5 min
CsAddress.py (line 145)
def ip_in_subnet(self, ip):
ipo = IPAddress(ip)
net = IPNetwork("%s/%s" % (self.get_ip(), self.get_size()))
aset = set(net)
return ipo in aset
--
def mainp():
if not (os.path.isfile(jsonCmdConfigPath) and os.access(jsonCmdConfigPath,
os.R_OK)):
print "[ERROR] update_config.py :: You are telling me to process %s,
but i can't access it" % jsonCmdConfigPath
sys.exit(1)
# If the command line json file is unprocessed process it
# This is important or, the control interfaces will get deleted!
if os.path.isfile(jsonPath % "cmd_line.json"):
qf = QueueFile()
qf.setFile("cmd_line.json")
qf.load(None)
# If the guest network is already configured and have the same IP, do not
try to configure it again otherwise it will break
if sys.argv[1] == "guest_network.json":
if os.path.isfile(currentGuestNetConfig):
file = open(currentGuestNetConfig)
guestnet_dict = json.load(file)
if not is_guestnet_configured(guestnet_dict, ['eth1', 'eth2',
'eth3', 'eth4', 'eth5', 'eth6', 'eth7', 'eth8', 'eth9']):
print "[INFO] update_config.py :: Processing Guest Network."
process_file()
else:
print "[INFO] update_config.py :: No need to process Guest
Network."
finish_config()
else:
print "[INFO] update_config.py :: No GuestNetwork configured yet.
Configuring first one now."
process_file()
else:
print "[INFO] update_config.py :: Processing incoming file => %s" %
sys.argv[1]
process_file()
cProfile.run("mainp()", "/var/log/py_pro.data”)
--
Fri Aug 19 11:27:50 2016d:\temp\py_pro.data
614887355 function calls (614884838 primitive calls) in 548.846 seconds
Ordered by: internal time
ncalls tottime percall cumtime percall filename:lineno(function)
68177344 182.9250.000 277.0510.000 __init__.py:248(__init__)
68170816 65.4350.000 342.4270.000 __init__.py:1682(iter_iprange)
68170816 54.6550.000 140.1860.000 __init__.py:63(__hash__)
1088 53.9360.050 536.6650.493 CsAddress.py:145(ip_in_subnet)
68170976 48.5770.000 69.1120.000 __init__.py:439(key)
68187121 42.9760.000 42.9760.000 {hasattr}
68188576 26.2020.000 26.2050.000 {isinstance}
68178432 24.9450.000 24.9450.000 __init__.py:34(__init__)
68177504 20.5370.000 20.5370.000 __init__.py:232(version)
68170816 16.4190.000 16.4190.000 {hash}
325.8690.183 351.378 10.981 configure.py:747(getNetworkByIp)
483.6850.077 194.8454.059 configure.py:741(getDeviceByIp)
23521.0210.0001.0210.000 {built-in method poll}
2454410.3520.0000.5100.000 CsNetfilter.py:296(__eq__)
21490.2510.0000.2510.000 {posix.read}
7980.1110.0000.6080.001 CsNetfilter.py:116(has_rule)
4935850.0980.0000.0980.000 CsNetfilter.py:258(get_table)
3290.0770.0000.0770.000 {posix.fork}
24440.0590.0000.0590.000 {method 'flush' of 'file' objects}
24440.0390.0000.0740.000 __init__.py:243(__init__)
1139500.0300.0000.0300.000 CsNetfilter.py:270(get_chain)
3290.0280.0000.3670.001 subprocess.py:1195(_execute_child)
24440.0210.0000.0780.000 __init__.py:458(format)
20690.0210.0000.0390.000
CsNetfilter.py:236(__convert_to_dict)
10.0200.0201.5221.522 CsNetfilter.py:134(compare)
24440.0170.0000.0240.000 __init__.py:1226(findCaller)
24440.0160.0000.0170.000 __init__.py:318(getMessage)
417630.0150.0000.0150.000 {method 'items' of 'dict' objects}
24440.0150.0000.0150.000 {time.localtime}
10880.0140.0000.0280.00
