Re: CloudStack创建的VM上配置虚拟IP问题
您好,cloudstack版本使用的是4.0.2。hypervisor采用的是kvm 2013/5/21 linux...@gmail.com linux...@gmail.com 建议提供一些日志信息,以及你的环境的信息 例如cloudstack版本 使用的是KVM 还是Xen 在 2013年5月18日下午10:18,Yuebin Shen ybs...@anchora.info写道: 您好,我在CloudStack创建的一个VM上使用ucarp配置了一个虚拟IP,在VM上可以ping通此IP,但是在其他VM上无法ping,请问这是什么原因呢? -- 白清杰 (Born Bai) 北京开源愿景信息技术有限公司 Mail: linux...@gmail.com
回复: 一个zone下面如果添加了多个二级存储
可以在db里面,template_host_ref,能看到在哪个二级存储上面 zanghongtu2006 发件人: 张海峰 发送时间: 2013-05-22 10:40 收件人: users-cn@cloudstack.apache.org 主题: 一个zone下面如果添加了多个二级存储 怎么确定模板和快照在哪个二级存储上建立? ssvm怎么管理多个二级存储?
RE: cloudstack
HI Cloudstack manages only virtual machines right.. but I have a cloud which contains both virtual machines and physical environments like storage, servers etc will I'm able to manage this kind of cloud using cloudstack. If not suggest me the solution. Thanks Regards Chitra.M From: Shanker Balan [mailto:shanker.ba...@shapeblue.com] Sent: Monday, May 20, 2013 7:18 PM To: users@cloudstack.apache.org Subject: Re: cloudstack On 20-May-2013, at 6:18 PM, Chitra Manjunath chitra_manjun...@infosys.commailto:chitra_manjun...@infosys.com wrote: Hi Can I able to maintain the physical servers using cloudstack or its meant only for virtual machines. Hi Chitra, To quote from cloudstack.apache.orghttp://cloudstack.apache.org snip Apache CloudStack is open source software designed to deploy and manage large networks of virtual machines, as a highly available, highly scalable Infrastructure as a Service (IaaS) cloud computing platform. CloudStack is used by a number of service providers to offer public cloud services, and by many companies to provide an on-premises (private) cloud offering, or as part of a hybrid cloud solution /snip To manage the physical servers itself, you can use configuration management systems like Puppet, Chef and Ansible with PXE boot. Regards. -- Shanker Balan Managing Consultant [cid:E7CE8425-E245-4C99-B967-713DF2967392@local] M: +91 98860 60539 shanker.ba...@shapeblue.commailto:shanker.ba...@shapeblue.com | www.shapeblue.comhttp://www.shapeblue.com | Twitter:@shapeblue ShapeBlue India, 22nd floor, Unit 2201A, World Trade Centre, Bangalore - 560 055 This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England Wales. ShapeBlue Services India LLP is operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark. CAUTION - Disclaimer * This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail and delete the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. This e-mail may contain viruses. Infosys has taken every reasonable precaution to minimize this risk, but is not liable for any damage you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. Infosys reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the Infosys e-mail system. ***INFOSYS End of Disclaimer INFOSYS***
Re: cloudstack
I believe bare metal provisioning is slated in the 4.2 release of Cloudstack. Ahmad On May 20, 2013, at 11:29 PM, Chitra Manjunath chitra_manjun...@infosys.com wrote: HI Cloudstack manages only virtual machines right.. but I have a cloud which contains both virtual machines and physical environments like storage, servers etc will I'm able to manage this kind of cloud using cloudstack. If not suggest me the solution. Thanks Regards Chitra.M From: Shanker Balan [mailto:shanker.ba...@shapeblue.com] Sent: Monday, May 20, 2013 7:18 PM To: users@cloudstack.apache.org Subject: Re: cloudstack On 20-May-2013, at 6:18 PM, Chitra Manjunath chitra_manjun...@infosys.commailto:chitra_manjun...@infosys.com wrote: Hi Can I able to maintain the physical servers using cloudstack or its meant only for virtual machines. Hi Chitra, To quote from cloudstack.apache.orghttp://cloudstack.apache.org snip Apache CloudStack is open source software designed to deploy and manage large networks of virtual machines, as a highly available, highly scalable Infrastructure as a Service (IaaS) cloud computing platform. CloudStack is used by a number of service providers to offer public cloud services, and by many companies to provide an on-premises (private) cloud offering, or as part of a hybrid cloud solution /snip To manage the physical servers itself, you can use configuration management systems like Puppet, Chef and Ansible with PXE boot. Regards. -- Shanker Balan Managing Consultant [cid:E7CE8425-E245-4C99-B967-713DF2967392@local] M: +91 98860 60539 shanker.ba...@shapeblue.commailto:shanker.ba...@shapeblue.com | www.shapeblue.comhttp://www.shapeblue.com | Twitter:@shapeblue ShapeBlue India, 22nd floor, Unit 2201A, World Trade Centre, Bangalore - 560 055 This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England Wales. ShapeBlue Services India LLP is operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark. CAUTION - Disclaimer * This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail and delete the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. This e-mail may contain viruses. Infosys has taken every reasonable precaution to minimize this risk, but is not liable for any damage you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. Infosys reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the Infosys e-mail system. ***INFOSYS End of Disclaimer INFOSYS***
RE: puppet integartion
Will I able to manage the physical environments on cloud using cloudstack-puppet. -Original Message- From: Oliver Leach [mailto:oliver.le...@tatacommunications.com] Sent: Tuesday, May 21, 2013 2:21 PM To: users@cloudstack.apache.org Subject: RE: puppet integartion Here is my github repo which has some more info around how I used puppet and cloudstack. https://github.com/oliverleach/cloudstack-puppet Here is another one from Prasanna would is seen around the forums a fair bit. https://github.com/vogxn/puppet-cloudstack Depending what you would like to do, look at deploying the userdata API parameter to classify your nodes. Give me a shout if you need any more help. Cheers, Oliver -- -Original Message- From: Geoff Higginbottom [mailto:geoff.higginbot...@shapeblue.com] Sent: Tuesday, May 21, 2013 8:55 AM To: users@cloudstack.apache.org Subject: RE: puppet integartion Hi Chitra, Oliver Leach from Tata Communications gave a presentation at the last CloudStack European User Group meet-up on using Puppet with CloudStack, whilst its not a full how to manual, you might find it useful. You can find the content here http://www.shapeblue.com/2013/04/16/cloudstack-european-user-group-meeting/ Regards Geoff Higginbottom D: +44 20 3603 0542 | S: +44 20 3603 0540 | M: +447968161581 geoff.higginbot...@shapeblue.com -Original Message- From: Chitra Manjunath [mailto:chitra_manjun...@infosys.com] Sent: 21 May 2013 07:05 To: users@cloudstack.apache.org Subject: puppet integartion Hi Can anyone provide me the link or document on how to integrate puppet with cloudstack to manage physical environment. If there is any solutions to manage physical environment please suggest me. Thanks Regards Chitra.M CAUTION - Disclaimer * This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail and delete the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. This e-mail may contain viruses. Infosys has taken every reasonable precaution to minimize this risk, but is not liable for any damage you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. Infosys reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the Infosys e-mail system. ***INFOSYS End of Disclaimer INFOSYS*** This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England Wales. ShapeBlue Services India LLP is operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
VNC Security---Remote Authentication Vulnerability
Hi : I deploy CloudStack 4.0.2 following the install guide, and use KVM as the hypervisor, recently I get the secrity report which present the Remote authentication vulnerability on my kvm host. I think that may qemu build-in vnc server, I don't know how to fix this problem, does any one meet this, thanks for your help. Sorry for my pool English. Best wishes
RE: puppet integartion
It kind of depends as there are a couple of different ways you can do this, but the answer is yes. You can use Cloudstack to deploy your virtual machines managed by a puppet infrastructure, then as long as that puppet master is able to communicate with your physical environment, then you should be able to manage 'other environments using puppet' outside of Cloudstack. You would need to come up with a classification method for your physical environment, but that's a puppet consideration rather than a Cloudstack one. Is that what you mean? Oliver -- -Original Message- From: Chitra Manjunath [mailto:chitra_manjun...@infosys.com] Sent: Tuesday, May 21, 2013 9:54 AM To: users@cloudstack.apache.org Subject: RE: puppet integartion Will I able to manage the physical environments on cloud using cloudstack-puppet. -Original Message- From: Oliver Leach [mailto:oliver.le...@tatacommunications.com] Sent: Tuesday, May 21, 2013 2:21 PM To: users@cloudstack.apache.org Subject: RE: puppet integartion Here is my github repo which has some more info around how I used puppet and cloudstack. https://github.com/oliverleach/cloudstack-puppet Here is another one from Prasanna would is seen around the forums a fair bit. https://github.com/vogxn/puppet-cloudstack Depending what you would like to do, look at deploying the userdata API parameter to classify your nodes. Give me a shout if you need any more help. Cheers, Oliver -- -Original Message- From: Geoff Higginbottom [mailto:geoff.higginbot...@shapeblue.com] Sent: Tuesday, May 21, 2013 8:55 AM To: users@cloudstack.apache.org Subject: RE: puppet integartion Hi Chitra, Oliver Leach from Tata Communications gave a presentation at the last CloudStack European User Group meet-up on using Puppet with CloudStack, whilst its not a full how to manual, you might find it useful. You can find the content here http://www.shapeblue.com/2013/04/16/cloudstack-european-user-group-meeting/ Regards Geoff Higginbottom D: +44 20 3603 0542 | S: +44 20 3603 0540 | M: +447968161581 geoff.higginbot...@shapeblue.com -Original Message- From: Chitra Manjunath [mailto:chitra_manjun...@infosys.com] Sent: 21 May 2013 07:05 To: users@cloudstack.apache.org Subject: puppet integartion Hi Can anyone provide me the link or document on how to integrate puppet with cloudstack to manage physical environment. If there is any solutions to manage physical environment please suggest me. Thanks Regards Chitra.M CAUTION - Disclaimer * This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail and delete the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. This e-mail may contain viruses. Infosys has taken every reasonable precaution to minimize this risk, but is not liable for any damage you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. Infosys reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the Infosys e-mail system. ***INFOSYS End of Disclaimer INFOSYS*** This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England Wales. ShapeBlue Services India LLP is operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
RE: puppet integartion
Ya Thank you.. So I need to install puppet on the cloud stack(where the management server reside) and puppet master communicates to the physical host through agents which is installed on physical host.. Is it correct. -Original Message- From: Oliver Leach [mailto:oliver.le...@tatacommunications.com] Sent: Tuesday, May 21, 2013 2:35 PM To: users@cloudstack.apache.org Subject: RE: puppet integartion It kind of depends as there are a couple of different ways you can do this, but the answer is yes. You can use Cloudstack to deploy your virtual machines managed by a puppet infrastructure, then as long as that puppet master is able to communicate with your physical environment, then you should be able to manage 'other environments using puppet' outside of Cloudstack. You would need to come up with a classification method for your physical environment, but that's a puppet consideration rather than a Cloudstack one. Is that what you mean? Oliver -- -Original Message- From: Chitra Manjunath [mailto:chitra_manjun...@infosys.com] Sent: Tuesday, May 21, 2013 9:54 AM To: users@cloudstack.apache.org Subject: RE: puppet integartion Will I able to manage the physical environments on cloud using cloudstack-puppet. -Original Message- From: Oliver Leach [mailto:oliver.le...@tatacommunications.com] Sent: Tuesday, May 21, 2013 2:21 PM To: users@cloudstack.apache.org Subject: RE: puppet integartion Here is my github repo which has some more info around how I used puppet and cloudstack. https://github.com/oliverleach/cloudstack-puppet Here is another one from Prasanna would is seen around the forums a fair bit. https://github.com/vogxn/puppet-cloudstack Depending what you would like to do, look at deploying the userdata API parameter to classify your nodes. Give me a shout if you need any more help. Cheers, Oliver -- -Original Message- From: Geoff Higginbottom [mailto:geoff.higginbot...@shapeblue.com] Sent: Tuesday, May 21, 2013 8:55 AM To: users@cloudstack.apache.org Subject: RE: puppet integartion Hi Chitra, Oliver Leach from Tata Communications gave a presentation at the last CloudStack European User Group meet-up on using Puppet with CloudStack, whilst its not a full how to manual, you might find it useful. You can find the content here http://www.shapeblue.com/2013/04/16/cloudstack-european-user-group-meeting/ Regards Geoff Higginbottom D: +44 20 3603 0542 | S: +44 20 3603 0540 | M: +447968161581 geoff.higginbot...@shapeblue.com -Original Message- From: Chitra Manjunath [mailto:chitra_manjun...@infosys.com] Sent: 21 May 2013 07:05 To: users@cloudstack.apache.org Subject: puppet integartion Hi Can anyone provide me the link or document on how to integrate puppet with cloudstack to manage physical environment. If there is any solutions to manage physical environment please suggest me. Thanks Regards Chitra.M CAUTION - Disclaimer * This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail and delete the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. This e-mail may contain viruses. Infosys has taken every reasonable precaution to minimize this risk, but is not liable for any damage you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. Infosys reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the Infosys e-mail system. ***INFOSYS End of Disclaimer INFOSYS*** This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England Wales. ShapeBlue Services India LLP is operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
RE: puppet integartion
Thank you so much for your information.. I'm using cloudstack to manage both virtual and physical infrastructure. 1.Can you tell me how the cloudstack and puppet communicate with each other. 2. Is puppet has some built in scripts like to increase the storage of a physical machine or we need to write the scripts? -Original Message- From: Oliver Leach [mailto:oliver.le...@tatacommunications.com] Sent: Tuesday, May 21, 2013 3:05 PM To: users@cloudstack.apache.org Subject: RE: puppet integartion Wow - that is hard to say but yeah that is one way. What will you be using Cloudstack for? Will you be using it to offer a Cloud service offering for customers, or is it something that will be used internally to help manage your infrastructure? If security is a concern and you do not want your internal physical environment to communicate with the Cloudstack environments, you could use multiple puppet masters and some kind of sync tool to sychronise your puppet manifests and modules. I use gitlab / github and Jenkins. I commit changes to my repo in say Gitlab and use Jenkins to roll out those changes to my puppet masters - see here http://virtualdevops.com/2013/01/gitlab-jenkins-and-puppet-playing.html. Therefore you could have one puppet master for your Cloudstack environment and one for your physical environment and keep everything separate - that model scales too. If you are just using Cloudstack internally to spin up VMs and help manage your infrastructure, and you have no security concerns about opening up internal ports on your physical network to the Cloudstack network(s), then you could get away with using one puppet master to manage both your Cloudstack environment and your internal physical environment. I would install puppet on its own server in any case and it could be in the Cloudstack environment or on the physical environment. Seems to me you have choices, as long as you have the right network and firewall configurations in place. Cloudstack offers great firewalling and nat'ing capabilities. It also offering VPC private gateways and other mechanisms to deal with this type of scenario. Oliver -- -Original Message- From: Chitra Manjunath [mailto:chitra_manjun...@infosys.com] Sent: Tuesday, May 21, 2013 10:13 AM To: users@cloudstack.apache.org Subject: RE: puppet integartion Ya Thank you.. So I need to install puppet on the cloud stack(where the management server reside) and puppet master communicates to the physical host through agents which is installed on physical host.. Is it correct. -Original Message- From: Oliver Leach [mailto:oliver.le...@tatacommunications.com] Sent: Tuesday, May 21, 2013 2:35 PM To: users@cloudstack.apache.org Subject: RE: puppet integartion It kind of depends as there are a couple of different ways you can do this, but the answer is yes. You can use Cloudstack to deploy your virtual machines managed by a puppet infrastructure, then as long as that puppet master is able to communicate with your physical environment, then you should be able to manage 'other environments using puppet' outside of Cloudstack. You would need to come up with a classification method for your physical environment, but that's a puppet consideration rather than a Cloudstack one. Is that what you mean? Oliver -- -Original Message- From: Chitra Manjunath [mailto:chitra_manjun...@infosys.com] Sent: Tuesday, May 21, 2013 9:54 AM To: users@cloudstack.apache.org Subject: RE: puppet integartion Will I able to manage the physical environments on cloud using cloudstack-puppet. -Original Message- From: Oliver Leach [mailto:oliver.le...@tatacommunications.com] Sent: Tuesday, May 21, 2013 2:21 PM To: users@cloudstack.apache.org Subject: RE: puppet integartion Here is my github repo which has some more info around how I used puppet and cloudstack. https://github.com/oliverleach/cloudstack-puppet Here is another one from Prasanna would is seen around the forums a fair bit. https://github.com/vogxn/puppet-cloudstack Depending what you would like to do, look at deploying the userdata API parameter to classify your nodes. Give me a shout if you need any more help. Cheers, Oliver -- -Original Message- From: Geoff Higginbottom [mailto:geoff.higginbot...@shapeblue.com] Sent: Tuesday, May 21, 2013 8:55 AM To: users@cloudstack.apache.org Subject: RE: puppet integartion Hi Chitra, Oliver Leach from Tata Communications gave a presentation at the last CloudStack European User Group meet-up on using Puppet with CloudStack, whilst its not a full how to manual, you might find it useful. You can find the content here http://www.shapeblue.com/2013/04/16/cloudstack-european-user-group-meeting/ Regards Geoff Higginbottom D: +44 20 3603 0542 | S: +44 20 3603 0540 | M: +447968161581 geoff.higginbot...@shapeblue.com -Original Message- From: Chitra Manjunath [mailto:chitra_manjun...@infosys.com] Sent: 21 May
RE: puppet integartion
1.Can you tell me how the cloudstack and puppet communicate with each other. They don't - Cloudstack is an orchestration tool used to deploy infrastructure and Puppet is a configuration management tool. The work in tandem nicely together. You could look at the chef cloudstack-knife plugin https://github.com/CloudStack-extras/knife-cloudstack - not sure there is something similar for Puppet. Let me know if you find something! 2. Is puppet has some built in scripts like to increase the storage of a physical machine or we need to write the scripts? The world is your oyster :) Oliver -- -Original Message- From: Chitra Manjunath [mailto:chitra_manjun...@infosys.com] Sent: Tuesday, May 21, 2013 12:01 PM To: users@cloudstack.apache.org Subject: RE: puppet integartion Thank you so much for your information.. I'm using cloudstack to manage both virtual and physical infrastructure. 1.Can you tell me how the cloudstack and puppet communicate with each other. 2. Is puppet has some built in scripts like to increase the storage of a physical machine or we need to write the scripts? -Original Message- From: Oliver Leach [mailto:oliver.le...@tatacommunications.com] Sent: Tuesday, May 21, 2013 3:05 PM To: users@cloudstack.apache.org Subject: RE: puppet integartion Wow - that is hard to say but yeah that is one way. What will you be using Cloudstack for? Will you be using it to offer a Cloud service offering for customers, or is it something that will be used internally to help manage your infrastructure? If security is a concern and you do not want your internal physical environment to communicate with the Cloudstack environments, you could use multiple puppet masters and some kind of sync tool to sychronise your puppet manifests and modules. I use gitlab / github and Jenkins. I commit changes to my repo in say Gitlab and use Jenkins to roll out those changes to my puppet masters - see here http://virtualdevops.com/2013/01/gitlab-jenkins-and-puppet-playing.html. Therefore you could have one puppet master for your Cloudstack environment and one for your physical environment and keep everything separate - that model scales too. If you are just using Cloudstack internally to spin up VMs and help manage your infrastructure, and you have no security concerns about opening up internal ports on your physical network to the Cloudstack network(s), then you could get away with using one puppet master to manage both your Cloudstack environment and your internal physical environment. I would install puppet on its own server in any case and it could be in the Cloudstack environment or on the physical environment. Seems to me you have choices, as long as you have the right network and firewall configurations in place. Cloudstack offers great firewalling and nat'ing capabilities. It also offering VPC private gateways and other mechanisms to deal with this type of scenario. Oliver -- -Original Message- From: Chitra Manjunath [mailto:chitra_manjun...@infosys.com] Sent: Tuesday, May 21, 2013 10:13 AM To: users@cloudstack.apache.org Subject: RE: puppet integartion Ya Thank you.. So I need to install puppet on the cloud stack(where the management server reside) and puppet master communicates to the physical host through agents which is installed on physical host.. Is it correct. -Original Message- From: Oliver Leach [mailto:oliver.le...@tatacommunications.com] Sent: Tuesday, May 21, 2013 2:35 PM To: users@cloudstack.apache.org Subject: RE: puppet integartion It kind of depends as there are a couple of different ways you can do this, but the answer is yes. You can use Cloudstack to deploy your virtual machines managed by a puppet infrastructure, then as long as that puppet master is able to communicate with your physical environment, then you should be able to manage 'other environments using puppet' outside of Cloudstack. You would need to come up with a classification method for your physical environment, but that's a puppet consideration rather than a Cloudstack one. Is that what you mean? Oliver -- -Original Message- From: Chitra Manjunath [mailto:chitra_manjun...@infosys.com] Sent: Tuesday, May 21, 2013 9:54 AM To: users@cloudstack.apache.org Subject: RE: puppet integartion Will I able to manage the physical environments on cloud using cloudstack-puppet. -Original Message- From: Oliver Leach [mailto:oliver.le...@tatacommunications.com] Sent: Tuesday, May 21, 2013 2:21 PM To: users@cloudstack.apache.org Subject: RE: puppet integartion Here is my github repo which has some more info around how I used puppet and cloudstack. https://github.com/oliverleach/cloudstack-puppet Here is another one from Prasanna would is seen around the forums a fair bit. https://github.com/vogxn/puppet-cloudstack Depending what you would like to do, look at deploying the userdata API parameter to classify your nodes. Give me a shout if
Re: cloudstack
On 21-May-2013, at 11:59 AM, Chitra Manjunath chitra_manjun...@infosys.commailto:chitra_manjun...@infosys.com wrote: HI Cloudstack manages only virtual machines right.. but I have a cloud which contains both virtual machines and physical environments like storage, servers etc will I'm able to manage this kind of cloud using cloudstack. If not suggest me the solution. CloudStack is not meant to manage your physical assets like your Storage, network devices or the servers. I suppose what you are looking for is a DCIM solution (http://en.wikipedia.org/wiki/Data_Center_Infrastructure_Management) which CloudStack is not. Try looking up BMC, Tivoli etc to manage your data centre assets. -- Shanker Balan Managing Consultant [cid:E7CE8425-E245-4C99-B967-713DF2967392@local] M: +91 98860 60539 shanker.ba...@shapeblue.commailto:shanker.ba...@shapeblue.com | www.shapeblue.comhttp://www.shapeblue.com | Twitter:@shapeblue ShapeBlue India, 22nd floor, Unit 2201A, World Trade Centre, Bangalore - 560 055 This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England Wales. ShapeBlue Services India LLP is operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
Re: [DISCUSS] EIP Enhancements FS Design Document
On 20/05/13 11:31 PM, Chip Childers chip.child...@sungard.com wrote: On Mon, May 20, 2013 at 02:19:24PM +, Murali Reddy wrote: Swamy, As mentioned in my merge request [1], I have generalised this feature and tried to not enforce AWS EIP semantics. Please see the updated FS [2] [1] http://s.apache.org/xjy [2] https://cwiki.apache.org/confluence/display/CLOUDSTACK/portable+public+IP Let me know if you need further clarification. Do you want the older page to be deleted? Is it still relevant? Perhaps we should move it to an abandoned designs parent page? Its not relevant, left a note in the old FS mentioning it as obsolete. Also moved the spec out of 4.2 design documents to 'designs not committed for any release' for now. Thanks, Murali On 15/05/13 10:51 PM, Venkata SwamyBabu Budumuru venkataswamybabu.budum...@citrix.com wrote: Hi, I didn't find the old mail thread about this FS. Hence posting my review comments in a new thread. I have few queries/ comments after reviewing the FS [1] [1] https://cwiki.apache.org/CLOUDSTACK/eip-enhancements.html [2] Prior discussion thread : http://sy.pe/6bNG 1. Are we providing any flexibility for admin to impose no. of EIPs an account can use? 2. As per the Spec, when an instance has a public ip with is_system=false, then we don't let user asosciateEIP. I feel, it would be better if allow the user to associate EIP in this case? 3. When Associate PublicIP is false then are going to keep all the semantics to stand the same except the fact that vm deployment by default not getting the public ip? 4. Do allow CS to reprogram NAT rules on the provider in case of n/w restarts? 5. Under Scope, point 4 says that we only support static NAT on region level EIP. Is this true for advanced zones as well? we cannot we support other services like PF / LB etc..,? 6. Can you confirm that we are supporting this for Shared n/ws in advanced zone? 7. I see in the spec that createElasticIpRange API not having any VLAN id. Are we supporting region level IP CIDR with both tagged and untagged? multiple subnets in the same VLAN and different VLANs etc.., 8. When there is an ElasticIp associated with instance, Does the current implementation release this IP and gives it back to account when VM got to stopped state? if yes, does this mean user has to associateEIP every time user starts instance? Thanks, SWAMY
Re: Juniper SRX Configuration
Jayapal, I added the SRX now, I can get the basic stuff working (private interface created), but it looks like the source nat rules are not being created. Also, when I create firewall rules, they are not being created on the SRX. However, I can get the destination nat (port-forwarding) working. Any ideas? Thanks! On 2013-05-14 1:15 PM, Jayapal Reddy Uradi wrote: For private interface just enable the vlan tagging. when guest network is created cloudstack will configure the interface with vlan and ip. Minimal config is. 1. set management interface with ip and use this ip for while add ing srx into cloudstack. 2. enable vlan tagging on private interface 3. set the cloudstack public vlan to the srx public interface. 4. add rules to allow traffic from trust to untrust zone. 5. set appropriate routes for the trust and untrust subnets By default guest traffic trust (guest) to untrust (public) is blocked on latest master. Add egress rules once the guest network is created. Let me know if see any issues. Thanks, Jayapal On 14-May-2013, at 10:33 PM, Francois Gaudreault fgaudrea...@cloudops.com wrote: Hi Jayapal, To add SRX device into cloudstack, you need to preconfigure the srx. SRX needs 3 interfaces to add into cloudstack 1. management interface 2. private/guest network interface 3.public interace. Ok. It confirms what I understood :) Please find the below config. It is bit old cloudstak config on SRX, but it will give you idea. You need to update firewall filter trust/untrust. Which parts actually need to be there for the per-previsioning? I guess some part of that config example has been done by CloudStack... (ie. Do we need to create guest vlan interfaces on the private interface right at the beginning?) In other words, what's the minimal config needed before adding the SRX to CS? Thanks! set version 10.4R6.5 set system time-zone Asia/Calcutta set system root-authentication encrypted-password $1$ucpHjRfH$dNkhOuzKXJxrpAtewvTu.1 set system name-server 208.67.222.222 set system name-server 208.67.220.220 set system name-server 10.147.28.6 set system name-server 4.2.2.2 set system services ssh set system services telnet set system services xnm-clear-text set system services web-management http interface vlan.0 set system services web-management http interface fe-0/0/0.0 set system services web-management https system-generated-certificate set system services web-management https interface vlan.0 set system syslog archive size 100k set system syslog archive files 3 set system syslog user * any emergency set system syslog file messages any critical set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands error set system max-configurations-on-flash 5 set system max-configuration-rollbacks 5 set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval set interfaces fe-0/0/0 description Management Interface set interfaces fe-0/0/0 unit 0 family inet address 10.147.40.3/23 set interfaces fe-0/0/1 description Private network set interfaces fe-0/0/1 vlan-tagging set interfaces fe-0/0/1 unit 929 vlan-id 929 set interfaces fe-0/0/1 unit 929 family inet address 10.0.64.1/20 set interfaces fe-0/0/1 unit 1122 vlan-id 1122 set interfaces fe-0/0/1 unit 1122 family inet address 10.0.32.1/20 set interfaces fe-0/0/4 description Public Network set interfaces fe-0/0/4 vlan-tagging set interfaces fe-0/0/4 unit 52 vlan-id 52 set interfaces fe-0/0/4 unit 52 family inet address 10.147.52.3/24 set interfaces fe-0/0/4 unit 52 family inet address 10.147.52.19/24 set interfaces vlan unit 52 family inet set routing-options static route 10.147.40.0/23 next-hop 10.147.40.1 set routing-options static route 10.147.40.0/23 install set routing-options static route 10.146.0.0/24 next-hop 10.147.40.1 set routing-options static route 10.146.0.0/24 install set routing-options static route 10.147.52.0/24 next-hop 10.147.52.1 set routing-options static route 10.147.52.0/24 install set routing-options static route 10.147.39.0/24 next-hop 10.147.40.1 set routing-options static route 10.147.29.0/24 next-hop 10.147.40.1 set routing-options static route 0.0.0.0/0 next-hop 10.147.52.1 set routing-options static route 0.0.0.0/0 install set routing-options static route 10.147.28.6/32 next-hop 10.147.52.1 set routing-options static route 10.147.28.6/32 install set routing-options static route 10.252.248.0/24 next-hop 10.147.52.1 set protocols stp set security nat source pool 10-147-52-113 address 10.147.52.113/32 set security nat source rule-set trust from zone trust set security nat source rule-set trust to zone untrust set security nat source rule-set trust rule 10-147-52-113-10-0-32-0-20 match source-address 10.0.32.0/20 set security nat source rule-set trust rule 10-147-52-113-10-0-32-0-20 then source-nat pool 10-147-52-113 set security nat proxy-arp interface fe-0/0/4.52 address 10.147.52.116/32 set security nat proxy-arp interface
CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source)
Hello Anyone have faced this problem? CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source) That the VM instance running, but inside the VM instance, it is not possible to access outside. It can ping VMs each other, It can ping google.com in the* Virtual Router VM.* But just can not ping Google.com inside the VM instance. Seems inside the VM instance, It can resolve the Google.com 's IP address. BUT can not do others. Please see the following output. [root@CentOS5-5 ~]# wget www.google.com --2013-05-21 08:30:39-- http://www.google.com/ Resolving www.google.com... 173.194.64.104, 173.194.64.99, 173.194.64.105, ... Connecting to www.google.com|173.194.64.104|:80... [root@CentOS5-5 ~]# ls - [root@CentOS5-5 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhereicmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhereudp dpt:ipp ACCEPT tcp -- anywhere anywheretcp dpt:ipp ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywherestate NEW tcp dpt:ssh REJECT all -- anywhere anywherereject-with icmp-host-prohibited [root@CentOS5-5 ~]# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. --- 8.8.8.8 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2000ms -- [root@CentOS5-5 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 02:00:2D:C8:00:01 inet addr:10.1.1.5 Bcast:10.1.1.255 Mask:255.255.255.0 inet6 addr: fe80::2dff:fec8:1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2442 errors:0 dropped:0 overruns:0 frame:0 TX packets:2261 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:174960 (170.8 KiB) TX bytes:154159 (150.5 KiB) loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:32 errors:0 dropped:0 overruns:0 frame:0 TX packets:32 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3913 (3.8 KiB) TX bytes:3913 (3.8 KiB) [root@CentOS5-5 ~]# tracert www.google.com traceroute to www.google.com (173.194.64.106), 30 hops max, 40 byte packets 1 r-4-VM.cs2cloud.internal (10.1.1.1) 0.158 ms 0.136 ms 0.134 ms 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * Any thoughts? Thank you very much.
Re: cloudstack
On 22-May-2013, at 10:15 AM, Chitra Manjunath chitra_manjun...@infosys.commailto:chitra_manjun...@infosys.com wrote: I will manage the virtual environment using cloudstack. If I integrate puppet with cloudstack, will I'm able to manage the physical environment? Puppet has very minimal support for physical devices. Can you list down the different models of hardware that you wish to support with puppet? -- Shanker Balan Managing Consultant [cid:E7CE8425-E245-4C99-B967-713DF2967392@local] M: +91 98860 60539 shanker.ba...@shapeblue.commailto:shanker.ba...@shapeblue.com | www.shapeblue.comhttp://www.shapeblue.com | Twitter:@shapeblue ShapeBlue India, 22nd floor, Unit 2201A, World Trade Centre, Bangalore - 560 055 This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England Wales. ShapeBlue Services India LLP is operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
Re: puppet integartion
On Tue, May 21, 2013 at 7:32 AM, Oliver Leach oliver.le...@tatacommunications.com wrote: 1.Can you tell me how the cloudstack and puppet communicate with each other. They don't - Cloudstack is an orchestration tool used to deploy infrastructure and Puppet is a configuration management tool. The work in tandem nicely together. You could look at the chef cloudstack-knife plugin https://github.com/CloudStack-extras/knife-cloudstack - not sure there is something similar for Puppet. Let me know if you find something! Oliver, et al: Take a look at some of the work that Dan Bode has done on the puppet resources for CloudStack: https://github.com/bodepd/cloudstack_resources You can then specify instances like: cloudstack_instance { 'foo2': ensure = present, flavor = 'Small Instance', zone = 'FMT-ACS-001', image = 'CentOS 5.6(64-bit) no GUI (XenServer)', network= 'puppetlabs-network', group = 'foo2', } Or even specify multiple instances as a class, or just like in knife - use the interactive tools to provision nodes. --David
Re: CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source)
Hi, Did you configure the egress firewall rules on the guest network ? You need to add egress rules to allow guest traffic. After adding egress rule it not works, please send router iptables rules. Thanks, Jayapal On 22-May-2013, at 4:10 AM, wq meng wqm...@gmail.com wrote: Hello Anyone have faced this problem? CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source) That the VM instance running, but inside the VM instance, it is not possible to access outside. It can ping VMs each other, It can ping google.com in the* Virtual Router VM.* But just can not ping Google.com inside the VM instance. Seems inside the VM instance, It can resolve the Google.com 's IP address. BUT can not do others. Please see the following output. [root@CentOS5-5 ~]# wget www.google.com --2013-05-21 08:30:39-- http://www.google.com/ Resolving www.google.com... 173.194.64.104, 173.194.64.99, 173.194.64.105, ... Connecting to www.google.com|173.194.64.104|:80... [root@CentOS5-5 ~]# ls - [root@CentOS5-5 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhereicmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhereudp dpt:ipp ACCEPT tcp -- anywhere anywheretcp dpt:ipp ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywherestate NEW tcp dpt:ssh REJECT all -- anywhere anywherereject-with icmp-host-prohibited [root@CentOS5-5 ~]# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. --- 8.8.8.8 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2000ms -- [root@CentOS5-5 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 02:00:2D:C8:00:01 inet addr:10.1.1.5 Bcast:10.1.1.255 Mask:255.255.255.0 inet6 addr: fe80::2dff:fec8:1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2442 errors:0 dropped:0 overruns:0 frame:0 TX packets:2261 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:174960 (170.8 KiB) TX bytes:154159 (150.5 KiB) loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:32 errors:0 dropped:0 overruns:0 frame:0 TX packets:32 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3913 (3.8 KiB) TX bytes:3913 (3.8 KiB) [root@CentOS5-5 ~]# tracert www.google.com traceroute to www.google.com (173.194.64.106), 30 hops max, 40 byte packets 1 r-4-VM.cs2cloud.internal (10.1.1.1) 0.158 ms 0.136 ms 0.134 ms 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * Any thoughts? Thank you very much.
Re: Juniper SRX Configuration
In network offering if you select ZONE wide source NAT then source rules are not configured by cloudstack. Admin/User has to manually select source NAT ip and configure the source NAT rules. When you configure firewall rules, firewall filter rules on srx get configured. Please try configuring tcp/udp rules. For ICMP there is bug and the fix will be committed soon. Thanks, Jayapal On 21-May-2013, at 11:48 PM, Francois Gaudreault fgaudrea...@cloudops.com wrote: Jayapal, I added the SRX now, I can get the basic stuff working (private interface created), but it looks like the source nat rules are not being created. Also, when I create firewall rules, they are not being created on the SRX. However, I can get the destination nat (port-forwarding) working. Any ideas? Thanks! On 2013-05-14 1:15 PM, Jayapal Reddy Uradi wrote: For private interface just enable the vlan tagging. when guest network is created cloudstack will configure the interface with vlan and ip. Minimal config is. 1. set management interface with ip and use this ip for while add ing srx into cloudstack. 2. enable vlan tagging on private interface 3. set the cloudstack public vlan to the srx public interface. 4. add rules to allow traffic from trust to untrust zone. 5. set appropriate routes for the trust and untrust subnets By default guest traffic trust (guest) to untrust (public) is blocked on latest master. Add egress rules once the guest network is created. Let me know if see any issues. Thanks, Jayapal On 14-May-2013, at 10:33 PM, Francois Gaudreault fgaudrea...@cloudops.com wrote: Hi Jayapal, To add SRX device into cloudstack, you need to preconfigure the srx. SRX needs 3 interfaces to add into cloudstack 1. management interface 2. private/guest network interface 3.public interace. Ok. It confirms what I understood :) Please find the below config. It is bit old cloudstak config on SRX, but it will give you idea. You need to update firewall filter trust/untrust. Which parts actually need to be there for the per-previsioning? I guess some part of that config example has been done by CloudStack... (ie. Do we need to create guest vlan interfaces on the private interface right at the beginning?) In other words, what's the minimal config needed before adding the SRX to CS? Thanks! set version 10.4R6.5 set system time-zone Asia/Calcutta set system root-authentication encrypted-password $1$ucpHjRfH$dNkhOuzKXJxrpAtewvTu.1 set system name-server 208.67.222.222 set system name-server 208.67.220.220 set system name-server 10.147.28.6 set system name-server 4.2.2.2 set system services ssh set system services telnet set system services xnm-clear-text set system services web-management http interface vlan.0 set system services web-management http interface fe-0/0/0.0 set system services web-management https system-generated-certificate set system services web-management https interface vlan.0 set system syslog archive size 100k set system syslog archive files 3 set system syslog user * any emergency set system syslog file messages any critical set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands error set system max-configurations-on-flash 5 set system max-configuration-rollbacks 5 set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval set interfaces fe-0/0/0 description Management Interface set interfaces fe-0/0/0 unit 0 family inet address 10.147.40.3/23 set interfaces fe-0/0/1 description Private network set interfaces fe-0/0/1 vlan-tagging set interfaces fe-0/0/1 unit 929 vlan-id 929 set interfaces fe-0/0/1 unit 929 family inet address 10.0.64.1/20 set interfaces fe-0/0/1 unit 1122 vlan-id 1122 set interfaces fe-0/0/1 unit 1122 family inet address 10.0.32.1/20 set interfaces fe-0/0/4 description Public Network set interfaces fe-0/0/4 vlan-tagging set interfaces fe-0/0/4 unit 52 vlan-id 52 set interfaces fe-0/0/4 unit 52 family inet address 10.147.52.3/24 set interfaces fe-0/0/4 unit 52 family inet address 10.147.52.19/24 set interfaces vlan unit 52 family inet set routing-options static route 10.147.40.0/23 next-hop 10.147.40.1 set routing-options static route 10.147.40.0/23 install set routing-options static route 10.146.0.0/24 next-hop 10.147.40.1 set routing-options static route 10.146.0.0/24 install set routing-options static route 10.147.52.0/24 next-hop 10.147.52.1 set routing-options static route 10.147.52.0/24 install set routing-options static route 10.147.39.0/24 next-hop 10.147.40.1 set routing-options static route 10.147.29.0/24 next-hop 10.147.40.1 set routing-options static route 0.0.0.0/0 next-hop 10.147.52.1 set routing-options static route 0.0.0.0/0 install set routing-options static route 10.147.28.6/32 next-hop 10.147.52.1 set routing-options static route 10.147.28.6/32 install set routing-options static