OPENCONTRAIL Plans ??
are there plans in the works to support opencontrail project as a plugin ?
Re: Install Cloudstack with Chef
On 29.11.2013 20:10, Sebastien Goasguen wrote: Terrific Pierre-Luc, thanks a lot. For those not in Amsterdam last week , pierre-luc used those cookbooks to install cloudstack in 15 minutes chrono :) live! 15 minutes seems like a long time for something automated, I'm pretty sure I can install it under 15 minutes following the runbook[1]. [1] - https://people.apache.org/~ke4qqq/runbook/ -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro
Re: Install Cloudstack with Chef
Terrific Pierre-Luc, thanks a lot. For those not in Amsterdam last week , pierre-luc used those cookbooks to install cloudstack in 15 minutes chrono :) live! -Sebastien On 29 Nov 2013, at 18:54, Pierre-Luc Dion wrote: > Here are the cookbooks I've used in the ccceu13 conference to deploy > cloudstack using Chef and knife-cloudstack: > > https://github.com/cloudops/cookbook_co-cloudstack > https://github.com/cloudops/cookbook_co-cloudmonkey > https://github.com/cloudops/cookbook_co-nfs > > the co-cloudstack cookbook will work with the community mysql cookbook. > > > > Architecte de Solution Cloud | Cloud Solutions Architect > 514-447-3456, 1101 > - - - > > *CloudOps*420 rue Guy > Montréal QC H3J 1S6 > www.cloudops.com > @CloudOps_
Adding vmware support to my cloudstack install
I have an oss CloudStack install that I installed using a repo (installed using apt-get). I want to add the vmware support so I can use CloudStack with my vsphere cluster. Is there a way to do this without doing a complete reinstall? I've read that you have compile with the SDK for VMWare which I've tried with some limited success. I can get the compile to work, but when I try to compile to a deb package it fails on the AWS SDK compile. I haven't found a way around this yet. I'd like to just add the vmware support to my existing install if possible. Does anyone know how to do this? David Vosbury
Install Cloudstack with Chef
Here are the cookbooks I've used in the ccceu13 conference to deploy cloudstack using Chef and knife-cloudstack: https://github.com/cloudops/cookbook_co-cloudstack https://github.com/cloudops/cookbook_co-cloudmonkey https://github.com/cloudops/cookbook_co-nfs the co-cloudstack cookbook will work with the community mysql cookbook. Architecte de Solution Cloud | Cloud Solutions Architect 514-447-3456, 1101 - - - *CloudOps*420 rue Guy Montréal QC H3J 1S6 www.cloudops.com @CloudOps_
Re: SDN and vlans question
On 29.11.2013 10:12, Andrija Panic wrote: Hi, I have been requested to try to reduce number of vlans that are configured on PHYSICAL switches to minimum (like 4-5 vlans, for mgmt, storage,guest, etc) From my understanding of CS advanced netwokring, all traffic isolation/separation is done by means of VLANS. So for potentialu 1000 clients - I would need 1000 vlans to isolate traffic between clients VPC/VMs...I don't understand the possiblity to use advanced networking and use only few vlans to have traffic isolation for that 1000 clients. Is there any other solution (that I'm not aware of) that minimizes request for change on physical network equipment and reduces vlan usag to few vlans? You can either use just one big zone with security groups, so just 1 vlan is used and customers are separated by iptables/ebtables (my favourite) or you can use GRE tunnels (less mature and more overhead afaik), there is also support coming for VXLAN which will become sort of a standard imho. Nicira NVP SDN is another possibility if you can afford it which is tested and works. HTH Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro
Re: api and secret key for cloudmonkey
Thank you Sebastien and Daan. On Fri, Nov 29, 2013 at 3:32 PM, Daan Hoogland wrote: > you don't need the username in the cloudmonkey config. It uses the api > - and secret keys to authenticate. > > On Fri, Nov 29, 2013 at 10:47 AM, raj kumar > wrote: > > got it. thank you. I appreciate your help. > > > > > > cloudmonkey is running in management server itself. > > > > Created the keys and updated it in ~/.cloudmonkey/config. [user] > section. > > when I used sync in cloudmonkey, i'm getting, > > > >> sync > > Unauthorized: None > > Failed to sync apis, please check your config? > > Note: `sync` requires api discovery service enabled on the CloudStack > > management server > > > > > > confusion is where to give the username in config? also do I need to > enable > > api discovery service somewhere? > > > > > > > > On Fri, Nov 29, 2013 at 1:03 PM, Sebastien Goasguen >wrote: > > > >> > >> On Nov 29, 2013, at 2:04 AM, raj kumar > wrote: > >> > >> > Hi, > >> > > >> > I'm trying cloudmonkey, but i don't have api/secret key. I'm using > basic > >> > cloudstack4.2. In the user account actions, I see edit, update > resource > >> > count, disable account, lock account and delete account. I don't see > key > >> > options. pls let me know how to enable it. > >> > >> Under Accounts, select/click the account you want to use, then click on > >> show users. > >> Click on the user you want to use. > >> Then you should see an icon 'generate keys', click on it and that should > >> generate your keys. > >> Then start cloudmonkey and: > >> >set apikey > >> >set secretkey > >> > >> >
Re: SDN and vlans question
If I'm not mistaken, this is only supported for vmware or in the plan to be supported ? we are using kvm... On 29 November 2013 11:24, Pradeep Cloudstack wrote: > How abt using PVLANs? > > -Pradeep > > > > > > On Friday, November 29, 2013 3:42 PM, Andrija Panic < > andrija.pa...@gmail.com> wrote: > > Hi, > > I have been requested to try to reduce number of vlans that are configured > on PHYSICAL switches to minimum (like 4-5 vlans, for mgmt, storage,guest, > etc) > > From my understanding of CS advanced netwokring, all traffic > isolation/separation is done by means of VLANS. > > So for potentialu 1000 clients - I would need 1000 vlans to isolate > traffic between clients VPC/VMs...I don't understand the possiblity to use > advanced networking and use only few vlans to have traffic isolation for > that 1000 clients. > > Is there any other solution (that I'm not aware of) that minimizes request > for change on physical network equipment and reduces vlan usag to few > vlans? > > I'm reading now about SDN...but still don't have very clear picture... > > Thanks for any inputs/opinions... > > Andrija Panić > -- Andrija Panić -- http://admintweets.com --
Re: SDN and vlans question
How abt using PVLANs? -Pradeep On Friday, November 29, 2013 3:42 PM, Andrija Panic wrote: Hi, I have been requested to try to reduce number of vlans that are configured on PHYSICAL switches to minimum (like 4-5 vlans, for mgmt, storage,guest, etc) From my understanding of CS advanced netwokring, all traffic isolation/separation is done by means of VLANS. So for potentialu 1000 clients - I would need 1000 vlans to isolate traffic between clients VPC/VMs...I don't understand the possiblity to use advanced networking and use only few vlans to have traffic isolation for that 1000 clients. Is there any other solution (that I'm not aware of) that minimizes request for change on physical network equipment and reduces vlan usag to few vlans? I'm reading now about SDN...but still don't have very clear picture... Thanks for any inputs/opinions... Andrija Panić
Re: Allow all external traffic (any tcp/udp/icmp) to virtual hosts
Oh I see, I only set egress_default_policy so that doesn't apply to ingress. But still, the initial issue remains. Is there a way for me to allow incoming traffic without specifying ingress rules? Disabling security groups seems to set ingress to reject all incoming traffic (not preceded by outgoing communication first ofc). Sorry for the spam. /Magnus 2013/11/29 Magnus Janson > With security groups enabled, I need to set ingress rules to allow > external traffic to my virtual hosts. > > With security groups disabled, I can't allow any external traffic to my > virtual hosts. > > Before creating the zone, I performed this: > UPDATE `cloud`.`network_offerings` SET `egress_default_policy`=1 > > Even though the default policy is changed, from reject to allow, I'm still > only able to get external traffic to my virtual hosts with adding ingress > rules. > > Seems like I have no other option then using security groups, and adding > ingress rules to every user. Doesn't seem like there's any global ingress > rules which I could apply to all users. > > Maybe this is the way it was designed? I'm looking for an alternative, as > I don't want to specify the ingress rules for each account. > > Hopefully this makes my issue a bit easier to understand. > > /Magnus > > > 2013/11/29 Magnus Janson > >> Hi Geoff, >> >> Thank you for your reply. >> >> I am using a guest gateway, and the gateway IP maps to a physical >> router/firewall. >> >> Initially I was using DefaultSharedNetworkOfferingWithSGService. But that >> required me to set egress rules for each user to allow all traffic for that >> users vm instances. However, after setting the egress rules the traffic to >> the vm instances worked great. >> >> As I have plenty of users, I would want to skip this step. So I recreated >> the zone, with DefaultSharedNetworkOffering instead. >> >> My understanding was that if I disabled security groups, they wouldn't >> block the incoming traffic to my virtual hosts anymore. However, it seems >> that I'm now stuck with a default policy to block all incoming connections >> and I don't have any possibility to allow incoming connections as I >> disabled (removed) the security groups feature. >> >> The issue here seems to be that cloudstack by default rejects all >> incoming traffic, and I can't figure out how to change that behaviours. >> >> /Magnus >> >> >> 2013/11/28 Geoff Higginbottom >> >>> Magnus, >>> >>> A Shared Network does not provide Source NAT, so therefore does not act >>> as the Gateway. When you created the network, you would have specified a >>> 'Guest Gateway' IP, this IP needs to map to a Physical Router/Firewall >>> which will provide the Routing/Firewall functionality. >>> >>> As the 'Default Shared Network' offering only provides DHCP, DNS & User >>> Data, none of the Firewall, Egress Rules VPN, LB features etc will be >>> available to you. >>> >>> Regards >>> >>> Geoff Higginbottom >>> >>> D: +44 20 3603 0542 | S: +44 20 3603 0540 | M: +447968161581 >>> >>> geoff.higginbot...@shapeblue.com >>> >>> -Original Message- >>> From: Magnus Janson [mailto:mag...@fnutt.us] >>> Sent: 28 November 2013 16:57 >>> To: users@cloudstack.apache.org >>> Subject: Re: Allow all external traffic (any tcp/udp/icmp) to virtual >>> hosts >>> >>> I'm not using a firewall provider, so my initial question remains. >>> >>> /Magnus >>> >>> >>> 2013/11/28 Magnus Janson >>> >>> > Oh, seems like the answer is found here: >>> > https://support.getcloudservices.com/entries/21993512-CloudStack-Enabl >>> > e-External-Access >>> > >>> > I'll try this and get back here in case I run into any trouble I can't >>> > solve. >>> > >>> > /Magnus >>> > >>> > >>> > 2013/11/28 Magnus Janson >>> > >>> >> Hi, >>> >> >>> >> How do i allow all external traffic (any tcp/udp/icmp) to my virtual >>> >> hosts? >>> >> >>> >> I'm using DefaultSharedNetworkOffering in a BASIC network. >>> >> >>> >> Security group and provider is not being used. >>> >> >>> >> So far, I've tried to change the egress_default_policy. I couldn't >>> >> find any way to perform this through the UI so I did it manually in >>> >> the database and restarted the network: >>> >> UPDATE `cloud`.`network_offerings` SET `egress_default_policy`=1 >>> >> WHERE `name`='DefaultSharedNetworkOffering'; >>> >> >>> >> Still, it seems that all incoming traffic is rejected. >>> >> >>> >> Any pointers on how to achieve this would be highly appreciated. >>> >> >>> >> Sincerely, >>> >> Magnus >>> >> >>> > >>> > >>> This email and any attachments to it may be confidential and are >>> intended solely for the use of the individual to whom it is addressed. Any >>> views or opinions expressed are solely those of the author and do not >>> necessarily represent those of Shape Blue Ltd or related companies. If you >>> are not the intended recipient of this email, you must neither take any >>> action based upon its contents, nor copy or show it to anyone. Please >>> contact the sender if you believe you ha
Re: Allow all external traffic (any tcp/udp/icmp) to virtual hosts
With security groups enabled, I need to set ingress rules to allow external traffic to my virtual hosts. With security groups disabled, I can't allow any external traffic to my virtual hosts. Before creating the zone, I performed this: UPDATE `cloud`.`network_offerings` SET `egress_default_policy`=1 Even though the default policy is changed, from reject to allow, I'm still only able to get external traffic to my virtual hosts with adding ingress rules. Seems like I have no other option then using security groups, and adding ingress rules to every user. Doesn't seem like there's any global ingress rules which I could apply to all users. Maybe this is the way it was designed? I'm looking for an alternative, as I don't want to specify the ingress rules for each account. Hopefully this makes my issue a bit easier to understand. /Magnus 2013/11/29 Magnus Janson > Hi Geoff, > > Thank you for your reply. > > I am using a guest gateway, and the gateway IP maps to a physical > router/firewall. > > Initially I was using DefaultSharedNetworkOfferingWithSGService. But that > required me to set egress rules for each user to allow all traffic for that > users vm instances. However, after setting the egress rules the traffic to > the vm instances worked great. > > As I have plenty of users, I would want to skip this step. So I recreated > the zone, with DefaultSharedNetworkOffering instead. > > My understanding was that if I disabled security groups, they wouldn't > block the incoming traffic to my virtual hosts anymore. However, it seems > that I'm now stuck with a default policy to block all incoming connections > and I don't have any possibility to allow incoming connections as I > disabled (removed) the security groups feature. > > The issue here seems to be that cloudstack by default rejects all incoming > traffic, and I can't figure out how to change that behaviours. > > /Magnus > > > 2013/11/28 Geoff Higginbottom > >> Magnus, >> >> A Shared Network does not provide Source NAT, so therefore does not act >> as the Gateway. When you created the network, you would have specified a >> 'Guest Gateway' IP, this IP needs to map to a Physical Router/Firewall >> which will provide the Routing/Firewall functionality. >> >> As the 'Default Shared Network' offering only provides DHCP, DNS & User >> Data, none of the Firewall, Egress Rules VPN, LB features etc will be >> available to you. >> >> Regards >> >> Geoff Higginbottom >> >> D: +44 20 3603 0542 | S: +44 20 3603 0540 | M: +447968161581 >> >> geoff.higginbot...@shapeblue.com >> >> -Original Message- >> From: Magnus Janson [mailto:mag...@fnutt.us] >> Sent: 28 November 2013 16:57 >> To: users@cloudstack.apache.org >> Subject: Re: Allow all external traffic (any tcp/udp/icmp) to virtual >> hosts >> >> I'm not using a firewall provider, so my initial question remains. >> >> /Magnus >> >> >> 2013/11/28 Magnus Janson >> >> > Oh, seems like the answer is found here: >> > https://support.getcloudservices.com/entries/21993512-CloudStack-Enabl >> > e-External-Access >> > >> > I'll try this and get back here in case I run into any trouble I can't >> > solve. >> > >> > /Magnus >> > >> > >> > 2013/11/28 Magnus Janson >> > >> >> Hi, >> >> >> >> How do i allow all external traffic (any tcp/udp/icmp) to my virtual >> >> hosts? >> >> >> >> I'm using DefaultSharedNetworkOffering in a BASIC network. >> >> >> >> Security group and provider is not being used. >> >> >> >> So far, I've tried to change the egress_default_policy. I couldn't >> >> find any way to perform this through the UI so I did it manually in >> >> the database and restarted the network: >> >> UPDATE `cloud`.`network_offerings` SET `egress_default_policy`=1 >> >> WHERE `name`='DefaultSharedNetworkOffering'; >> >> >> >> Still, it seems that all incoming traffic is rejected. >> >> >> >> Any pointers on how to achieve this would be highly appreciated. >> >> >> >> Sincerely, >> >> Magnus >> >> >> > >> > >> This email and any attachments to it may be confidential and are intended >> solely for the use of the individual to whom it is addressed. Any views or >> opinions expressed are solely those of the author and do not necessarily >> represent those of Shape Blue Ltd or related companies. If you are not the >> intended recipient of this email, you must neither take any action based >> upon its contents, nor copy or show it to anyone. Please contact the sender >> if you believe you have received this email in error. Shape Blue Ltd is a >> company incorporated in England & Wales. ShapeBlue Services India LLP is a >> company incorporated in India and is operated under license from Shape Blue >> Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil >> and is operated under license from Shape Blue Ltd. ShapeBlue is a >> registered trademark. >> > >
SDN and vlans question
Hi, I have been requested to try to reduce number of vlans that are configured on PHYSICAL switches to minimum (like 4-5 vlans, for mgmt, storage,guest, etc) >From my understanding of CS advanced netwokring, all traffic isolation/separation is done by means of VLANS. So for potentialu 1000 clients - I would need 1000 vlans to isolate traffic between clients VPC/VMs...I don't understand the possiblity to use advanced networking and use only few vlans to have traffic isolation for that 1000 clients. Is there any other solution (that I'm not aware of) that minimizes request for change on physical network equipment and reduces vlan usag to few vlans? I'm reading now about SDN...but still don't have very clear picture... Thanks for any inputs/opinions... Andrija Panić
Re: api and secret key for cloudmonkey
you don't need the username in the cloudmonkey config. It uses the api - and secret keys to authenticate. On Fri, Nov 29, 2013 at 10:47 AM, raj kumar wrote: > got it. thank you. I appreciate your help. > > > cloudmonkey is running in management server itself. > > Created the keys and updated it in ~/.cloudmonkey/config. [user] section. > when I used sync in cloudmonkey, i'm getting, > >> sync > Unauthorized: None > Failed to sync apis, please check your config? > Note: `sync` requires api discovery service enabled on the CloudStack > management server > > > confusion is where to give the username in config? also do I need to enable > api discovery service somewhere? > > > > On Fri, Nov 29, 2013 at 1:03 PM, Sebastien Goasguen wrote: > >> >> On Nov 29, 2013, at 2:04 AM, raj kumar wrote: >> >> > Hi, >> > >> > I'm trying cloudmonkey, but i don't have api/secret key. I'm using basic >> > cloudstack4.2. In the user account actions, I see edit, update resource >> > count, disable account, lock account and delete account. I don't see key >> > options. pls let me know how to enable it. >> >> Under Accounts, select/click the account you want to use, then click on >> show users. >> Click on the user you want to use. >> Then you should see an icon 'generate keys', click on it and that should >> generate your keys. >> Then start cloudmonkey and: >> >set apikey >> >set secretkey >> >>
Re: api and secret key for cloudmonkey
Got it working. Used set in the cloudmonkey prompt as you mentioned. Thank you. On Fri, Nov 29, 2013 at 3:17 PM, raj kumar wrote: > got it. thank you. I appreciate your help. > > > cloudmonkey is running in management server itself. > > Created the keys and updated it in ~/.cloudmonkey/config. [user] section. > when I used sync in cloudmonkey, i'm getting, > > > sync > Unauthorized: None > Failed to sync apis, please check your config? > Note: `sync` requires api discovery service enabled on the CloudStack > management server > > > confusion is where to give the username in config? also do I need to > enable api discovery service somewhere? > > > > On Fri, Nov 29, 2013 at 1:03 PM, Sebastien Goasguen wrote: > >> >> On Nov 29, 2013, at 2:04 AM, raj kumar wrote: >> >> > Hi, >> > >> > I'm trying cloudmonkey, but i don't have api/secret key. I'm using >> basic >> > cloudstack4.2. In the user account actions, I see edit, update resource >> > count, disable account, lock account and delete account. I don't see key >> > options. pls let me know how to enable it. >> >> Under Accounts, select/click the account you want to use, then click on >> show users. >> Click on the user you want to use. >> Then you should see an icon 'generate keys', click on it and that should >> generate your keys. >> Then start cloudmonkey and: >> >set apikey >> >set secretkey >> >> >
Re: SSVM won't start
Magnus, Sanjay,
many thanks for your help. Copying vhd-util from /usr/bin/ to
/opt/xensource/bin was the right solutions.
Regards
Sebastian
On 11/29/2013 08:59 AM, Sanjay Tripathi wrote:
Sebastian,
In XenServer host, can you check your vhd-util location. The correct location for
vhd-util is "/opt/xensource/bin", if it is not in this folder then you have to
copy it from /usr/bin/vhd-util.
--Sanjay
-Original Message-
From: Sebastian Trampler [mailto:sebastian.tramp...@iisys.de]
Sent: Friday, November 29, 2013 1:18 PM
To: users@cloudstack.apache.org
Subject: SSVM won't start
Hello,
we have problems starting the ssvm.
First of all some facts about our actual test system.
Cloudstack is installed on Ubuntu 12.04. Primary and secondary storage are
nfs shares hosted on Cloudstack server.
Host is a XenServer 6.2.
While starting the ssvm we get the following error messages:
2013-11-29 08:38:10,103 DEBUG [storage.volume.VolumeServiceImpl]
(consoleproxy-1:null) Acquire lock on VMTemplateStoragePool 2280 with
timeout 3600 seconds
2013-11-29 08:38:10,107 INFO [storage.volume.VolumeServiceImpl]
(consoleproxy-1:null) lock is acquired for VMTemplateStoragePool 2280
2013-11-29 08:38:10,109 DEBUG [cloud.storage.VolumeManagerImpl]
(secstorage-1:null) Checking if we need to prepare 1 volumes for
VM[SecondaryStorageVm|s-1159-VM]
2013-11-29 08:38:10,135 DEBUG
[storage.motion.AncientDataMotionStrategy]
(consoleproxy-1:null) copyAsync inspecting src type TEMPLATE copyAsync
inspecting dest type TEMPLATE
2013-11-29 08:38:10,137 DEBUG [storage.image.TemplateDataFactoryImpl]
(secstorage-1:null) template 1 is already in store:2, type:Image
2013-11-29 08:38:10,171 DEBUG [storage.image.TemplateDataFactoryImpl]
(secstorage-1:null) template 1 is already in store:2, type:Primary
2013-11-29 08:38:10,174 DEBUG [storage.volume.VolumeServiceImpl]
(secstorage-1:null) Found template routing-1 in storage pool 2 with
VMTemplateStoragePool id: 2280
2013-11-29 08:38:10,185 DEBUG [agent.transport.Request]
(consoleproxy-1:null) Seq 1-1431371787: Sending { Cmd , MgmtId:
217970788423578, via: 1, Ver: v1, Flags: 100111,
[{"org.apache.cloudstack.storage.command.CopyCommand":{"srcTO":{"org.
apache.cloudstack.storage.to.TemplateObjectTO":{"path":"template/tmpl/1
/1/","origUrl":"http://download.cloud.com/templates/4.2/systemvmtempla
te-2013-07-12-master-xen.vhd.bz2","uuid":"82cd934b-4d43-11e3-8eab-
c63e476a579a","id":1,"format":"VHD","accountId":1,"checksum":"fb1b6e032
a160d86f2c28feb5add6d83","hvm":false,"displayText":"SystemVM
Template
(XenServer)","imageDataStore":{"com.cloud.agent.api.to.NfsTO":{"_url":"nf
s://172.16.51.47:/export/secondary2","_role":"Image"}},"name":"routing-
1","hypervisorType":"XenServer"}},"destTO":{"org.apache.cloudstack.storag
e.to.TemplateObjectTO":{"origUrl":"http://download.cloud.com/templates/
4.2/systemvmtemplate-2013-07-12-master-xen.vhd.bz2","uuid":"82cd934b-
4d43-11e3-8eab-
c63e476a579a","id":1,"format":"VHD","accountId":1,"checksum":"fb1b6e032
a160d86f2c28feb5add6d83","hvm":false,"displayText":"SystemVM
Template
(XenServer)","imageDataStore":{"org.apache.cloudstack.storage.to.Primary
DataStoreTO":{"uuid":"fefdf148-d326-3fa0-9aca-
3f8956fbd8f7","id":2,"poolType":"NetworkFilesystem","host":"172.16.51.47",
"path":"/export/primary2","port":2049}},"name":"routing-
1","hypervisorType":"XenServer"}},"executeInSequence":true,"wait":10800}
}]
}
2013-11-29 08:38:10,187 DEBUG [agent.transport.Request]
(consoleproxy-1:null) Seq 1-1431371787: Executing: { Cmd , MgmtId:
217970788423578, via: 1, Ver: v1, Flags: 100111,
[{"org.apache.cloudstack.storage.command.CopyCommand":{"srcTO":{"org.
apache.cloudstack.storage.to.TemplateObjectTO":{"path":"template/tmpl/1
/1/","origUrl":"http://download.cloud.com/templates/4.2/systemvmtempla
te-2013-07-12-master-xen.vhd.bz2","uuid":"82cd934b-4d43-11e3-8eab-
c63e476a579a","id":1,"format":"VHD","accountId":1,"checksum":"fb1b6e032
a160d86f2c28feb5add6d83","hvm":false,"displayText":"SystemVM
Template
(XenServer)","imageDataStore":{"com.cloud.agent.api.to.NfsTO":{"_url":"nf
s://172.16.51.47:/export/secondary2","_role":"Image"}},"name":"routing-
1","hypervisorType":"XenServer"}},"destTO":{"org.apache.cloudstack.storag
e.to.TemplateObjectTO":{"origUrl":"http://download.cloud.com/templates/
4.2/systemvmtemplate-2013-07-12-master-xen.vhd.bz2","uuid":"82cd934b-
4d43-11e3-8eab-
c63e476a579a","id":1,"format":"VHD","accountId":1,"checksum":"fb1b6e032
a160d86f2c28feb5add6d83","hvm":false,"displayText":"SystemVM
Template
(XenServer)","imageDataStore":{"org.apache.cloudstack.storage.to.Primary
DataStoreTO":{"uuid":"fefdf148-d326-3fa0-9aca-
3f8956fbd8f7","id":2,"poolType":"NetworkFilesystem","host":"172.16.51.47",
"path":"/export/primary2","port":2049}},"name":"routing-
1","hypervisorType":"XenServer"}},"executeInSequence":true,"wait":10800}
}]
}
2013-11-29 08:38:10,188 DEBUG [agent.manager.DirectAgentAttache]
(DirectAgent-1:null) Seq 1-1431371787: Executing request
2013-11-29 08:38:10,190
Re: api and secret key for cloudmonkey
got it. thank you. I appreciate your help. cloudmonkey is running in management server itself. Created the keys and updated it in ~/.cloudmonkey/config. [user] section. when I used sync in cloudmonkey, i'm getting, > sync Unauthorized: None Failed to sync apis, please check your config? Note: `sync` requires api discovery service enabled on the CloudStack management server confusion is where to give the username in config? also do I need to enable api discovery service somewhere? On Fri, Nov 29, 2013 at 1:03 PM, Sebastien Goasguen wrote: > > On Nov 29, 2013, at 2:04 AM, raj kumar wrote: > > > Hi, > > > > I'm trying cloudmonkey, but i don't have api/secret key. I'm using basic > > cloudstack4.2. In the user account actions, I see edit, update resource > > count, disable account, lock account and delete account. I don't see key > > options. pls let me know how to enable it. > > Under Accounts, select/click the account you want to use, then click on > show users. > Click on the user you want to use. > Then you should see an icon 'generate keys', click on it and that should > generate your keys. > Then start cloudmonkey and: > >set apikey > >set secretkey > >
Re: Allow all external traffic (any tcp/udp/icmp) to virtual hosts
Hi Geoff, Thank you for your reply. I am using a guest gateway, and the gateway IP maps to a physical router/firewall. Initially I was using DefaultSharedNetworkOfferingWithSGService. But that required me to set egress rules for each user to allow all traffic for that users vm instances. However, after setting the egress rules the traffic to the vm instances worked great. As I have plenty of users, I would want to skip this step. So I recreated the zone, with DefaultSharedNetworkOffering instead. My understanding was that if I disabled security groups, they wouldn't block the incoming traffic to my virtual hosts anymore. However, it seems that I'm now stuck with a default policy to block all incoming connections and I don't have any possibility to allow incoming connections as I disabled (removed) the security groups feature. The issue here seems to be that cloudstack by default rejects all incoming traffic, and I can't figure out how to change that behaviours. /Magnus 2013/11/28 Geoff Higginbottom > Magnus, > > A Shared Network does not provide Source NAT, so therefore does not act as > the Gateway. When you created the network, you would have specified a > 'Guest Gateway' IP, this IP needs to map to a Physical Router/Firewall > which will provide the Routing/Firewall functionality. > > As the 'Default Shared Network' offering only provides DHCP, DNS & User > Data, none of the Firewall, Egress Rules VPN, LB features etc will be > available to you. > > Regards > > Geoff Higginbottom > > D: +44 20 3603 0542 | S: +44 20 3603 0540 | M: +447968161581 > > geoff.higginbot...@shapeblue.com > > -Original Message- > From: Magnus Janson [mailto:mag...@fnutt.us] > Sent: 28 November 2013 16:57 > To: users@cloudstack.apache.org > Subject: Re: Allow all external traffic (any tcp/udp/icmp) to virtual hosts > > I'm not using a firewall provider, so my initial question remains. > > /Magnus > > > 2013/11/28 Magnus Janson > > > Oh, seems like the answer is found here: > > https://support.getcloudservices.com/entries/21993512-CloudStack-Enabl > > e-External-Access > > > > I'll try this and get back here in case I run into any trouble I can't > > solve. > > > > /Magnus > > > > > > 2013/11/28 Magnus Janson > > > >> Hi, > >> > >> How do i allow all external traffic (any tcp/udp/icmp) to my virtual > >> hosts? > >> > >> I'm using DefaultSharedNetworkOffering in a BASIC network. > >> > >> Security group and provider is not being used. > >> > >> So far, I've tried to change the egress_default_policy. I couldn't > >> find any way to perform this through the UI so I did it manually in > >> the database and restarted the network: > >> UPDATE `cloud`.`network_offerings` SET `egress_default_policy`=1 > >> WHERE `name`='DefaultSharedNetworkOffering'; > >> > >> Still, it seems that all incoming traffic is rejected. > >> > >> Any pointers on how to achieve this would be highly appreciated. > >> > >> Sincerely, > >> Magnus > >> > > > > > This email and any attachments to it may be confidential and are intended > solely for the use of the individual to whom it is addressed. Any views or > opinions expressed are solely those of the author and do not necessarily > represent those of Shape Blue Ltd or related companies. If you are not the > intended recipient of this email, you must neither take any action based > upon its contents, nor copy or show it to anyone. Please contact the sender > if you believe you have received this email in error. Shape Blue Ltd is a > company incorporated in England & Wales. ShapeBlue Services India LLP is a > company incorporated in India and is operated under license from Shape Blue > Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil > and is operated under license from Shape Blue Ltd. ShapeBlue is a > registered trademark. >
RE: SSVM won't start
Sebastian,
In XenServer host, can you check your vhd-util location. The correct location
for vhd-util is "/opt/xensource/bin", if it is not in this folder then you have
to copy it from /usr/bin/vhd-util.
--Sanjay
> -Original Message-
> From: Sebastian Trampler [mailto:sebastian.tramp...@iisys.de]
> Sent: Friday, November 29, 2013 1:18 PM
> To: users@cloudstack.apache.org
> Subject: SSVM won't start
>
> Hello,
>
> we have problems starting the ssvm.
>
> First of all some facts about our actual test system.
> Cloudstack is installed on Ubuntu 12.04. Primary and secondary storage are
> nfs shares hosted on Cloudstack server.
> Host is a XenServer 6.2.
>
> While starting the ssvm we get the following error messages:
>
> 2013-11-29 08:38:10,103 DEBUG [storage.volume.VolumeServiceImpl]
> (consoleproxy-1:null) Acquire lock on VMTemplateStoragePool 2280 with
> timeout 3600 seconds
> 2013-11-29 08:38:10,107 INFO [storage.volume.VolumeServiceImpl]
> (consoleproxy-1:null) lock is acquired for VMTemplateStoragePool 2280
> 2013-11-29 08:38:10,109 DEBUG [cloud.storage.VolumeManagerImpl]
> (secstorage-1:null) Checking if we need to prepare 1 volumes for
> VM[SecondaryStorageVm|s-1159-VM]
> 2013-11-29 08:38:10,135 DEBUG
> [storage.motion.AncientDataMotionStrategy]
> (consoleproxy-1:null) copyAsync inspecting src type TEMPLATE copyAsync
> inspecting dest type TEMPLATE
> 2013-11-29 08:38:10,137 DEBUG [storage.image.TemplateDataFactoryImpl]
> (secstorage-1:null) template 1 is already in store:2, type:Image
> 2013-11-29 08:38:10,171 DEBUG [storage.image.TemplateDataFactoryImpl]
> (secstorage-1:null) template 1 is already in store:2, type:Primary
> 2013-11-29 08:38:10,174 DEBUG [storage.volume.VolumeServiceImpl]
> (secstorage-1:null) Found template routing-1 in storage pool 2 with
> VMTemplateStoragePool id: 2280
> 2013-11-29 08:38:10,185 DEBUG [agent.transport.Request]
> (consoleproxy-1:null) Seq 1-1431371787: Sending { Cmd , MgmtId:
> 217970788423578, via: 1, Ver: v1, Flags: 100111,
> [{"org.apache.cloudstack.storage.command.CopyCommand":{"srcTO":{"org.
> apache.cloudstack.storage.to.TemplateObjectTO":{"path":"template/tmpl/1
> /1/","origUrl":"http://download.cloud.com/templates/4.2/systemvmtempla
> te-2013-07-12-master-xen.vhd.bz2","uuid":"82cd934b-4d43-11e3-8eab-
> c63e476a579a","id":1,"format":"VHD","accountId":1,"checksum":"fb1b6e032
> a160d86f2c28feb5add6d83","hvm":false,"displayText":"SystemVM
> Template
> (XenServer)","imageDataStore":{"com.cloud.agent.api.to.NfsTO":{"_url":"nf
> s://172.16.51.47:/export/secondary2","_role":"Image"}},"name":"routing-
> 1","hypervisorType":"XenServer"}},"destTO":{"org.apache.cloudstack.storag
> e.to.TemplateObjectTO":{"origUrl":"http://download.cloud.com/templates/
> 4.2/systemvmtemplate-2013-07-12-master-xen.vhd.bz2","uuid":"82cd934b-
> 4d43-11e3-8eab-
> c63e476a579a","id":1,"format":"VHD","accountId":1,"checksum":"fb1b6e032
> a160d86f2c28feb5add6d83","hvm":false,"displayText":"SystemVM
> Template
> (XenServer)","imageDataStore":{"org.apache.cloudstack.storage.to.Primary
> DataStoreTO":{"uuid":"fefdf148-d326-3fa0-9aca-
> 3f8956fbd8f7","id":2,"poolType":"NetworkFilesystem","host":"172.16.51.47",
> "path":"/export/primary2","port":2049}},"name":"routing-
> 1","hypervisorType":"XenServer"}},"executeInSequence":true,"wait":10800}
> }]
> }
> 2013-11-29 08:38:10,187 DEBUG [agent.transport.Request]
> (consoleproxy-1:null) Seq 1-1431371787: Executing: { Cmd , MgmtId:
> 217970788423578, via: 1, Ver: v1, Flags: 100111,
> [{"org.apache.cloudstack.storage.command.CopyCommand":{"srcTO":{"org.
> apache.cloudstack.storage.to.TemplateObjectTO":{"path":"template/tmpl/1
> /1/","origUrl":"http://download.cloud.com/templates/4.2/systemvmtempla
> te-2013-07-12-master-xen.vhd.bz2","uuid":"82cd934b-4d43-11e3-8eab-
> c63e476a579a","id":1,"format":"VHD","accountId":1,"checksum":"fb1b6e032
> a160d86f2c28feb5add6d83","hvm":false,"displayText":"SystemVM
> Template
> (XenServer)","imageDataStore":{"com.cloud.agent.api.to.NfsTO":{"_url":"nf
> s://172.16.51.47:/export/secondary2","_role":"Image"}},"name":"routing-
> 1","hypervisorType":"XenServer"}},"destTO":{"org.apache.cloudstack.storag
> e.to.TemplateObjectTO":{"origUrl":"http://download.cloud.com/templates/
> 4.2/systemvmtemplate-2013-07-12-master-xen.vhd.bz2","uuid":"82cd934b-
> 4d43-11e3-8eab-
> c63e476a579a","id":1,"format":"VHD","accountId":1,"checksum":"fb1b6e032
> a160d86f2c28feb5add6d83","hvm":false,"displayText":"SystemVM
> Template
> (XenServer)","imageDataStore":{"org.apache.cloudstack.storage.to.Primary
> DataStoreTO":{"uuid":"fefdf148-d326-3fa0-9aca-
> 3f8956fbd8f7","id":2,"poolType":"NetworkFilesystem","host":"172.16.51.47",
> "path":"/export/primary2","port":2049}},"name":"routing-
> 1","hypervisorType":"XenServer"}},"executeInSequence":true,"wait":10800}
> }]
> }
> 2013-11-29 08:38:10,188 DEBUG [agent.manager.DirectAgentAttache]
> (DirectAgent-1:null) Seq 1-1431371787: Executing request
> 2013-11-29 08:38:10,190 DEBUG [storag
Re: SSVM won't start
Hi Sebastian,
It sounds like you forgot to download the vhd-util. Either that, or you
have not placed it at the right location. It's also possible that you must
set it to executable (chmod +x vhd-util).
http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.2.0/html/Installation_Guide/management-server-install-flow.html
/Magnus
2013/11/29 Sebastian Trampler
> Hello,
>
> we have problems starting the ssvm.
>
> First of all some facts about our actual test system.
> Cloudstack is installed on Ubuntu 12.04. Primary and secondary storage are
> nfs shares hosted on Cloudstack server.
> Host is a XenServer 6.2.
>
> While starting the ssvm we get the following error messages:
>
> 2013-11-29 08:38:10,103 DEBUG [storage.volume.VolumeServiceImpl]
> (consoleproxy-1:null) Acquire lock on VMTemplateStoragePool 2280 with
> timeout 3600 seconds
> 2013-11-29 08:38:10,107 INFO [storage.volume.VolumeServiceImpl]
> (consoleproxy-1:null) lock is acquired for VMTemplateStoragePool 2280
> 2013-11-29 08:38:10,109 DEBUG [cloud.storage.VolumeManagerImpl]
> (secstorage-1:null) Checking if we need to prepare 1 volumes for
> VM[SecondaryStorageVm|s-1159-VM]
> 2013-11-29 08:38:10,135 DEBUG [storage.motion.AncientDataMotionStrategy]
> (consoleproxy-1:null) copyAsync inspecting src type TEMPLATE copyAsync
> inspecting dest type TEMPLATE
> 2013-11-29 08:38:10,137 DEBUG [storage.image.TemplateDataFactoryImpl]
> (secstorage-1:null) template 1 is already in store:2, type:Image
> 2013-11-29 08:38:10,171 DEBUG [storage.image.TemplateDataFactoryImpl]
> (secstorage-1:null) template 1 is already in store:2, type:Primary
> 2013-11-29 08:38:10,174 DEBUG [storage.volume.VolumeServiceImpl]
> (secstorage-1:null) Found template routing-1 in storage pool 2 with
> VMTemplateStoragePool id: 2280
> 2013-11-29 08:38:10,185 DEBUG [agent.transport.Request]
> (consoleproxy-1:null) Seq 1-1431371787: Sending { Cmd , MgmtId:
> 217970788423578, via: 1, Ver: v1, Flags: 100111, [{"org.apache.cloudstack.
> storage.command.CopyCommand":{"srcTO":{"org.apache.cloudstack.storage.to.
> TemplateObjectTO":{"path":"template/tmpl/1/1/","origUrl":"
> http://download.cloud.com/templates/4.2/systemvmtemplate-2013-07-12-
> master-xen.vhd.bz2","uuid":"82cd934b-4d43-11e3-8eab-
> c63e476a579a","id":1,"format":"VHD","accountId":1,"checksum":"
> fb1b6e032a160d86f2c28feb5add6d83","hvm":false,"displayText":"SystemVM
> Template (XenServer)","imageDataStore":{"com.cloud.agent.api.to.
> NfsTO":{"_url":"nfs://172.16.51.47:/export/secondary2","_
> role":"Image"}},"name":"routing-1","hypervisorType":"
> XenServer"}},"destTO":{"org.apache.cloudstack.storage.to.
> TemplateObjectTO":{"origUrl":"http://download.cloud.com/templates/4.2/
> systemvmtemplate-2013-07-12-master-xen.vhd.bz2","uuid":"
> 82cd934b-4d43-11e3-8eab-c63e476a579a","id":1,"format":
> "VHD","accountId":1,"checksum":"fb1b6e032a160d86f2c28feb5add6d
> 83","hvm":false,"displayText":"SystemVM Template
> (XenServer)","imageDataStore":{"org.apache.cloudstack.
> storage.to.PrimaryDataStoreTO":{"uuid":"fefdf148-d326-3fa0-
> 9aca-3f8956fbd8f7","id":2,"poolType":"NetworkFilesystem",
> "host":"172.16.51.47","path":"/export/primary2","port":2049}
> },"name":"routing-1","hypervisorType":"XenServer"}},
> "executeInSequence":true,"wait":10800}}] }
> 2013-11-29 08:38:10,187 DEBUG [agent.transport.Request]
> (consoleproxy-1:null) Seq 1-1431371787: Executing: { Cmd , MgmtId:
> 217970788423578, via: 1, Ver: v1, Flags: 100111, [{"org.apache.cloudstack.
> storage.command.CopyCommand":{"srcTO":{"org.apache.cloudstack.storage.to.
> TemplateObjectTO":{"path":"template/tmpl/1/1/","origUrl":"
> http://download.cloud.com/templates/4.2/systemvmtemplate-2013-07-12-
> master-xen.vhd.bz2","uuid":"82cd934b-4d43-11e3-8eab-
> c63e476a579a","id":1,"format":"VHD","accountId":1,"checksum":"
> fb1b6e032a160d86f2c28feb5add6d83","hvm":false,"displayText":"SystemVM
> Template (XenServer)","imageDataStore":{"com.cloud.agent.api.to.
> NfsTO":{"_url":"nfs://172.16.51.47:/export/secondary2","_
> role":"Image"}},"name":"routing-1","hypervisorType":"
> XenServer"}},"destTO":{"org.apache.cloudstack.storage.to.
> TemplateObjectTO":{"origUrl":"http://download.cloud.com/templates/4.2/
> systemvmtemplate-2013-07-12-master-xen.vhd.bz2","uuid":"
> 82cd934b-4d43-11e3-8eab-c63e476a579a","id":1,"format":
> "VHD","accountId":1,"checksum":"fb1b6e032a160d86f2c28feb5add6d
> 83","hvm":false,"displayText":"SystemVM Template
> (XenServer)","imageDataStore":{"org.apache.cloudstack.
> storage.to.PrimaryDataStoreTO":{"uuid":"fefdf148-d326-3fa0-
> 9aca-3f8956fbd8f7","id":2,"poolType":"NetworkFilesystem",
> "host":"172.16.51.47","path":"/export/primary2","port":2049}
> },"name":"routing-1","hypervisorType":"XenServer"}},
> "executeInSequence":true,"wait":10800}}] }
> 2013-11-29 08:38:10,188 DEBUG [agent.manager.DirectAgentAttache]
> (DirectAgent-1:null) Seq 1-1431371787: Executing request
> 2013-11-29 08:38:10,190 DEBUG [storage.volume.VolumeServiceImpl]
> (secstorage-1:null) Acquir
