Re: Nginx reverse proxy to cloud stack

[Marty Sweet]

Hi Amin,

The error shown should have hopefully been fixed by adjusting the
proxy_pass, did you restart nginx?
Just to confirm, does navigating to https://amin.com.au/client/ load
fully but still result in a username/password incorrect (giving the
error shown above)?

Thanks,
Marty

On Tue, Feb 25, 2014 at 4:54 AM, Amin Samir  wrote:
>
>
>
> Hi Marty,
> thanks for you fast reply, editing the proxy_pass to be http://localhost:8080 
> ; does not help, in regards to the location /, when I recall the server from 
> the browser I use "amin.com.au" and I have this domain name set in the local 
> hosts file.  One more thing to mention is cloud stack is working with its own 
> URL fine.
> The F12 error output is as follows:
> Apache Tomcat/6.0.35 - Error report 
> HTTP Status 404 - /client/client/api noshade="noshade">type Status reportmessage 
> /client/client/apidescription The requested resource 
> (/client/client/api) is not available. noshade="noshade">Apache Tomcat/6.0.35
>
> Seems there is a duplication in /client/client/api-
> I dont know how rectify this I am newbie cloudstack and nginx.
>
> Thanks in advance.
> Amin
>
>
>> Date: Tue, 25 Feb 2014 04:15:40 +
>> Subject: Re: Nginx reverse proxy to cloud stack
>> From: msweet@gmail.com
>> To: users@cloudstack.apache.org
>> CC: aminsamira...@hotmail.com
>>
>> Hi Amin,
>>
>> From first glance it seems that it could be related to your location
>> being '/' - although I personally haven't setup CS behind NGinx
>> before.
>> Is there any improvement if 'proxy_pass http://localhost:8080;' is
>> used? This should make the paths be the 'same' - although it should
>> all be relative anyway - worth a try.
>>
>> You may also be able to see if any web errors are occurring by
>> profiling network on most new browsers (F12).
>> Also is there anything obvious in your management logs?
>>
>> Let us know how you get on,
>> Marty
>>
>> On Tue, Feb 25, 2014 at 1:57 AM, Amin Samir  
>> wrote:
>> > Hello,
>> >
>> > I am trying to configure Nginx to reverse proxy cloud stack to offload 
>> > SSL, I have done the following:
>> > Installed the NginxCreated a virtual host with the following:server {
>> > server_name  amin.com.au;
>> >  location / {
>> > proxy_set_header X-Forwarded-Host $host;
>> > proxy_set_header X-Forwarded-Server $host;
>> > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>> > proxy_pass http://localhost:8080/client/;
>> > }
>> > When trying to log on to cloud stack it gives me wrong user name and 
>> > password.I even added the root to be root 
>> > /usr/share/cloudstack-management/webapps/client/; index index.jsp; (still 
>> > does not authenticate me).
>> > however when trying to log in using http://amin.com.au it authenticates me 
>> > and works smoothly.
>> >
>> > Any idea why is this happening.
>> >
>> > Thanks in advance for advise what might be the cause.
>> >
>> >
>> > Amin
>> >
>> >
>>
>>
>>
>> --
>> Marty
>
>



-- 
Marty

RE: Infrastructure UI view for non-admin users??

[Saksham Srivastava]

Further, explicitly dedicating/releasing resources and listing dedicated 
resources are also only Root admin apis.

Thanks,
Saksham

-Original Message-
From: Geoff Higginbottom [mailto:geoff.higginbot...@shapeblue.com] 
Sent: Monday, February 24, 2014 11:40 PM
To: users@cloudstack.apache.org
Subject: RE: Infrastructure UI view for non-admin users??

Hi Jason,

Only Root Admins can see the infrastructure areas within the UI.

Regards

Geoff Higginbottom

D: +44 20 3603 0542 | S: +44 20 3603 0540 | M: +447968161581

geoff.higginbot...@shapeblue.com

-Original Message-
From: STEENBLIK Jason [mailto:jason.steenb...@leonteq.com]
Sent: 24 February 2014 17:40
To: users@cloudstack.apache.org
Subject: Infrastructure UI view for non-admin users??

Hi,
Does anyone know if it is possible to allow accounts other than root admins to 
see the infrastructure view in the UI. I'm happy to create domains and/or 
dedicate resources to domain-admin accounts if it is required, as I will 
probably have to create domains and dedicate anyway.

Thanks,
Jason

=== The Mail Gateway made the following annotation === 
This e-mail is confidential. If you are not the intended recipient, you should 
not copy it, re-transmit it, use it or disclose its contents, but should return 
it to the sender immediately and delete the copy from your system.
Leonteq Securities is not responsible for, nor endorses, any opinion, 
recommendation, conclusion, solicitation, offer or agreement or any information 
contained in this communication.
Leonteq Securities cannot accept any responsibility for the accuracy or 
completeness of this message as it has been transmitted over a public network.
If you suspect that the message may have been intercepted or amended, please 
call the sender. Should you require any further information, please contact the 
Compliance Manager on complia...@leonteq.com.

==
Need Enterprise Grade Support for Apache CloudStack?
Our CloudStack Infrastructure 
Support offers the 
best 24/7 SLA for CloudStack Environments.

Apache CloudStack Bootcamp training courses

**NEW!** CloudStack 4.2.1 training
18th-19th February 2014, Brazil. 
Classroom
17th-23rd March 2014, Region A. Instructor led, 
On-line
24th-28th March 2014, Region B. Instructor led, 
On-line
16th-20th June 2014, Region A. Instructor led, 
On-line
23rd-27th June 2014, Region B. Instructor led, 
On-line

This email and any attachments to it may be confidential and are intended 
solely for the use of the individual to whom it is addressed. Any views or 
opinions expressed are solely those of the author and do not necessarily 
represent those of Shape Blue Ltd or related companies. If you are not the 
intended recipient of this email, you must neither take any action based upon 
its contents, nor copy or show it to anyone. Please contact the sender if you 
believe you have received this email in error. Shape Blue Ltd is a company 
incorporated in England & Wales. ShapeBlue Services India LLP is a company 
incorporated in India and is operated under license from Shape Blue Ltd. Shape 
Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is 
operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.

RE: Nginx reverse proxy to cloud stack

[Amin Samir]

Hi Marty,
thanks for you fast reply, editing the proxy_pass to be http://localhost:8080 ; 
does not help, in regards to the location /, when I recall the server from the 
browser I use "amin.com.au" and I have this domain name set in the local hosts 
file.  One more thing to mention is cloud stack is working with its own URL 
fine.
The F12 error output is as follows:
Apache Tomcat/6.0.35 - Error report 
HTTP Status 404 - /client/client/apitype Status reportmessage 
/client/client/apidescription The requested resource 
(/client/client/api) is not available.Apache Tomcat/6.0.35

Seems there is a duplication in /client/client/api-
I dont know how rectify this I am newbie cloudstack and nginx.

Thanks in advance.
Amin


> Date: Tue, 25 Feb 2014 04:15:40 +
> Subject: Re: Nginx reverse proxy to cloud stack
> From: msweet@gmail.com
> To: users@cloudstack.apache.org
> CC: aminsamira...@hotmail.com
> 
> Hi Amin,
> 
> From first glance it seems that it could be related to your location
> being '/' - although I personally haven't setup CS behind NGinx
> before.
> Is there any improvement if 'proxy_pass http://localhost:8080;' is
> used? This should make the paths be the 'same' - although it should
> all be relative anyway - worth a try.
> 
> You may also be able to see if any web errors are occurring by
> profiling network on most new browsers (F12).
> Also is there anything obvious in your management logs?
> 
> Let us know how you get on,
> Marty
> 
> On Tue, Feb 25, 2014 at 1:57 AM, Amin Samir  wrote:
> > Hello,
> >
> > I am trying to configure Nginx to reverse proxy cloud stack to offload SSL, 
> > I have done the following:
> > Installed the NginxCreated a virtual host with the following:server {
> > server_name  amin.com.au;
> >  location / {
> > proxy_set_header X-Forwarded-Host $host;
> > proxy_set_header X-Forwarded-Server $host;
> > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> > proxy_pass http://localhost:8080/client/;
> > }
> > When trying to log on to cloud stack it gives me wrong user name and 
> > password.I even added the root to be root 
> > /usr/share/cloudstack-management/webapps/client/; index index.jsp; (still 
> > does not authenticate me).
> > however when trying to log in using http://amin.com.au it authenticates me 
> > and works smoothly.
> >
> > Any idea why is this happening.
> >
> > Thanks in advance for advise what might be the cause.
> >
> >
> > Amin
> >
> >
> 
> 
> 
> -- 
> Marty

  

Re: Nginx reverse proxy to cloud stack

[Marty Sweet]

Hi Amin,

>From first glance it seems that it could be related to your location
being '/' - although I personally haven't setup CS behind NGinx
before.
Is there any improvement if 'proxy_pass http://localhost:8080;' is
used? This should make the paths be the 'same' - although it should
all be relative anyway - worth a try.

You may also be able to see if any web errors are occurring by
profiling network on most new browsers (F12).
Also is there anything obvious in your management logs?

Let us know how you get on,
Marty

On Tue, Feb 25, 2014 at 1:57 AM, Amin Samir  wrote:
> Hello,
>
> I am trying to configure Nginx to reverse proxy cloud stack to offload SSL, I 
> have done the following:
> Installed the NginxCreated a virtual host with the following:server {
> server_name  amin.com.au;
>  location / {
> proxy_set_header X-Forwarded-Host $host;
> proxy_set_header X-Forwarded-Server $host;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_pass http://localhost:8080/client/;
> }
> When trying to log on to cloud stack it gives me wrong user name and 
> password.I even added the root to be root 
> /usr/share/cloudstack-management/webapps/client/; index index.jsp; (still 
> does not authenticate me).
> however when trying to log in using http://amin.com.au it authenticates me 
> and works smoothly.
>
> Any idea why is this happening.
>
> Thanks in advance for advise what might be the cause.
>
>
> Amin
>
>



-- 
Marty

RE: Why no use sync rather than async for NFS storage?

[Amin Samir]

Thanks John and Krisstofer for your support.

Amin

> From: j...@stratosec.co
> To: users@cloudstack.apache.org
> Subject: Re: Why no use sync rather than async for NFS storage?
> Date: Mon, 24 Feb 2014 17:03:51 +
> 
> Just created CLOUDSTACK-6166 to change this, or at least get a good reason 
> for why folks think it’s OK.
> 
> On Feb 24, 2014, at 8:57 AM, John Kinsella  wrote:
> 
> > Interesting - hadn’t noticed that.
> > 
> > Async is generally faster, at the risk of data loss as the client isn’t 
> > guaranteed data write on the server. Not something I’d run in production.
> > 
> > John
> > 
> > On Feb 23, 2014, at 10:33 PM, Amin Samir  wrote:
> > 
> >> Hello,
> >> 
> >> All cloudstack documentation prepares the NFS share using async, why not 
> >> use sync for better data protection?
> >> 
> >> Has anyone used NFS shares with sync? what would be the drawbacks if any?
> >> 
> >> Thanks for your valuable responses.
> >> Amin
> >>  
> > 
> 
  

Nginx reverse proxy to cloud stack

[Amin Samir]

Hello,

I am trying to configure Nginx to reverse proxy cloud stack to offload SSL, I 
have done the following: 
Installed the NginxCreated a virtual host with the following:server {
server_name  amin.com.au;
 location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8080/client/;
}
When trying to log on to cloud stack it gives me wrong user name and password.I 
even added the root to be root 
/usr/share/cloudstack-management/webapps/client/; index index.jsp; (still does 
not authenticate me).
however when trying to log in using http://amin.com.au it authenticates me and 
works smoothly.

Any idea why is this happening. 

Thanks in advance for advise what might be the cause.


Amin

  

ACS + KVM + GRE + Infiniband

[Andrei Mikhailovsky]

Hello guys, 


I was wondering if anyone could give me some tips on how to setup an infinband 
network for the guests using KVM hypervisor. In particular,, I am looking at 
providing guest vms with the IPoIB interface which is available on the KVM 
hypervisor hosts. The current implementation of IPoIB support in Linux does not 
allow for bridging over the infiniband interface, so you can't really create a 
bridge interface, feed it to ACS and let vm guests use the high speed network. 
If I understand correctly, there should be a way to use network segmentation 
with GRE tunnelling, which should not need the creation of bridge interfaces. 
If this is so, I should be able to utilise IPoIB network interface with GRE 
separation as the guest network. 


Has anyone attempted to do something similar? 


Another question, does ACS advanced networking support the functionality of 
having two or more different network types within one zone/pod/cluster? For 
instance, could I have two guest network offerings, one with vlan separation 
over ethernet and another with GRE separation over IPoIB interface? 


Cheers 


Andrei 

Re: Limit CPU flags exposed to the VM

[Nux!]

On 24.02.2014 18:17, Tim Mackey wrote:
Here's a good article describing how everything behind CPU masking 
works:
http://support.citrix.com/article/CTX127059.  One key item to note is 
you
might need to do something in your BIOS to enable the feature.  Don't 
worry

about the age of the article; everything's still relevant.

(btw Citrix support site appears to be having a problem right now, so 
if

you google for CTX127059 and look at the cached version)



Thanks, guys, it worked!
I had to get the compare-cpu script from here as I couldn't find it 
elsewhere:

http://www.cl.cam.ac.uk/xen/XenE/host-cpu-info/

Lucian

--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

Re: Limit CPU flags exposed to the VM

[Tim Mackey]

Here's a good article describing how everything behind CPU masking works:
http://support.citrix.com/article/CTX127059.  One key item to note is you
might need to do something in your BIOS to enable the feature.  Don't worry
about the age of the article; everything's still relevant.

(btw Citrix support site appears to be having a problem right now, so if
you google for CTX127059 and look at the cached version)

-tim


On Mon, Feb 24, 2014 at 12:07 PM, Nux!  wrote:

> On 24.02.2014 16:13, Geoff Higginbottom wrote:
>
>> What version of XenServer are you using?
>>
>> 6.2 supports Heterogeneous Resource Pools, so this should allow some
>> flexibility, but older versions do not.
>>
>> http://www.xenserver.org/overview-xenserver-open-
>> source-virtualization/open-source-virtualization-features.html
>>
>
> Thanks Geoff, that might be something useful! I'm on 6.2SP1.
>
>
> Lucian
>
> --
> Sent from the Delta quadrant using Borg technology!
>
> Nux!
> www.nux.ro
>

RE: Infrastructure UI view for non-admin users??

[Geoff Higginbottom]

Hi Jason,

Only Root Admins can see the infrastructure areas within the UI.

Regards

Geoff Higginbottom

D: +44 20 3603 0542 | S: +44 20 3603 0540 | M: +447968161581

geoff.higginbot...@shapeblue.com

-Original Message-
From: STEENBLIK Jason [mailto:jason.steenb...@leonteq.com]
Sent: 24 February 2014 17:40
To: users@cloudstack.apache.org
Subject: Infrastructure UI view for non-admin users??

Hi,
Does anyone know if it is possible to allow accounts other than root admins to 
see the infrastructure view in the UI. I'm happy to create domains and/or 
dedicate resources to domain-admin accounts if it is required, as I will 
probably have to create domains and dedicate anyway.

Thanks,
Jason

=== The Mail Gateway made the following annotation === 
This e-mail is confidential. If you are not the intended recipient, you should 
not copy it, re-transmit it, use it or disclose its contents, but should return 
it to the sender immediately and delete the copy from your system.
Leonteq Securities is not responsible for, nor endorses, any opinion, 
recommendation, conclusion, solicitation, offer or agreement or any information 
contained in this communication.
Leonteq Securities cannot accept any responsibility for the accuracy or 
completeness of this message as it has been transmitted over a public network.
If you suspect that the message may have been intercepted or amended, please 
call the sender. Should you require any further information, please contact the 
Compliance Manager on complia...@leonteq.com.

==
Need Enterprise Grade Support for Apache CloudStack?
Our CloudStack Infrastructure 
Support offers the 
best 24/7 SLA for CloudStack Environments.

Apache CloudStack Bootcamp training courses

**NEW!** CloudStack 4.2.1 training
18th-19th February 2014, Brazil. 
Classroom
17th-23rd March 2014, Region A. Instructor led, 
On-line
24th-28th March 2014, Region B. Instructor led, 
On-line
16th-20th June 2014, Region A. Instructor led, 
On-line
23rd-27th June 2014, Region B. Instructor led, 
On-line

This email and any attachments to it may be confidential and are intended 
solely for the use of the individual to whom it is addressed. Any views or 
opinions expressed are solely those of the author and do not necessarily 
represent those of Shape Blue Ltd or related companies. If you are not the 
intended recipient of this email, you must neither take any action based upon 
its contents, nor copy or show it to anyone. Please contact the sender if you 
believe you have received this email in error. Shape Blue Ltd is a company 
incorporated in England & Wales. ShapeBlue Services India LLP is a company 
incorporated in India and is operated under license from Shape Blue Ltd. Shape 
Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is 
operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.

Infrastructure UI view for non-admin users??

[STEENBLIK Jason]

Hi,
Does anyone know if it is possible to allow accounts other than root admins to 
see the infrastructure view in the UI. I'm happy to create domains and/or 
dedicate resources to domain-admin accounts if it is required, as I will 
probably have to create domains and dedicate anyway.

Thanks,
Jason

=== The Mail Gateway made the following annotation ===
This e-mail is confidential. If you are not the intended recipient, you should 
not copy it, re-transmit it, use it or disclose its contents, but should 
return it to the sender immediately and delete the copy from your system.
Leonteq Securities is not responsible for, nor endorses, any opinion,
recommendation, conclusion, solicitation, offer or agreement or any 
information contained in this communication.
Leonteq Securities cannot accept any responsibility for the accuracy or
completeness of this message as it has been transmitted over a public network.
If you suspect that the message may have been intercepted or amended, please 
call the sender. Should you require any further information, please contact 
the Compliance Manager on complia...@leonteq.com.

==

Re: One last hurdle

[Sebastien Goasguen]

On Feb 24, 2014, at 10:35 AM, Michael Phillips  wrote:

> That is a very clean format.
> To be honest, I actually thought about putting together some documentation 
> and posting it online.

there is a section on vsphere hypervisor that needs a lot of review.

it's in restructured text format, almost as easy as markdown. You can fork it 
on github and edit in place via the github ui.

if you write outside the documentation let me know, I will try to grab what you 
write to update the docs.

-sebastien

> 
>> Subject: Re: One last hurdle
>> From: run...@gmail.com
>> Date: Mon, 24 Feb 2014 03:26:41 -0500
>> To: users@cloudstack.apache.org
>> 
>> 
>> On Feb 22, 2014, at 8:13 PM, Michael Phillips  
>> wrote:
>> 
>>> Figured it out
>>> Apparently by default outbound traffic is blocked by egress 
>>> rule...implemented an egress rule and it's working….
>> 
>> Do you feel like writing some documentation :)
>> 
>> We are moving to a new docs format and this:
>> http://cloudstack-installation.readthedocs.org/en/latest/
>> 
>> needs a lot of love.
>> 
>>> 
>> 
 From: mphilli7...@hotmail.com
 To: users@cloudstack.apache.org
 Subject: One last hurdle
 Date: Sat, 22 Feb 2014 18:37:45 -0600
 
 
 
 
 I am almost there to having a working config with advanced network on 
 vsphere 5.1
 So I am using a pretty basic advanced network zone using vlan for 
 isolation. Details are below:
 Public range = x.x.233.0/24
 Guest cidr = 10.1.1.0/24
 VLAN range = 400-405
 
 1. I create an instance of the default centos5.3 template, choosing to 
 create a isolated network based on 
 "DefaultIsolatedNetworkOfferingWithSourceNatService"
 2. The system spawns a system router.
 3. The system spawns the guest vm.
 4. The router is made a part of the public vlan 233 and the isolated vlan 
 400
 5. The guest vm is made a part of the isolated vlan 400.
 6. The router is assigned an IP address on the isolated network of 
 10.1.1.1. The router is able to get out to the internet fine, and is able 
 to ping the guest instance.
 7. The guest is assigned an ip address on the isolated network. The guest 
 vm is able to ping the router
 Network Topology would look as follows:
 guestvm ---> system router ---> firewall ---> router ---> internet
 Up to this point everything LOOKS perfect...BUT...my guest vm is not able 
 to get out to the internet.
 At first I thought my problem might be with the hop after the system 
 router which is my firewall. So what I did was to imitate what CS is 
 doing, but with windows machines. Basically I spawned two machines, one 
 which acted as a guest vm, the other to act as a system router. On the 
 windows box, which I simulated the system router, I enabled routing and 
 remote access to enable NAT. In this configuration the guest vm was able 
 to use the simulated system router and browse the internet just fine. The 
 test topology would look as follows:
 guest vm ---> simulated router running windows and NAT ---> firewall ---> 
 router ---> internet
 So this leads me to believe that something is wrong with the system router 
 and how it is NAT'ing. Up to this point I have tried the default network 
 service "DefaultIsolatedNetworkOfferingWithSourceNatService" and created a 
 new network offering using DNS,DHCP, and SourceNAT. 
 I think once I get past this hurdle I will be be good to goany help is 
 hugely appreciated!!
 
 
 
 
  
>>>   
>> 
> 

RE: Limit CPU flags exposed to the VM

[Nux!]

On 24.02.2014 16:13, Geoff Higginbottom wrote:

What version of XenServer are you using?

6.2 supports Heterogeneous Resource Pools, so this should allow some
flexibility, but older versions do not.

http://www.xenserver.org/overview-xenserver-open-source-virtualization/open-source-virtualization-features.html


Thanks Geoff, that might be something useful! I'm on 6.2SP1.

Lucian

--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

Re: Why no use sync rather than async for NFS storage?

[John Kinsella]

Just created CLOUDSTACK-6166 to change this, or at least get a good reason for 
why folks think it’s OK.

On Feb 24, 2014, at 8:57 AM, John Kinsella  wrote:

> Interesting - hadn’t noticed that.
> 
> Async is generally faster, at the risk of data loss as the client isn’t 
> guaranteed data write on the server. Not something I’d run in production.
> 
> John
> 
> On Feb 23, 2014, at 10:33 PM, Amin Samir  wrote:
> 
>> Hello,
>> 
>> All cloudstack documentation prepares the NFS share using async, why not use 
>> sync for better data protection?
>> 
>> Has anyone used NFS shares with sync? what would be the drawbacks if any?
>> 
>> Thanks for your valuable responses.
>> Amin
>>
> 

Re: Why no use sync rather than async for NFS storage?

[John Kinsella]

Interesting - hadn’t noticed that.

Async is generally faster, at the risk of data loss as the client isn’t 
guaranteed data write on the server. Not something I’d run in production.

John

On Feb 23, 2014, at 10:33 PM, Amin Samir  wrote:

> Hello,
> 
> All cloudstack documentation prepares the NFS share using async, why not use 
> sync for better data protection?
> 
> Has anyone used NFS shares with sync? what would be the drawbacks if any?
> 
> Thanks for your valuable responses.
> Amin
> 

RE: Limit CPU flags exposed to the VM

[Geoff Higginbottom]

What version of XenServer are you using?

6.2 supports Heterogeneous Resource Pools, so this should allow some 
flexibility, but older versions do not.

http://www.xenserver.org/overview-xenserver-open-source-virtualization/open-source-virtualization-features.html

Regards

Geoff Higginbottom

D: +44 20 3603 0542 | S: +44 20 3603 0540 | M: +447968161581

geoff.higginbot...@shapeblue.com

-Original Message-
From: Nux! [mailto:n...@li.nux.ro]
Sent: 24 February 2014 15:06
To: users@cloudstack.apache.org
Subject: Limit CPU flags exposed to the VM

Hello,

I'm having some troubles migrating VMs between certain Xenservers that are very 
similar, it's just the CPUs vary slightly. With KVM/libvirt I can limit the CPU 
flags exposed to the VM, how would I do the same with Xenserver?

Lucian

--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro
Need Enterprise Grade Support for Apache CloudStack?
Our CloudStack Infrastructure 
Support offers the 
best 24/7 SLA for CloudStack Environments.

Apache CloudStack Bootcamp training courses

**NEW!** CloudStack 4.2.1 training
18th-19th February 2014, Brazil. 
Classroom
17th-23rd March 2014, Region A. Instructor led, 
On-line
24th-28th March 2014, Region B. Instructor led, 
On-line
16th-20th June 2014, Region A. Instructor led, 
On-line
23rd-27th June 2014, Region B. Instructor led, 
On-line

This email and any attachments to it may be confidential and are intended 
solely for the use of the individual to whom it is addressed. Any views or 
opinions expressed are solely those of the author and do not necessarily 
represent those of Shape Blue Ltd or related companies. If you are not the 
intended recipient of this email, you must neither take any action based upon 
its contents, nor copy or show it to anyone. Please contact the sender if you 
believe you have received this email in error. Shape Blue Ltd is a company 
incorporated in England & Wales. ShapeBlue Services India LLP is a company 
incorporated in India and is operated under license from Shape Blue Ltd. Shape 
Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is 
operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.

RE: One last hurdle

[Michael Phillips]

That is a very clean format.
To be honest, I actually thought about putting together some documentation and 
posting it online.

> Subject: Re: One last hurdle
> From: run...@gmail.com
> Date: Mon, 24 Feb 2014 03:26:41 -0500
> To: users@cloudstack.apache.org
> 
> 
> On Feb 22, 2014, at 8:13 PM, Michael Phillips  wrote:
> 
> > Figured it out
> > Apparently by default outbound traffic is blocked by egress 
> > rule...implemented an egress rule and it's working….
> 
> Do you feel like writing some documentation :)
> 
> We are moving to a new docs format and this:
> http://cloudstack-installation.readthedocs.org/en/latest/
> 
> needs a lot of love.
> 
> > 
> 
> >> From: mphilli7...@hotmail.com
> >> To: users@cloudstack.apache.org
> >> Subject: One last hurdle
> >> Date: Sat, 22 Feb 2014 18:37:45 -0600
> >> 
> >> 
> >> 
> >> 
> >> I am almost there to having a working config with advanced network on 
> >> vsphere 5.1
> >> So I am using a pretty basic advanced network zone using vlan for 
> >> isolation. Details are below:
> >> Public range = x.x.233.0/24
> >> Guest cidr = 10.1.1.0/24
> >> VLAN range = 400-405
> >> 
> >> 1. I create an instance of the default centos5.3 template, choosing to 
> >> create a isolated network based on 
> >> "DefaultIsolatedNetworkOfferingWithSourceNatService"
> >> 2. The system spawns a system router.
> >> 3. The system spawns the guest vm.
> >> 4. The router is made a part of the public vlan 233 and the isolated vlan 
> >> 400
> >> 5. The guest vm is made a part of the isolated vlan 400.
> >> 6. The router is assigned an IP address on the isolated network of 
> >> 10.1.1.1. The router is able to get out to the internet fine, and is able 
> >> to ping the guest instance.
> >> 7. The guest is assigned an ip address on the isolated network. The guest 
> >> vm is able to ping the router
> >> Network Topology would look as follows:
> >> guestvm ---> system router ---> firewall ---> router ---> internet
> >> Up to this point everything LOOKS perfect...BUT...my guest vm is not able 
> >> to get out to the internet.
> >> At first I thought my problem might be with the hop after the system 
> >> router which is my firewall. So what I did was to imitate what CS is 
> >> doing, but with windows machines. Basically I spawned two machines, one 
> >> which acted as a guest vm, the other to act as a system router. On the 
> >> windows box, which I simulated the system router, I enabled routing and 
> >> remote access to enable NAT. In this configuration the guest vm was able 
> >> to use the simulated system router and browse the internet just fine. The 
> >> test topology would look as follows:
> >> guest vm ---> simulated router running windows and NAT ---> firewall ---> 
> >> router ---> internet
> >> So this leads me to believe that something is wrong with the system router 
> >> and how it is NAT'ing. Up to this point I have tried the default network 
> >> service "DefaultIsolatedNetworkOfferingWithSourceNatService" and created a 
> >> new network offering using DNS,DHCP, and SourceNAT. 
> >> I think once I get past this hurdle I will be be good to goany help is 
> >> hugely appreciated!!
> >> 
> >> 
> >> 
> >> 
> >>  
> >   
> 
  

Limit CPU flags exposed to the VM

[Nux!]

Hello,

I'm having some troubles migrating VMs between certain Xenservers that 
are very similar, it's just the CPUs vary slightly. With KVM/libvirt I 
can limit the CPU flags exposed to the VM, how would I do the same with 
Xenserver?


Lucian

--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

Re: CS 4.2.1 Advanced network -- Guest IP range

[Steven Liang]

  
  
Thank you for updating, Daan.
  
  On 02/22/2014 05:11 AM, Daan Hoogland wrote:


  On Fri, Feb 21, 2014 at 11:27 PM, Steven Liang  wrote:

  


My Guest CIDR set to 10.1.1.0/24, when I created Advanced network mode CS.
After I added guest network 10.3.4.0/24, and used it on vms, it works.
But when I added guest network 192.168.20.0/24, it doesn't work.

  
  

You are probably using a released version of ACS. There was a bug
where higher ip adresses, above 128.0.0.0 where not recognised as vaid
ipv4 adresses. It should be solved in 4.3 and up.





-- 
  Steven Liang
Linux System Admin
Phone: 1.416.499.8009 ext. 2865
Cell Phone: 1.647.718.5292
Email: stevenli...@yesup.com
www.yesup.com | account.yesup.com
  
  
  

unable to deploy ubuntu as guest vm

[Tejas Gadaria]

Hi,

I am using CS 4.0.2 with basic zone, xenserver (6.0.2) as hypervisor.
I am able to deploy Windows 7 vm from ISO but not ubuntu.
Also I tried to deploy centOS 5 from ISO, where graphics doesn't supports.

Any help would be appreciated.



2014-02-24 17:33:17,601 DEBUG [xen.resource.CitrixResourceBase]
(DirectAgent-26:null) Creating VIF for i-2-3-VM on nic
[Nic:Guest-10.129.151.107-vlan://untagged]
2014-02-24 17:33:17,653 DEBUG [xen.resource.CitrixResourceBase]
(DirectAgent-26:null) Created a vif a77b6f5e-c663-f0a4-29fb-4be2511479b8 on
0
2014-02-24 17:33:17,936 DEBUG [agent.manager.DirectAgentAttache]
(DirectAgent-13:null) Ping from 1
2014-02-24 17:33:18,320 DEBUG [agent.manager.DirectAgentAttache]
(DirectAgent-148:null) Seq 1-410714114: Executing request
2014-02-24 17:33:18,549 WARN  [xen.resource.CitrixResourceBase]
(DirectAgent-148:null) Ignoring VM i-2-3-VM in transition state starting.
2014-02-24 17:33:18,549 DEBUG [agent.manager.DirectAgentAttache]
(DirectAgent-148:null) Seq 1-410714114: Response Received:
2014-02-24 17:33:18,550 DEBUG [agent.transport.Request]
(DirectAgent-148:null) Seq 1-410714114: Processing:  { Ans: , MgmtId:
345049281638, via: 1, Ver: v1, Flags: 10,
[{"ClusterSyncAnswer":{"_clusterId":1,"_newStates":{},"_isExecuted":false,"result":true,"wait":0}}]
}
2014-02-24 17:33:18,639 DEBUG [cloud.server.StatsCollector]
(StatsCollector-3:null) StorageCollector is running...
2014-02-24 17:33:18,695 DEBUG [agent.transport.Request]
(StatsCollector-3:null) Seq 4-356385005: Received:  { Ans: , MgmtId:
345049281638, via: 4, Ver: v1, Flags: 10, { GetStorageStatsAnswer } }
2014-02-24 17:33:18,699 DEBUG [agent.manager.DirectAgentAttache]
(DirectAgent-130:null) Seq 1-410714197: Executing request
2014-02-24 17:33:19,192 DEBUG [agent.manager.DirectAgentAttache]
(DirectAgent-130:null) Seq 1-410714197: Response Received:
2014-02-24 17:33:19,193 DEBUG [agent.transport.Request]
(StatsCollector-3:null) Seq 1-410714197: Received:  { Ans: , MgmtId:
345049281638, via: 1, Ver: v1, Flags: 10, { GetStorageStatsAnswer } }
2014-02-24 17:33:20,792 DEBUG [cloud.server.StatsCollector]
(StatsCollector-3:null) HostStatsCollector is running...
2014-02-24 17:33:20,800 DEBUG [agent.manager.DirectAgentAttache]
(DirectAgent-129:null) Seq 1-410714198: Executing request
2014-02-24 17:33:20,976 DEBUG [agent.manager.DirectAgentAttache]
(DirectAgent-129:null) Seq 1-410714198: Response Received:
2014-02-24 17:33:20,977 DEBUG [agent.transport.Request]
(StatsCollector-3:null) Seq 1-410714198: Received:  { Ans: , MgmtId:
345049281638, via: 1, Ver: v1, Flags: 10, { GetHostStatsAnswer } }
2014-02-24 17:33:21,712 WARN  [xen.resource.CitrixResourceBase]
(DirectAgent-26:null) Task failed! Task record: uuid:
8f05db8d-5b3e-2fc9-0a35-919336415ca1
   nameLabel: Async.VM.start_on
 nameDescription:
   allowedOperations: []
   currentOperations: {}
 created: Mon Feb 24 17:33:17 IST 2014
finished: Mon Feb 24 17:33:20 IST 2014
  status: FAILURE
  residentOn: com.xensource.xenapi.Host@dadd4d39
progress: 1.0
type: 
  result:
   errorInfo: [INVALID_SOURCE, Unable to access a required file in
the specified repository:
file:///tmp/cdrom-repo-5hkOHp/install.amd/xen/vmlinuz., ]
 otherConfig: {}
   subtaskOf: com.xensource.xenapi.Task@aaf13f6f
subtasks: []

2014-02-24 17:33:21,719 WARN  [xen.resource.CitrixResourceBase]
(DirectAgent-26:null) Unable to start VM(i-2-3-VM) on
host(f8701eb8-3edb-4b58-94e4-1889da729595) due to Task failed! Task
record: uuid: 8f05db8d-5b3e-2fc9-0a35-919336415ca1
   nameLabel: Async.VM.start_on
 nameDescription:
   allowedOperations: []
   currentOperations: {}
 created: Mon Feb 24 17:33:17 IST 2014
finished: Mon Feb 24 17:33:20 IST 2014
  status: FAILURE
  residentOn: com.xensource.xenapi.Host@dadd4d39
progress: 1.0
type: 
  result:
   errorInfo: [INVALID_SOURCE, Unable to access a required file in
the specified repository:
file:///tmp/cdrom-repo-5hkOHp/install.amd/xen/vmlinuz., ]
 otherConfig: {}
   subtaskOf: com.xensource.xenapi.Task@aaf13f6f
subtasks: []

Task failed! Task record: uuid:
8f05db8d-5b3e-2fc9-0a35-919336415ca1
   nameLabel: Async.VM.start_on
 nameDescription:
   allowedOperations: []
   currentOperations: {}
 created: Mon Feb 24 17:33:17 IST 2014
finished: Mon Feb 24 17:33:20 IST 2014
  status: FAILURE
  residentOn: com.xensource.xenapi.Host@dadd4d39
progress: 1.0
type: 
  result:
   errorInfo: [INVALID_SOURCE, Unable to access a required file in
the specified repository:
file:///tmp/cdrom-repo-5hkOHp/install.amd/xen/vmlinuz., ]
 otherConfig: {}
   subtaskOf: com.xensource.xenapi.Task

Re: vCenter Patching - Stop Cloud Management Service?

[Sean Hamilton]

When I've patched vCenter servers in the past, the rough process I've
followed is:
If you can, disable the zone.
Go to each cluster and click 'unmanage cluster'
Update vCenter
Go to each cluster and click 'manage cluster'
Enable the zone.

Allow CloudStack time to re-check the environment (a couple of minutes
should be fine).
Test deploying an instance.


On 21 February 2014 14:23, Justin Brophy  wrote:

> What is the appropriate way to patch a vCenter associated with CloudStack
> 4.2.1?
>
> My assumption is to stop the cloudstack-management service on the
> cloudstack management servers, then proceed with vCenter patching. Post
> patching, start cloudstack-management.
>
> Is this correct?
>
> Patching ESXi hosts is easy and documented, however I have not located any
> documented process around vCenter patching.
>
> Thoughts?
>
> Justin Brophy
> Solutions Architect
> DSS
>

Re: One last hurdle

[Sebastien Goasguen]

On Feb 22, 2014, at 8:13 PM, Michael Phillips  wrote:

> Figured it out
> Apparently by default outbound traffic is blocked by egress 
> rule...implemented an egress rule and it's working….

Do you feel like writing some documentation :)

We are moving to a new docs format and this:
http://cloudstack-installation.readthedocs.org/en/latest/

needs a lot of love.

> 

>> From: mphilli7...@hotmail.com
>> To: users@cloudstack.apache.org
>> Subject: One last hurdle
>> Date: Sat, 22 Feb 2014 18:37:45 -0600
>> 
>> 
>> 
>> 
>> I am almost there to having a working config with advanced network on 
>> vsphere 5.1
>> So I am using a pretty basic advanced network zone using vlan for isolation. 
>> Details are below:
>> Public range = x.x.233.0/24
>> Guest cidr = 10.1.1.0/24
>> VLAN range = 400-405
>> 
>> 1. I create an instance of the default centos5.3 template, choosing to 
>> create a isolated network based on 
>> "DefaultIsolatedNetworkOfferingWithSourceNatService"
>> 2. The system spawns a system router.
>> 3. The system spawns the guest vm.
>> 4. The router is made a part of the public vlan 233 and the isolated vlan 400
>> 5. The guest vm is made a part of the isolated vlan 400.
>> 6. The router is assigned an IP address on the isolated network of 10.1.1.1. 
>> The router is able to get out to the internet fine, and is able to ping the 
>> guest instance.
>> 7. The guest is assigned an ip address on the isolated network. The guest vm 
>> is able to ping the router
>> Network Topology would look as follows:
>> guestvm ---> system router ---> firewall ---> router ---> internet
>> Up to this point everything LOOKS perfect...BUT...my guest vm is not able to 
>> get out to the internet.
>> At first I thought my problem might be with the hop after the system router 
>> which is my firewall. So what I did was to imitate what CS is doing, but 
>> with windows machines. Basically I spawned two machines, one which acted as 
>> a guest vm, the other to act as a system router. On the windows box, which I 
>> simulated the system router, I enabled routing and remote access to enable 
>> NAT. In this configuration the guest vm was able to use the simulated system 
>> router and browse the internet just fine. The test topology would look as 
>> follows:
>> guest vm ---> simulated router running windows and NAT ---> firewall ---> 
>> router ---> internet
>> So this leads me to believe that something is wrong with the system router 
>> and how it is NAT'ing. Up to this point I have tried the default network 
>> service "DefaultIsolatedNetworkOfferingWithSourceNatService" and created a 
>> new network offering using DNS,DHCP, and SourceNAT. 
>> I think once I get past this hurdle I will be be good to goany help is 
>> hugely appreciated!!
>> 
>> 
>> 
>> 
>>
>