Re: DNS service on VR not responding

2014-08-15 Thread Indra Pramana 
Hi Rafael and Santhosh,

Good day to you, and thank you for your suggestions for me to run tcpdump
on the VR!

Problem is fixed -- after running tcpdump I noted some kind of denial of
service attack to the VR, lots of UDP DNS traffic from certain IP address.
I blocked the IP address and the VR's DNS service return back to normal.

Again, many thanks for your suggestions. Appreciate it.

Cheers.



On Tue, Jul 22, 2014 at 8:31 PM, Santhosh Edukulla <
santhosh.eduku...@citrix.com> wrote:

> 1. "tcpdump -vv - i eth0" to capture packets on interface eth0
> 2. "tcpdump  -vv -s0 port 53" for full packet capture.
>
> but simple thing i believe we may be missing is to run simple traceroute
> command from guest vm for a domain and see till where packets are going.
>
> Santhosh
> 
> From: Rafael Weingartner [rafaelweingart...@gmail.com]
> Sent: Tuesday, July 22, 2014 8:27 AM
> To: users@cloudstack.apache.org
> Subject: Re: DNS service on VR not responding
>
> I would run a tcpdump on the VR, in order to check if the packages from the
> VMs are arriving there.
> When you enabled the log queries debug option, did you find something on
> dnsmasq.log? was it saying that it was solving names form vm...?
>
>
> On Tue, Jul 22, 2014 at 6:21 AM, Indra Pramana  wrote:
>
> > Hi VIhar,
> >
> > route -n result is quite straightforward. Since it's a shared and not
> > isolated network, the guest VM is on the same subnet as the VR. There are
> > two subnets (X.X.X.0/24 and X.X.Y.0/24) within the shared network. The VR
> > has two IPs on the interface, X.X.X.2 and X.X.Y.2. My guest VM having
> > X.X.Y.* IP will try to communicate to the VR using X.X.Y.2.
> >
> > root@r-2606-VM:~# route -n
> > Kernel IP routing table
> > Destination Gateway Genmask Flags Metric RefUse
> > Iface
> > 0.0.0.0 X.X.X.10.0.0.0 UG0  00 eth0
> > X.X.X.00.0.0.0 255.255.255.0   U 0  00 eth0
> > X.X.Y.00.0.0.0 255.255.255.0   U 0  00 eth0
> > 169.254.0.0 0.0.0.0 255.255.0.0 U 0  00
> > eth1
> >
> > With regards to tcpdump that you suggested, can I have more details on
> how
> > to do? Do I need to perform the tcpdump from the guest VM or the VR?
> >
> > Looking forward to your reply, thank you.
> >
> > Cheers.
> >
> >
> >
> >
> > On Tue, Jul 22, 2014 at 11:44 AM, Vihar  wrote:
> >
> > > Hi Indra
> > >
> > > Could you check the routing table from the guest VM ( route -n ) and I
> > > would also like you to take a tcpdump from VM to VR with port 53 to
> check
> > > if you are able to get the reply from the VM.
> > >
> > > Regards
> > > Vihar K
> > > On Jul 22, 2014 9:10 AM, "Indra Pramana"  wrote:
> > >
> > > > Hi Santhosh,
> > > >
> > > > Here it is:
> > > >
> > > > Supported ServicesDhcp, Dns, UserDataService CapabilitiesDhcp:
> > > > VirtualRouter, Dns: VirtualRouter, UserData: VirtualRouter
> > > > The zone has been running for quite some time, I created the zone
> > almost
> > > a
> > > > year ago and there was no issues only until recently. So I don't
> think
> > > the
> > > > issue is due to the zone or service/network offering's default
> > > > configuration, since I didn't make any changes to the zone
> > configuration.
> > > >
> > > > Any advice on what should I investigate next?
> > > >
> > > > Looking forward to your reply, thank you.
> > > >
> > > > Cheers.
> > > >
> > > >
> > > >
> > > > On Mon, Jul 21, 2014 at 11:53 PM, Santhosh Edukulla <
> > > > santhosh.eduku...@citrix.com> wrote:
> > > >
> > > > > While creating zone, you would have selected network offering, we
> can
> > > see
> > > > > the supported services for each network offering, available under
> > > Service
> > > > > Offerings->Select Network Offerings, some thing like below, so you
> > may
> > > > want
> > > > > to check the network offering you associated to your datacenter and
> > > > > corresponding capabilities , below are the supported services for
> one
> > > of
> > > > > the shared network offering.
> > > > >
> > > > > Supported Services  Dns, Dhcp, UserData
> > > > > Service CapabilitiesDns: VirtualRouter, Dhcp: VirtualRouter,
> > > > UserData:
> > > > > VirtualRouter
> > > > >
> > > > > Santhosh
> > > > > 
> > > > > From: Indra Pramana [in...@sg.or.id]
> > > > > Sent: Monday, July 21, 2014 10:37 AM
> > > > > To: users@cloudstack.apache.org
> > > > > Subject: Re: DNS service on VR not responding
> > > > >
> > > > > Hi Santhosh, Vihar,
> > > > >
> > > > > The network which this VR is responsible is a shared, not isolated
> > > > network.
> > > > > It seems there's no network offering being tagged to a shared
> > network?
> > > > How
> > > > > do I know if the DNS service is being chosen or not?
> > > > >
> > > > > Looking forward to your reply, thank you.
> > > > >
> > > > > Cheers.
> > > > >
> > > > >
> > > > >
> > > > > On Mon, Jul 21, 2014 at

Re: question about security group

2014-08-15 Thread clement mutz 
Hi,

I give you my different tests, the first problem I can't ping system vm 
(internal nic and external nic) since same network (since computing node for 
exemple).

I can ping a host from internal nic (10.254.50.0/24) since system vm.

IP address of computing node 10.254.50.45.
IP address of console proxy vm 10.254.50.209


On console proxy VM : 

root@v-2-VM:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric RefUse Iface
0.0.0.0 37.122.XXX.XX   0.0.0.0 UG0  00 eth2
8.8.8.8 10.254.50.254   255.255.255.255 UGH   0  00 eth1
10.254.50.0 0.0.0.0 255.255.255.0   U 0  00 eth1
37.122.XXX.XXX  0.0.0.0 255.255.255.XXX U 0  00 eth2
169.254.0.0 0.0.0.0 255.255.0.0 U 0  00 eth0

I can ping www.google.fr, my two gateway and host for test: 

root@v-2-VM:~# ping -c2 www.google.fr
PING www.google.fr (173.194.66.94): 48 data bytes
56 bytes from 173.194.66.94: icmp_seq=0 ttl=48 time=5.989 ms
56 bytes from 173.194.66.94: icmp_seq=1 ttl=48 time=5.959 ms
--- www.google.fr ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 5.959/5.974/5.989/0.000 ms

root@v-2-VM:~# ping -c2 10.254.50.254
PING 10.254.50.254 (10.254.50.254): 48 data bytes
56 bytes from 10.254.50.254: icmp_seq=0 ttl=64 time=0.250 ms
56 bytes from 10.254.50.254: icmp_seq=1 ttl=64 time=0.251 ms
--- 10.254.50.254 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.250/0.251/0.251/0.000 ms

root@v-2-VM:~# ping -c2 37.122.XXX.XXX
PING 37.122.XXX.XXX (37.122.XXX.XXX): 48 data bytes
56 bytes from 37.122.XXX.XXX: icmp_seq=0 ttl=64 time=0.284 ms
56 bytes from 37.122.XXX.XXX: icmp_seq=1 ttl=64 time=0.173 ms
--- 37.122.XXX.XXX ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.173/0.228/0.284/0.056 ms

root@v-2-VM:~# ping -c2 10.254.50.123
PING 10.254.50.123 (10.254.50.123): 48 data bytes
56 bytes from 10.254.50.123: icmp_seq=0 ttl=128 time=1.468 ms
56 bytes from 10.254.50.123: icmp_seq=1 ttl=128 time=0.345 ms
--- 10.254.50.123 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.345/0.906/1.468/0.562 ms

>From my computing node I can ping gateway but not system vm :

root@ubuntu:/# ping -c2 10.254.50.254
PING 10.254.50.254 (10.254.50.254) 56(84) bytes of data.
64 bytes from 10.254.50.254: icmp_req=1 ttl=64 time=1.14 ms
64 bytes from 10.254.50.254: icmp_req=2 ttl=64 time=0.238 ms

--- 10.254.50.254 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.238/0.691/1.145/0.454 ms

root@ubuntu:/# ping -c2 10.254.50.209
PING 10.254.50.209 (10.254.50.209) 56(84) bytes of data.

--- 10.254.50.209 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1000ms


There is a firewall hidden ? 






Hi Tejas,

> Thanks you for your reply. I already trying to configure the firewall Rules 
> (ex : http://i.imgur.com/oiGMMle.png).
> not access at my instances.

>> From the VM instance, are you able to ICMP ping the virtual router? If you 
>> cant,
>> then please check your network VLAN assignments and traffic label 
>> configurations

Yes very good point ! I can't ping the virtual router from the VM instance. 
So for validate my network I duplicate the network configuration creating by 
cloudstack on another xenserver (same environment, same switch ...) ;) . 
So on another xenserver I created two VM (with xencenter) and PING worked.
Picture with network configuration creating by cloudstack (see vl41) 
http://i.imgur.com/K8Bo3kK.png  .
Picture with network configuration creating by me on another xen pool 
http://i.imgur.com/ieYD5Oy.png

On Cloudstack my traffic label http://i.imgur.com/P7ZRbf7.png


> I haven't access system vm (console, secondary storage).

>> If you are not able to access the system VMs, then I would first
>> make sure my Zone network configuration and the hypervisor
>> network traffic types are configured correctly.

---
interfaces  | with isolation mode   | without isolation mode
administration  | Vl50  | Vl50
public  | NONE  | Vl60
guest   | Vl60  | Vl50
Storage | Vl20  | Vl20
---

Like you see It's traffic label configuration. With isolation mode cloudstack 
work without problem.
With isolation mode I declared My guest network (labbel Vl60) like public 
network (testing). And I can ping my Vms system console and storage and my 
instances by Public NIC.
I can ping the administration network too (not possible without isolation mode)

I make sure my zone network configu

Virtual router interfaces. Problem with public address

2014-08-15 Thread Vadim Kimlaychuk 
Hi all,

Have fresh install of CS4.4. Andvanced netwrok, KVM hypervisor. No 
problems with SSVM and Console proxy.
When I define VPC -- virtual router VM is registered and management 
console shows IP assigned to VM correctly. Ie.

Public IP Address:  10.65.9.102  (cloud is inside corporate net, so it is 
external IP)
Guest IP Address:  192.168.1.17
Link Local IP Address:   169.254.2.30

But when I log in ito VR and run ifconfig I see this picture:

eth0  Link encap:Ethernet  HWaddr 0e:00:a9:fe:02:1e
  inet addr:169.254.2.30  Bcast:169.254.255.255  Mask:255.255.0.0
……
eth2  Link encap:Ethernet  HWaddr 02:00:09:cb:00:02
  inet addr:192.168.1.17  Bcast:192.168.1.31  Mask:255.255.255.240
……
loLink encap:Local Loopback

eth1 interface is missing.

/var/log/messages on VR shows this:

Aug 15 08:49:29 r-17-VM cloud: vpc_ipassoc.sh:Waiting for interface ethnull to 
appear, 14 seconds
Aug 15 08:49:30 r-17-VM cloud: vpc_ipassoc.sh:Waiting for interface ethnull to 
appear, 15 seconds
Aug 15 08:49:31 r-17-VM cloud: vpc_ipassoc.sh:Waiting for interface ethnull to 
appear, 16 seconds
Aug 15 08:49:32 r-17-VM cloud: vpc_ipassoc.sh:interface ethnull never appeared
Aug 15 08:49:32 r-17-VM cloud: vpc_ipassoc.sh:Adding ip 10.65.9.102 on 
interface ethnull
Aug 15 08:49:32 r-17-VM cloud: vpc_ipassoc.sh:Add routing 10.65.9.102 on 
interface ethnull
Aug 15 08:49:32 r-17-VM cloud: vpc_privateGateway.sh:Added SourceNAT 
10.65.9.102 on interface ethnull
Aug 15 08:49:32 r-17-VM cloud: vpc_snat.sh:Added SourceNAT 10.65.9.102 on 
interface eth2

It is obviously „null“ somewhere where eth1 is defined. But I don’t 
know where to search??  Can you give me a hint?

Thank you,

Vadim Kimlaychuk

Re: Default Centos Template not downloaded

2014-08-15 Thread Ian Duffy 
Also see:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/SSVM,+templates,+Secondary+storage+troubleshooting


On 15 August 2014 06:43, ilya musayev  wrote:

> Does your system storage vm has internet access? What error do you get?
>
> To download default templates, you need internet access. You can also look
> into setting up proxy (if you have internet access through proxy).
>
> On 8/14/14, 8:32 PM, sandeep khandekar wrote:
>
>> Dear cloudstackers,
>> After installing cloudstack, Default centos didnt got downloaded from
>> internet what to do?
>> Thank you
>>
>
>

XenServer advanced network isolation

2014-08-15 Thread Erik Weber 
What is the current state of supported technologies and their maturity
besides vlan and security groups?

Anyone with experiences to share?

Erik

Stoping CloudStack Agent

2014-08-15 Thread Fedi Ben Ali 
Hello ,

When we add a host that contains virtual machines to CloudStack,there is an
agent that remove all those VM's.
Is there a solution that allow me disable that agent so i can add the host
without having this cloudstack agent removing all my vM's ??

Thanks.

Re: unable to migrate VMs to another host (job failed - Cloudstack 4.4 XenServer

2014-08-15 Thread motty cruz 
I was able to migrate Windows Server 2012 from one host to another, however
I get the following error:
Status 
Job failed due to exception Unable to migrate due to Catch Exception
java.util.concurrent.TimeoutException: Migration failed due to
java.util.concurrent.TimeoutException: No event for task
OpaqueRef:531c1fd5-6f0e-8088-7dd0-2a5ccab94cf0



On Thu, Aug 14, 2014 at 9:28 AM, motty cruz  wrote:

> I installed FreeBSD 10 64bit under "OS  Type=Other" seem to be missing pv
> drivers, if I try to install with "OS Type=other PV" or FreeBSD 64bit I get
> an error message. any ideas how to work around this error?
>
>
> Status 
> Job failed due to exception Unable to migrate due to Catch Exception
> com.cloud.utils.exception.CloudRuntimeException: Migration failed due to
> com.cloud.utils.exception.CloudRuntimeException: Unable to migrate
> VM(i-2-7-VM) from host(216ce2ab-b61e-4c94-9173-916b8f42cd82) due to Task
> failed! Task record: uuid: 3a876b01-e275-12c4-66ae-f745feb5b3d3 nameLabel:
> Async.VM.pool_migrate nameDescription: allowedOperations: []
> currentOperations: {} created: Thu Aug 14 09:25:46 PDT 2014 finished: Thu
> Aug 14 09:25:46 PDT 2014 status: failure residentOn:
> com.xensource.xenapi.Host@65ce8c2b progress: 1.0 type:  result:
> errorInfo: [VM_MISSING_PV_DRIVERS,
> OpaqueRef:fc04b547-4638-c2d5-55cb-e16c88ce649f] otherConfig: {} subtaskOf:
> com.xensource.xenapi.Task@aaf13f6f subtasks: []
>

Problem with secondary storage and start VM

2014-08-15 Thread Pere Casas Puig 
Hello,
We are new in Cloudstack, we want to deploy a medium cloud, and now we
testing cloudstack in LAB.

This is our scenario:
192.168.150.99 => storage server ( CENTOS65 +NFS )
192.168.150.100=> cloudstack-management ( CENTOS65 )
192.168.150.101=> KVM host ( CENTOS65 )

192.168.150.99:
[root@storage ~]# cat /etc/exports
/exports/  *(rw,async,no_root_squash,no_subtree_check)
/exports/primary/  *(rw,async,no_root_squash,no_subtree_check)
/exports/secondary/  *(rw,async,no_root_squash,no_subtree_check)


The problem is I can not use the secondary storage.
In the UI no show any error but is not possible to download ISOs and
TEMPLATES.
Is not possible to start the virtual machine( Secondary Storage VM
 && Console Proxy VM )

In terminal, i test to mount manually de secondary storage. It's posible:
---
mount -v -t nfs 192.168.150.99:/exports/secondary /mnt
mount.nfs: timeout set for Fri Aug 15 17:10:00 2014
mount.nfs: trying text-based options
'noac,actimeo=0,vers=4,addr=192.168.150.99,clientaddr=192.168.150.101'
192.168.150.99:/exports/secondary on /mnt type nfs (rw,noac,actimeo=0)
---

I research in log ( /var/log/cloudstack/management/management-server.log )
but i don't find anything important.


Any idea for this problem?

Thanks !!

Best regards,


---
Pere Casas Puig

Re: Problem with secondary storage and start VM

2014-08-15 Thread Erik Weber 
Has your ssvm started? Can you see its console? Check /var/log/cloud.log on
it

Erik
15. aug. 2014 17:16 skrev "Pere Casas Puig" 
følgende:

> Hello,
> We are new in Cloudstack, we want to deploy a medium cloud, and now we
> testing cloudstack in LAB.
>
> This is our scenario:
> 192.168.150.99 => storage server ( CENTOS65 +NFS )
> 192.168.150.100=> cloudstack-management ( CENTOS65 )
> 192.168.150.101=> KVM host ( CENTOS65 )
>
> 192.168.150.99:
> [root@storage ~]# cat /etc/exports
> /exports/  *(rw,async,no_root_squash,no_subtree_check)
> /exports/primary/  *(rw,async,no_root_squash,no_subtree_check)
> /exports/secondary/  *(rw,async,no_root_squash,no_subtree_check)
>
>
> The problem is I can not use the secondary storage.
> In the UI no show any error but is not possible to download ISOs and
> TEMPLATES.
> Is not possible to start the virtual machine( Secondary Storage VM
>  && Console Proxy VM )
>
> In terminal, i test to mount manually de secondary storage. It's posible:
> ---
> mount -v -t nfs 192.168.150.99:/exports/secondary /mnt
> mount.nfs: timeout set for Fri Aug 15 17:10:00 2014
> mount.nfs: trying text-based options
> 'noac,actimeo=0,vers=4,addr=192.168.150.99,clientaddr=192.168.150.101'
> 192.168.150.99:/exports/secondary on /mnt type nfs (rw,noac,actimeo=0)
> ---
>
> I research in log ( /var/log/cloudstack/management/management-server.log )
> but i don't find anything important.
>
>
> Any idea for this problem?
>
> Thanks !!
>
> Best regards,
>
>
> ---
> Pere Casas Puig
>

Re: Problem with secondary storage and start VM

2014-08-15 Thread Pere Casas Puig 
Hi,
My ssvm not started. I think this is the problem, but i don't find the
problem :(

Now SSVM state is "starting" but never start.

i don't find logs in /var/log/cloud.log but I paste management logs:
http://pastebin.com/j0JuCjdG


2014-08-15 17:19 GMT+02:00 Erik Weber :

> Has your ssvm started? Can you see its console? Check /var/log/cloud.log on
> it
>
> Erik
> 15. aug. 2014 17:16 skrev "Pere Casas Puig" 
> følgende:
>
> > Hello,
> > We are new in Cloudstack, we want to deploy a medium cloud, and now we
> > testing cloudstack in LAB.
> >
> > This is our scenario:
> > 192.168.150.99 => storage server ( CENTOS65 +NFS )
> > 192.168.150.100=> cloudstack-management ( CENTOS65 )
> > 192.168.150.101=> KVM host ( CENTOS65 )
> >
> > 192.168.150.99:
> > [root@storage ~]# cat /etc/exports
> > /exports/  *(rw,async,no_root_squash,no_subtree_check)
> > /exports/primary/  *(rw,async,no_root_squash,no_subtree_check)
> > /exports/secondary/  *(rw,async,no_root_squash,no_subtree_check)
> >
> >
> > The problem is I can not use the secondary storage.
> > In the UI no show any error but is not possible to download ISOs and
> > TEMPLATES.
> > Is not possible to start the virtual machine( Secondary Storage VM
> >  && Console Proxy VM )
> >
> > In terminal, i test to mount manually de secondary storage. It's posible:
> > ---
> > mount -v -t nfs 192.168.150.99:/exports/secondary /mnt
> > mount.nfs: timeout set for Fri Aug 15 17:10:00 2014
> > mount.nfs: trying text-based options
> > 'noac,actimeo=0,vers=4,addr=192.168.150.99,clientaddr=192.168.150.101'
> > 192.168.150.99:/exports/secondary on /mnt type nfs (rw,noac,actimeo=0)
> > ---
> >
> > I research in log ( /var/log/cloudstack/management/management-server.log
> )
> > but i don't find anything important.
> >
> >
> > Any idea for this problem?
> >
> > Thanks !!
> >
> > Best regards,
> >
> >
> > ---
> > Pere Casas Puig
> >
>



-- 
---
Pere Casas Puig

Re: question about security group

2014-08-15 Thread clement mutz 

Hi,


> What's wrong with my configuration ? I forgot something ?

>> Start by running tcpdump along the network path and try to isolate
>> the faulty network configuration.

Ok i running tcpdump on console proxy and i can see packets.


With the following command on console proxy : tcpdump -vv -i eth1

Quote
16:05:14.378905 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 
10.254.50.209 tell 10.254.50.45, length 46
16:05:15.377608 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 
10.254.50.209 tell 10.254.50.45, length 46
16:05:16.377600 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 
10.254.50.209 tell 10.254.50.45, length 46
16:05:17.395947 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 
10.254.50.209 tell 10.254.50.45, length 46
16:05:18.393719 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 
10.254.50.209 tell 10.254.50.45, length 46
16:05:18.828127 IP (tos 0x0, ttl 64, id 30676, offset 0, flags [DF], proto TCP 
(6), length 56)
10.254.50.201.58036 > 10.254.50.45.8250: Flags [P.], cksum 0x7b1c 
(incorrect -> 0xdd06), seq 3973496:3973500, ack 1507845368, win 2641, options 
[nop,nop,TS val 826858 ecr 954898], length 4
 seq 3973496:3973500, ack 1507845368, win 
eq 1:5, ack 217, win 331, options [nop,nop,TS val 956151 ecr 826868], length 4
16:05:18.883024 IP (tos 0x0, ttl 64, id 30678, offset 0, flags [DF], proto TCP 
(6), length 52)


I see paquets come on my console proxy

I didn't touch iptables rules


iptables -L on console proxy : 

Chain INPUT (policy DROP)
target prot opt source   destination 
ACCEPT all  --  anywhere anywhere
ACCEPT all  --  anywhere anywhere state 
RELATED,ESTABLISHED
ACCEPT all  --  anywhere anywhere state 
RELATED,ESTABLISHED
ACCEPT all  --  anywhere anywhere state 
RELATED,ESTABLISHED
DROP   icmp --  anywhere anywhere icmp 
timestamp-request
ACCEPT icmp --  anywhere anywhere
ACCEPT tcp  --  anywhere anywhere state NEW tcp 
dpt:3922
ACCEPT tcp  --  anywhere anywhere state NEW tcp 
dpt:8001
ACCEPT tcp  --  anywhere anywhere state NEW tcp 
dpt:8001
ACCEPT tcp  --  anywhere anywhere state NEW tcp 
dpt:https
ACCEPT tcp  --  anywhere anywhere state NEW tcp 
dpt:http

Chain FORWARD (policy DROP)
target prot opt source   destination 

Chain OUTPUT (policy ACCEPT)
target prot opt source   destination  


Thanks for your reply.

Clément

---



Hi,

I give you my different tests, the first problem I can't ping system vm 
(internal nic and external nic) since same network (since computing node for 
exemple).

I can ping a host from internal nic (10.254.50.0/24) since system vm.

IP address of computing node 10.254.50.45.
IP address of console proxy vm 10.254.50.209


On console proxy VM : 

root@v-2-VM:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric RefUse Iface
0.0.0.0 37.122.XXX.XX   0.0.0.0 UG0  00 eth2
8.8.8.8 10.254.50.254   255.255.255.255 UGH   0  00 eth1
10.254.50.0 0.0.0.0 255.255.255.0   U 0  00 eth1
37.122.XXX.XXX  0.0.0.0 255.255.255.XXX U 0  00 eth2
169.254.0.0 0.0.0.0 255.255.0.0 U 0  00 eth0

I can ping www.google.fr, my two gateway and host for test: 

root@v-2-VM:~# ping -c2 www.google.fr
PING www.google.fr (173.194.66.94): 48 data bytes
56 bytes from 173.194.66.94: icmp_seq=0 ttl=48 time=5.989 ms
56 bytes from 173.194.66.94: icmp_seq=1 ttl=48 time=5.959 ms
--- www.google.fr ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 5.959/5.974/5.989/0.000 ms

root@v-2-VM:~# ping -c2 10.254.50.254
PING 10.254.50.254 (10.254.50.254): 48 data bytes
56 bytes from 10.254.50.254: icmp_seq=0 ttl=64 time=0.250 ms
56 bytes from 10.254.50.254: icmp_seq=1 ttl=64 time=0.251 ms
--- 10.254.50.254 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.250/0.251/0.251/0.000 ms

root@v-2-VM:~# ping -c2 37.122.XXX.XXX
PING 37.122.XXX.XXX (37.122.XXX.XXX): 48 data bytes
56 bytes from 37.122.XXX.XXX: icmp_seq=0 ttl=64 time=0.284 ms
56 bytes from 37.122.XXX.XXX: icmp_seq=1 ttl=64 time=0.173 ms
--- 37.122.XXX.XXX ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.173/0.228/0.284/0.056 ms

root@v-2-VM:~# ping -c2 10.254.50.123
PING 10.254.50.123 (10.254.50.123): 48 data bytes
56 bytes from 10.254.50.123: icmp_seq=0 ttl=128 time=1.468 ms
56 bytes from 10.254.50.123: icmp_seq=1 ttl=128 time=0.345 ms
--- 10.254

Re: question about security group

2014-08-15 Thread Erik Weber 
Get the verbose iptables output.

iptables -Lnv
15. aug. 2014 18:24 skrev "clement mutz"  følgende:

>
> Hi,
>
>
> > What's wrong with my configuration ? I forgot something ?
>
> >> Start by running tcpdump along the network path and try to isolate
> >> the faulty network configuration.
>
> Ok i running tcpdump on console proxy and i can see packets.
>
>
> With the following command on console proxy : tcpdump -vv -i eth1
>
> Quote
> 16:05:14.378905 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has
> 10.254.50.209 tell 10.254.50.45, length 46
> 16:05:15.377608 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has
> 10.254.50.209 tell 10.254.50.45, length 46
> 16:05:16.377600 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has
> 10.254.50.209 tell 10.254.50.45, length 46
> 16:05:17.395947 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has
> 10.254.50.209 tell 10.254.50.45, length 46
> 16:05:18.393719 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has
> 10.254.50.209 tell 10.254.50.45, length 46
> 16:05:18.828127 IP (tos 0x0, ttl 64, id 30676, offset 0, flags [DF], proto
> TCP (6), length 56)
> 10.254.50.201.58036 > 10.254.50.45.8250: Flags [P.], cksum 0x7b1c
> (incorrect -> 0xdd06), seq 3973496:3973500, ack 1507845368, win 2641,
> options [nop,nop,TS val 826858 ecr 954898], length 4
>  seq 3973496:3973500, ack 1507845368, win
> eq 1:5, ack 217, win 331, options [nop,nop,TS val 956151 ecr 826868],
> length 4
> 16:05:18.883024 IP (tos 0x0, ttl 64, id 30678, offset 0, flags [DF], proto
> TCP (6), length 52)
>
>
> I see paquets come on my console proxy
>
> I didn't touch iptables rules
>
>
> iptables -L on console proxy :
>
> Chain INPUT (policy DROP)
> target prot opt source   destination
> ACCEPT all  --  anywhere anywhere
> ACCEPT all  --  anywhere anywhere state
> RELATED,ESTABLISHED
> ACCEPT all  --  anywhere anywhere state
> RELATED,ESTABLISHED
> ACCEPT all  --  anywhere anywhere state
> RELATED,ESTABLISHED
> DROP   icmp --  anywhere anywhere icmp
> timestamp-request
> ACCEPT icmp --  anywhere anywhere
> ACCEPT tcp  --  anywhere anywhere state NEW
> tcp dpt:3922
> ACCEPT tcp  --  anywhere anywhere state NEW
> tcp dpt:8001
> ACCEPT tcp  --  anywhere anywhere state NEW
> tcp dpt:8001
> ACCEPT tcp  --  anywhere anywhere state NEW
> tcp dpt:https
> ACCEPT tcp  --  anywhere anywhere state NEW
> tcp dpt:http
>
> Chain FORWARD (policy DROP)
> target prot opt source   destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source   destination
>
>
> Thanks for your reply.
>
> Clément
>
> ---
>
>
>
> Hi,
>
> I give you my different tests, the first problem I can't ping system vm
> (internal nic and external nic) since same network (since computing node
> for exemple).
>
> I can ping a host from internal nic (10.254.50.0/24) since system vm.
>
> IP address of computing node 10.254.50.45.
> IP address of console proxy vm 10.254.50.209
>
>
> On console proxy VM :
>
> root@v-2-VM:~# route -n
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric RefUse
> Iface
> 0.0.0.0 37.122.XXX.XX   0.0.0.0 UG0  00
> eth2
> 8.8.8.8 10.254.50.254   255.255.255.255 UGH   0  00
> eth1
> 10.254.50.0 0.0.0.0 255.255.255.0   U 0  00
> eth1
> 37.122.XXX.XXX  0.0.0.0 255.255.255.XXX U 0  00
> eth2
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0  00
> eth0
>
> I can ping www.google.fr, my two gateway and host for test:
>
> root@v-2-VM:~# ping -c2 www.google.fr
> PING www.google.fr (173.194.66.94): 48 data bytes
> 56 bytes from 173.194.66.94: icmp_seq=0 ttl=48 time=5.989 ms
> 56 bytes from 173.194.66.94: icmp_seq=1 ttl=48 time=5.959 ms
> --- www.google.fr ping statistics ---
> 2 packets transmitted, 2 packets received, 0% packet loss
> round-trip min/avg/max/stddev = 5.959/5.974/5.989/0.000 ms
>
> root@v-2-VM:~# ping -c2 10.254.50.254
> PING 10.254.50.254 (10.254.50.254): 48 data bytes
> 56 bytes from 10.254.50.254: icmp_seq=0 ttl=64 time=0.250 ms
> 56 bytes from 10.254.50.254: icmp_seq=1 ttl=64 time=0.251 ms
> --- 10.254.50.254 ping statistics ---
> 2 packets transmitted, 2 packets received, 0% packet loss
> round-trip min/avg/max/stddev = 0.250/0.251/0.251/0.000 ms
>
> root@v-2-VM:~# ping -c2 37.122.XXX.XXX
> PING 37.122.XXX.XXX (37.122.XXX.XXX): 48 data bytes
> 56 bytes from 37.122.XXX.XXX: icmp_seq=0 ttl=64 time=0.284 ms
> 56 bytes from 37.122.XXX.XXX: icmp_seq=1 ttl=64 time=0.173 ms
> --- 37.122.XXX.XXX ping statistics ---
> 2 packets transmitted, 2 packets received, 0% packet loss
> round-trip

Re: question about security group

2014-08-15 Thread clement mutz 
Hi Skrev,


> Get the verbose iptables output.

> iptables -Lnv


root@v-2-VM:/var/www# iptables -vnL
Chain INPUT (policy DROP 77 packets, 25256 bytes)
 pkts bytes target prot opt in out source   destination 

0 0 ACCEPT all  --  lo *   0.0.0.0/00.0.0.0/0   

  988 75720 ACCEPT all  --  eth0   *   0.0.0.0/00.0.0.0/0   
 state RELATED,ESTABLISHED
 4242  411K ACCEPT all  --  eth1   *   0.0.0.0/00.0.0.0/0   
 state RELATED,ESTABLISHED
  327 25304 ACCEPT all  --  eth2   *   0.0.0.0/00.0.0.0/0   
 state RELATED,ESTABLISHED
0 0 DROP   icmp --  *  *   0.0.0.0/00.0.0.0/0   
 icmptype 13
0 0 ACCEPT icmp --  *  *   0.0.0.0/00.0.0.0/0   

   10   600 ACCEPT tcp  --  eth0   *   0.0.0.0/00.0.0.0/0   
 state NEW tcp dpt:3922
0 0 ACCEPT tcp  --  eth0   *   0.0.0.0/00.0.0.0/0   
 state NEW tcp dpt:8001
0 0 ACCEPT tcp  --  eth1   *   0.0.0.0/00.0.0.0/0   
 state NEW tcp dpt:8001
0 0 ACCEPT tcp  --  eth2   *   0.0.0.0/00.0.0.0/0   
 state NEW tcp dpt:443
0 0 ACCEPT tcp  --  eth2   *   0.0.0.0/00.0.0.0/0   
 state NEW tcp dpt:80

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target prot opt in out source   destination 


Chain OUTPUT (policy ACCEPT 5334 packets, 603K bytes)
 pkts bytes target prot opt in out source   destination 




Get the verbose iptables output.

iptables -Lnv
15. aug. 2014 18:24 skrev "clement mutz"  følgende:

>
> Hi,
>
>
> > What's wrong with my configuration ? I forgot something ?
>
> >> Start by running tcpdump along the network path and try to isolate
> >> the faulty network configuration.
>
> Ok i running tcpdump on console proxy and i can see packets.
>
>
> With the following command on console proxy : tcpdump -vv -i eth1
>
> Quote
> 16:05:14.378905 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has
> 10.254.50.209 tell 10.254.50.45, length 46
> 16:05:15.377608 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has
> 10.254.50.209 tell 10.254.50.45, length 46
> 16:05:16.377600 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has
> 10.254.50.209 tell 10.254.50.45, length 46
> 16:05:17.395947 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has
> 10.254.50.209 tell 10.254.50.45, length 46
> 16:05:18.393719 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has
> 10.254.50.209 tell 10.254.50.45, length 46
> 16:05:18.828127 IP (tos 0x0, ttl 64, id 30676, offset 0, flags [DF], proto
> TCP (6), length 56)
> 10.254.50.201.58036 > 10.254.50.45.8250: Flags [P.], cksum 0x7b1c
> (incorrect -> 0xdd06), seq 3973496:3973500, ack 1507845368, win 2641,
> options [nop,nop,TS val 826858 ecr 954898], length 4
>  seq 3973496:3973500, ack 1507845368, win
> eq 1:5, ack 217, win 331, options [nop,nop,TS val 956151 ecr 826868],
> length 4
> 16:05:18.883024 IP (tos 0x0, ttl 64, id 30678, offset 0, flags [DF], proto
> TCP (6), length 52)
>
>
> I see paquets come on my console proxy
>
> I didn't touch iptables rules
>
>
> iptables -L on console proxy :
>
> Chain INPUT (policy DROP)
> target prot opt source   destination
> ACCEPT all  --  anywhere anywhere
> ACCEPT all  --  anywhere anywhere state
> RELATED,ESTABLISHED
> ACCEPT all  --  anywhere anywhere state
> RELATED,ESTABLISHED
> ACCEPT all  --  anywhere anywhere state
> RELATED,ESTABLISHED
> DROP   icmp --  anywhere anywhere icmp
> timestamp-request
> ACCEPT icmp --  anywhere anywhere
> ACCEPT tcp  --  anywhere anywhere state NEW
> tcp dpt:3922
> ACCEPT tcp  --  anywhere anywhere state NEW
> tcp dpt:8001
> ACCEPT tcp  --  anywhere anywhere state NEW
> tcp dpt:8001
> ACCEPT tcp  --  anywhere anywhere state NEW
> tcp dpt:https
> ACCEPT tcp  --  anywhere anywhere state NEW
> tcp dpt:http
>
> Chain FORWARD (policy DROP)
> target prot opt source   destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source   destination
>
>
> Thanks for your reply.
>
> Clément
>
> ---
>
>
>
> Hi,
>
> I give you my different tests, the first problem I can't ping system vm
> (internal nic and external nic) since same network (since computing node
> for exemple).
>
> I can ping a host from internal nic (10.254.50.0/24) since system vm.
>
> IP address of computing node 10.254.50.45.
> IP address of console proxy vm 10.254.50.209
>
>
> On cons

intermittent packet loss after upgrading and restarting networks

2014-08-15 Thread Nick Burke 
I upgraded from 4.0 to 4.3.0 some time ago. I didn't restart anything and
it was all working great. However, I had to perform some maintenance and
had to restart everything. Now, I'm seeing packet loss on all virtuals,
even ones on the same host.

sudo ping -c 500  -f 172.20.1.1
PING 172.20.1.1 (172.20.1.1) 56(84) bytes of data.

--- 172.20.1.1 ping statistics ---
500 packets transmitted, 460 received, 8% packet loss, time 864ms
rtt min/avg/max/mdev = 0.069/0.218/1.290/0.139 ms, ipg/ewma 1.731/0.328 ms

No interface errors reported anywhere. The host itself isn't under load at
all. Doesn't matter if the instance uses e1000 or virtio for the drivers.
The only thing that I'm aware of that changed was that I had to reboot all
the physical servers.


Could be related, but I was hit with the

https://issues.apache.org/jira/browse/CLOUDSTACK-6464

bug. I did follow with Marcus' suggestion:


*"This is a shot in the dark, but there have been some issues around
upgrades that involve the cloud.vlan table expected contents changing. New
4.3 installs using vlan isolation don't seem to reproduce the issue. I'll
see if I can reproduce anything like this with basic and/or non-vlan
isolated upgrades/installs. Can anyone experiencing an issue look at their
database via something like "select * from cloud.vlan" and look at the
vlan_id. If you see something like "untagged" instead of "vlan://untagged",
please try changing it and see if that helps."*

-- 
Nick





*'What is a human being, then?' 'A seed' 'A... seed?' 'An acorn that is
unafraid to destroy itself in growing into a tree.' -David Zindell, A
Requiem for Homo Sapiens*

Re: Problem with secondary storage and start VM

2014-08-15 Thread Pere Casas Puig 
Finally I start SSVM.
The problem was in libvirt ( kvm host )
I only restart service and VM start to running ;)

Thanks you !!!


2014-08-15 18:08 GMT+02:00 Pere Casas Puig :

> Hi,
> My ssvm not started. I think this is the problem, but i don't find the
> problem :(
>
> Now SSVM state is "starting" but never start.
>
> i don't find logs in /var/log/cloud.log but I paste management logs:
> http://pastebin.com/j0JuCjdG
>
>
> 2014-08-15 17:19 GMT+02:00 Erik Weber :
>
> Has your ssvm started? Can you see its console? Check /var/log/cloud.log on
>> it
>>
>> Erik
>> 15. aug. 2014 17:16 skrev "Pere Casas Puig" 
>> følgende:
>>
>> > Hello,
>> > We are new in Cloudstack, we want to deploy a medium cloud, and now we
>> > testing cloudstack in LAB.
>> >
>> > This is our scenario:
>> > 192.168.150.99 => storage server ( CENTOS65 +NFS )
>> > 192.168.150.100=> cloudstack-management ( CENTOS65 )
>> > 192.168.150.101=> KVM host ( CENTOS65 )
>> >
>> > 192.168.150.99:
>> > [root@storage ~]# cat /etc/exports
>> > /exports/  *(rw,async,no_root_squash,no_subtree_check)
>> > /exports/primary/  *(rw,async,no_root_squash,no_subtree_check)
>> > /exports/secondary/  *(rw,async,no_root_squash,no_subtree_check)
>> >
>> >
>> > The problem is I can not use the secondary storage.
>> > In the UI no show any error but is not possible to download ISOs and
>> > TEMPLATES.
>> > Is not possible to start the virtual machine( Secondary Storage VM
>> >  && Console Proxy VM )
>> >
>> > In terminal, i test to mount manually de secondary storage. It's
>> posible:
>> > ---
>> > mount -v -t nfs 192.168.150.99:/exports/secondary /mnt
>> > mount.nfs: timeout set for Fri Aug 15 17:10:00 2014
>> > mount.nfs: trying text-based options
>> > 'noac,actimeo=0,vers=4,addr=192.168.150.99,clientaddr=192.168.150.101'
>> > 192.168.150.99:/exports/secondary on /mnt type nfs (rw,noac,actimeo=0)
>> > ---
>> >
>> > I research in log (
>> /var/log/cloudstack/management/management-server.log )
>> > but i don't find anything important.
>> >
>> >
>> > Any idea for this problem?
>> >
>> > Thanks !!
>> >
>> > Best regards,
>> >
>> >
>> > ---
>> > Pere Casas Puig
>> >
>>
>
>
>
> --
> ---
> Pere Casas Puig
>
>


-- 
---
Pere Casas Puig

Re: Stoping CloudStack Agent

2014-08-15 Thread Todd Pigram 
Not that I am aware. CloudStack is greenfield solution. Your hosts have to
be empty before adding. My suggestion is to export your VMs, put them on a
web server. Add your host, upload you VMs at a template and redeploy.


On Fri, Aug 15, 2014 at 5:08 AM, Fedi Ben Ali 
wrote:

> Hello ,
>
> When we add a host that contains virtual machines to CloudStack,there is an
> agent that remove all those VM's.
> Is there a solution that allow me disable that agent so i can add the host
> without having this cloudstack agent removing all my vM's ??
>
> Thanks.
>



-- 


Todd Pigram
http://about.me/ToddPigram
www.linkedin.com/in/toddpigram/
@pigram86 on twitter
https://plus.google.com/+ToddPigram86
Mobile - 216-224-5769

Password reset doesn't work, fail to acquire the lock passwdlock

2014-08-15 Thread Indra Pramana 
Dear all,

Good day to all of you.

I am using CloudStack 4.2.0 and KVM hypervisor.

Suddenly our password reset function doesn't work anymore. I logged in into
the virtual router and found these messages on /var/log/messages:

Aug 16 01:43:04 r-2606-VM cloud: Process /opt/cloud/bin/serve_password.sh
pid 3455 waiting for the lock passwdlock for another 1 second
Aug 16 01:43:05 r-2606-VM cloud: Process /opt/cloud/bin/serve_password.sh
pid 3455 waiting for the lock passwdlock for another 1 second
Aug 16 01:43:06 r-2606-VM cloud: Process /opt/cloud/bin/serve_password.sh
pid 3455 waiting for the lock passwdlock for another 1 second
Aug 16 01:43:07 r-2606-VM cloud: Process /opt/cloud/bin/serve_password.sh
pid 3455 waiting for the lock passwdlock for another 1 second
Aug 16 01:43:08 r-2606-VM cloud: Process /opt/cloud/bin/serve_password.sh
pid 3455 waiting for the lock passwdlock for another 1 second
Aug 16 01:43:09 r-2606-VM cloud: Process /opt/cloud/bin/serve_password.sh
pid 3455 waiting for the lock passwdlock for another 1 second
Aug 16 01:43:11 r-2606-VM cloud: Process /opt/cloud/bin/serve_password.sh
pid 3455 waiting for the lock passwdlock for another 1 second
Aug 16 01:43:11 r-2606-VM cloud: fail to acquire the lock passwdlock for
process /opt/cloud/bin/serve_password.sh pid 3455 after 30 seconds time out!
Aug 16 01:43:11 r-2606-VM cloud: waiting for process: USER PID %CPU %MEM
VSZ RSS TTY STAT START TIME COMMAND root 15310 0.0 0.8 4620 1088 ? S 19:53
0:00 /bin/bash /opt/cloud/bin/serve_password.sh X.X.X.X
Aug 16 01:43:11 r-2606-VM cloud: Failed job detail: USER   PID %CPU
%MEMVSZ   RSS TTY  STAT START   TIME COMMAND#012root  3455
0.0  0.8   4620  1084 ?S01:42   0:00 /bin/bash
/opt/cloud/bin/serve_password.sh X.X.X.Y

It seems that there's some locking issues causing the password reset
process to fail. I believe these are the related scripts on the VR related
to the issue:

/opt/cloud/bin/serve_password.sh
/root/func.sh

Anyone can help on how to reset the lock file and resolve the problem?

Looking forward to your reply, thank you.

Cheers.

Re: Password reset doesn't work, fail to acquire the lock passwdlock

2014-08-15 Thread Indra Pramana 
Dear all,

FYI, managed to fix the problem. Found the lock file which is located on
/tmp:

/tmp/1408046007947904422-15310-passwdlock.lock

I made a backup and removed the lock file, and the password reset function
is working now. Do let me know if I'm not doing it correctly. :)

Thank you.




On Sat, Aug 16, 2014 at 9:50 AM, Indra Pramana  wrote:

> Dear all,
>
> Good day to all of you.
>
> I am using CloudStack 4.2.0 and KVM hypervisor.
>
> Suddenly our password reset function doesn't work anymore. I logged in
> into the virtual router and found these messages on /var/log/messages:
>
> Aug 16 01:43:04 r-2606-VM cloud: Process /opt/cloud/bin/serve_password.sh
> pid 3455 waiting for the lock passwdlock for another 1 second
> Aug 16 01:43:05 r-2606-VM cloud: Process /opt/cloud/bin/serve_password.sh
> pid 3455 waiting for the lock passwdlock for another 1 second
> Aug 16 01:43:06 r-2606-VM cloud: Process /opt/cloud/bin/serve_password.sh
> pid 3455 waiting for the lock passwdlock for another 1 second
> Aug 16 01:43:07 r-2606-VM cloud: Process /opt/cloud/bin/serve_password.sh
> pid 3455 waiting for the lock passwdlock for another 1 second
> Aug 16 01:43:08 r-2606-VM cloud: Process /opt/cloud/bin/serve_password.sh
> pid 3455 waiting for the lock passwdlock for another 1 second
> Aug 16 01:43:09 r-2606-VM cloud: Process /opt/cloud/bin/serve_password.sh
> pid 3455 waiting for the lock passwdlock for another 1 second
> Aug 16 01:43:11 r-2606-VM cloud: Process /opt/cloud/bin/serve_password.sh
> pid 3455 waiting for the lock passwdlock for another 1 second
> Aug 16 01:43:11 r-2606-VM cloud: fail to acquire the lock passwdlock for
> process /opt/cloud/bin/serve_password.sh pid 3455 after 30 seconds time out!
> Aug 16 01:43:11 r-2606-VM cloud: waiting for process: USER PID %CPU %MEM
> VSZ RSS TTY STAT START TIME COMMAND root 15310 0.0 0.8 4620 1088 ? S 19:53
> 0:00 /bin/bash /opt/cloud/bin/serve_password.sh X.X.X.X
> Aug 16 01:43:11 r-2606-VM cloud: Failed job detail: USER   PID %CPU
> %MEMVSZ   RSS TTY  STAT START   TIME COMMAND#012root  3455
> 0.0  0.8   4620  1084 ?S01:42   0:00 /bin/bash
> /opt/cloud/bin/serve_password.sh X.X.X.Y
>
> It seems that there's some locking issues causing the password reset
> process to fail. I believe these are the related scripts on the VR related
> to the issue:
>
> /opt/cloud/bin/serve_password.sh
> /root/func.sh
>
> Anyone can help on how to reset the lock file and resolve the problem?
>
> Looking forward to your reply, thank you.
>
> Cheers.
>

Re: Default Centos Template not downloaded

2014-08-15 Thread sandeep khandekar 
Dear ilya,

yes system has internet access.

on agent log
2014-08-16 09:51:49,987 WARN  [kvm.resource.LibvirtComputingResource]
(agentRequest-Handler-5:null) Unsupported command

sometimes status changes to : Template download is already in progress or
already downloaded
cenots template - status and size field are empty

How  to know that centos template has been downloaded?

Thanks in advance


On Fri, Aug 15, 2014 at 4:56 PM, Ian Duffy  wrote:

> Also see:
>
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/SSVM,+templates,+Secondary+storage+troubleshooting
>
>
> On 15 August 2014 06:43, ilya musayev 
> wrote:
>
> > Does your system storage vm has internet access? What error do you get?
> >
> > To download default templates, you need internet access. You can also
> look
> > into setting up proxy (if you have internet access through proxy).
> >
> > On 8/14/14, 8:32 PM, sandeep khandekar wrote:
> >
> >> Dear cloudstackers,
> >> After installing cloudstack, Default centos didnt got downloaded from
> >> internet what to do?
> >> Thank you
> >>
> >
> >
>



-- 
SANDEEP KHANDEKAR
Assistant Professor
Department of Computer science and engineering
Sreenidhi Institute of science and Technology
Hyderabad

Re: Default Centos Template not downloaded

2014-08-15 Thread sandeep khandekar 
Dear Ian,

root@s-1-VM:~# /usr/local/cloud/systemvm/ssvm-check.sh

First DNS server is  10.4.21.4
PING 10.4.21.4 (10.4.21.4): 48 data bytes
56 bytes from 10.4.21.4: icmp_seq=0 ttl=127 time=1.851 ms
56 bytes from 10.4.21.4: icmp_seq=1 ttl=127 time=0.389 ms
--- 10.4.21.4 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.389/1.120/1.851/0.731 ms
Good: Can ping DNS server

Good: DNS resolves download.cloud.com

nfs is currently mounted
Mount point is /mnt/SecStorage/c22b0fcc-cc29-399e-9b71-f474fc0c2d1e
Good: Can write to mount point

Management server is 10.4.29.151. Checking connectivity.
Good: Can connect to management server port 8250

Good: Java process is running

Tests Complete. Look for ERROR or WARNING above.
root@s-1-VM:~#


mysql> select id,name,status from host;

++--++

| id | name | status |

++--++

|  1 | hypervisor.snist.org | Up |

|  2 | v-2-VM   | Up |

|  3 | s-1-VM   | Up |

++--++

3 rows in set (0.00 sec)



mysql> select * from template_host_ref;

Empty set (0.00 sec)

Ian I dont have any templates in these table?

Thank you.


On Sat, Aug 16, 2014 at 10:23 AM, sandeep khandekar <
cloudstack.sand...@gmail.com> wrote:

> Dear ilya,
>
> yes system has internet access.
>
> on agent log
> 2014-08-16 09:51:49,987 WARN  [kvm.resource.LibvirtComputingResource]
> (agentRequest-Handler-5:null) Unsupported command
>
> sometimes status changes to : Template download is already in progress or
> already downloaded
> cenots template - status and size field are empty
>
> How  to know that centos template has been downloaded?
>
> Thanks in advance
>
>
> On Fri, Aug 15, 2014 at 4:56 PM, Ian Duffy  wrote:
>
>> Also see:
>>
>> https://cwiki.apache.org/confluence/display/CLOUDSTACK/SSVM,+templates,+Secondary+storage+troubleshooting
>>
>>
>> On 15 August 2014 06:43, ilya musayev 
>> wrote:
>>
>> > Does your system storage vm has internet access? What error do you get?
>> >
>> > To download default templates, you need internet access. You can also
>> look
>> > into setting up proxy (if you have internet access through proxy).
>> >
>> > On 8/14/14, 8:32 PM, sandeep khandekar wrote:
>> >
>> >> Dear cloudstackers,
>> >> After installing cloudstack, Default centos didnt got downloaded from
>> >> internet what to do?
>> >> Thank you
>> >>
>> >
>> >
>>
>
>
>
> --
> SANDEEP KHANDEKAR
> Assistant Professor
> Department of Computer science and engineering
> Sreenidhi Institute of science and Technology
> Hyderabad
>



-- 
SANDEEP KHANDEKAR
Assistant Professor
Department of Computer science and engineering
Sreenidhi Institute of science and Technology
Hyderabad