Re: vm disappear after migration

[Ugo Vasi]

Hi Boris,
no errors or exceptions are logged on management or agent logs.

On 27/04/2017 15:28, Boris Stoyanov wrote:

HI Ugo,

Have you noticed any failures in the UI and/or exceptions in the management 
logs?

Thanks,
Boris Stoyanov


boris.stoya...@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue
   
  


On Apr 27, 2017, at 4:22 PM, Ugo Vasi  wrote:

Hi all,
we have an installation of cloudstack 4.5 on Ubuntu 16.04 with KVM as 
hypervisor.

We have one zone only and an advanced network configuration with some isolated 
networks.

Since a few days we have a problem while migrating some VMs from any hypervisor 
to any other one, but the problem does not affect all VMs.

Some VMs migrate from an host to another but disappear from the network. I can 
enter via proxy-console but it seems they are disconnected from the network, 
the router is not pingable in both directions (router to vm and vice versa). 
Other VMs and routers of the isolated network continue to work.
In some cases the VMs return visible if I migrate them back to the original 
host, in some other cases I have to stop and restart them.

Note that this problem has only appeared recently, we did not make changes to 
network topology, the same VMs that cause problems now didn't before.
Cloudstack doesn't log any problem...

Any ideas?

--

  U g o   V a s i
  P r o c n e  s.r.l>)
  via Cotonificio 45  33010 Tavagnacco IT
  phone: +390432486523 fax: +390432486523

Le informazioni contenute in questo messaggio sono riservate e
confidenziali ed è vietata la diffusione in qualunque modo eseguita.
Qualora Lei non fosse la persona a cui il presente messaggio è
destinato, La invitiamo ad eliminarlo e a non leggerlo, dandocene
gentilmente comunicazione.
Per qualsiasi informazione si prega di contattare supp...@procne.it .
Rif. D.L. 196/2003








--

  U g o   V a s i
  P r o c n e  s.r.l>)
  via Cotonificio 45  33010 Tavagnacco IT
  phone: +390432486523 fax: +390432486523

Le informazioni contenute in questo messaggio sono riservate e
confidenziali ed è vietata la diffusione in qualunque modo eseguita.
Qualora Lei non fosse la persona a cui il presente messaggio è
destinato, La invitiamo ad eliminarlo e a non leggerlo, dandocene
gentilmente comunicazione.
Per qualsiasi informazione si prega di contattare supp...@procne.it .
Rif. D.L. 196/2003

Re: vm disappear after migration

[Simon Weller]

Also, log onto your hypervisor hosts and run "virsh list" and see if you can 
find the actual VM. Are you running VRs in redundant mode?


From: Boris Stoyanov 
Sent: Thursday, April 27, 2017 8:28 AM
To: users
Subject: Re: vm disappear after migration

HI Ugo,

Have you noticed any failures in the UI and/or exceptions in the management 
logs?

Thanks,
Boris Stoyanov


boris.stoya...@shapeblue.com
www.shapeblue.com
Shapeblue - The CloudStack Company
www.shapeblue.com
Background Cloudstack relies on a fixed download site when it fetches the 
built-in guest VM templates. That download site has historically



53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue



> On Apr 27, 2017, at 4:22 PM, Ugo Vasi  wrote:
>
> Hi all,
> we have an installation of cloudstack 4.5 on Ubuntu 16.04 with KVM as 
> hypervisor.
>
> We have one zone only and an advanced network configuration with some 
> isolated networks.
>
> Since a few days we have a problem while migrating some VMs from any 
> hypervisor to any other one, but the problem does not affect all VMs.
>
> Some VMs migrate from an host to another but disappear from the network. I 
> can enter via proxy-console but it seems they are disconnected from the 
> network, the router is not pingable in both directions (router to vm and vice 
> versa). Other VMs and routers of the isolated network continue to work.
> In some cases the VMs return visible if I migrate them back to the original 
> host, in some other cases I have to stop and restart them.
>
> Note that this problem has only appeared recently, we did not make changes to 
> network topology, the same VMs that cause problems now didn't before.
> Cloudstack doesn't log any problem...
>
> Any ideas?
>
> --
>
>  U g o   V a s i
>  P r o c n e  s.r.l>)
>  via Cotonificio 45  33010 Tavagnacco IT
>  phone: +390432486523 fax: +390432486523
>
> Le informazioni contenute in questo messaggio sono riservate e
> confidenziali ed è vietata la diffusione in qualunque modo eseguita.
> Qualora Lei non fosse la persona a cui il presente messaggio è
> destinato, La invitiamo ad eliminarlo e a non leggerlo, dandocene
> gentilmente comunicazione.
> Per qualsiasi informazione si prega di contattare supp...@procne.it .
> Rif. D.L. 196/2003
>

Re: vm disappear after migration

[Boris Stoyanov]

HI Ugo, 

Have you noticed any failures in the UI and/or exceptions in the management 
logs? 

Thanks,
Boris Stoyanov 


boris.stoya...@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue
  
 

> On Apr 27, 2017, at 4:22 PM, Ugo Vasi  wrote:
> 
> Hi all,
> we have an installation of cloudstack 4.5 on Ubuntu 16.04 with KVM as 
> hypervisor.
> 
> We have one zone only and an advanced network configuration with some 
> isolated networks.
> 
> Since a few days we have a problem while migrating some VMs from any 
> hypervisor to any other one, but the problem does not affect all VMs.
> 
> Some VMs migrate from an host to another but disappear from the network. I 
> can enter via proxy-console but it seems they are disconnected from the 
> network, the router is not pingable in both directions (router to vm and vice 
> versa). Other VMs and routers of the isolated network continue to work.
> In some cases the VMs return visible if I migrate them back to the original 
> host, in some other cases I have to stop and restart them.
> 
> Note that this problem has only appeared recently, we did not make changes to 
> network topology, the same VMs that cause problems now didn't before.
> Cloudstack doesn't log any problem...
> 
> Any ideas?
> 
> -- 
> 
>  U g o   V a s i
>  P r o c n e  s.r.l>)
>  via Cotonificio 45  33010 Tavagnacco IT
>  phone: +390432486523 fax: +390432486523
> 
> Le informazioni contenute in questo messaggio sono riservate e
> confidenziali ed è vietata la diffusione in qualunque modo eseguita.
> Qualora Lei non fosse la persona a cui il presente messaggio è
> destinato, La invitiamo ad eliminarlo e a non leggerlo, dandocene
> gentilmente comunicazione.
> Per qualsiasi informazione si prega di contattare supp...@procne.it .
> Rif. D.L. 196/2003
> 

vm disappear after migration

[Ugo Vasi]

Hi all,
we have an installation of cloudstack 4.5 on Ubuntu 16.04 with KVM as 
hypervisor.


We have one zone only and an advanced network configuration with some 
isolated networks.


Since a few days we have a problem while migrating some VMs from any 
hypervisor to any other one, but the problem does not affect all VMs.


Some VMs migrate from an host to another but disappear from the network. 
I can enter via proxy-console but it seems they are disconnected from 
the network, the router is not pingable in both directions (router to vm 
and vice versa). Other VMs and routers of the isolated network continue 
to work.
In some cases the VMs return visible if I migrate them back to the 
original host, in some other cases I have to stop and restart them.


Note that this problem has only appeared recently, we did not make 
changes to network topology, the same VMs that cause problems now didn't 
before.

Cloudstack doesn't log any problem...

Any ideas?

--

  U g o   V a s i
  P r o c n e  s.r.l>)
  via Cotonificio 45  33010 Tavagnacco IT
  phone: +390432486523 fax: +390432486523

Le informazioni contenute in questo messaggio sono riservate e
confidenziali ed è vietata la diffusione in qualunque modo eseguita.
Qualora Lei non fosse la persona a cui il presente messaggio è
destinato, La invitiamo ad eliminarlo e a non leggerlo, dandocene
gentilmente comunicazione.
Per qualsiasi informazione si prega di contattare supp...@procne.it .
Rif. D.L. 196/2003

Re: Vpc increase resources

[Dag Sonstebo]

Hi Gian Paolo,

As a general rule of thumb you can not edit service offerings in CloudStack. 
There are unsupported workarounds if you start looking in the CloudStack DB 
(service offering table) but in the case of the VPC this is probably not 
something you want to do since both isolated networks and VPC networks use the 
same service offerings by default.

So – the correct way of doing this is to create new service offerings. For 
networks the relationship is Network/VPC > Network offering > System offering, 
i.e. the CPU / RAM spec you get is only indirectly linked to your network. 

So, to increase the CPU/RAM for your VPC network you need to:

1) Create a new VPC virtual router system offering with your upgraded CPU / RAM 
levels.
2) Copy all settings from your current VPC default offering.
3) Create a new VPC network offering, but pointing this to the new VPC VR 
system offering you created in step 1.
4) In your VPC tier use the edit function to assign your newly created VPC 
offering.

As always – give this a test in a non production environment before relying on 
it in production.

Regards,
Dag Sonstebo
Cloud Architect
ShapeBlue

On 27/04/2017, 06:28, "Gian Paolo Buono"  wrote:

Hi all,
Can i increase, obvious reboot, the resource (cpu/ram) of a online vpc ?

Thanks
GPB




dag.sonst...@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue
  
 

Re: Shibboleth and CloudStack

[Fabrice Pollet]

I tried your solution to save the IdP metadata in file
/etc/cloudstack/management/idp-metadata.xml and I found my IdP in the
selection proposed by CloudStack. In any case it shows me the
possibility of adding other IdP and that is very good.

However, I come back to the same situation. My Cloud refers to the
native authentication of my IdP instead of the SSO-CAS.

I specify that my IdP has been working since 2015 with the Federation
RENATER and that its external services are well redirected to our SSO-CAS.

Maybe a REMOTE_USER environment variable problem between the SP and the IdP?


Le 27/04/2017 09:10, Fabrice Pollet a écrit :
> Hello,
>
> The IdP metadata can also be read at this public URL
> https://idp.etrs.terre.defense.gouv.fr/idp/shibboleth.
>
> The SP metadata is not public at the moment (see attached).
>
> For me the redirection should be done towards
> https://idp.etrs.terre.defense.gouv.fr/idp/Authn/RemoteUser (SSO-CAS)
> instead of https://idp.etrs.terre.defense.gouv.fr/idp/Authn/UserPassword.
>
> My IdP server has the SP metadata (the "backingFile" is filled
> automatically).
>
> I will try your workaround.
>
> I would like to inform you and thank you in advance.
>
> Regards,
>
> Le 26/04/2017 17:29, Rohit Yadav a écrit :
>>
>> Hi Fabrice,
>>
>>
>> I could not open the URLs (they are not public) so cannot verify the
>> XML metadata.
>>
>>
>> The IdP
>> metadata http://idp.etrs.terre.defense.gouv.fr:8080/idp/shibboleth will
>> include list of supported IDP server endpoints that support
>> http-redirect (binding is set
>> to urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect) based
>> single-sign on. The current SAML2 plugin only supports and works with
>> the Http-Redirect binding only.
>>
>>
>> If you can share the xml with me, I can verify the SSO URL. Likely,
>> the
>> URL https://idp.etrs.terre.defense.gouv.fr/idp/Authn/UserPassword must be
>> one of the allowed SSO http-redirect based endpoints.
>>
>>
>> You may try this workaround -- assuming your IdP server has the SP
>> metadata (i.e. the xml that you get
>> from 
>> "http://cloud.etrs.terre.defense.gouv.fr:8080/client/api?command=getSPMetadata";)
>> added/enabled; you can download and save the IdP metadata (make any
>> URL modification that you want) to be file such as 'idp-metadata.xml'
>> in /etc/cloudstack/management on the management server(s) and then in
>> the global setting set the 'saml2.idp.metadata.url' to the value
>>  'idp-metadata.xml' (without the quotes). Then, restart the mgmt
>> server(s), it will read the metadata from this file location instead
>> of the URL.
>>
>>
>> The SAML2 plugin also allows for multiple idps defined (for example,
>> in case of a federation it will retrieve and list all the available
>> SSO site, for example search for CAFe saml federation).
>>
>>
>> Regards.
>>
>> 
>> *From:* Fabrice Pollet 
>> *Sent:* 26 April 2017 17:31:46
>> *To:* users@cloudstack.apache.org
>> *Subject:* Shibboleth and CloudStack
>>  
>> Hello,
>>
>> I'm trying to configure SAML2 SSO support to connect CloudStack 4.9.2.0
>> as a service provider (SP) to our own identity provider Shibboleth 2.4.4
>> (IdP - Authentication Service and Authorization based on XML).
>>
>> I have completed the following CloudStack SAML2 settings:
>>
>> saml2.append.idpdomain = false
>>
>> saml2.default.idpid = néant
>>
>> saml2.enabled = true
>>
>> saml2.idp.metadata.url =
>> http://idp.etrs.terre.defense.gouv.fr:8080/idp/shibboleth
>> 
>>
>> saml2.redirect.url = https://cloud.etrs.terre.defense.gouv.fr/client
>>
>> saml2.sigalg = SHA256
>>
>> saml2.sp.id = cloud.etrs.terre.defense.gouv.fr
>>
>> saml2.sp.slo.url =
>> https://cloud.etrs.terre.defense.gouv.fr/client/api?command=samlSlo
>> 
>>
>> saml2.sp.sso.url =
>> https://cloud.etrs.terre.defense.gouv.fr/client/api?command=samlSso
>>
>> saml2.user.attribute = uid
>>
>>
>> But the URL SSO-SAML2
>> https://cloud.etrs.terre.defense.gouv.fr/client/api?command=samlSso
>> returns me to the native authentication URL of our IdP
>> https://idp.etrs.terre.defense.gouv.fr/idp/Authn/UserPassword
>> instead of the SSO-CAS delegation URL
>> https://idp.etrs.terre.defense.gouv.fr/idp/Authn/RemoteUser.
>>
>>
>> The meta data of my SP are listed in my IdP (from the configuration file
>> relying-party.xml):
>>
>> 
>>
>> > xsi:type="metadata:FileBackedHTTPMetadataProvider"
>>
>> metadataURL="http://cloud.etrs.terre.defense.gouv.fr:8080/client/api?command=getSPMetadata";
>>
>> backingFile="/opt/shibboleth-idp/metadata/main-sps-etrs-cloudstack-metadata.xml">
>>
>> 
>>
>> Thank you for your help.
>>
>>
>> -- 
>> IEF MINDEF POLLET Fabrice
>>
>> TERRE/COMSIC/ETRS/DGF/BAF/ING-NEF/PFI-PEDA
>> COMSIC BP18 35998 RENNES 9 France
>>
>> 821 354 34 82 / 02 99 84 34 82
>> fabrice.pol...@etrs.fr (Internet)
>> fabrice-c.pol...@intra

Re: Shibboleth and CloudStack

[Fabrice Pollet]

Hello,

The IdP metadata can also be read at this public URL
https://idp.etrs.terre.defense.gouv.fr/idp/shibboleth.

The SP metadata is not public at the moment (see attached).

For me the redirection should be done towards
https://idp.etrs.terre.defense.gouv.fr/idp/Authn/RemoteUser (SSO-CAS)
instead of https://idp.etrs.terre.defense.gouv.fr/idp/Authn/UserPassword.

My IdP server has the SP metadata (the "backingFile" is filled
automatically).

I will try your workaround.

I would like to inform you and thank you in advance.

Regards,

Le 26/04/2017 17:29, Rohit Yadav a écrit :
>
> Hi Fabrice,
>
>
> I could not open the URLs (they are not public) so cannot verify the
> XML metadata.
>
>
> The IdP
> metadata http://idp.etrs.terre.defense.gouv.fr:8080/idp/shibboleth will 
> include
> list of supported IDP server endpoints that support http-redirect
> (binding is set to urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect)
> based single-sign on. The current SAML2 plugin only supports and works
> with the Http-Redirect binding only.
>
>
> If you can share the xml with me, I can verify the SSO URL. Likely,
> the
> URL https://idp.etrs.terre.defense.gouv.fr/idp/Authn/UserPassword must
> be one of the allowed SSO http-redirect based endpoints.
>
>
> You may try this workaround -- assuming your IdP server has the SP
> metadata (i.e. the xml that you get
> from 
> "http://cloud.etrs.terre.defense.gouv.fr:8080/client/api?command=getSPMetadata";)
> added/enabled; you can download and save the IdP metadata (make any
> URL modification that you want) to be file such as 'idp-metadata.xml'
> in /etc/cloudstack/management on the management server(s) and then in
> the global setting set the 'saml2.idp.metadata.url' to the value
>  'idp-metadata.xml' (without the quotes). Then, restart the mgmt
> server(s), it will read the metadata from this file location instead
> of the URL.
>
>
> The SAML2 plugin also allows for multiple idps defined (for example,
> in case of a federation it will retrieve and list all the available
> SSO site, for example search for CAFe saml federation).
>
>
> Regards.
>
> 
> *From:* Fabrice Pollet 
> *Sent:* 26 April 2017 17:31:46
> *To:* users@cloudstack.apache.org
> *Subject:* Shibboleth and CloudStack
>  
> Hello,
>
> I'm trying to configure SAML2 SSO support to connect CloudStack 4.9.2.0
> as a service provider (SP) to our own identity provider Shibboleth 2.4.4
> (IdP - Authentication Service and Authorization based on XML).
>
> I have completed the following CloudStack SAML2 settings:
>
> saml2.append.idpdomain = false
>
> saml2.default.idpid = néant
>
> saml2.enabled = true
>
> saml2.idp.metadata.url =
> http://idp.etrs.terre.defense.gouv.fr:8080/idp/shibboleth
> 
>
> saml2.redirect.url = https://cloud.etrs.terre.defense.gouv.fr/client
>
> saml2.sigalg = SHA256
>
> saml2.sp.id = cloud.etrs.terre.defense.gouv.fr
>
> saml2.sp.slo.url =
> https://cloud.etrs.terre.defense.gouv.fr/client/api?command=samlSlo
> 
>
> saml2.sp.sso.url =
> https://cloud.etrs.terre.defense.gouv.fr/client/api?command=samlSso
>
> saml2.user.attribute = uid
>
>
> But the URL SSO-SAML2
> https://cloud.etrs.terre.defense.gouv.fr/client/api?command=samlSso
> returns me to the native authentication URL of our IdP
> https://idp.etrs.terre.defense.gouv.fr/idp/Authn/UserPassword
> instead of the SSO-CAS delegation URL
> https://idp.etrs.terre.defense.gouv.fr/idp/Authn/RemoteUser.
>
>
> The meta data of my SP are listed in my IdP (from the configuration file
> relying-party.xml):
>
> 
>
>  xsi:type="metadata:FileBackedHTTPMetadataProvider"
>
> metadataURL="http://cloud.etrs.terre.defense.gouv.fr:8080/client/api?command=getSPMetadata";
>
> backingFile="/opt/shibboleth-idp/metadata/main-sps-etrs-cloudstack-metadata.xml">
>
> 
>
> Thank you for your help.
>
>
> -- 
> IEF MINDEF POLLET Fabrice
>
> TERRE/COMSIC/ETRS/DGF/BAF/ING-NEF/PFI-PEDA
> COMSIC BP18 35998 RENNES 9 France
>
> 821 354 34 82 / 02 99 84 34 82
> fabrice.pol...@etrs.fr (Internet)
> fabrice-c.pol...@intradef.gouv.fr (Intradef)
>
> rohit.ya...@shapeblue.com 
> www.shapeblue.com
> @shapeblue
>



http://www.w3.org/2000/09/xmldsig#";>


MIIErzCCApcCBgFbR6o7sTANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBBcGFjaGVDbG91ZFN0
YWNrMB4XDTE3MDQwNjA5MDYzMFoXDTIwMDQwNzA5MDYzMFowGzEZMBcGA1UEAxMQQXBhY2hlQ2xv
dWRTdGFjazCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALMN5Irps++bJ4S7SCATm3Ni
W+SYl75N/TbQXPHPrSWuZDRZOVVsgf6vCN/IAYsBUUD5Lej+aAhZra8SzI0RBtloIdx6xQHZTp3q
DbnvSW3pBIKb1m/KHpcvr6AFelUw82h13jYzp4QnPxragalY5g0do5UHeki+olHTgYu/TFiLAmrE
LxKFMOBKaZ+W4aYeootdCL1pXsFgRx/WXY2XS2e3wXxFXxRp9T35Mtuslz8eq8X5ipRyWiA+/1Q8
g3YjFengkP5w3xgSsTjF0HiBnP7g9OCu01M1M35vNxyoEvKgIT61Fm8VDuuxT9BWhKBKN5lZ1rSM
NCvsykdiSwXGo1NpKfG4iHeDUSZHsFIdwsthfK9Rs0VPCG+IcR93IYDGJOqX05tiI2WvN/T23W/T
kNPTDt8mZJh8HuiWAHij6OIb3DJxK2l2czxNq2OL