RE: Advanced Zone with Security Groups
Yes, it should probably be hidden in a security group based zone. Kind regards, Paul Angus paul.an...@shapeblue.com www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue -Original Message- From: S. Reddit Sent: 16 July 2018 14:33 To: users@cloudstack.apache.org Subject: Re: Advanced Zone with Security Groups Hi Paul, Yes, a VM should have access to a private network. Yes, one possibility would be to have a second, private network per customer, which is routable to the default public guest network. Thanks for the hint. What wouldn't work though is, when customers try to dualhome VMs, which CloudStack allows you to do with addnic API call or even GUI. Cheers, Adrian On Mon, Jul 16, 2018 at 1:04 PM Paul Angus wrote: > Hi Adrian, > > Is the requirement 'just' that a VM can access a private network? > Can you not make the private network routable from the network that > the VM is on? > Or apply a secondary IP and configure it manually for the private > network (VLANs permitting). > > > Kind regards, > > Paul Angus > > paul.an...@shapeblue.com > www.shapeblue.com > 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue > > > > > -Original Message- > From: S. Reddit > Sent: 16 July 2018 11:21 > To: users@cloudstack.apache.org > Subject: Re: Advanced Zone with Security Groups > > Thanks for your answer, Paul! > > VPC would be nice, but it's not working together with security groups, > correct me if I'm wrong... > > Regards, > Adrian > > On Fri, Jul 13, 2018 at 9:21 PM Paul Angus > wrote: > > > Hi Adrian, > > > > An advanced zone with security groups is similar to a basic network in > > that it doesn’t really have the concept of multiple networks for any > > given VM. The security groups themselves create pseudo networks. > > > > You can create either a shared network on the vlan that you want to > > access > > - where CloudStack allocates IPs and sets the gateway or an L2 network > > with a 3rd party DHCP in place. > > > > There is also the option of using the private gateway feature of VPCs. > > > > paul.an...@shapeblue.com > > www.shapeblue.com > > 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue > > > > > > > > > > -Original Message- > > From: S. Reddit > > Sent: 11 July 2018 08:37 > > To: users@cloudstack.apache.org > > Subject: Advanced Zone with Security Groups > > > > Hi Group > > > > I am testing with an advanced zone and security group enabled networks > > (KVM based). So far it works fine, but for the following features: > > > > - attach 2nd network to instance: > > => security group(s) do not get programmed on secondary vnetXY > interfaces, > > hence no communication over additional network is possible > > > > As the zone prevents me from adding a network without security group > > feature, it seems such a setup is not supported, correct? Does anyone > see a > > way to give instances access to a private network? Could L2-network from > > 4.11 be a solution? I am still running 4.9... > > > > Cheers, > > Adrian > > >
Secure Live KVM VM Migration with CloudStack 4.11.1
Hi all - if you're interested in the topic, Rohit has written a blog about it here: https://www.shapeblue.com/secure-live-kvm-vm-migration-with-cloudstack-4-11-1/ Best regards, steve.ro...@shapeblue.com www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
Re: Advanced Zone with Security Groups
Hi Paul, Yes, a VM should have access to a private network. Yes, one possibility would be to have a second, private network per customer, which is routable to the default public guest network. Thanks for the hint. What wouldn't work though is, when customers try to dualhome VMs, which CloudStack allows you to do with addnic API call or even GUI. Cheers, Adrian On Mon, Jul 16, 2018 at 1:04 PM Paul Angus wrote: > Hi Adrian, > > Is the requirement 'just' that a VM can access a private network? > Can you not make the private network routable from the network that the VM > is on? > Or apply a secondary IP and configure it manually for the private network > (VLANs permitting). > > > Kind regards, > > Paul Angus > > paul.an...@shapeblue.com > www.shapeblue.com > 53 Chandos Place, Covent Garden, London WC2N 4HSUK > @shapeblue > > > > > -Original Message- > From: S. Reddit > Sent: 16 July 2018 11:21 > To: users@cloudstack.apache.org > Subject: Re: Advanced Zone with Security Groups > > Thanks for your answer, Paul! > > VPC would be nice, but it's not working together with security groups, > correct me if I'm wrong... > > Regards, > Adrian > > On Fri, Jul 13, 2018 at 9:21 PM Paul Angus > wrote: > > > Hi Adrian, > > > > An advanced zone with security groups is similar to a basic network in > > that it doesn’t really have the concept of multiple networks for any > > given VM. The security groups themselves create pseudo networks. > > > > You can create either a shared network on the vlan that you want to > > access > > - where CloudStack allocates IPs and sets the gateway or an L2 network > > with a 3rd party DHCP in place. > > > > There is also the option of using the private gateway feature of VPCs. > > > > paul.an...@shapeblue.com > > www.shapeblue.com > > 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue > > > > > > > > > > -Original Message- > > From: S. Reddit > > Sent: 11 July 2018 08:37 > > To: users@cloudstack.apache.org > > Subject: Advanced Zone with Security Groups > > > > Hi Group > > > > I am testing with an advanced zone and security group enabled networks > > (KVM based). So far it works fine, but for the following features: > > > > - attach 2nd network to instance: > > => security group(s) do not get programmed on secondary vnetXY > interfaces, > > hence no communication over additional network is possible > > > > As the zone prevents me from adding a network without security group > > feature, it seems such a setup is not supported, correct? Does anyone > see a > > way to give instances access to a private network? Could L2-network from > > 4.11 be a solution? I am still running 4.9... > > > > Cheers, > > Adrian > > >
Re: Unable to upload volumes 4.11.0
HttpS links were not supported (at least up to 4.8 release - I have to
always use plain HTTP).
Cheers
On Mon, Jul 16, 2018, 12:43 Paul Angus wrote:
> Hi Adam,
> Have you tried this with 4.11.1?
>
>
> Kind regards,
>
> Paul Angus
>
> paul.an...@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> @shapeblue
>
>
>
>
> -Original Message-
> From: Adam Witwicki
> Sent: 16 July 2018 11:22
> To: users@cloudstack.apache.org
> Subject: RE: Unable to upload volumes 4.11.0
>
> Hi Paul
>
> That was accepted but returned this error, cert issue.
>
> Failed to upload volume: e6638e70-f346-4a98-aab7-91046e9fcfc7 with error:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
>
> Yet I am able to import as a template from the same source.?
> A confusing one
>
> Thanks
>
> Adam
>
> -Original Message-
> From: Paul Angus
> Sent: 16 July 2018 11:06
> To: users@cloudstack.apache.org
> Subject: RE: Unable to upload volumes 4.11.0
>
> ** This mail originated from OUTSIDE the Oakford corporate network. Treat
> hyperlinks and attachments in this email with caution. **
>
> Full disclosure - I used 4.11.1 but I uploaded a 'volume' from centos
> without a problem.
> Could you test the same link?
> https://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2
>
>
> Kind regards,
>
> Paul Angus
>
> paul.an...@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
>
>
>
>
> -Original Message-
> From: Adam Witwicki
> Sent: 16 July 2018 08:02
> To: users@cloudstack.apache.org
> Subject: RE: Unable to upload volumes 4.11.0
>
> Hi Paul,
>
> The SSVM can curl the file, and the template import (add) works without
> issue, it’s the volume import (add) that fails
>
> Thanks
>
> Adam
>
> -Original Message-
> From: Paul Angus
> Sent: 14 July 2018 07:36
> To: users@cloudstack.apache.org
> Subject: RE: Unable to upload volumes 4.11.0
>
> ** This mail originated from OUTSIDE the Oakford corporate network. Treat
> hyperlinks and attachments in this email with caution. **
>
> Hi Adam,
>
> That error is coming from:
>
> if (httpClient.executeMethod(httphead) != HttpStatus.SC_OK) {
> throw new IllegalArgumentException("Invalid URL: " +
> url);
>
> have you tried checking that you can reach the download from the
> management server and the SSVM?
>
> Also does the hostname resolve to an IP which is within the cloudstack
> management networks? If so you need to add the IP(s) to
> secstorage.allowed.internal.sites
>
>
>
>
> paul.an...@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
>
>
>
>
> -Original Message-
> From: Adam Witwicki
> Sent: 13 July 2018 09:21
> To: users@cloudstack.apache.org
> Subject: Unable to upload volumes 4.11.0
>
> Hello
>
> I cant seem to upload (add) a qcow2 volume via a URL, any ideas or other
> methods? we really need to import other systems disks.
>
> I get this in the logs
>
> 2018-07-13 09:08:18,435 DEBUG [c.c.s.VolumeApiServiceImpl]
> (API-Job-Executor-42:ctx-a1afd9f2 job-6668 ctx-7da8ec40) (logid:d97e88ec)
> Checking url:
> http://ingestion.xxx.com/Flowmon/Flowmon_Collector_Virtual_All_Plugins-disk-1.qcow2
> 2018-07-13
>
> 09:08:18,509 ERROR [c.c.a.ApiAsyncJobDispatcher]
> (API-Job-Executor-42:ctx-a1afd9f2 job-6668) (logid:d97e88ec) Unexpected
> exception while executing
> org.apache.cloudstack.api.command.user.volume.UploadVolumeCmd
> java.lang.IllegalArgumentException: Invalid URL:
> http://ingestion.xx.com/Flowmon/Flowmon_Collector_Virtual_All_Plugins-disk-1.qcow2
> at com.cloud.utils.UriUtils.checkUrlExistence(UriUtils.java:395)
> at
> com.cloud.storage.VolumeApiServiceImpl.validateVolume(VolumeApiServiceImpl.java:415)
> at
> com.cloud.storage.VolumeApiServiceImpl.uploadVolume(VolumeApiServiceImpl.java:296)
> at
> com.cloud.storage.VolumeApiServiceImpl.uploadVolume(VolumeApiServiceImpl.java:179)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:338)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:197)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
> at
>
RE: Advanced Zone with Security Groups
Hi Adrian, Is the requirement 'just' that a VM can access a private network? Can you not make the private network routable from the network that the VM is on? Or apply a secondary IP and configure it manually for the private network (VLANs permitting). Kind regards, Paul Angus paul.an...@shapeblue.com www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue -Original Message- From: S. Reddit Sent: 16 July 2018 11:21 To: users@cloudstack.apache.org Subject: Re: Advanced Zone with Security Groups Thanks for your answer, Paul! VPC would be nice, but it's not working together with security groups, correct me if I'm wrong... Regards, Adrian On Fri, Jul 13, 2018 at 9:21 PM Paul Angus wrote: > Hi Adrian, > > An advanced zone with security groups is similar to a basic network in > that it doesn’t really have the concept of multiple networks for any > given VM. The security groups themselves create pseudo networks. > > You can create either a shared network on the vlan that you want to > access > - where CloudStack allocates IPs and sets the gateway or an L2 network > with a 3rd party DHCP in place. > > There is also the option of using the private gateway feature of VPCs. > > paul.an...@shapeblue.com > www.shapeblue.com > 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue > > > > > -Original Message- > From: S. Reddit > Sent: 11 July 2018 08:37 > To: users@cloudstack.apache.org > Subject: Advanced Zone with Security Groups > > Hi Group > > I am testing with an advanced zone and security group enabled networks > (KVM based). So far it works fine, but for the following features: > > - attach 2nd network to instance: > => security group(s) do not get programmed on secondary vnetXY interfaces, > hence no communication over additional network is possible > > As the zone prevents me from adding a network without security group > feature, it seems such a setup is not supported, correct? Does anyone see a > way to give instances access to a private network? Could L2-network from > 4.11 be a solution? I am still running 4.9... > > Cheers, > Adrian >
RE: Unable to upload volumes 4.11.0
Hi Adam,
Have you tried this with 4.11.1?
Kind regards,
Paul Angus
paul.an...@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
-Original Message-
From: Adam Witwicki
Sent: 16 July 2018 11:22
To: users@cloudstack.apache.org
Subject: RE: Unable to upload volumes 4.11.0
Hi Paul
That was accepted but returned this error, cert issue.
Failed to upload volume: e6638e70-f346-4a98-aab7-91046e9fcfc7 with error:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
Yet I am able to import as a template from the same source.?
A confusing one
Thanks
Adam
-Original Message-
From: Paul Angus
Sent: 16 July 2018 11:06
To: users@cloudstack.apache.org
Subject: RE: Unable to upload volumes 4.11.0
** This mail originated from OUTSIDE the Oakford corporate network. Treat
hyperlinks and attachments in this email with caution. **
Full disclosure - I used 4.11.1 but I uploaded a 'volume' from centos without a
problem.
Could you test the same link?
https://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2
Kind regards,
Paul Angus
paul.an...@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
-Original Message-
From: Adam Witwicki
Sent: 16 July 2018 08:02
To: users@cloudstack.apache.org
Subject: RE: Unable to upload volumes 4.11.0
Hi Paul,
The SSVM can curl the file, and the template import (add) works without issue,
it’s the volume import (add) that fails
Thanks
Adam
-Original Message-
From: Paul Angus
Sent: 14 July 2018 07:36
To: users@cloudstack.apache.org
Subject: RE: Unable to upload volumes 4.11.0
** This mail originated from OUTSIDE the Oakford corporate network. Treat
hyperlinks and attachments in this email with caution. **
Hi Adam,
That error is coming from:
if (httpClient.executeMethod(httphead) != HttpStatus.SC_OK) {
throw new IllegalArgumentException("Invalid URL: " + url);
have you tried checking that you can reach the download from the management
server and the SSVM?
Also does the hostname resolve to an IP which is within the cloudstack
management networks? If so you need to add the IP(s) to
secstorage.allowed.internal.sites
paul.an...@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
-Original Message-
From: Adam Witwicki
Sent: 13 July 2018 09:21
To: users@cloudstack.apache.org
Subject: Unable to upload volumes 4.11.0
Hello
I cant seem to upload (add) a qcow2 volume via a URL, any ideas or other
methods? we really need to import other systems disks.
I get this in the logs
2018-07-13 09:08:18,435 DEBUG [c.c.s.VolumeApiServiceImpl]
(API-Job-Executor-42:ctx-a1afd9f2 job-6668 ctx-7da8ec40) (logid:d97e88ec)
Checking url:
http://ingestion.xxx.com/Flowmon/Flowmon_Collector_Virtual_All_Plugins-disk-1.qcow2
2018-07-13 09:08:18,509 ERROR [c.c.a.ApiAsyncJobDispatcher]
(API-Job-Executor-42:ctx-a1afd9f2 job-6668) (logid:d97e88ec) Unexpected
exception while executing
org.apache.cloudstack.api.command.user.volume.UploadVolumeCmd
java.lang.IllegalArgumentException: Invalid URL:
http://ingestion.xx.com/Flowmon/Flowmon_Collector_Virtual_All_Plugins-disk-1.qcow2
at com.cloud.utils.UriUtils.checkUrlExistence(UriUtils.java:395)
at
com.cloud.storage.VolumeApiServiceImpl.validateVolume(VolumeApiServiceImpl.java:415)
at
com.cloud.storage.VolumeApiServiceImpl.uploadVolume(VolumeApiServiceImpl.java:296)
at
com.cloud.storage.VolumeApiServiceImpl.uploadVolume(VolumeApiServiceImpl.java:179)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:338)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:197)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at
org.apache.cloudstack.network.contrail.management.EventUtils$EventInterceptor.invoke(EventUtils.java:107)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:174)
at
com.cloud.event.ActionEventInterceptor.invoke(ActionEventInterceptor.java:51)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:174)
at
RE: Unable to upload volumes 4.11.0
Hi Paul
That was accepted but returned this error, cert issue.
Failed to upload volume: e6638e70-f346-4a98-aab7-91046e9fcfc7 with error:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
Yet I am able to import as a template from the same source.?
A confusing one
Thanks
Adam
-Original Message-
From: Paul Angus
Sent: 16 July 2018 11:06
To: users@cloudstack.apache.org
Subject: RE: Unable to upload volumes 4.11.0
** This mail originated from OUTSIDE the Oakford corporate network. Treat
hyperlinks and attachments in this email with caution. **
Full disclosure - I used 4.11.1 but I uploaded a 'volume' from centos without a
problem.
Could you test the same link?
https://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2
Kind regards,
Paul Angus
paul.an...@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
-Original Message-
From: Adam Witwicki
Sent: 16 July 2018 08:02
To: users@cloudstack.apache.org
Subject: RE: Unable to upload volumes 4.11.0
Hi Paul,
The SSVM can curl the file, and the template import (add) works without issue,
it’s the volume import (add) that fails
Thanks
Adam
-Original Message-
From: Paul Angus
Sent: 14 July 2018 07:36
To: users@cloudstack.apache.org
Subject: RE: Unable to upload volumes 4.11.0
** This mail originated from OUTSIDE the Oakford corporate network. Treat
hyperlinks and attachments in this email with caution. **
Hi Adam,
That error is coming from:
if (httpClient.executeMethod(httphead) != HttpStatus.SC_OK) {
throw new IllegalArgumentException("Invalid URL: " + url);
have you tried checking that you can reach the download from the management
server and the SSVM?
Also does the hostname resolve to an IP which is within the cloudstack
management networks? If so you need to add the IP(s) to
secstorage.allowed.internal.sites
paul.an...@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
-Original Message-
From: Adam Witwicki
Sent: 13 July 2018 09:21
To: users@cloudstack.apache.org
Subject: Unable to upload volumes 4.11.0
Hello
I cant seem to upload (add) a qcow2 volume via a URL, any ideas or other
methods? we really need to import other systems disks.
I get this in the logs
2018-07-13 09:08:18,435 DEBUG [c.c.s.VolumeApiServiceImpl]
(API-Job-Executor-42:ctx-a1afd9f2 job-6668 ctx-7da8ec40) (logid:d97e88ec)
Checking url:
http://ingestion.xxx.com/Flowmon/Flowmon_Collector_Virtual_All_Plugins-disk-1.qcow2
2018-07-13 09:08:18,509 ERROR [c.c.a.ApiAsyncJobDispatcher]
(API-Job-Executor-42:ctx-a1afd9f2 job-6668) (logid:d97e88ec) Unexpected
exception while executing
org.apache.cloudstack.api.command.user.volume.UploadVolumeCmd
java.lang.IllegalArgumentException: Invalid URL:
http://ingestion.xx.com/Flowmon/Flowmon_Collector_Virtual_All_Plugins-disk-1.qcow2
at com.cloud.utils.UriUtils.checkUrlExistence(UriUtils.java:395)
at
com.cloud.storage.VolumeApiServiceImpl.validateVolume(VolumeApiServiceImpl.java:415)
at
com.cloud.storage.VolumeApiServiceImpl.uploadVolume(VolumeApiServiceImpl.java:296)
at
com.cloud.storage.VolumeApiServiceImpl.uploadVolume(VolumeApiServiceImpl.java:179)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:338)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:197)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at
org.apache.cloudstack.network.contrail.management.EventUtils$EventInterceptor.invoke(EventUtils.java:107)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:174)
at
com.cloud.event.ActionEventInterceptor.invoke(ActionEventInterceptor.java:51)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:174)
at
org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)
at
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)
at com.sun.proxy.$Proxy201.uploadVolume(Unknown Source)
at
Re: Advanced Zone with Security Groups
Thanks for your answer, Paul! VPC would be nice, but it's not working together with security groups, correct me if I'm wrong... Regards, Adrian On Fri, Jul 13, 2018 at 9:21 PM Paul Angus wrote: > Hi Adrian, > > An advanced zone with security groups is similar to a basic network in > that it doesn’t really have the concept of multiple networks for any given > VM. The security groups themselves create pseudo networks. > > You can create either a shared network on the vlan that you want to access > - where CloudStack allocates IPs and sets the gateway or an L2 network with > a 3rd party DHCP in place. > > There is also the option of using the private gateway feature of VPCs. > > paul.an...@shapeblue.com > www.shapeblue.com > 53 Chandos Place, Covent Garden, London WC2N 4HSUK > @shapeblue > > > > > -Original Message- > From: S. Reddit > Sent: 11 July 2018 08:37 > To: users@cloudstack.apache.org > Subject: Advanced Zone with Security Groups > > Hi Group > > I am testing with an advanced zone and security group enabled networks > (KVM based). So far it works fine, but for the following features: > > - attach 2nd network to instance: > => security group(s) do not get programmed on secondary vnetXY interfaces, > hence no communication over additional network is possible > > As the zone prevents me from adding a network without security group > feature, it seems such a setup is not supported, correct? Does anyone see a > way to give instances access to a private network? Could L2-network from > 4.11 be a solution? I am still running 4.9... > > Cheers, > Adrian >
RE: Unable to upload volumes 4.11.0
Full disclosure - I used 4.11.1 but I uploaded a 'volume' from centos without a
problem.
Could you test the same link?
https://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2
Kind regards,
Paul Angus
paul.an...@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
-Original Message-
From: Adam Witwicki
Sent: 16 July 2018 08:02
To: users@cloudstack.apache.org
Subject: RE: Unable to upload volumes 4.11.0
Hi Paul,
The SSVM can curl the file, and the template import (add) works without issue,
it’s the volume import (add) that fails
Thanks
Adam
-Original Message-
From: Paul Angus
Sent: 14 July 2018 07:36
To: users@cloudstack.apache.org
Subject: RE: Unable to upload volumes 4.11.0
** This mail originated from OUTSIDE the Oakford corporate network. Treat
hyperlinks and attachments in this email with caution. **
Hi Adam,
That error is coming from:
if (httpClient.executeMethod(httphead) != HttpStatus.SC_OK) {
throw new IllegalArgumentException("Invalid URL: " + url);
have you tried checking that you can reach the download from the management
server and the SSVM?
Also does the hostname resolve to an IP which is within the cloudstack
management networks? If so you need to add the IP(s) to
secstorage.allowed.internal.sites
paul.an...@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
-Original Message-
From: Adam Witwicki
Sent: 13 July 2018 09:21
To: users@cloudstack.apache.org
Subject: Unable to upload volumes 4.11.0
Hello
I cant seem to upload (add) a qcow2 volume via a URL, any ideas or other
methods? we really need to import other systems disks.
I get this in the logs
2018-07-13 09:08:18,435 DEBUG [c.c.s.VolumeApiServiceImpl]
(API-Job-Executor-42:ctx-a1afd9f2 job-6668 ctx-7da8ec40) (logid:d97e88ec)
Checking url:
http://ingestion.xxx.com/Flowmon/Flowmon_Collector_Virtual_All_Plugins-disk-1.qcow2
2018-07-13 09:08:18,509 ERROR [c.c.a.ApiAsyncJobDispatcher]
(API-Job-Executor-42:ctx-a1afd9f2 job-6668) (logid:d97e88ec) Unexpected
exception while executing
org.apache.cloudstack.api.command.user.volume.UploadVolumeCmd
java.lang.IllegalArgumentException: Invalid URL:
http://ingestion.xx.com/Flowmon/Flowmon_Collector_Virtual_All_Plugins-disk-1.qcow2
at com.cloud.utils.UriUtils.checkUrlExistence(UriUtils.java:395)
at
com.cloud.storage.VolumeApiServiceImpl.validateVolume(VolumeApiServiceImpl.java:415)
at
com.cloud.storage.VolumeApiServiceImpl.uploadVolume(VolumeApiServiceImpl.java:296)
at
com.cloud.storage.VolumeApiServiceImpl.uploadVolume(VolumeApiServiceImpl.java:179)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:338)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:197)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at
org.apache.cloudstack.network.contrail.management.EventUtils$EventInterceptor.invoke(EventUtils.java:107)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:174)
at
com.cloud.event.ActionEventInterceptor.invoke(ActionEventInterceptor.java:51)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:174)
at
org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)
at
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)
at com.sun.proxy.$Proxy201.uploadVolume(Unknown Source)
at
org.apache.cloudstack.api.command.user.volume.UploadVolumeCmd.execute(UploadVolumeCmd.java:145)
at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:150)
at
com.cloud.api.ApiAsyncJobDispatcher.runJob(ApiAsyncJobDispatcher.java:108)
at
org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.runInContext(AsyncJobManagerImpl.java:581)
at
org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:49)
at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:56)
at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:103)
RE: Unable to upload volumes 4.11.0
Hi Paul,
The SSVM can curl the file, and the template import (add) works without issue,
it’s the volume import (add) that fails
Thanks
Adam
-Original Message-
From: Paul Angus
Sent: 14 July 2018 07:36
To: users@cloudstack.apache.org
Subject: RE: Unable to upload volumes 4.11.0
** This mail originated from OUTSIDE the Oakford corporate network. Treat
hyperlinks and attachments in this email with caution. **
Hi Adam,
That error is coming from:
if (httpClient.executeMethod(httphead) != HttpStatus.SC_OK) {
throw new IllegalArgumentException("Invalid URL: " + url);
have you tried checking that you can reach the download from the management
server and the SSVM?
Also does the hostname resolve to an IP which is within the cloudstack
management networks? If so you need to add the IP(s) to
secstorage.allowed.internal.sites
paul.an...@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
-Original Message-
From: Adam Witwicki
Sent: 13 July 2018 09:21
To: users@cloudstack.apache.org
Subject: Unable to upload volumes 4.11.0
Hello
I cant seem to upload (add) a qcow2 volume via a URL, any ideas or other
methods? we really need to import other systems disks.
I get this in the logs
2018-07-13 09:08:18,435 DEBUG [c.c.s.VolumeApiServiceImpl]
(API-Job-Executor-42:ctx-a1afd9f2 job-6668 ctx-7da8ec40) (logid:d97e88ec)
Checking url:
http://ingestion.xxx.com/Flowmon/Flowmon_Collector_Virtual_All_Plugins-disk-1.qcow2
2018-07-13 09:08:18,509 ERROR [c.c.a.ApiAsyncJobDispatcher]
(API-Job-Executor-42:ctx-a1afd9f2 job-6668) (logid:d97e88ec) Unexpected
exception while executing
org.apache.cloudstack.api.command.user.volume.UploadVolumeCmd
java.lang.IllegalArgumentException: Invalid URL:
http://ingestion.xx.com/Flowmon/Flowmon_Collector_Virtual_All_Plugins-disk-1.qcow2
at com.cloud.utils.UriUtils.checkUrlExistence(UriUtils.java:395)
at
com.cloud.storage.VolumeApiServiceImpl.validateVolume(VolumeApiServiceImpl.java:415)
at
com.cloud.storage.VolumeApiServiceImpl.uploadVolume(VolumeApiServiceImpl.java:296)
at
com.cloud.storage.VolumeApiServiceImpl.uploadVolume(VolumeApiServiceImpl.java:179)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:338)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:197)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at
org.apache.cloudstack.network.contrail.management.EventUtils$EventInterceptor.invoke(EventUtils.java:107)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:174)
at
com.cloud.event.ActionEventInterceptor.invoke(ActionEventInterceptor.java:51)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:174)
at
org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)
at
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)
at com.sun.proxy.$Proxy201.uploadVolume(Unknown Source)
at
org.apache.cloudstack.api.command.user.volume.UploadVolumeCmd.execute(UploadVolumeCmd.java:145)
at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:150)
at
com.cloud.api.ApiAsyncJobDispatcher.runJob(ApiAsyncJobDispatcher.java:108)
at
org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.runInContext(AsyncJobManagerImpl.java:581)
at
org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:49)
at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:56)
at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:103)
at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:53)
at
org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:46)
at
org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.run(AsyncJobManagerImpl.java:529)
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
