Re: VPC virtual router will not start on reboot

2018-07-23 Thread Jon Marshall 
Hi Dag


Sorry I am running 4.11.1 already.


I just created an isolated network with a VM on the same host (ID = 1) and it 
works fine so i'm not sure it's a host specific issue.


It seems to only come up with VRs for VPCs.


I'll keep digging :)



From: Dag Sonstebo 
Sent: 23 July 2018 09:19
To: users@cloudstack.apache.org
Subject: Re: VPC virtual router will not start on reboot

Hi Jon,

First of all I would advise you to upgrade to 4.11.1, it comes with a number of 
bug fixes.

Wrt the errors you are seeing they tend to be fairly clear – the KVM host with 
ID=1 in your DB is not checking in, or taking time checking in, and the 
management server can therefore not communicate with it. Check the startup of 
the agent works as expected, and also check the agent logs.

Regards,
Dag Sonstebo
Cloud Architect
ShapeBlue

On 23/07/2018, 09:11, "Jon Marshall"  wrote:

Cloudstack 4.11.0 - KVM


Created on VPC with 1 isolated network as test with 2 instances and it 
works as expected.  When doing a reboot of all nodes (compute and management) 
when it comes back up the virtual router will not start. This happens each time 
I reboot.


I have gone through management server logs and it is not a resource issue 
as it reports CPU, memory etc. as okay.  It does report this -


2018-07-23 08:37:09,931 ERROR [c.c.v.VmWorkJobHandlerProxy] 
(Work-Job-Executor-21:ctx-1c696ea5 job-821/job-822 ctx-bef3996c) 
(logid:a19d2179) Invocation exception, caused by: 
com.cloud.exception.AgentUnavailableException: Resource [Host:1] is 
unreachable: Host 1: Unable to start instance due to Unable to start  
VM:390a0aad-9c13-4578-bbbf-4de1323b142e due to error in finalizeStart, not 
retrying

checking the host table in the database that same host is running the 2 
system VMs so not sure how it is unreachable ?


Could someone offer any tips/pointers on how to troubleshoot this ?


Jon



dag.sonst...@shapeblue.com
www.shapeblue.com
Shapeblue - The CloudStack Company
www.shapeblue.com
ShapeBlue are the largest independent integrator of CloudStack technologies 
globally and are specialists in the design and implementation of IaaS cloud 
infrastructures for both private and public cloud implementations.



53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue

Re: add new ip range to zone

2018-07-23 Thread Andrija Panic 
 Hi Swen,

no issues, since external Juniper router is doing the routing between
multiple public IP ranges - here is my setup inside ACS, check it:
https://snag.gy/kp67WA.jpg (ACS multiple ranges)

each of this "gateway" address is an interface on Juniper (btw, I don't
manage it, my colleague does) and rest of the range is given to ACS for use.

So if 2 VRs are in different IP ranges, traffic between them will flow
VR1--> JUNIPER --> VR2

Hope that helps

Andrija


On Mon, 23 Jul 2018 at 14:15, Swen - swen.io  wrote:

> Hi Andrija,
>
> did you have routing problems when a VR is using IPs out of more than one
> ip range?
>
> Best regards,
> Swen
>
> -Ursprüngliche Nachricht-
> Von: Andrija Panic [mailto:andrija.pa...@gmail.com]
> Gesendet: Mittwoch, 18. Juli 2018 16:49
> An: users 
> Betreff: Re: add new ip range to zone
>
> Bunch of Public IP ranges, again in same VLAN... (gateway is just an
> virtual inteface on physical router...all virtual interfaces in same vlan)
>
> On Wed, 18 Jul 2018 at 14:28, Nicolas Bouige  wrote:
>
> > Hi Rafael,
> >
> > yes, we had the situation but both ranges of public IPs was already in
> > the same VLAN.
> >
> > Nicolas Bouige
> > DIMSI
> > cloud.dimsi.fr
> > 4, avenue Laurent Cely
> > Tour d’Asnière – 92600 Asnière sur Seine T/ +33 (0)6 28 98 53 40
> >
> >
> > 
> > De : Rafael Weingärtner 
> > Envoyé : mercredi 18 juillet 2018 13:02:41
> > À : users
> > Objet : Re: add new ip range to zone
> >
> > Nicolas, have you had the situation where 2 public IPs from different
> > ranges were assigned to the same VPC(VR)?
> > Here we had this situation, and it was not playing well in our network
> > setup. We had to move everything to the same VLAN.
> >
> > On Wed, Jul 18, 2018 at 7:25 AM, Nicolas Bouige 
> wrote:
> >
> > > Hello Swen,
> > >
> > > In our deployment, we are using two different network for public ip in
> > the
> > > same vlan without any problem.
> > >
> > > Best regards,
> > > N.B
> > >
> > > -Message d'origine-
> > > De : Swen - swen.io [mailto:m...@swen.io]
> > > Envoyé : mercredi 18 juillet 2018 11:26
> > > À : users@cloudstack.apache.org
> > > Objet : add new ip range to zone
> > >
> > > Hello all,
> > >
> > > We are using advanced networking in our installation and we need to add
> > > new public ips.
> > > Should we configure the new /24 network in the same vlan as the other
> one
> > > or should we use a vlan-id for each /24 network? What do you recommend?
> > >
> > > I am concerned what is happening if a VR gets public ips from different
> > > /24 networks within the same or in different vlans? Is there a chance
> > that
> > > a routing problem of any kind will accrue?
> > >
> > > Thank you for your 2 cents (or more) on this!
> > >
> > > Best regards,
> > > Swen
> > >
> > >
> > >
> > >
> >
> >
> > --
> > Rafael Weingärtner
> >
>
>
> --
>
> Andrija Panić
>
>
>

-- 

Andrija Panić

AW: add new ip range to zone

2018-07-23 Thread Swen - swen.io 
Hi Andrija,

did you have routing problems when a VR is using IPs out of more than one ip 
range?

Best regards,
Swen

-Ursprüngliche Nachricht-
Von: Andrija Panic [mailto:andrija.pa...@gmail.com] 
Gesendet: Mittwoch, 18. Juli 2018 16:49
An: users 
Betreff: Re: add new ip range to zone

Bunch of Public IP ranges, again in same VLAN... (gateway is just an virtual 
inteface on physical router...all virtual interfaces in same vlan)

On Wed, 18 Jul 2018 at 14:28, Nicolas Bouige  wrote:

> Hi Rafael,
>
> yes, we had the situation but both ranges of public IPs was already in 
> the same VLAN.
>
> Nicolas Bouige
> DIMSI
> cloud.dimsi.fr
> 4, avenue Laurent Cely
> Tour d’Asnière – 92600 Asnière sur Seine T/ +33 (0)6 28 98 53 40
>
>
> 
> De : Rafael Weingärtner 
> Envoyé : mercredi 18 juillet 2018 13:02:41
> À : users
> Objet : Re: add new ip range to zone
>
> Nicolas, have you had the situation where 2 public IPs from different
> ranges were assigned to the same VPC(VR)?
> Here we had this situation, and it was not playing well in our network
> setup. We had to move everything to the same VLAN.
>
> On Wed, Jul 18, 2018 at 7:25 AM, Nicolas Bouige  wrote:
>
> > Hello Swen,
> >
> > In our deployment, we are using two different network for public ip in
> the
> > same vlan without any problem.
> >
> > Best regards,
> > N.B
> >
> > -Message d'origine-
> > De : Swen - swen.io [mailto:m...@swen.io]
> > Envoyé : mercredi 18 juillet 2018 11:26
> > À : users@cloudstack.apache.org
> > Objet : add new ip range to zone
> >
> > Hello all,
> >
> > We are using advanced networking in our installation and we need to add
> > new public ips.
> > Should we configure the new /24 network in the same vlan as the other one
> > or should we use a vlan-id for each /24 network? What do you recommend?
> >
> > I am concerned what is happening if a VR gets public ips from different
> > /24 networks within the same or in different vlans? Is there a chance
> that
> > a routing problem of any kind will accrue?
> >
> > Thank you for your 2 cents (or more) on this!
> >
> > Best regards,
> > Swen
> >
> >
> >
> >
>
>
> --
> Rafael Weingärtner
>


-- 

Andrija Panić

Re: VPC virtual router will not start on reboot

2018-07-23 Thread Dag Sonstebo 
Hi Jon,

First of all I would advise you to upgrade to 4.11.1, it comes with a number of 
bug fixes.

Wrt the errors you are seeing they tend to be fairly clear – the KVM host with 
ID=1 in your DB is not checking in, or taking time checking in, and the 
management server can therefore not communicate with it. Check the startup of 
the agent works as expected, and also check the agent logs.

Regards,
Dag Sonstebo
Cloud Architect
ShapeBlue

On 23/07/2018, 09:11, "Jon Marshall"  wrote:

Cloudstack 4.11.0 - KVM


Created on VPC with 1 isolated network as test with 2 instances and it 
works as expected.  When doing a reboot of all nodes (compute and management) 
when it comes back up the virtual router will not start. This happens each time 
I reboot.


I have gone through management server logs and it is not a resource issue 
as it reports CPU, memory etc. as okay.  It does report this -


2018-07-23 08:37:09,931 ERROR [c.c.v.VmWorkJobHandlerProxy] 
(Work-Job-Executor-21:ctx-1c696ea5 job-821/job-822 ctx-bef3996c) 
(logid:a19d2179) Invocation exception, caused by: 
com.cloud.exception.AgentUnavailableException: Resource [Host:1] is 
unreachable: Host 1: Unable to start instance due to Unable to start  
VM:390a0aad-9c13-4578-bbbf-4de1323b142e due to error in finalizeStart, not 
retrying

checking the host table in the database that same host is running the 2 
system VMs so not sure how it is unreachable ?


Could someone offer any tips/pointers on how to troubleshoot this ?


Jon



dag.sonst...@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue

VPC virtual router will not start on reboot

2018-07-23 Thread Jon Marshall 
Cloudstack 4.11.0 - KVM


Created on VPC with 1 isolated network as test with 2 instances and it works as 
expected.  When doing a reboot of all nodes (compute and management) when it 
comes back up the virtual router will not start. This happens each time I 
reboot.


I have gone through management server logs and it is not a resource issue as it 
reports CPU, memory etc. as okay.  It does report this -


2018-07-23 08:37:09,931 ERROR [c.c.v.VmWorkJobHandlerProxy] 
(Work-Job-Executor-21:ctx-1c696ea5 job-821/job-822 ctx-bef3996c) 
(logid:a19d2179) Invocation exception, caused by: 
com.cloud.exception.AgentUnavailableException: Resource [Host:1] is 
unreachable: Host 1: Unable to start instance due to Unable to start  
VM:390a0aad-9c13-4578-bbbf-4de1323b142e due to error in finalizeStart, not 
retrying

checking the host table in the database that same host is running the 2 system 
VMs so not sure how it is unreachable ?


Could someone offer any tips/pointers on how to troubleshoot this ?


Jon

Re: Github Issues

2018-07-23 Thread Rohit Yadav 
Using Github issues is already a standard now, for reference this was the 
voting thread:

https://markmail.org/message/y5zgkssmwp4sh43t


I agree that Github milestone tagging on a pull request is limited to one per 
PR which I don't like as well. However, there is a workaround that may be used. 
A PR can be part of multiple projects that can have lists of 'todo', 'in 
progress', 'done' etc. I had experimented with them here: 
https://github.com/apache/cloudstack/projects


We can experiment if milestone can be used to map a PR towards a release 
(useful for RM-ing) and use Github projects towards tagging/mapping a PR 
towards multiple releases? The other way in-addition we can explore could be to 
use Github labels?


- Rohit






From: Paul Angus 
Sent: Tuesday, July 17, 2018 2:23:10 PM
To: d...@cloudstack.apache.org
Cc: users@cloudstack.apache.org
Subject: Github Issues

Hi All,

We have been trialling replacing Jira with Github Issues.   I think that we 
should have a conversation about it before it become the new standard by 
default.

From my perspective, I don't like it.  Searching has become far more difficult, 
categorising has also. When there is a bug fix it can only be targeted for a 
single version, which makes them easy to lose track of, and when looking at 
milestones issues and PRs get jumbled up and people are commenting on issues 
when it should by the PR and vice-versa (yes I've done it too).
In summary, from an administrative point of view it causes a lot more problems 
than it solves.

I yield the floor to hear other people's opinions...


Kind regards,

Paul Angus


paul.an...@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue




rohit.ya...@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue

Re: Secure Live KVM VM Migration with CloudStack 4.11.1

2018-07-23 Thread Rohit Yadav 
Hi Piotr,


In the current implementation, the plugin cannot be used to act as a 
sub-ordinate or intermediate CA out of the box. One can write a new CA plugin. 
However, for the default root-ca plugin you can set your own CA keypair and 
certificate in cloud.configuration table (this will require encrypting the 
value/string and updating in the table/db), the only requirement is that the CA 
certificate should have the same attributes/fields as generated by CloudStack 
for example the certificate can be used for signing other certificates (act as 
a CA) etc.


- Rohit






From: Piotr Pisz 
Sent: Tuesday, July 17, 2018 4:11:48 PM
To: users@cloudstack.apache.org
Subject: RE: Secure Live KVM VM Migration with CloudStack 4.11.1

Hi Steve,

Is there any chance that the inbuilt certicate authority would act as a 
subordinate ca (not root ca)?

Regards,
Piotr



rohit.ya...@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue
  
 


-Original Message-
From: Steve Roles 
Sent: Monday, July 16, 2018 4:38 PM
To: 'dev' ; users@cloudstack.apache.org
Subject: Secure Live KVM VM Migration with CloudStack 4.11.1

Hi all - if you're interested in the topic, Rohit has written a blog about it 
here: 
https://www.shapeblue.com/secure-live-kvm-vm-migration-with-cloudstack-4-11-1/

Best regards,


steve.ro...@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK @shapeblue