System VM version - CS 4.11.1

2018-10-12 Thread Grégoire Lamodière 
Hi All,

I have a strange behavior on a CS 4.11.1 deployment (upgraded from 4.11.0)

This deployment has a mixed cluster (KVM / CXP-NG 7.4).
Both systemvm templates (KVM / XEN) have been deployed with proper URL

When systemvm are on one KVM host, they report proper version.
On XCP, they report 4.11.0

I check on a virtual router (/etc/cloudstack-release) and it reports 4.11.0.
On the vr start, it shows 4.11.1

And if I try the « upgrade router » from UI, it breaks the vr.

I will check the source to understand the init process and try to understand 
what is happening.

Anyone already got this issue ?

Cheers

Grégoire

RE: System VM version - CS 4.11.1

2018-10-12 Thread Grégoire Lamodière 
Ok, I reply to myself.
I think there is something to check about this on the way CS handle template 
choice on systemvm templates creation.

Both 4.11.1 KVM and Xen templates have been registered with UI.
The KVM one is typed "SYSTEM", and the XEN "USER".

So when systemvm were created, they were using old template on Xen.

This points me to the following questions :

1/ Is it a systemvm issue (should not check the type when selecting the 
template ?)
2/ Or is it a template registration issue - only set SYSTEM to the first one, 
or KVM one, and not the second / Xen

I think someone else already wrote the same workarround on this list (UPDATE DB 
SET type='SYSTEM')

Cheers.

Grégoire

-Message d'origine-
De : Grégoire Lamodière [mailto:g.lamodi...@dimsi.fr] 
Envoyé : vendredi 12 octobre 2018 18:31
À : users@cloudstack.apache.org
Objet : System VM version - CS 4.11.1

Hi All,

I have a strange behavior on a CS 4.11.1 deployment (upgraded from 4.11.0)

This deployment has a mixed cluster (KVM / CXP-NG 7.4).
Both systemvm templates (KVM / XEN) have been deployed with proper URL

When systemvm are on one KVM host, they report proper version.
On XCP, they report 4.11.0

I check on a virtual router (/etc/cloudstack-release) and it reports 4.11.0.
On the vr start, it shows 4.11.1

And if I try the « upgrade router » from UI, it breaks the vr.

I will check the source to understand the init process and try to understand 
what is happening.

Anyone already got this issue ?

Cheers

Grégoire

Re: System VM version - CS 4.11.1

2018-10-12 Thread Andrija Panic 
Hi,

check the global variables router.template.kvm and
router.template.xenserver they should have the value of the exact name
of the new systemVM templates as you registered them...

Let us know if this fixes the issue.
MGMT server will need to be restarted...

Cheers
Andrija

On Fri, 12 Oct 2018 at 19:32, Grégoire Lamodière 
wrote:

> Ok, I reply to myself.
> I think there is something to check about this on the way CS handle
> template choice on systemvm templates creation.
>
> Both 4.11.1 KVM and Xen templates have been registered with UI.
> The KVM one is typed "SYSTEM", and the XEN "USER".
>
> So when systemvm were created, they were using old template on Xen.
>
> This points me to the following questions :
>
> 1/ Is it a systemvm issue (should not check the type when selecting the
> template ?)
> 2/ Or is it a template registration issue - only set SYSTEM to the first
> one, or KVM one, and not the second / Xen
>
> I think someone else already wrote the same workarround on this list
> (UPDATE DB SET type='SYSTEM')
>
> Cheers.
>
> Grégoire
>
> -Message d'origine-
> De : Grégoire Lamodière [mailto:g.lamodi...@dimsi.fr]
> Envoyé : vendredi 12 octobre 2018 18:31
> À : users@cloudstack.apache.org
> Objet : System VM version - CS 4.11.1
>
> Hi All,
>
> I have a strange behavior on a CS 4.11.1 deployment (upgraded from 4.11.0)
>
> This deployment has a mixed cluster (KVM / CXP-NG 7.4).
> Both systemvm templates (KVM / XEN) have been deployed with proper URL
>
> When systemvm are on one KVM host, they report proper version.
> On XCP, they report 4.11.0
>
> I check on a virtual router (/etc/cloudstack-release) and it reports
> 4.11.0.
> On the vr start, it shows 4.11.1
>
> And if I try the « upgrade router » from UI, it breaks the vr.
>
> I will check the source to understand the init process and try to
> understand what is happening.
>
> Anyone already got this issue ?
>
> Cheers
>
> Grégoire
>


-- 

Andrija Panić

Re: TAP/SPAN...

2018-10-12 Thread David Merrill 
I'd hoped I could simply "mirror the VLAN" to a specific interface on the 
switch, but Dell Support says I cannot pull this off with the switches we have 
in place.

So, I'm back to considering mucking with the client's virtual router.

What this site suggests:

 *   https://networkhop.wordpress.com/2016/04/27/port-mirroring-with-iptables/

seems reasonable (in principle):

 iptables -t mangle -I PREROUTING -j TEE –gateway a.b.c.d
 iptables -t mangle -I POSTROUTING -j TEE –gateway a.b.c.d

and easy enough to undo (in principle).

Downsides include:

 1. Overhead associated with duplicating packets
 2. Redoing it should the router need to be recreated (presuming that any edits 
wouldn't stick).

Surely I can't be the only one to have considered doing something like this, 
maybe folks run some a 3rd-party virtual appliance to get this kind of thing 
done?

David Merrill
Senior Systems Engineer,
Managed and Private/Hybrid Cloud Services
OTELCO
92 Oak Street, Portland ME 04101
office 207.772.5678 
www.otelco.com /business/managed-services

On 9/28/18, 3:09 PM, "Simon Weller"  wrote:

David,

So I assume the customer is in an isolated network between the VR and their 
VMs?

If so, just SPAN that vlan to another port on your switch and tap it there.

From: David Merrill 
Sent: Friday, September 28, 2018 2:01 PM
To: users@cloudstack.apache.org
Subject: Re: TAP/SPAN...

XenServer 6.5

Thanks,
David

David Merrill
Senior Systems Engineer,
Managed and Private/Hybrid Cloud Services
OTELCO
92 Oak Street, Portland ME 04101
office 207.772.5678 
www.otelco.com 
/business/managed-services



Confidentiality Message
The information contained in this e-mail transmission may be confidential 
and legally privileged. If you are not the intended recipient, you are notified 
that any dissemination, distribution, copying or other use of this information, 
including attachments, is prohibited. If you received this message in error, 
please call me at 207.772.5678  so this error can be 
corrected.


On 9/28/18, 2:54 PM, "Simon Weller"  wrote:

What hypervisor are you using?


If you're using KVM, you could add a vlan VIF into the bridge in 
question and then dump that traffic somewhere via a replicated span on your 
switch.


-  Si



From: David Merrill 
Sent: Friday, September 28, 2018 1:47 PM
To: users@cloudstack.apache.org
Subject: TAP/SPAN...

We’ve got a client who would like to ship a copy of all packets that 
pass through their virtual router to an appliance (that we’d place on their 
VLAN).

I’ve searched a bit (I’d hoped to see some mention of it in the users 
list) and haven’t found specific references to TAP/SPAN related to CloudStack, 
is there a convention for such things? I’m a (tiny) little out of my depth, is 
this the kind of thing that I might find (if it existed) here:

  *   
http://docs.cloudstack.apache.org/en/4.11.1.0/adminguide/networking.html?highlight=network%20service%20providers

At the very least is something like this (a kind of roll-your-own SPAN) 
possible on the virtual router?

  *   
https://networkhop.wordpress.com/2016/04/27/port-mirroring-with-iptables/

I wish this had come up at the collab  in Montreal (having JUST been 
there earlier this week), but so it goes.

Thanks for any consideration/feedback,
David

David Merrill
Senior Systems Engineer,
Managed and Private/Hybrid Cloud Services
OTELCO
92 Oak Street, Portland ME 04101
office 207.772.5678
www.otelco.com/business/managed-services

RE: System VM version - CS 4.11.1

2018-10-12 Thread Grégoire Lamodière 
Hi Andrija, 

Yes, they both have the proper name (systemvm-kvm-4.11.1 and 
systemvm-xenserver-4.11.1).
The only thing that made it working was to change the type of Xen Template.

Cheers
Grégoire

-Message d'origine-
De : Andrija Panic [mailto:andrija.pa...@gmail.com] 
Envoyé : vendredi 12 octobre 2018 20:48
À : users 
Objet : Re: System VM version - CS 4.11.1

Hi,

check the global variables router.template.kvm and 
router.template.xenserver they should have the value of the exact name of 
the new systemVM templates as you registered them...

Let us know if this fixes the issue.
MGMT server will need to be restarted...

Cheers
Andrija

On Fri, 12 Oct 2018 at 19:32, Grégoire Lamodière 
wrote:

> Ok, I reply to myself.
> I think there is something to check about this on the way CS handle 
> template choice on systemvm templates creation.
>
> Both 4.11.1 KVM and Xen templates have been registered with UI.
> The KVM one is typed "SYSTEM", and the XEN "USER".
>
> So when systemvm were created, they were using old template on Xen.
>
> This points me to the following questions :
>
> 1/ Is it a systemvm issue (should not check the type when selecting 
> the template ?) 2/ Or is it a template registration issue - only set 
> SYSTEM to the first one, or KVM one, and not the second / Xen
>
> I think someone else already wrote the same workarround on this list 
> (UPDATE DB SET type='SYSTEM')
>
> Cheers.
>
> Grégoire
>
> -Message d'origine-
> De : Grégoire Lamodière [mailto:g.lamodi...@dimsi.fr] Envoyé : 
> vendredi 12 octobre 2018 18:31 À : users@cloudstack.apache.org Objet : 
> System VM version - CS 4.11.1
>
> Hi All,
>
> I have a strange behavior on a CS 4.11.1 deployment (upgraded from 
> 4.11.0)
>
> This deployment has a mixed cluster (KVM / CXP-NG 7.4).
> Both systemvm templates (KVM / XEN) have been deployed with proper URL
>
> When systemvm are on one KVM host, they report proper version.
> On XCP, they report 4.11.0
>
> I check on a virtual router (/etc/cloudstack-release) and it reports 
> 4.11.0.
> On the vr start, it shows 4.11.1
>
> And if I try the « upgrade router » from UI, it breaks the vr.
>
> I will check the source to understand the init process and try to 
> understand what is happening.
>
> Anyone already got this issue ?
>
> Cheers
>
> Grégoire
>


-- 

Andrija Panić