Services of management server listening on IPv6 Ports

[vas...@gmx.de]

Hi everyone,

I was setting up an test-environment with an IPv4 network beneath.
OS of the server is Ubuntu 20.04.02-live-server.

After performing the installation like descriped in the installation
guide, the server seems fine.
One thing i noticed is, that the sockets for the services of
cloudstack / listening ports are all IPv6 based:

root@management:~# lsof -i -P -n | grep cloud | grep LISTEN
java  1184   cloud   12u  IPv6  48210  0t0  TCP *:35947 (LISTEN)
java  1184   cloud   21u  IPv6  50162  0t0  TCP *:9090 (LISTEN)
java  1184   cloud   22u  IPv6  48825  0t0  TCP *:35627 (LISTEN)
java  1184   cloud   26u  IPv6  51204  0t0  TCP *:8250 (LISTEN)
java  1184   cloud   30u  IPv6  52307  0t0  TCP *:8080 (LISTEN)

Shouldn't these services also listening on IPv4 addresses of the
management interface?

Thanks in advance!
Chris

RE: RE: RE: Virutal Router MTU

[Alex Mattioli]

Hi Rafael,

I've had very similar issues in the past, with SSL and TLS so playing well with 
fragmentation.
It is the same use case indeed, in that case I needed jumbo frames for a 
certain network.

I believe this should be implemented per-network, as a setting applied when the 
network is created (but editable and applied when the network is restarted with 
clean-up).

I'll consult with my colleagues what's the best way forward and get back to you.

Cheers,
Alex

From: Rafael del Valle 
Sent: 25 March 2021 09:06
To: Alex Mattioli 
Cc: d...@cloudstack.apache.org
Subject: Re: RE: RE: Virutal Router MTU

Hi Alex,

I have now found all the detail of the 1400 MTU past incident that lead us to 
patch OpenNuebula VRs.

The problem was detected because startTLS sessions failed in our email, 
persistently and to peers such as hotmail:


2019-01-26 14:58:06 + 02 9a1d30b6d6d1 SMTP-OUT:0001: SSL error remote 
104.47.13.33:25, SSL_connect:failed in SSLv2/v3 read server hello A


We investigated the issue together with the email platform vendor, and the 
problem persisted until we patched the MTU1400 issue.

So this is a must implement for us. A workaround exists: patch VRs and use 
cloud-init to customize NICs in VMs.

I am very happy to accept your collaboration offer :)

Where should this patch implemented?

It is actually a requirement of this VLAN (vlanIpRange) and propagates to 
Virtual Routers and NICs of the involved VMs.

Is it the same in your use-case of Jumbo frames for storage oriented networks?

Perhaps we should treat this setting just like a netmask or gateway setting.

Shall we open an issue?

Rafael




alex.matti...@shapeblue.com 
www.shapeblue.com
3 London Bridge Street,  3rd floor, News Building, London  SE1 9SGUK
@shapeblue
  
 

On Wed, 2021-03-24 11:08 AM, Alex Mattioli 
mailto:alex.matti...@shapeblue.com>> wrote:
Hi Raf,

Can you share with us which SDWAN vendor it is? I've tried 4 different ones 
with ACS and they all worked fine, in all cases what I did was to set the MTU 
in the SDWAN appliance to be a bit lower than 1500 (in between 1422 and 1460, 
depending on SDWAN solution). In most network you'll end up with most of your 
traffic with an MTU of around 500-600 anyway, so larger MTU doesn't help that 
much, I'd highly recommend you run some traffic analysis to try to figure out 
what's the MTU distribution for your network traffic.

With that said, I also had to change the MTU in VRs for a proof of concept on 
iSCSI between datacenters, in that situation I just wrote a script that would 
login to each VR and change the MTU of the public and private interfaces, it 
worked OK. I would strongly advise you not to change the MTU of the management 
interface, when I did (by mistake) the VRs lost communication with the 
management server.

If you want to contribute by expanding cloudstack code to add a setting for VR 
MTU I'd be more than happy to collaborate with you on that.

Hope this helps.

Cheers,
Alex


alex.matti...@shapeblue.com
http://www.shapeblue.com
3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK
@shapeblue




-Original Message-
From: Rafael del Valle 

Sent: 24 March 2021 10:33
To: users@cloudstack.apache.org
Cc: users@cloudstack.apache.org; 
d...@cloudstack.apache.org
Subject: Re: RE: Virutal Router MTU

Hi Alex,

In our particular use case the Public Network is an SD WAN and we have a 
requirement of slightly smaller MTU than the standard 1500.

I have assumed that our traffic will be encapsulated into something else before 
delivery, I guess that is the reason for the requirement.

What would be the easier way to add support for MTU tunning on VRs?

I would be to contribute and implement it.

Regards,





On Wed, 2021-03-24 09:39 AM, Alex Mattioli 
 wrote:
>
Hi R,
>
> There's no ACS setting for the VR's MTU size.
> Unless you are running storage traffic s in that network then jumbo frames 
> aren't of much use. I've ran some tests at the request of some customers in 
> my previous job, and with some very busy VRs and the performance gains for an 
> MTU of 9000 were statistically insignificant.
> If your VRs are saturated your best option is to increase the
> resources for its offering (if you need guidance with that, am happy
> to provide it)
>
> Anyway, what's your use case for jumbo frames?
>
> Regards,
> Alex
>
> alex.matti...@shapeblue.com
> http://www.shapeblue.com
> 3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK
> @shapeblue
>
>
>
>
> -Original Message-
> From: rva...@privaz.io.INVALID "
> target="_blank">
> Sent: 24 March 2021 09:23
> To: 

Re: Script SSH and Password Suse Linux 15.1

[Wido den Hollander]

On 3/23/21 6:47 PM, Andrija Panic wrote:
> I imagine nobody is using SuSE that much - but you should be trying your
> luck with cloudinit instead - it has the same password change
> functionality, plus some more - and is a better in long run
> That cloud-set-guest-password was never updated to work on systemD, so it
> only works on older OS like CentOS6/Ubuntu14, etc.
> 

Indeed. cloud-init is the way to go and works as expected with much much
more in there.

Wido

> Best,
> 
> On Thu, 11 Mar 2021 at 15:16, Felipe Rossi  wrote:
> 
>> Hello All,
>>
>> Someone is using SuseLinux on CloudStack with script
>> cloud-set-guest-password and sshkey working fine.
>>
>> We are trying use but not work, the paths on Suse are different, for
>> example dhclient.
>>
>> If someone have tips for make this work.
>>
>> Att / Regards
>>
>> Felipe Rossi | BRASCLOUD
>> *CEO*
>> *Cloud Architect*
>> fel...@brascloud.com.br | www.brascloud.com.br
>> Contact + 55 45 99116-0094 / +55 45 3326-4568
>>
> 
> 

Re: CentOS, Debian and Ubuntu templates for CloudStack

[Wido den Hollander]

On 3/23/21 11:44 AM, Rohit Yadav wrote:
> Thanks Wido, that would be useful. Maybe we fork one of the recipes to create 
> new default template(s) for CloudStack.
> 

Yes, that's possible! With a few simple adjustments we can do so.

We could add this to the cloudstack repo in a directory
'default-template' or something where we build a CentOS or Ubuntu image
which works out of the box on CloudStack.

Not really that hard to build that template with all the work we already
did.

Wido

> 
> Regards.
> 
> 
> From: li jerry 
> Sent: Monday, March 22, 2021 19:07
> To: users@cloudstack.apache.org 
> Subject: 回复: CentOS, Debian and Ubuntu templates for CloudStack
> 
> thank you for your sharing
> 
> Is there a CICD solution for windows tempalte?
> 
> 
> -邮件原件-
> 发件人: Wido den Hollander 
> 发送时间: 2021年3月19日 23:58
> 收件人: users@cloudstack.apache.org
> 主题: CentOS, Debian and Ubuntu templates for CloudStack
> 
> Hi,
> 
> At PCextreme ( https://www.pcextreme.com/ ) we have thousands of Virtual 
> Machines running on Apache CloudStack with the KVM hypervisor.
> 
> One of the things which is always a challenge is having proper templates 
> which you can use to deploy Virtual Machines rapidly.
> 
> We use the Packer tool to build templates for VMs on CloudStack. The code for 
> building these is available on Github:
> https://github.com/PCextreme/packer-templates/
> 
> The resulting QCOW2 files are uploaded to a public S3 bucket:
> https://compute.o.auroraobjects.eu/
> 
> For example, the Ubuntu 20.04 template from 18-03-2021 can be found here:
> 
> https://compute.o.auroraobjects.eu/templates/ubuntu-20.04_master_240a36d2.qcow2
> 
> Gitlab's CI/CD is used to build these templates and successful builds of the 
> master branch are pushed to S3.
> 
> The templates support:
> 
> - Growing the root disk upon first boot
> - CloudStack password server (via cloud-init)
> - cloud-init userdata
> 
> The PCextreme IPv6 recursive DNS servers are harcoded into these templates 
> which make them not suitable for all deployments, but you can use the code to 
> easily build your own templates.
> 
> Hope this helps!
> 
> Wido
> 
> rohit.ya...@shapeblue.com 
> www.shapeblue.com
> 3 London Bridge Street,  3rd floor, News Building, London  SE1 9SGUK
> @shapeblue
>   
>  
>