PCI device pass-through

[Andrey Smirnov]

Hi,

I am having some troubles with making a PCI device available for guests, 
while pci.devices=xxx are described in the agent.properties I can not 
see any options to make it available for the guests. Using kvm native 
tools -- pci devices can be added to the guests and are functional, the 
problem only that every reboot or migration will wipe this manual config 
which is quite expected behavior.


Sincerely

Andrey Smirnov



smime.p7s
Description: S/MIME Cryptographic Signature

Management Server HA

[Niclas Lindblom]

Hi,

I have 2 development servers that I wanted to load balance with Traefik that I 
have running as a docker instance. I believe I have configured Traefik 
correctly according to the guidance in the documentation 
https://docs.cloudstack.apache.org/en/latest/adminguide/reliability.html 
 . 
However, when I try and logon the page hangs and I am seeing this error message 
in the management server logs

 ERROR [c.c.u.n.Link] (AgentManager-SSLHandshakeHandler-70:null) (logid:) SSL 
error caught during wrap data: Certificate ownership verification failed for 
client: 192.168.20.6, for local address=/192.168.20.11:8250, remote 
address=/192.168.20.6:54714.

Am I missing some steps in the configuration with regards of SSL ?

Niclas

smime.p7s
Description: S/MIME cryptographic signature

Re: Role for taking console of the VM

[Wei ZHOU]

The VM console is only available for users which have access to
"listVirtualMachines" api.
The VM should be in the state "Running", "Starting" or "Stopping".

-Wei


On Thu, 9 Jun 2022 at 14:41, Vivek Kumar 
wrote:

> Thanks way for the response, So do we get the option in GUI for read only
> user ? Because whenever I create a read-only user and login from GUI the
> console option is not visible.
>
>
>
> Vivek Kumar
> Sr. Manager - Cloud & DevOps
> TechOps | Indiqus Technologies
>
> + 91 7503460090 
> vivek.ku...@indiqus.com 
> www.indiqus.com 
>
>
>
> > On 09-Jun-2022, at 3:26 PM, Wei ZHOU  wrote:
> >
> > Hi Vivek,
> >
> > There is no cloudstack API to get vm console, but you can get it by
> sending
> > a request to
> >
> > http://:8080/client/console?cmd=access&vm= uuid>&apikey= > api key>&signature=&response=json
> >
> > -Wei
> >
> > On Thu, 9 Jun 2022 at 11:16, Vivek Kumar  .invalid>
> > wrote:
> >
> >> Hello Folks.
> >>
> >> I am currently going through the custom rules, so in which API user can
> >> take the console of the VM. So I want a user where he can list all the
> >> resources and open the console of the VM/VR. So in custom roles I have
> >> allowed - “list*”, he is able to list all the resources but console
> option
> >> is not visible. So what else should I need to allow to take the console
> of
> >> VMs/VRs.
> >>
> >>
> >>
> >> Vivek Kumar
> >> Sr. Manager - Cloud & DevOps
> >> TechOps | Indiqus Technologies
> >>
> >> + 91 7503460090 
> >>vivek.ku...@indiqus.com 
> >>www.indiqus.com 
> >>
> >>
> >>
> >>
> >> --
> >> This message is intended only for the use of the individual or entity to
> >> which it is addressed and may contain confidential and/or privileged
> >> information. If you are not the intended recipient, please delete the
> >> original message and any copy of it from your computer system. You are
> >> hereby notified that any dissemination, distribution or copying of this
> >> communication is strictly prohibited unless proper authorization has
> been
> >> obtained for such action. If you have received this communication in
> >> error,
> >> please notify the sender immediately. Although IndiQus attempts to sweep
> >> e-mail and attachments for viruses, it does not guarantee that both are
> >> virus-free and accepts no liability for any damage sustained as a result
> >> of
> >> viruses.
> >>
>
>
> --
> This message is intended only for the use of the individual or entity to
> which it is addressed and may contain confidential and/or privileged
> information. If you are not the intended recipient, please delete the
> original message and any copy of it from your computer system. You are
> hereby notified that any dissemination, distribution or copying of this
> communication is strictly prohibited unless proper authorization has been
> obtained for such action. If you have received this communication in
> error,
> please notify the sender immediately. Although IndiQus attempts to sweep
> e-mail and attachments for viruses, it does not guarantee that both are
> virus-free and accepts no liability for any damage sustained as a result
> of
> viruses.
>

Re: lift-and-shift tools/methods

[Nux]

In the past people moved from Xen or VMware to KVM using libguestfs, but 
I am unsure whether libguestfs supports moving _to_ Xen.


If that doesn't work you could always do it by hand, the following would 
need to be accomplished:
1 - Make sure the source VM has xen drivers ready to load (ie add 
xenblk, xennet etc etc to the ramdisk, not sure how to Windows this)
2 - Download the VMDK and convert it to .vhd or whatever file format you 
are using.
3 - Create a new placeholder VM, maybe from iso, with a volume of the 
correct size, then drop the converted volume from step 2 over it on your 
storage.If the source VM has more than 1 volume, then just convert and 
copy over accordingly.
4. Alternatively - if dealing with a single disk source VM - you could 
always convert it to vhd, register it as a template and then deploy a VM 
from this template - but this way is quite a bit slower.


HTH

---
Nux
www.nux.ro

On 2022-06-09 09:05, Nikolaos Tsinganos wrote:

Hi Daan,

I guess I didn't give the appropriate description of the situation in
the first place.

VM ingestion is a great and useful feature, but what if the VMware VMs
are on a remote site that I cannot directly  add as a cluster on ACS.

I mean, if there is  a client that has on-prem VMware infrastructure
and wants to move the VMs to our IaaS infrastructure (ACS + Xen), what
would be the recommended way to proceed?

Of course, there are multiple criteria to make such a decision but I
wanted to ask if there are baseline guidelines.

-Original Message-
From: Daan Hoogland 
Sent: Thursday, June 9, 2022 10:08 AM
To: users 
Subject: Re: lift-and-shift tools/methods

Nikolaos,
There is an import feature for vmware vms. I think you need to have a
look at that.

On Wed, Jun 8, 2022 at 6:04 PM Nikolaos Tsinganos 


wrote:


Hi everybody,



Are there any recommended  “lilft-and-shift to cloudstack” 
tools/methods?

… or maybe someone that wants to share his/her experience for an
on-premises VMware to  Cloudstack migration? (Cloud migration).



Regards,

Nikolaos














--
Daan

Re: Role for taking console of the VM

[Vivek Kumar]

Thanks way for the response, So do we get the option in GUI for read only user 
? Because whenever I create a read-only user and login from GUI the console 
option is not visible. 



Vivek Kumar
Sr. Manager - Cloud & DevOps
TechOps | Indiqus Technologies

+ 91 7503460090 
vivek.ku...@indiqus.com 
www.indiqus.com 



> On 09-Jun-2022, at 3:26 PM, Wei ZHOU  wrote:
> 
> Hi Vivek,
> 
> There is no cloudstack API to get vm console, but you can get it by sending
> a request to
> 
> http://:8080/client/console?cmd=access&vm=&apikey= api key>&signature=&response=json
> 
> -Wei
> 
> On Thu, 9 Jun 2022 at 11:16, Vivek Kumar 
> wrote:
> 
>> Hello Folks.
>> 
>> I am currently going through the custom rules, so in which API user can
>> take the console of the VM. So I want a user where he can list all the
>> resources and open the console of the VM/VR. So in custom roles I have
>> allowed - “list*”, he is able to list all the resources but console option
>> is not visible. So what else should I need to allow to take the console of
>> VMs/VRs.
>> 
>> 
>> 
>> Vivek Kumar
>> Sr. Manager - Cloud & DevOps
>> TechOps | Indiqus Technologies
>> 
>> + 91 7503460090 
>>vivek.ku...@indiqus.com 
>>www.indiqus.com 
>> 
>> 
>> 
>> 
>> --
>> This message is intended only for the use of the individual or entity to
>> which it is addressed and may contain confidential and/or privileged
>> information. If you are not the intended recipient, please delete the
>> original message and any copy of it from your computer system. You are
>> hereby notified that any dissemination, distribution or copying of this
>> communication is strictly prohibited unless proper authorization has been
>> obtained for such action. If you have received this communication in
>> error,
>> please notify the sender immediately. Although IndiQus attempts to sweep
>> e-mail and attachments for viruses, it does not guarantee that both are
>> virus-free and accepts no liability for any damage sustained as a result
>> of
>> viruses.
>> 


-- 
This message is intended only for the use of the individual or entity to 
which it is addressed and may contain confidential and/or privileged 
information. If you are not the intended recipient, please delete the 
original message and any copy of it from your computer system. You are 
hereby notified that any dissemination, distribution or copying of this 
communication is strictly prohibited unless proper authorization has been 
obtained for such action. If you have received this communication in error, 
please notify the sender immediately. Although IndiQus attempts to sweep 
e-mail and attachments for viruses, it does not guarantee that both are 
virus-free and accepts no liability for any damage sustained as a result of 
viruses.

Re: Role for taking console of the VM

[Wei ZHOU]

Hi Vivek,

There is no cloudstack API to get vm console, but you can get it by sending
a request to

http://:8080/client/console?cmd=access&vm=&apikey=&signature=&response=json

-Wei

On Thu, 9 Jun 2022 at 11:16, Vivek Kumar 
wrote:

> Hello Folks.
>
> I am currently going through the custom rules, so in which API user can
> take the console of the VM. So I want a user where he can list all the
> resources and open the console of the VM/VR. So in custom roles I have
> allowed - “list*”, he is able to list all the resources but console option
> is not visible. So what else should I need to allow to take the console of
> VMs/VRs.
>
>
>
> Vivek Kumar
> Sr. Manager - Cloud & DevOps
> TechOps | Indiqus Technologies
>
> + 91 7503460090 
> vivek.ku...@indiqus.com 
> www.indiqus.com 
>
>
>
>
> --
> This message is intended only for the use of the individual or entity to
> which it is addressed and may contain confidential and/or privileged
> information. If you are not the intended recipient, please delete the
> original message and any copy of it from your computer system. You are
> hereby notified that any dissemination, distribution or copying of this
> communication is strictly prohibited unless proper authorization has been
> obtained for such action. If you have received this communication in
> error,
> please notify the sender immediately. Although IndiQus attempts to sweep
> e-mail and attachments for viruses, it does not guarantee that both are
> virus-free and accepts no liability for any damage sustained as a result
> of
> viruses.
>

Role for taking console of the VM

[Vivek Kumar]

Hello Folks.

I am currently going through the custom rules, so in which API user can take 
the console of the VM. So I want a user where he can list all the resources and 
open the console of the VM/VR. So in custom roles I have allowed - “list*”, he 
is able to list all the resources but console option is not visible. So what 
else should I need to allow to take the console of VMs/VRs.



Vivek Kumar
Sr. Manager - Cloud & DevOps
TechOps | Indiqus Technologies

+ 91 7503460090 
vivek.ku...@indiqus.com 
www.indiqus.com 




-- 
This message is intended only for the use of the individual or entity to 
which it is addressed and may contain confidential and/or privileged 
information. If you are not the intended recipient, please delete the 
original message and any copy of it from your computer system. You are 
hereby notified that any dissemination, distribution or copying of this 
communication is strictly prohibited unless proper authorization has been 
obtained for such action. If you have received this communication in error, 
please notify the sender immediately. Although IndiQus attempts to sweep 
e-mail and attachments for viruses, it does not guarantee that both are 
virus-free and accepts no liability for any damage sustained as a result of 
viruses.

Re: lift-and-shift tools/methods

[Daan Hoogland]

Can´t say Iḿ an expert Nikolaos, but how about

   1.  stop the VM
   2. storage motion it to the ACS controlled cluster
   3. start it
   4. ingest vm

again, not the expert but hope it helps. Of course if there are a lot of
them it needs automation, and if no downtime is allowed, this won´t work.

On Thu, Jun 9, 2022 at 10:05 AM Nikolaos Tsinganos
 wrote:

> Hi Daan,
>
> I guess I didn't give the appropriate description of the situation in the
> first place.
>
> VM ingestion is a great and useful feature, but what if the VMware VMs are
> on a remote site that I cannot directly  add as a cluster on ACS.
>
> I mean, if there is  a client that has on-prem VMware infrastructure and
> wants to move the VMs to our IaaS infrastructure (ACS + Xen), what would be
> the recommended way to proceed?
>
> Of course, there are multiple criteria to make such a decision but I
> wanted to ask if there are baseline guidelines.
>
> -Original Message-
> From: Daan Hoogland 
> Sent: Thursday, June 9, 2022 10:08 AM
> To: users 
> Subject: Re: lift-and-shift tools/methods
>
> Nikolaos,
> There is an import feature for vmware vms. I think you need to have a look
> at that.
>
> On Wed, Jun 8, 2022 at 6:04 PM Nikolaos Tsinganos
> 
> wrote:
>
> > Hi everybody,
> >
> >
> >
> > Are there any recommended  “lilft-and-shift to cloudstack” tools/methods?
> > … or maybe someone that wants to share his/her experience for an
> > on-premises VMware to  Cloudstack migration? (Cloud migration).
> >
> >
> >
> > Regards,
> >
> > Nikolaos
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
>
> --
> Daan
>
>

-- 
Daan

RE: lift-and-shift tools/methods

[Nikolaos Tsinganos]

Hi Daan, 

I guess I didn't give the appropriate description of the situation in the first 
place.

VM ingestion is a great and useful feature, but what if the VMware VMs are on a 
remote site that I cannot directly  add as a cluster on ACS.

I mean, if there is  a client that has on-prem VMware infrastructure and wants 
to move the VMs to our IaaS infrastructure (ACS + Xen), what would be the 
recommended way to proceed?  

Of course, there are multiple criteria to make such a decision but I wanted to 
ask if there are baseline guidelines.

-Original Message-
From: Daan Hoogland  
Sent: Thursday, June 9, 2022 10:08 AM
To: users 
Subject: Re: lift-and-shift tools/methods

Nikolaos,
There is an import feature for vmware vms. I think you need to have a look at 
that.

On Wed, Jun 8, 2022 at 6:04 PM Nikolaos Tsinganos 
wrote:

> Hi everybody,
>
>   
>
> Are there any recommended  “lilft-and-shift to cloudstack” tools/methods?
> … or maybe someone that wants to share his/her experience for an 
> on-premises VMware to  Cloudstack migration? (Cloud migration).
>
>   
>
> Regards,
>
> Nikolaos
>
>   
>
>   
>
>   
>
>   
>
>   
>
>

--
Daan

Re: How to configure link domaintoldap to define admin and user roles?

[Daan Hoogland]

Jorge, the linkDomaintoLdap feature is not that fine grained. Youĺl want to
look at LinkAccountToLdap for what you seek.

On Wed, Jun 8, 2022 at 10:31 PM Jorge Luiz Correa
 wrote:

> Hi all!
>
> In documentation I can see:
>
> cloudmonkey link domaintoldap
> domainid=12345678-90ab-cdef-fedc-ba0987654321\
>   accounttype=2\
>
> ldapdomain="ou=people,dc=cloudstack,dc=apache,dc=org"\
>   type=OU
>
> So, for each member of ou=people,dc=cloudstack,dc=apache,dc=org I'll have
> one account with domain admin role (accounttype=2).
>
> How to do the same configuration for both user and admin roles? For
> example:
>
> To define admins:
> cloudmonkey link domaintoldap
> domainid=12345678-90ab-cdef-fedc-ba0987654321\
>   accounttype=2\
>
> ldapdomain="ou=admins,dc=cloudstack,dc=apache,dc=org"\
>   type=OU
>
> To define users:
> cloudmonkey link domaintoldap
> domainid=12345678-90ab-cdef-fedc-ba0987654321\
>   accounttype=0\
>
> ldapdomain="ou=users,dc=cloudstack,dc=apache,dc=org"\
>   type=OU
>
> When I tried to do that the second command failed with:
>
> Error: (HTTP 530, error code ) Entity already exists
>
> As I couldn't configure in that way, I tried just one command with
> accounttype=0 and passing the parameter admin=
>
> cloudmonkey link domaintoldap
> domainid=12345678-90ab-cdef-fedc-ba0987654321\
>   accounttype=0\
>
> ldapdomain="ou=users,dc=cloudstack,dc=apache,dc=org"\
>   type=OU\
>   admin=adminuser
>
> So, all members of LDAP group can be a normal user and adminuser will be
> the domain admin.
>
> But, if I need to have more than one domain admin, how can I configure?
>
> I've tried put two admin= parameters but just the first is used.
>
> Thank you!
>
> --
> __
> Aviso de confidencialidade
>
> Esta mensagem da
> Empresa  Brasileira de Pesquisa  Agropecuaria (Embrapa), empresa publica
> federal  regida pelo disposto  na Lei Federal no. 5.851,  de 7 de dezembro
> de 1972,  e  enviada exclusivamente  a seu destinatario e pode conter
> informacoes  confidenciais, protegidas  por sigilo profissional.  Sua
> utilizacao desautorizada  e ilegal e  sujeita o infrator as penas da lei.
> Se voce  a recebeu indevidamente, queira, por gentileza, reenvia-la ao
> emitente, esclarecendo o equivoco.
>
> Confidentiality note
>
> This message from
> Empresa  Brasileira de Pesquisa  Agropecuaria (Embrapa), a government
> company  established under  Brazilian law (5.851/72), is directed
> exclusively to  its addressee  and may contain confidential data,
> protected under  professional secrecy  rules. Its unauthorized  use is
> illegal and  may subject the transgressor to the law's penalties. If you
> are not the addressee, please send it back, elucidating the failure.
>


-- 
Daan

Re: lift-and-shift tools/methods

[Daan Hoogland]

Nikolaos,
There is an import feature for vmware vms. I think you need to have a look
at that.

On Wed, Jun 8, 2022 at 6:04 PM Nikolaos Tsinganos 
wrote:

> Hi everybody,
>
>  �
>
> Are there any recommended  “lilft-and-shift to cloudstack” tools/methods?
> … or maybe someone that wants to share his/her experience for an
> on-premises VMware to  Cloudstack migration? (Cloud migration).
>
>  �
>
> Regards,
>
> Nikolaos
>
>  �
>
>  �
>
>  �
>
>  �
>
>  �
>
>

-- 
Daan