Re: Allowing all ingress traffic except specific protocols or CIDRs in security groups
Hi Fariborz, Currently there is no options for action (allow/deny) for each rule, all rules are allowed. I think it is a good feature to support action (allow/deny) and rule number (so rules are ordered) in security groups rules, like the network ACL in VPC. https://docs.cloudstack.apache.org/en/latest/adminguide/networking/virtual_private_cloud_config.html#creating-an-acl-rule Can you create a github issue for the improvement ? -Wei On Mon, 27 Nov 2023 at 23:20, Fariborz Navidan wrote: > Hello, > > As of CS 4.15, in security groups all inbound traffic is blocked by > default. As a result to allow all incoming traffic to VMs, we need to add > an ingress rule with the protocol specified as "All" and CIDR specified as > " > 0.0.0.0/0". Is it possible to allow all incoming traffic except specific > protocols or CIDRs to block specific protocols/CIDRs? > > Regards. >
Allowing all ingress traffic except specific protocols or CIDRs in security groups
Hello, As of CS 4.15, in security groups all inbound traffic is blocked by default. As a result to allow all incoming traffic to VMs, we need to add an ingress rule with the protocol specified as "All" and CIDR specified as " 0.0.0.0/0". Is it possible to allow all incoming traffic except specific protocols or CIDRs to block specific protocols/CIDRs? Regards.
Not able to deploy VMs | ACS 4.17.2 | VMware 7
Hello Folks,
I just deployed a Cloudstack 4.17.2 with VMware 7.0. I am able to provision
system VMs and VRs but not able to provision VMs.
While checking the logs - looks like it’s not able to connect to vCenter and
not able to create disks, but somehow VRs and system VMs are being provisioned
perfectly fine.
———
In management servers logs
———
2023-11-27 18:27:25,688 DEBUG [c.c.a.t.Request] (AgentManager-Handler-3:null)
(logid:) Seq 11-6334875825850024098: Processing: { Ans: , MgmtId:
7115655717170, via: 11, Ver: v1, Flags: 110,
[{"org.apache.cloudstack.storage.command.CopyCmdAnswer":{"result":"false","details":"Failed
to create a VMware context, check the management server logs or the SSVM log
for details","wait":"0","bypassHostMaintenance":"false"}}] }
2023-11-27 18:27:25,688 DEBUG [c.c.a.t.Request]
(Work-Job-Executor-5:ctx-164cb640 job-94/job-95 ctx-8ed050e5) (logid:09eb73ef)
Seq 11-6334875825850024098: Received: { Ans: , MgmtId: 7115655717170, via:
11(s-8-VM), Ver: v1, Flags: 110, { CopyCmdAnswer } }
2023-11-27 18:27:25,717 DEBUG [c.c.a.m.AgentAttache]
(AgentManager-Handler-3:null) (logid:) Seq 11-6334875825850024098: No more
commands found
2023-11-27 18:27:25,740 DEBUG [o.a.c.h.HAManagerImpl]
(BackgroundTaskPollManager-5:ctx-4f6c8aaa) (logid:03ac36da) HA health check
task is running...
2023-11-27 18:27:25,743 INFO [o.a.c.s.v.VolumeServiceImpl]
(Work-Job-Executor-5:ctx-164cb640 job-94/job-95 ctx-8ed050e5) (logid:09eb73ef)
releasing lock for VMTemplateStoragePool 8
2023-11-27 18:27:25,751 DEBUG [o.a.c.e.o.VolumeOrchestrator]
(Work-Job-Executor-5:ctx-164cb640 job-94/job-95 ctx-8ed050e5) (logid:09eb73ef)
Unable to create Vol[15|vm=15|ROOT]:Failed to create a VMware context, check
the management server logs or the SSVM log for details
2023-11-27 18:27:25,752 WARN [c.c.v.VirtualMachineManagerImpl]
(Work-Job-Executor-5:ctx-164cb640 job-94/job-95 ctx-8ed050e5) (logid:09eb73ef)
Unable to contact resource.
com.cloud.exception.StorageUnavailableException: Resource [StoragePool:3] is
unreachable: Unable to create Vol[15|vm=15|ROOT]:Failed to create a VMware
context, check the management server logs or the SSVM log for details
at
org.apache.cloudstack.engine.orchestration.VolumeOrchestrator.recreateVolume(VolumeOrchestrator.java:1595)
at
org.apache.cloudstack.engine.orchestration.VolumeOrchestrator.prepare(VolumeOrchestrator.java:1689)
at
com.cloud.vm.VirtualMachineManagerImpl.orchestrateStart(VirtualMachineManagerImpl.java:1179)
at
com.cloud.vm.VirtualMachineManagerImpl.orchestrateStart(VirtualMachineManagerImpl.java:5315)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at
com.cloud.vm.VmWorkJobHandlerProxy.handleVmWorkJob(VmWorkJobHandlerProxy.java:107)
at
com.cloud.vm.VirtualMachineManagerImpl.handleVmWorkJob(VirtualMachineManagerImpl.java:5439)
at com.cloud.vm.VmWorkJobDispatcher.runJob(VmWorkJobDispatcher.java:102)
at
org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.runInContext(AsyncJobManagerImpl.java:620)
at
org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:48)
at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:55)
at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:102)
at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:52)
at
org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:45)
at
org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.run(AsyncJobManagerImpl.java:568)
at
java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
2023-11-27 18:27:25,763 DEBUG [c.c.v.VirtualMachineManagerImpl]
(Work-Job-Executor-5:ctx-164cb640 job-94/job-95 ctx-8ed050e5) (logid:09eb73ef)
Cleaning up resources for the vm VM instance {id: "15", name: "i-2-15-VM",
uuid: "2b78b7af-d4c6-428a-b3f0-f7f5760b", type="User"} in Starting state
———
In SSVM logs
———
2023-11-27 15:32:40,663 INFO
[storage.resource.VmwareSeconda
Re: Vlans for domain
vlan can only be specified by root admin, as it requires some settings on infrastructure, and it is also critical as vlan misconfiguration might cause some issues. vlan id is also invisible for non-admin users. If you create a L2 or Isolated network for your user, the network belongs to the user, so the network is not visible when you create an instance, but the user can see it. -Wei On Mon, 27 Nov 2023 at 12:04, Jimmy Huybrechts wrote: > Hi, > > After a lot of testing I’m now trying to put it more in the shape we would > use it. So I created a user and domain for own instances. > > Now I’m trying to create a Network offering on a specific vlan, which > doesn’t seem possible? If I create one with specify vlan is true and assign > it to my tenant I can’t see it when creating an instance, if it create it > with specify vlan is false I can see it but how do I tell it which vlans to > use then? (using an untagged vlan is not possible here). > > How do I create a L2 network on a specific vlan and be able to use it in > my own domain? Since I’m also the root admin I can give it of course > > -- > Jimmy >
Vlans for domain
Hi, After a lot of testing I’m now trying to put it more in the shape we would use it. So I created a user and domain for own instances. Now I’m trying to create a Network offering on a specific vlan, which doesn’t seem possible? If I create one with specify vlan is true and assign it to my tenant I can’t see it when creating an instance, if it create it with specify vlan is false I can see it but how do I tell it which vlans to use then? (using an untagged vlan is not possible here). How do I create a L2 network on a specific vlan and be able to use it in my own domain? Since I’m also the root admin I can give it of course -- Jimmy
Re: new PMC member: Abhishek Kumar
Well done Abhishek, congratulations! Regards, Nicolas Vazquez From: Jithin Raju Date: Monday, 27 November 2023 at 01:21 To: d...@cloudstack.apache.org , users Subject: Re: new PMC member: Abhishek Kumar Congratulations Abhishek. -Jithin From: Daan Hoogland Date: Thursday, 23 November 2023 at 2:11 PM To: users , dev Subject: new PMC member: Abhishek Kumar The Project Management Committee (PMC) for Apache CloudStack has invited Abhishek Kumar to become a PMC member and we are pleased to announce that they have accepted. Abhishek has contributed in the past and has shown effort to make the project run smoothly. He is also the Release Manager for the upcoming 4.19 release. please join me in congratulating Abhishek -- Daan
RE: Cloudstack fail to create windows 2022 templates
Hi Steve Yes - MS have changed the OS disk partitioning scheme on both Windows 11 and Server 2022. We installed Server 2022 using the ISO - but created a 1Gb partition prior to installing the OS. We then use a combination of DISM and diskpart commands to reconfigure the partitions so that we have a 1Gb Recovery partition (large enough for future OS updates to satisfy Microsoft) and have this partition at the beginning of the disk so that the "C drive" can later be extended if required Detailed steps: when installing the OS from the ISO - on the installation page - select 'advanced' and choose to add a new 1024Mb partition to the unallocated disk - this will serve as the new partition 'D' for the Recovery partition Then after the OS is installed: in diskpart find the exisiting RE partition that the system has installed and give it drive letter 'O' diskpart list volume select volume 'number of the RE partition created by the OS install' assign letter=O exit Dism /Capture-Image /ImageFile:C:\recovery-partition.wim /CaptureDir:O:\ /Name:"Recovery" Dism /Apply-Image /ImageFile:C:\recovery-partition.wim /Index:1 /ApplyDir:D:\ reagentc /disable reagentc /setreimage /path D:\Recovery\WindowsRE reagentc /enable DISKPART> select volume 'number of the D partition' DISKPART> set id=27 DISKPART> remove go into regedit hklm/system/MountedDevices and delete the item that shows the drive letter for the RE partition reboot server diskpart select volume 4 - if this was the original RE partition at the end of the disk delete partition override Gary Dixon Senior Technical Consultant 0161 537 4980 +44 7989717661 gary.di...@quadris.co.uk www.quadris.com Innovation House, 12-13 Bredbury Business Park Bredbury Park Way, Bredbury, Stockport, SK6 2SN -Original Message- From: S.Fuller Sent: Friday, November 24, 2023 2:18 AM To: users@cloudstack.apache.org Subject: Re: Cloudstack fail to create windows 2022 templates Just went through this process. - I installed Windows Server 2022 to a VM, installed the VirtIO drivers, made the other changes I wanted to the image - Ran sysprep with the shutdown and OOBE experience options - Made a template from the volume Biggest issue I had was dealing with where Windows 2022 puts the system recovery partition. MS now places it after the primary partition so automatic resizing of the volume on deployment wouldn't work. I ended up just removing that partition entirely. - Steve On Thu, Nov 23, 2023 at 12:49 AM Yu Huang Chan wrote: > Hi All, > > We are going to try to make a Windows 2022 template and follow the > documentation guides that require downloading and installing Windows AIK. > > When we look at the Windows System Image Manager catalog, it shows the > error "Details: Parameter count mismatch." > > The below latest documentation shows an example guide up to Windows > 2008 guides only. > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs > .cloudstack.apache.org%2Fen%2Flatest%2Fadminguide%2Ftemplates.html&dat > a=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cd14867f23ed74268d71a08dbec93a > fc8%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C638363891291430927%7C > Unknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1h > aWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=JL1ZolOAhhfvjSC3LPkybTvxz5s3F > s6%2BJamQlCvPGto%3D&reserved=0 > > May we know anyone facing these issues and how to create Windows 2022 > templates in the proper way? > > Regards, > Yu Huang > -- Steve Fuller steveful...@gmail.com
