Fail to add RBD ceph as Primary storage on Cloudstack 4.1+Centos6.4 KVM host
Environment:
##
Cloudstack 4.1.1, Ceph 0.6.1.7, Qemu 0.12.1.2-2.355 with RBD enable
I have added ceph RBD as primary successfully with ubuntu 12.04 kvm.
but fail on centos 6.4 kvm host in cloudstack.
i did some test on centos kvm host, i think can use rbd to access ceph
(have the ceph.conf on KVM host)
###
[root@centos-kvm01 ~]# qemu-img -v | grep rbd
Supported formats: raw cow qcow vdi vmdk cloop dmg bochs vpc vvfat
qcow2 qed parallels nbd blkdebug host_cdrom host_floppy host_device
file rbd
[root@centos-kvm01 ~]# rbd -m 192.168.250.15 -p volumes ls
08b376f0-5af4-4b46-b41e-d83dc0f93a70
1e9f8d76-94d9-4d56-a8a6-fdff32ba9d1b
b0f7fae3-716b-4210-a89d-af63c6e30859
[root@centos-kvm01 ~]# rados lspools
data
metadata
rbd
volumes
cloudstack
[root@centos-kvm01 ~]# rbd create test --size 4096
[root@centos-kvm01 ~]# rbd ls
test
cloudstack log:
2013-08-19 17:28:25,683 DEBUG [agent.transport.Request]
(AgentManager-Handler-9:null) Seq 26-368640010: Processing: { Ans: ,
MgmtId: 345050143793, via: 26, Ver: v1, Flags: 10,
[{"Answer":{"result":false,"details":"java.lang.NullPointerException\n\tat
com.cloud.hypervisor.kvm.storage.LibvirtStorageAdaptor.createStoragePool(LibvirtStorageAdaptor.java:540)\n\tat
com.cloud.hypervisor.kvm.storage.KVMStoragePoolManager.createStoragePool(KVMStoragePoolManager.java:111)\n\tat
com.cloud.hypervisor.kvm.storage.KVMStoragePoolManager.createStoragePool(KVMStoragePoolManager.java:104)\n\tat
com.cloud.hypervisor.kvm.resource.LibvirtComputingResource.execute(LibvirtComputingResource.java:2304)\n\tat
com.cloud.hypervisor.kvm.resource.LibvirtComputingResource.executeRequest(LibvirtComputingResource.java:1094)\n\tat
com.cloud.agent.Agent.processRequest(Agent.java:525)\n\tat
com.cloud.agent.Agent$AgentRequestHandler.doTask(Agent.java:852)\n\tat
com.cloud.utils.nio.Task.run(Task.java:83)\n\tat
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146)\n\tat
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)\n\tat
java.lang.Thread.run(Thread.java:679)\n","wait":0}}] }
2013-08-19 17:28:25,683 DEBUG [agent.transport.Request]
(catalina-exec-1:null) Seq 26-368640010: Received: { Ans: , MgmtId:
345050143793, via: 26, Ver: v1, Flags: 10, { Answer } }
2013-08-19 17:28:25,683 DEBUG [agent.manager.AgentManagerImpl]
(catalina-exec-1:null) Details from executing class
com.cloud.agent.api.ModifyStoragePoolCommand:
java.lang.NullPointerException
at
com.cloud.hypervisor.kvm.storage.LibvirtStorageAdaptor.createStoragePool(LibvirtStorageAdaptor.java:540)
at
com.cloud.hypervisor.kvm.storage.KVMStoragePoolManager.createStoragePool(KVMStoragePoolManager.java:111)
at
com.cloud.hypervisor.kvm.storage.KVMStoragePoolManager.createStoragePool(KVMStoragePoolManager.java:104)
at
com.cloud.hypervisor.kvm.resource.LibvirtComputingResource.execute(LibvirtComputingResource.java:2304)
at
com.cloud.hypervisor.kvm.resource.LibvirtComputingResource.executeRequest(LibvirtComputingResource.java:1094)
at com.cloud.agent.Agent.processRequest(Agent.java:525)
at com.cloud.agent.Agent$AgentRequestHandler.doTask(Agent.java:852)
at com.cloud.utils.nio.Task.run(Task.java:83)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:679)
2013-08-19 17:28:25,689 WARN [cloud.storage.StorageManagerImpl]
(catalina-exec-1:null) Unable to establish a connection between
Host[-26-Routing] and Pool[207|RBD]
com.cloud.exception.StorageUnavailableException: Resource
[StoragePool:207] is unreachable: Unable establish connection from
storage head to storage pool 207 due to java.lang.NullPointerException
at
com.cloud.hypervisor.kvm.storage.LibvirtStorageAdaptor.createStoragePool(LibvirtStorageAdaptor.java:540)
at
com.cloud.hypervisor.kvm.storage.KVMStoragePoolManager.createStoragePool(KVMStoragePoolManager.java:111)
at
com.cloud.hypervisor.kvm.storage.KVMStoragePoolManager.createStoragePool(KVMStoragePoolManager.java:104)
at
com.cloud.hypervisor.kvm.resource.LibvirtComputingResource.execute(LibvirtComputingResource.java:2304)
at
com.cloud.hypervisor.kvm.resource.LibvirtComputingResource.executeRequest(LibvirtComputingResource.java:1094)
at com.cloud.agent.Agent.processRequest(Agent.java:525)
at com.cloud.agent.Agent$AgentRequestHandler.doTask(Agent.java:852)
at com.cloud.utils.nio.Task.run(Task.java:83)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:679)
at
com.cloud.storage.StorageManagerImpl.connectHostToSharedPool(StorageManagerImpl.java:1637)
Re: Fail to add RBD ceph as Primary storage on Cloudstack 4.1+Centos6.4 KVM host
thank you for your response.
i have done Widoh's way too and running well on ubuntu. so i know it
is the centos some kernel and features too old.
Hope have some one make a success deploy on Centos 6.4
2013/8/20 Andrei Mikhailovsky :
> I've been testing centos 6.4 extensively with rbd and had a lot of stability
> issues where the host server would freeze or reboot during high load
> benchmarks, especially with small block sizes. I have switched to ubuntu
> 12.04 with 3.5 kernel and didn't see this behaviour. Just my two cents.
>
> P.S. i've not had any issues with adding rbd cluster to cloudstack following
> the Widoh's howto on the net.
>
> Andrei
> - Original Message -
>
> From: "不坏阿峰"
> To: users@cloudstack.apache.org
> Sent: Monday, 19 August, 2013 1:40:46 PM
> Subject: Fail to add RBD ceph as Primary storage on Cloudstack 4.1+Centos6.4
> KVM host
>
> Environment:
> ##
> Cloudstack 4.1.1, Ceph 0.6.1.7, Qemu 0.12.1.2-2.355 with RBD enable
>
> I have added ceph RBD as primary successfully with ubuntu 12.04 kvm.
> but fail on centos 6.4 kvm host in cloudstack.
>
> i did some test on centos kvm host, i think can use rbd to access ceph
> (have the ceph.conf on KVM host)
> ###
> [root@centos-kvm01 ~]# qemu-img -v | grep rbd
> Supported formats: raw cow qcow vdi vmdk cloop dmg bochs vpc vvfat
> qcow2 qed parallels nbd blkdebug host_cdrom host_floppy host_device
> file rbd
>
> [root@centos-kvm01 ~]# rbd -m 192.168.250.15 -p volumes ls
> 08b376f0-5af4-4b46-b41e-d83dc0f93a70
> 1e9f8d76-94d9-4d56-a8a6-fdff32ba9d1b
> b0f7fae3-716b-4210-a89d-af63c6e30859
>
> [root@centos-kvm01 ~]# rados lspools
> data
> metadata
> rbd
> volumes
> cloudstack
>
> [root@centos-kvm01 ~]# rbd create test --size 4096
> [root@centos-kvm01 ~]# rbd ls
> test
>
> cloudstack log:
>
> 2013-08-19 17:28:25,683 DEBUG [agent.transport.Request]
> (AgentManager-Handler-9:null) Seq 26-368640010: Processing: { Ans: ,
> MgmtId: 345050143793, via: 26, Ver: v1, Flags: 10,
> [{"Answer":{"result":false,"details":"java.lang.NullPointerException\n\tat
> com.cloud.hypervisor.kvm.storage.LibvirtStorageAdaptor.createStoragePool(LibvirtStorageAdaptor.java:540)\n\tat
> com.cloud.hypervisor.kvm.storage.KVMStoragePoolManager.createStoragePool(KVMStoragePoolManager.java:111)\n\tat
> com.cloud.hypervisor.kvm.storage.KVMStoragePoolManager.createStoragePool(KVMStoragePoolManager.java:104)\n\tat
> com.cloud.hypervisor.kvm.resource.LibvirtComputingResource.execute(LibvirtComputingResource.java:2304)\n\tat
> com.cloud.hypervisor.kvm.resource.LibvirtComputingResource.executeRequest(LibvirtComputingResource.java:1094)\n\tat
> com.cloud.agent.Agent.processRequest(Agent.java:525)\n\tat
> com.cloud.agent.Agent$AgentRequestHandler.doTask(Agent.java:852)\n\tat
> com.cloud.utils.nio.Task.run(Task.java:83)\n\tat
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146)\n\tat
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)\n\tat
> java.lang.Thread.run(Thread.java:679)\n","wait":0}}] }
> 2013-08-19 17:28:25,683 DEBUG [agent.transport.Request]
> (catalina-exec-1:null) Seq 26-368640010: Received: { Ans: , MgmtId:
> 345050143793, via: 26, Ver: v1, Flags: 10, { Answer } }
> 2013-08-19 17:28:25,683 DEBUG [agent.manager.AgentManagerImpl]
> (catalina-exec-1:null) Details from executing class
> com.cloud.agent.api.ModifyStoragePoolCommand:
> java.lang.NullPointerException
> at
> com.cloud.hypervisor.kvm.storage.LibvirtStorageAdaptor.createStoragePool(LibvirtStorageAdaptor.java:540)
> at
> com.cloud.hypervisor.kvm.storage.KVMStoragePoolManager.createStoragePool(KVMStoragePoolManager.java:111)
> at
> com.cloud.hypervisor.kvm.storage.KVMStoragePoolManager.createStoragePool(KVMStoragePoolManager.java:104)
> at
> com.cloud.hypervisor.kvm.resource.LibvirtComputingResource.execute(LibvirtComputingResource.java:2304)
> at
> com.cloud.hypervisor.kvm.resource.LibvirtComputingResource.executeRequest(LibvirtComputingResource.java:1094)
> at com.cloud.agent.Agent.processRequest(Agent.java:525)
> at com.cloud.agent.Agent$AgentRequestHandler.doTask(Agent.java:852)
> at com.cloud.utils.nio.Task.run(Task.java:83)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at java.lang.Thread.run(Thread.java:679)
>
> 2013-08-19 17:28:25,689 WARN [cloud.storage.StorageManagerImpl]
> (catalina-exec-1:null) Unable to establish a connection b
Re: Fail to add RBD ceph as Primary storage on Cloudstack 4.1+Centos6.4 KVM host
cloud you give some guide about complied latest libvirt and qemu ?
thanks
2013/8/20 Andrei Mikhailovsky :
>
>
> Well, I do not think that it is down to 2.6.32 kernel that is causing your
> issue as CS and RBD integration doesn't use kernel module. Please correct me
> if I am wrong, but I think it uses userspace libraries. Try asking people on
> OFTC irc #ceph, there should be people using centos/RH.
>
> When I tried rbd with cs using centos 6.4 I have compiled the latest libvirt
> and qemu from sources and didn't have that many issues apart from heavy load
> server reboots. I was running fio with 4 files each threading 16 random
> reads/writes with block size of 4K. Larger block sizes didn't give me any
> issues. At that time I had to use centos because of the infiniband support
> issues which i had with ubuntu, but the latest ofed drivers sorted out the
> issue and I am happily back to ubuntu.
>
> Do you need to use Centos for a reason? Taking into account that Ceph is
> heavily developed and tested using Ubuntu servers, I would use it instead of
> Centos, unless there are issues with hardware, etc. which do not work in
> Ubuntu.
>
> Andrei
> - Original Message -
>
> From: "不坏阿峰"
> To: users@cloudstack.apache.org
> Sent: Tuesday, 20 August, 2013 3:18:36 AM
> Subject: Re: Fail to add RBD ceph as Primary storage on Cloudstack
> 4.1+Centos6.4 KVM host
>
> thank you for your response.
>
> i have done Widoh's way too and running well on ubuntu. so i know it
> is the centos some kernel and features too old.
> Hope have some one make a success deploy on Centos 6.4
>
> 2013/8/20 Andrei Mikhailovsky :
>> I've been testing centos 6.4 extensively with rbd and had a lot of stability
>> issues where the host server would freeze or reboot during high load
>> benchmarks, especially with small block sizes. I have switched to ubuntu
>> 12.04 with 3.5 kernel and didn't see this behaviour. Just my two cents.
>>
>> P.S. i've not had any issues with adding rbd cluster to cloudstack following
>> the Widoh's howto on the net.
>>
>> Andrei
>> - Original Message -
>>
>> From: "不坏阿峰"
>> To: users@cloudstack.apache.org
>> Sent: Monday, 19 August, 2013 1:40:46 PM
>> Subject: Fail to add RBD ceph as Primary storage on Cloudstack 4.1+Centos6.4
>> KVM host
>>
>> Environment:
>> ##
>> Cloudstack 4.1.1, Ceph 0.6.1.7, Qemu 0.12.1.2-2.355 with RBD enable
>>
>> I have added ceph RBD as primary successfully with ubuntu 12.04 kvm.
>> but fail on centos 6.4 kvm host in cloudstack.
>>
>> i did some test on centos kvm host, i think can use rbd to access ceph
>> (have the ceph.conf on KVM host)
>> ###
>> [root@centos-kvm01 ~]# qemu-img -v | grep rbd
>> Supported formats: raw cow qcow vdi vmdk cloop dmg bochs vpc vvfat
>> qcow2 qed parallels nbd blkdebug host_cdrom host_floppy host_device
>> file rbd
>>
>> [root@centos-kvm01 ~]# rbd -m 192.168.250.15 -p volumes ls
>> 08b376f0-5af4-4b46-b41e-d83dc0f93a70
>> 1e9f8d76-94d9-4d56-a8a6-fdff32ba9d1b
>> b0f7fae3-716b-4210-a89d-af63c6e30859
>>
>> [root@centos-kvm01 ~]# rados lspools
>> data
>> metadata
>> rbd
>> volumes
>> cloudstack
>>
>> [root@centos-kvm01 ~]# rbd create test --size 4096
>> [root@centos-kvm01 ~]# rbd ls
>> test
>>
>> cloudstack log:
>>
>> 2013-08-19 17:28:25,683 DEBUG [agent.transport.Request]
>> (AgentManager-Handler-9:null) Seq 26-368640010: Processing: { Ans: ,
>> MgmtId: 345050143793, via: 26, Ver: v1, Flags: 10,
>> [{"Answer":{"result":false,"details":"java.lang.NullPointerException\n\tat
>> com.cloud.hypervisor.kvm.storage.LibvirtStorageAdaptor.createStoragePool(LibvirtStorageAdaptor.java:540)\n\tat
>> com.cloud.hypervisor.kvm.storage.KVMStoragePoolManager.createStoragePool(KVMStoragePoolManager.java:111)\n\tat
>> com.cloud.hypervisor.kvm.storage.KVMStoragePoolManager.createStoragePool(KVMStoragePoolManager.java:104)\n\tat
>> com.cloud.hypervisor.kvm.resource.LibvirtComputingResource.execute(LibvirtComputingResource.java:2304)\n\tat
>> com.cloud.hypervisor.kvm.resource.LibvirtComputingResource.executeRequest(LibvirtComputingResource.java:1094)\n\tat
>> com.cloud.agent.Agent.processRequest(Agent.java:525)\n\tat
>> com.cloud.agent.Agent$AgentRequestHandler.doTask(Agent.java:852)\n\tat
>> com.cloud.utils.nio.Task.run(Task.java:83)\n\tat
>> java.util.concurrent.ThreadPoolExecutor.runWorker(
guest host cannot access internet, but ssvm,vrouter can
guest host cannot access internet, but ssvm,vrouter can Cloudstack4.1.1(upgrade from 4.0.2), one kvm host ubuntu12.04 ,two xen advanced network ssvm,console proxy vm,vrouter can access internet. guest host <=> vrouter ,ok guest 1 <=> guest 2 in same vlan ,ping ok.guest 1 on kvm host, guest 2 on xen but guest 1 and 2 can not access internet. could you give some guide.
Re: Fail to create Instance in VPC on CS4.1.1
Thank you very much. i search "Unable to allocate vnet as a part of network" and find this link http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-users/201205.mbox/%3ccah-3_gn8fe_dfxq9ayq-1khwn0j+z6fu6nutzdfh3wn8mdn...@mail.gmail.com%3E i change the Guest network Vlan rang from 300 to 301(both use, cloudstack alert guest vlan is full ,but can use) ,extend it 300 to 399. then create instance sucess. but i did not see new network create, VPC did not create guest network . could you explain to me or give me some guide to understand it? many thanks Best wish! 2013/8/23 Chiradeep Vittal : > This might be the problem: > 2013-08-23 00:30:29,942 INFO [cloud.vm.VirtualMachineManagerImpl] > (Job-Executor-64:job-299) Insufficient capacity > com.cloud.exception.InsufficientVirtualNetworkCapcityException: Unable > to allocate vnet as a part of network Ntwk[207|Guest|11] implement > Scope=interface com.cloud.dc.DataCenter; id=1 > > > > On 8/22/13 10:51 AM, "不坏阿峰" wrote: > >>cs-mgt: >>eth1: 192.168.230.2 >> >>xen01: >>eth1: 192.168.230.11 >>eth2: public+guest (guest network:192.168.30.0/24 ) >>eth3: 192.168.250.11 >> >>xen01: >>eth1: 192.168.230.12 >>eth2: public+guest (guest network:192.168.30.0/24 ) >>eth3: 192.168.250.12 >> >>Adv net, can work. >> >>I want to try VPC ,i have create VPC network 172.16.0.0/16 and tier >>172.16.0.1/24. tier network ACLs ingress, egress TCP/UDP all >>allowed configed >> >>VPC router have started and i check from console , it can access >>internet and can access storage and cs. >> >>but fail to create vm in tier of VPC. >> >># LOG # >>2013-08-23 00:30:29,544 DEBUG [cloud.api.ApiServlet] >>(catalina-exec-17:null) ===START=== 192.168.123.28 -- GET >>command=deployVirtualMachine&zoneId=6ad1fb5e-8a4b-42b7-83f2-863c1b3fda4a&t >>emplateId=bd1a8e6a-b66f-4484-afcb-2af22890cff6&hypervisor=XenServer&servic >>eOfferingId=fbf29251-423f-496c-8edb-32b9362c31ab&networkIds=d277c139-f896- >>443a-a8cc-c74dcb5f92df&response=json&sessionkey=c%2FLK7Wzuq4ia5cxurIMYWevC >>UkM%3D&_=1377192613840 >>2013-08-23 00:30:29,554 DEBUG [cloud.api.ApiDispatcher] >>(catalina-exec-17:null) InfrastructureEntity name >>is:com.cloud.offering.ServiceOffering >>2013-08-23 00:30:29,556 DEBUG [cloud.api.ApiDispatcher] >>(catalina-exec-17:null) ControlledEntity name >>is:com.cloud.template.VirtualMachineTemplate >>2013-08-23 00:30:29,560 DEBUG [cloud.api.ApiDispatcher] >>(catalina-exec-17:null) ControlledEntity name >>is:com.cloud.network.Network >>2013-08-23 00:30:29,574 DEBUG [cloud.network.NetworkModelImpl] >>(catalina-exec-17:null) Service SecurityGroup is not supported in the >>network id=207 >>2013-08-23 00:30:29,584 DEBUG [cloud.vm.UserVmManagerImpl] >>(catalina-exec-17:null) Allocating in the DB for vm >>2013-08-23 00:30:29,599 DEBUG [cloud.vm.VirtualMachineManagerImpl] >>(catalina-exec-17:null) Allocating entries for VM: >>VM[User|b5e2d457-5294-4c7d-adbc-2398e21fe621] >>2013-08-23 00:30:29,600 DEBUG [cloud.vm.VirtualMachineManagerImpl] >>(catalina-exec-17:null) Allocating nics for >>VM[User|b5e2d457-5294-4c7d-adbc-2398e21fe621] >>2013-08-23 00:30:29,601 DEBUG [cloud.network.NetworkManagerImpl] >>(catalina-exec-17:null) Allocating nic for vm >>VM[User|b5e2d457-5294-4c7d-adbc-2398e21fe621] in network >>Ntwk[207|Guest|11] with requested profile >>NicProfile[0-0-null-null-null >>2013-08-23 00:30:29,617 DEBUG [cloud.network.NetworkModelImpl] >>(catalina-exec-17:null) Service SecurityGroup is not supported in the >>network id=207 >>2013-08-23 00:30:29,618 DEBUG [cloud.vm.VirtualMachineManagerImpl] >>(catalina-exec-17:null) Allocaing disks for >>VM[User|b5e2d457-5294-4c7d-adbc-2398e21fe621] >>2013-08-23 00:30:29,629 DEBUG [cloud.vm.VirtualMachineManagerImpl] >>(catalina-exec-17:null) Allocation completed for VM: >>VM[User|b5e2d457-5294-4c7d-adbc-2398e21fe621] >>2013-08-23 00:30:29,629 DEBUG [cloud.vm.UserVmManagerImpl] >>(catalina-exec-17:null) Successfully allocated DB entry for >>VM[User|b5e2d457-5294-4c7d-adbc-2398e21fe621] >>2013-08-23 00:30:29,651 DEBUG [cloud.network.NetworkModelImpl] >>(catalina-exec-17:null) Service SecurityGroup is not supported in the >>network id=207 >>2013-08-23 00:30:29,657 DEBUG [cloud.network.NetworkModelImpl] >>(catalina-exec-17:null) Service SecurityGroup is not supported in the >>network id=207 >>2013-08-23 00:30:29,674 DEBUG [cloud.async.AsyncJobManagerImpl] >>(catalina-exec-17:null)
vm with Cloudstack+openvswitch+KVM can not access extranal network, can ping gateway
vm with openvswitch+KVM can not access extranal network, can ping gateway Cloudstack4.1.1 A: one kvm host ubuntu12.04 with openvswitch, B: xen server6.0, C: one kvm host centos with openvswitch in cloudstack have two network. Guestvlan301 Isolated 192.168.31.0/24 ,Egress rule, 0.0.0.0/0 all Guestvlan300 Isolated 192.168.31.0/24 ,Egress rule, 0.0.0.0/0 all ①:vrouter301 run on Xen, Public IP Address 192.168.240.54 Guest IP Address 192.168.31.1 vm in vlan301 ,can ping gateway 192.168.31.1 and can access internet. vm can run on kvm or xen, both ok. ②:vronter300 run on Kvm with openvswitch, Public IP Address 192.168.240.53 Guest IP Address 192.168.30.1 vm in vlan300 ,can ping gateway 192.168.30.1, but can not access internet. vrouter can access internet. how to make vm under kvm+openvswitch to access outside network and internet [root@centos-kvm01 libvirt]# ovs-vsctl show 7cb5f505-7ac1-4403-9f9d-101882ed7bad Bridge kvmmgt Port kvmmgt Interface kvmmgt type: internal Port "eth0" Interface "eth0" Bridge "cloudbr0" Port "cloudbr0" Interface "cloudbr0" type: internal Port "eth1" Interface "eth1" ## Eth1 uplink port is Esxi vswitch in promiscuous mode, Xen server Eth1 uplink this too, can work fine ; Kvm use native bridge work fine too. Port "vnet3" tag: 240 Interface "vnet3" Port "vnet0" tag: 301 Interface "vnet0" Port "vnet1" tag: 300 Interface "vnet1" Port "vnet4" tag: 240 Interface "vnet4" Bridge "cloud0" Port "cloud0" Interface "cloud0" type: internal Port "vnet2" Interface "vnet2" Bridge storage Port "eth2" Interface "eth2" Port storage Interface storage type: internal ovs_version: "1.10.0" i do the test, one VM 192.168.30.90 run ping 192.168.123.1 vrouter 192.168.30.1(outside IP 192.168.240.53 vlan 240) run ping www.google.com [root@centos-kvm01 ~]# ovs-dpctl dump-flows |grep 30.90 in_port(9),eth(src=02:00:07:94:00:09,dst=02:00:3c:30:00:06),eth_type(0x0806),arp(sip=192.168.30.1,tip=192.168.30.90,op=2,sha=02:00:07:94:00:09,tha=02:00:3c:30:00:06), packets:0, bytes:0, used:never, actions:push_vlan(vid=300,pcp=0),5 in_port(11),eth(src=06:28:b6:00:01:20,dst=00:50:56:97:5c:55),eth_type(0x0800),ipv4(src=192.168.30.90,dst=192.168.123.1,proto=1,tos=0,ttl=63,frag=no),icmp(type=8,code=0), packets:5855, bytes:573790, used:0.810s, actions:push_vlan(vid=240,pcp=0),5 in_port(5),eth(src=02:00:3c:30:00:06,dst=02:00:07:94:00:09),eth_type(0x8100),vlan(vid=300,pcp=0),encap(eth_type(0x0806),arp(sip=192.168.30.90,tip=192.168.30.1,op=1,sha=02:00:3c:30:00:06,tha=00:00:00:00:00:00)), packets:0, bytes:0, used:never, actions:pop_vlan,9 in_port(5),eth(src=02:00:3c:30:00:06,dst=02:00:07:94:00:09),eth_type(0x8100),vlan(vid=300,pcp=0),encap(eth_type(0x0800),ipv4(src=192.168.30.90,dst=192.168.123.1,proto=1,tos=0,ttl=64,frag=no),icmp(type=8,code=0)), packets:5855, bytes:597210, used:0.809s, actions:pop_vlan,9 ## actions:push_vlan(vid=240,pcp=0),5 , this is maybe have some problem !!! is it?? [root@centos-kvm01 ~]# ovs-dpctl dump-flows |grep 240.53 in_port(11),eth(src=06:28:b6:00:01:20,dst=00:50:56:97:5c:55),eth_type(0x0800),ipv4(src=192.168.240.53,dst=74.125.128.105,proto=1,tos=0,ttl=64,frag=no),icmp(type=8,code=0), packets:6167, bytes:604366, used:0.486s, actions:push_vlan(vid=240,pcp=0),5 in_port(5),eth(src=00:50:56:97:5c:55,dst=06:28:b6:00:01:20),eth_type(0x8100),vlan(vid=240,pcp=0),encap(eth_type(0x0806),arp(sip=192.168.240.1,tip=192.168.240.53,op=1,sha=00:50:56:97:5c:55,tha=00:00:00:00:00:00)), packets:0, bytes:0, used:never, actions:pop_vlan,11 in_port(5),eth(src=00:50:56:97:5c:55,dst=06:28:b6:00:01:20),eth_type(0x8100),vlan(vid=240,pcp=0),encap(eth_type(0x0800),ipv4(src=74.125.128.105,dst=192.168.240.53,proto=1,tos=0,ttl=49,frag=no),icmp(type=0,code=0)), packets:6059, bytes:618018, used:0.450s, actions:pop_vlan,11 in_port(11),eth(src=06:28:b6:00:01:20,dst=00:50:56:97:5c:55),eth_type(0x0806),arp(sip=192.168.240.53,tip=192.168.240.1,op=2,sha=06:28:b6:00:01:20,tha=00:50:56:97:5c:55), packets:0, bytes:0, used:never, actions:push_vlan(vid=240,pcp=0),5
Re: vm with Cloudstack+openvswitch+KVM can not access extranal network, can ping gateway
i did it.Guestvlan300 Isolated 192.168.31.0/24 ,Egress rule, 0.0.0.0/0 all. and when i initail vrouter on Xen host, guest host can access internet. but vroute on kvm+openvswitch Host can not. 2013/8/23 Ahmad Emneina : > I believe you have to create an egress networking rule to allow for vm's to > reach the internet. > > > On Thu, Aug 22, 2013 at 7:53 PM, 不坏阿峰 wrote: > >> vm with openvswitch+KVM can not access extranal network, can ping gateway >> >> Cloudstack4.1.1 >> A: one kvm host ubuntu12.04 with openvswitch, >> B: xen server6.0, >> C: one kvm host centos with openvswitch >> >> in cloudstack have two network. >> Guestvlan301 Isolated 192.168.31.0/24 ,Egress rule, 0.0.0.0/0 all >> Guestvlan300 Isolated 192.168.31.0/24 ,Egress rule, 0.0.0.0/0 all >> >> >> ①:vrouter301 run on Xen, Public IP Address 192.168.240.54 Guest IP >> Address 192.168.31.1 >>vm in vlan301 ,can ping gateway 192.168.31.1 and can access >> internet. vm can run on kvm or xen, both ok. >> >> ②:vronter300 run on Kvm with openvswitch, Public IP Address >> 192.168.240.53 Guest IP Address 192.168.30.1 >>vm in vlan300 ,can ping gateway 192.168.30.1, but can not access >> internet. vrouter can access internet. >> >> how to make vm under kvm+openvswitch to access outside network and internet >> >> >> [root@centos-kvm01 libvirt]# ovs-vsctl show >> 7cb5f505-7ac1-4403-9f9d-101882ed7bad >> Bridge kvmmgt >> Port kvmmgt >> Interface kvmmgt >> type: internal >> Port "eth0" >> Interface "eth0" >> Bridge "cloudbr0" >> Port "cloudbr0" >> Interface "cloudbr0" >> type: internal >> Port "eth1" >> Interface "eth1" ## Eth1 uplink port is Esxi >> vswitch in promiscuous mode, Xen server Eth1 uplink this too, can >> work fine ; Kvm use native bridge work fine too. >> Port "vnet3" >> tag: 240 >> Interface "vnet3" >> Port "vnet0" >> tag: 301 >> Interface "vnet0" >> Port "vnet1" >> tag: 300 >> Interface "vnet1" >> Port "vnet4" >> tag: 240 >> Interface "vnet4" >> Bridge "cloud0" >> Port "cloud0" >> Interface "cloud0" >> type: internal >> Port "vnet2" >> Interface "vnet2" >> Bridge storage >> Port "eth2" >> Interface "eth2" >> Port storage >> Interface storage >> type: internal >> ovs_version: "1.10.0" >> >> >> i do the test, >> one VM 192.168.30.90 run ping 192.168.123.1 >> vrouter 192.168.30.1(outside IP 192.168.240.53 vlan 240) run ping >> www.google.com >> >> [root@centos-kvm01 ~]# ovs-dpctl dump-flows |grep 30.90 >> >> >> in_port(9),eth(src=02:00:07:94:00:09,dst=02:00:3c:30:00:06),eth_type(0x0806),arp(sip=192.168.30.1,tip=192.168.30.90,op=2,sha=02:00:07:94:00:09,tha=02:00:3c:30:00:06), >> packets:0, bytes:0, used:never, actions:push_vlan(vid=300,pcp=0),5 >> >> in_port(11),eth(src=06:28:b6:00:01:20,dst=00:50:56:97:5c:55),eth_type(0x0800),ipv4(src=192.168.30.90,dst=192.168.123.1,proto=1,tos=0,ttl=63,frag=no),icmp(type=8,code=0), >> packets:5855, bytes:573790, used:0.810s, >> actions:push_vlan(vid=240,pcp=0),5 >> >> in_port(5),eth(src=02:00:3c:30:00:06,dst=02:00:07:94:00:09),eth_type(0x8100),vlan(vid=300,pcp=0),encap(eth_type(0x0806),arp(sip=192.168.30.90,tip=192.168.30.1,op=1,sha=02:00:3c:30:00:06,tha=00:00:00:00:00:00)), >> packets:0, bytes:0, used:never, actions:pop_vlan,9 >> >> in_port(5),eth(src=02:00:3c:30:00:06,dst=02:00:07:94:00:09),eth_type(0x8100),vlan(vid=300,pcp=0),encap(eth_type(0x0800),ipv4(src=192.168.30.90,dst=192.168.123.1,proto=1,tos=0,ttl=64,frag=no),icmp(type=8,code=0)), >> packets:5855, bytes:597210, used:0.809s, actions:pop_vlan,9 >> >> ## actions:push_vlan(vid=240,pcp=0),5 , this is maybe have >> some problem !!! is it?? >> >> >> >> >> [root@centos-kvm01 ~]# ovs-dpctl dump-flows |grep 240.53 >> >> in_port(11),eth(src=06:28:b6:00:01:20,dst=00:50:56:97:5c:55),eth_type(0x0800),ipv4
Re: vm with Cloudstack+openvswitch+KVM can not access extranal network, can ping gateway
can someone help? 2013/8/23 不坏阿峰 : > i did it.Guestvlan300 Isolated 192.168.31.0/24 ,Egress rule, > 0.0.0.0/0 all. > and when i initail vrouter on Xen host, guest host can access > internet. but vroute on kvm+openvswitch Host can not. > > 2013/8/23 Ahmad Emneina : >> I believe you have to create an egress networking rule to allow for vm's to >> reach the internet. >> >> >> On Thu, Aug 22, 2013 at 7:53 PM, 不坏阿峰 wrote: >> >>> vm with openvswitch+KVM can not access extranal network, can ping gateway >>> >>> Cloudstack4.1.1 >>> A: one kvm host ubuntu12.04 with openvswitch, >>> B: xen server6.0, >>> C: one kvm host centos with openvswitch >>> >>> in cloudstack have two network. >>> Guestvlan301 Isolated 192.168.31.0/24 ,Egress rule, 0.0.0.0/0 all >>> Guestvlan300 Isolated 192.168.31.0/24 ,Egress rule, 0.0.0.0/0 all >>> >>> >>> ①:vrouter301 run on Xen, Public IP Address 192.168.240.54 Guest IP >>> Address 192.168.31.1 >>>vm in vlan301 ,can ping gateway 192.168.31.1 and can access >>> internet. vm can run on kvm or xen, both ok. >>> >>> ②:vronter300 run on Kvm with openvswitch, Public IP Address >>> 192.168.240.53 Guest IP Address 192.168.30.1 >>>vm in vlan300 ,can ping gateway 192.168.30.1, but can not access >>> internet. vrouter can access internet. >>> >>> how to make vm under kvm+openvswitch to access outside network and internet >>> >>> >>> [root@centos-kvm01 libvirt]# ovs-vsctl show >>> 7cb5f505-7ac1-4403-9f9d-101882ed7bad >>> Bridge kvmmgt >>> Port kvmmgt >>> Interface kvmmgt >>> type: internal >>> Port "eth0" >>> Interface "eth0" >>> Bridge "cloudbr0" >>> Port "cloudbr0" >>> Interface "cloudbr0" >>> type: internal >>> Port "eth1" >>> Interface "eth1" ## Eth1 uplink port is Esxi >>> vswitch in promiscuous mode, Xen server Eth1 uplink this too, can >>> work fine ; Kvm use native bridge work fine too. >>> Port "vnet3" >>> tag: 240 >>> Interface "vnet3" >>> Port "vnet0" >>> tag: 301 >>> Interface "vnet0" >>> Port "vnet1" >>> tag: 300 >>> Interface "vnet1" >>> Port "vnet4" >>> tag: 240 >>> Interface "vnet4" >>> Bridge "cloud0" >>> Port "cloud0" >>> Interface "cloud0" >>> type: internal >>> Port "vnet2" >>> Interface "vnet2" >>> Bridge storage >>> Port "eth2" >>> Interface "eth2" >>> Port storage >>> Interface storage >>> type: internal >>> ovs_version: "1.10.0" >>> >>> >>> i do the test, >>> one VM 192.168.30.90 run ping 192.168.123.1 >>> vrouter 192.168.30.1(outside IP 192.168.240.53 vlan 240) run ping >>> www.google.com >>> >>> [root@centos-kvm01 ~]# ovs-dpctl dump-flows |grep 30.90 >>> >>> >>> in_port(9),eth(src=02:00:07:94:00:09,dst=02:00:3c:30:00:06),eth_type(0x0806),arp(sip=192.168.30.1,tip=192.168.30.90,op=2,sha=02:00:07:94:00:09,tha=02:00:3c:30:00:06), >>> packets:0, bytes:0, used:never, actions:push_vlan(vid=300,pcp=0),5 >>> >>> in_port(11),eth(src=06:28:b6:00:01:20,dst=00:50:56:97:5c:55),eth_type(0x0800),ipv4(src=192.168.30.90,dst=192.168.123.1,proto=1,tos=0,ttl=63,frag=no),icmp(type=8,code=0), >>> packets:5855, bytes:573790, used:0.810s, >>> actions:push_vlan(vid=240,pcp=0),5 >>> >>> in_port(5),eth(src=02:00:3c:30:00:06,dst=02:00:07:94:00:09),eth_type(0x8100),vlan(vid=300,pcp=0),encap(eth_type(0x0806),arp(sip=192.168.30.90,tip=192.168.30.1,op=1,sha=02:00:3c:30:00:06,tha=00:00:00:00:00:00)), >>> packets:0, bytes:0, used:never, actions:pop_vlan,9 >>> >>> in_port(5),eth(src=02:00:3c:30:00:06,dst=02:00:07:94:00:09),eth_type(0x8100),vlan(vid=300,pcp=0),encap(eth_type(0x0800),ipv4(src=192.168.30.90,dst=192.168.123.1,proto=1,tos=0,ttl
how to use Private Gateway in VPC on CS4.1.1
Environment : cs-mgt: eth1: 192.168.230.2 xen01: eth1: 192.168.230.11 eth2: public+guest (guest network:192.168.30.0/24 public: 192.168.240.0) eth3: 192.168.250.11 xen01: eth1: 192.168.230.12 eth2: public+guest (guest network:192.168.30.0/24 public: 192.168.240.0 ) eth3: 192.168.250.12 VPC network 172.16.0.0/16 tier01 172.16.0.1/24. tier02 172.16.1.1/24 tier network ACLs ingress, egress TCP/UDP all allowed configed i create on Private gateway like this: Physical Network: i chose eth2 IP Address: 192.168.20.9 Gateway: 192.168.20.10 (i am not sure what gateway should be,i put the another side router IP ) Netmask: 255.255.255.0 VLAN: 20 #> what i want to do , private way should have this function, am i right? VPC vms<=> Prv GTW <=> Another Router <=> sub net (172.16.0.0/24 192.168.20.9192.168.20.10 192.168.80.0 172.16.1.0/24) i add static route in Prv GTW ,192.168.80.0.. Could someone give some favor to make me workout? Many thanks! information on VPC vrouter root@r-166-VM:~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 192.168.240.0 0.0.0.0 255.255.255.0 U 0 00 eth1 192.168.20.00.0.0.0 255.255.255.0 U 0 00 eth4 172.16.0.0 0.0.0.0 255.255.255.0 U 0 00 eth2 172.16.1.0 0.0.0.0 255.255.255.0 U 0 00 eth3 169.254.0.0 0.0.0.0 255.255.0.0 U 0 00 eth0 0.0.0.0 192.168.240.1 0.0.0.0 UG0 00 eth1 root@r-166-VM:~# ip route show table static_route 192.168.80.0/24 via 192.168.20.10 dev eth4 VPCvrouter can ping 192.168.20.10 # root@r-166-VM:~# ping 192.168.20.10 PING 192.168.20.10 (192.168.20.10): 56 data bytes 64 bytes from 192.168.20.10: icmp_seq=0 ttl=64 time=5.835 ms 64 bytes from 192.168.20.10: icmp_seq=1 ttl=64 time=1.135 ms ^C--- 192.168.20.10 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/stddev = 1.135/3.485/5.835/2.350 ms VPCvrouter can not ping 192.168.80.1 root@r-166-VM:~# ping 192.168.80.1 PING 192.168.80.1 (192.168.80.1): 56 data bytes ^C--- 192.168.80.1 ping statistics --- 5 packets transmitted, 0 packets received, 100% packet loss VPC vm can ping 192.168.20.9 [root@d911668f-d56b-48bc-ae23-c5d2f6a214a9 ~]# ping 192.168.20.9 PING 192.168.20.9 (192.168.20.9) 56(84) bytes of data. 64 bytes from 192.168.20.9: icmp_seq=1 ttl=64 time=0.788 ms 64 bytes from 192.168.20.9: icmp_seq=2 ttl=64 time=0.526 ms 64 bytes from 192.168.20.9: icmp_seq=3 ttl=64 time=1.22 ms --- 192.168.20.9 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 1998ms rtt min/avg/max/mdev = 0.526/0.845/1.221/0.286 ms VPC vm can not ping 192.168.20.10 [root@d911668f-d56b-48bc-ae23-c5d2f6a214a9 ~]# ping 192.168.20.10 PING 192.168.20.10 (192.168.20.10) 56(84) bytes of data. --- 192.168.20.10 ping statistics --- 4 packets transmitted, 0 received, 100% packet loss, time 3004ms
Re: how to use Private Gateway in VPC on CS4.1.1
Thank you very much. i think i make mistake, i put a route on router just the 0.0.0.0/0 via eht1 , forget give the next nope IP.should be 0.0.0.0/0 via 192.168.20.9 eth1 now can ping each other. thanks a lot now 2013/8/24 Geoff Higginbottom : > You need to put a route on the router so traffic destined for 172.16.0.0/24 > &172.16.1.0/24 is sent vi 192.168.20.9 so the return traffic knows where to > go. > > Regards > > Geoff Higginbottom > > D: +44 20 3603 0542 | S: +44 20 3603 0540 | M: +447968161581 > > geoff.higginbot...@shapeblue.com > > -Original Message- > From: 不坏阿峰 [mailto:onlydeb...@gmail.com] > Sent: 23 August 2013 22:25 > To: users-cn; users@cloudstack.apache.org > Subject: how to use Private Gateway in VPC on CS4.1.1 > > Environment : > cs-mgt: > eth1: 192.168.230.2 > > xen01: > eth1: 192.168.230.11 > eth2: public+guest (guest network:192.168.30.0/24 public: 192.168.240.0) > eth3: 192.168.250.11 > > xen01: > eth1: 192.168.230.12 > eth2: public+guest (guest network:192.168.30.0/24 public: 192.168.240.0 ) > eth3: 192.168.250.12 > > VPC network 172.16.0.0/16 > tier01 172.16.0.1/24. > tier02 172.16.1.1/24 > > tier network ACLs ingress, egress TCP/UDP all > allowed configed > > i create on Private gateway like this: > > Physical Network: i chose eth2 > IP Address: 192.168.20.9 > Gateway: 192.168.20.10 >(i am not sure what gateway should be,i put the another side router IP > ) > Netmask: 255.255.255.0 > VLAN: 20 > > #> what i want to do , private way should have this function, am i right? > > VPC vms<=> Prv GTW <=> Another Router <=> sub net > (172.16.0.0/24 192.168.20.9192.168.20.10 > 192.168.80.0 > 172.16.1.0/24) > > i add static route in Prv GTW ,192.168.80.0.. > > Could someone give some favor to make me workout? Many thanks! > > information on VPC vrouter > root@r-166-VM:~# route -n > Kernel IP routing table > Destination Gateway Genmask Flags Metric RefUse Iface > 192.168.240.0 0.0.0.0 255.255.255.0 U 0 00 eth1 > 192.168.20.00.0.0.0 255.255.255.0 U 0 00 eth4 > 172.16.0.0 0.0.0.0 255.255.255.0 U 0 00 eth2 > 172.16.1.0 0.0.0.0 255.255.255.0 U 0 00 eth3 > 169.254.0.0 0.0.0.0 255.255.0.0 U 0 00 eth0 > 0.0.0.0 192.168.240.1 0.0.0.0 UG0 00 eth1 > > root@r-166-VM:~# ip route show table static_route > 192.168.80.0/24 via 192.168.20.10 dev eth4 > > VPCvrouter can ping 192.168.20.10 # root@r-166-VM:~# ping > 192.168.20.10 PING 192.168.20.10 (192.168.20.10): 56 data bytes > 64 bytes from 192.168.20.10: icmp_seq=0 ttl=64 time=5.835 ms > 64 bytes from 192.168.20.10: icmp_seq=1 ttl=64 time=1.135 ms > ^C--- 192.168.20.10 ping statistics --- > 2 packets transmitted, 2 packets received, 0% packet loss round-trip > min/avg/max/stddev = 1.135/3.485/5.835/2.350 ms > > VPCvrouter can not ping 192.168.80.1 > root@r-166-VM:~# ping 192.168.80.1 > PING 192.168.80.1 (192.168.80.1): 56 data bytes > ^C--- 192.168.80.1 ping statistics --- > 5 packets transmitted, 0 packets received, 100% packet loss > > VPC vm can ping 192.168.20.9 > [root@d911668f-d56b-48bc-ae23-c5d2f6a214a9 ~]# ping 192.168.20.9 PING > 192.168.20.9 (192.168.20.9) 56(84) bytes of data. > 64 bytes from 192.168.20.9: icmp_seq=1 ttl=64 time=0.788 ms > 64 bytes from 192.168.20.9: icmp_seq=2 ttl=64 time=0.526 ms > 64 bytes from 192.168.20.9: icmp_seq=3 ttl=64 time=1.22 ms > --- 192.168.20.9 ping statistics --- > 3 packets transmitted, 3 received, 0% packet loss, time 1998ms rtt > min/avg/max/mdev = 0.526/0.845/1.221/0.286 ms > > VPC vm can not ping 192.168.20.10 > [root@d911668f-d56b-48bc-ae23-c5d2f6a214a9 ~]# ping 192.168.20.10 PING > 192.168.20.10 (192.168.20.10) 56(84) bytes of data. > --- 192.168.20.10 ping statistics --- > 4 packets transmitted, 0 received, 100% packet loss, time 3004ms > This email and any attachments to it may be confidential and are intended > solely for the use of the individual to whom it is addressed. Any views or > opinions expressed are solely those of the author and do not necessarily > represent those of Shape Blue Ltd or related companies. If you are not the > intended recipient of this email, you must neither take any action based upon > its contents, nor copy or show it to anyone. Please contact the sender if you > believe you have received this email in error. Shape Blue Ltd is a company > incorporated in England & Wales. ShapeBlue Services India LLP is operated > under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
How is Cloudstack work with Active Directory
Cloudstack4.1.1
(1). i create same user: dota on Active Directory and CS
(2). i have test ldap query by binddn cn=dota,ou=member,dc=lab,dc=com,
it is ok,so active directory ldap is ready.
(3). have two user under ou=member, dc=lab,dc=com: dota , csuser01
(4). enable integration.api.port =8096, and restart CS-mangement
Q1: from the CS log, ldap server configed, but IE response false,
what is correct information?
Q2: how many user should be created on both Active Directory and CS ?
or only one for ldap config, active directory create other user just
for CS use
Q3: what will change in UI when ldap config success? can see users
imported from Active Directory ? can use csuser01 to login CS ?(i try
log in but failure)
http://192.168.230.2:8096/client/api?command=ldapConfig&hostname=192.168.123.61&searchbase=OU%3Dmember%2CDC%3Dlab%2CDC%3Dcom&queryfilter=%28%26%28disPlayname%3D%25u%29%29&binddn=CN%3Ddota%2COU%3Dmember%2CDC%3Dlab%2CDC%3Dcom&bindpass=123@lab&port=389&response=json
### Got this response:#
{ "ldapconfigresponse" : { "ldapconfig" :
{"hostname":"192.168.123.61","port":"false","searchbase":"OU=member,DC=lab,DC=com","queryfilter":"(&(disPlayname=%u))","binddn":"CN=dota,OU=member,DC=lab,DC=com"}
} }
### CS log #
2013-08-24 21:10:44,453 DEBUG
[cloud.configuration.ConfigurationManagerImpl] (ApiServer-4:null) The
ldap server is configured: 192.168.123.61
other thing i checked ##
(1) in CS4.1.1 ,sharedFunctions.js , var md5HashedLogin = fals
(2) when create dota in CS, "Network Domain" i put lab.com, username i put dota
Re: How is Cloudstack work with Active Directory
in AD 2008, do not have uid, so i user disPlayname=%u,%u is the
cloudstack username.
i also follow this ,install cloudmoney and ldapconfig it.
http://kirkjantzer.blogspot.com/2013/03/ldap-authentication-in-cloudstack-v401.html
> ldap config hostname=192.168.123.61 searchbase=ou=member,DC=lab,DC=com
> queryfilter=(diaplayname=%u) binddn=CN=dota,ou=member,DC=lab,DC=com
> bindpass=123@lab port=389
ldapconfig:
binddn = CN=dota,ou=member,DC=lab,DC=com
hostname = 192.168.123.61
port = false
queryfilter = (diaplayname=%u)
searchbase = ou=member,DC=lab,DC=com
>> Dn: CN=dota,OU=member,DC=lab,DC=com
0> objectClass:
0> cn:
0> distinguishedName:
0> instanceType:
0> whenCreated:
0> whenChanged:
0> displayName:
0> uSNCreated:
0> uSNChanged:
0> name:
0> objectGUID:
0> userAccountControl:
0> badPwdCount:
0> codePage:
0> countryCode:
0> badPasswordTime:
0> lastLogoff:
0> lastLogon:
0> pwdLastSet:
0> primaryGroupID:
0> objectSid:
0> accountExpires:
0> logonCount:
0> sAMAccountName:
0> sAMAccountType:
0> userPrincipalName:
0> objectCategory:
0> dSCorePropagationData:
0> lastLogonTimestamp:
2013/8/25 Kirk Jantzer :
> It appears your queryfilter may be incorrect - You are trying to match the
> %u in CloudStack to 'disPlayname' in AD? Verify that whatever you put into
> the username field in CS matches whatever is in the 'disPlayname' field in
> AD (this can be found by opening AD Users and Computers, selecting the menu
> option to show advanced properties, then looking at the user, then clicking
> the 'attributes' tab.
>
>
> Regards,
>
> Kirk Jantzer
> http://about.met/kirkjantzer
>
>
> On Sat, Aug 24, 2013 at 12:48 PM, 不坏阿峰 wrote:
>
>> Cloudstack4.1.1
>> (1). i create same user: dota on Active Directory and CS
>> (2). i have test ldap query by binddn cn=dota,ou=member,dc=lab,dc=com,
>> it is ok,so active directory ldap is ready.
>> (3). have two user under ou=member, dc=lab,dc=com: dota , csuser01
>> (4). enable integration.api.port =8096, and restart CS-mangement
>>
>> Q1: from the CS log, ldap server configed, but IE response false,
>> what is correct information?
>>
>> Q2: how many user should be created on both Active Directory and CS ?
>> or only one for ldap config, active directory create other user just
>> for CS use
>>
>> Q3: what will change in UI when ldap config success? can see users
>> imported from Active Directory ? can use csuser01 to login CS ?(i try
>> log in but failure)
>>
>>
>>
>> http://192.168.230.2:8096/client/api?command=ldapConfig&hostname=192.168.123.61&searchbase=OU%3Dmember%2CDC%3Dlab%2CDC%3Dcom&queryfilter=%28%26%28disPlayname%3D%25u%29%29&binddn=CN%3Ddota%2COU%3Dmember%2CDC%3Dlab%2CDC%3Dcom&bindpass=123@lab&port=389&response=json
>>
>> ### Got this response:#
>> { "ldapconfigresponse" : { "ldapconfig" :
>>
>> {"hostname":"192.168.123.61","port":"false","searchbase":"OU=member,DC=lab,DC=com","queryfilter":"(&(disPlayname=%u))","binddn":"CN=dota,OU=member,DC=lab,DC=com"}
>> } }
>>
>> ### CS log #
>> 2013-08-24 21:10:44,453 DEBUG
>> [cloud.configuration.ConfigurationManagerImpl] (ApiServer-4:null) The
>> ldap server is configured: 192.168.123.61
>>
>> other thing i checked ##
>> (1) in CS4.1.1 ,sharedFunctions.js , var md5HashedLogin = fals
>> (2) when create dota in CS, "Network Domain" i put lab.com, username i
>> put dota
>>
Re: How is Cloudstack work with Active Directory
about my Question,when use active directory LDAP for
authentication , if i want use 3 user in AD, i need create 3 same
account in CS ?
just now ,i test use dota, this user exist both on AD and CS, just
different password. i test use dota and user password in AD, can
login.
as my experience, if use a LDAP server, just need one user to bind the
ldap, then can query and do authentication on all user in the
specific OU. but CS seam some different.
could you explain it?
thanks
2013/8/26 Ian Duffy :
> Try sAMAccountName=%u
>
>
> On 26 August 2013 03:15, 不坏阿峰 wrote:
>
>> in AD 2008, do not have uid, so i user disPlayname=%u,%u is the
>> cloudstack username.
>>
>> i also follow this ,install cloudmoney and ldapconfig it.
>>
>> http://kirkjantzer.blogspot.com/2013/03/ldap-authentication-in-cloudstack-v401.html
>>
>> > ldap config hostname=192.168.123.61 searchbase=ou=member,DC=lab,DC=com
>> queryfilter=(diaplayname=%u) binddn=CN=dota,ou=member,DC=lab,DC=com
>> bindpass=123@lab port=389
>> ldapconfig:
>> binddn = CN=dota,ou=member,DC=lab,DC=com
>> hostname = 192.168.123.61
>> port = false
>> queryfilter = (diaplayname=%u)
>> searchbase = ou=member,DC=lab,DC=com
>>
>> >> Dn: CN=dota,OU=member,DC=lab,DC=com
>> 0> objectClass:
>> 0> cn:
>> 0> distinguishedName:
>> 0> instanceType:
>> 0> whenCreated:
>> 0> whenChanged:
>> 0> displayName:
>> 0> uSNCreated:
>> 0> uSNChanged:
>> 0> name:
>> 0> objectGUID:
>> 0> userAccountControl:
>> 0> badPwdCount:
>> 0> codePage:
>> 0> countryCode:
>> 0> badPasswordTime:
>> 0> lastLogoff:
>> 0> lastLogon:
>> 0> pwdLastSet:
>> 0> primaryGroupID:
>> 0> objectSid:
>> 0> accountExpires:
>> 0> logonCount:
>> 0> sAMAccountName:
>> 0> sAMAccountType:
>> 0> userPrincipalName:
>> 0> objectCategory:
>> 0> dSCorePropagationData:
>> 0> lastLogonTimestamp:
>>
>> 2013/8/25 Kirk Jantzer :
>> > It appears your queryfilter may be incorrect - You are trying to match
>> the
>> > %u in CloudStack to 'disPlayname' in AD? Verify that whatever you put
>> into
>> > the username field in CS matches whatever is in the 'disPlayname' field
>> in
>> > AD (this can be found by opening AD Users and Computers, selecting the
>> menu
>> > option to show advanced properties, then looking at the user, then
>> clicking
>> > the 'attributes' tab.
>> >
>> >
>> > Regards,
>> >
>> > Kirk Jantzer
>> > http://about.met/kirkjantzer
>> >
>> >
>> > On Sat, Aug 24, 2013 at 12:48 PM, 不坏阿峰 wrote:
>> >
>> >> Cloudstack4.1.1
>> >> (1). i create same user: dota on Active Directory and CS
>> >> (2). i have test ldap query by binddn cn=dota,ou=member,dc=lab,dc=com,
>> >> it is ok,so active directory ldap is ready.
>> >> (3). have two user under ou=member, dc=lab,dc=com: dota , csuser01
>> >> (4). enable integration.api.port =8096, and restart CS-mangement
>> >>
>> >> Q1: from the CS log, ldap server configed, but IE response false,
>> >> what is correct information?
>> >>
>> >> Q2: how many user should be created on both Active Directory and CS ?
>> >> or only one for ldap config, active directory create other user just
>> >> for CS use
>> >>
>> >> Q3: what will change in UI when ldap config success? can see users
>> >> imported from Active Directory ? can use csuser01 to login CS ?(i try
>> >> log in but failure)
>> >>
>> >>
>> >>
>> >>
>> http://192.168.230.2:8096/client/api?command=ldapConfig&hostname=192.168.123.61&searchbase=OU%3Dmember%2CDC%3Dlab%2CDC%3Dcom&queryfilter=%28%26%28disPlayname%3D%25u%29%29&binddn=CN%3Ddota%2COU%3Dmember%2CDC%3Dlab%2CDC%3Dcom&bindpass=123@lab&port=389&response=json
>> >>
>> >> ### Got this response:#
>> >> { "ldapconfigresponse" : { "ldapconfig" :
>> >>
>> >>
>> {"hostname":"192.168.123.61","port":"false","searchbase":"OU=member,DC=lab,DC=com","queryfilter":"(&(disPlayname=%u))","binddn":"CN=dota,OU=member,DC=lab,DC=com"}
>> >> } }
>> >>
>> >> ### CS log #
>> >> 2013-08-24 21:10:44,453 DEBUG
>> >> [cloud.configuration.ConfigurationManagerImpl] (ApiServer-4:null) The
>> >> ldap server is configured: 192.168.123.61
>> >>
>> >> other thing i checked ##
>> >> (1) in CS4.1.1 ,sharedFunctions.js , var md5HashedLogin = fals
>> >> (2) when create dota in CS, "Network Domain" i put lab.com, username i
>> >> put dota
>> >>
>>
Re: How is Cloudstack work with Active Directory
thank you for your quick reply. hope that CS4.2 can user external ldap server easily. and is there some script to import AD ldap user into cs ? 2013/8/26 Suresh Sadhu : > Please find my answers below: > > > -Original Message----- > From: 不坏阿峰 [mailto:onlydeb...@gmail.com] > Sent: 26 August 2013 13:21 > To: users@cloudstack.apache.org > Subject: Re: How is Cloudstack work with Active Directory > > about my Question,when use active directory LDAP for > authentication , if i want use 3 user in AD, i need create 3 same > account in CS ? > > ***sadhu** > yes ,as per the current implementation ..it requires same accounts in CS. > > just now ,i test use dota, this user exist both on AD and CS, just > different password. i test use dota and user password in AD, can > login. > > as my experience, if use a LDAP server, just need one user to bind the > ldap, then can query and do authentication on all user in the > specific OU. but CS seam some different. > > **sadhu*** > Yes you are right ,One user is enough to bind and rest of users will validate > but in CS case initial verification happens at DB level and if its fail > then authentication happens at LDAP level. due to this reason(firest ;level > authentication happening in db level) you need to create same user(like same > user with different password) in CS as well. Hope this info will help. > * > > could you explain it? > > thanks > > 2013/8/26 Ian Duffy : >> Try sAMAccountName=%u >> >> >> On 26 August 2013 03:15, 不坏阿峰 wrote: >> >>> in AD 2008, do not have uid, so i user disPlayname=%u,%u is the >>> cloudstack username. >>> >>> i also follow this ,install cloudmoney and ldapconfig it. >>> >>> http://kirkjantzer.blogspot.com/2013/03/ldap-authentication-in-cloudstack-v401.html >>> >>> > ldap config hostname=192.168.123.61 searchbase=ou=member,DC=lab,DC=com >>> queryfilter=(diaplayname=%u) binddn=CN=dota,ou=member,DC=lab,DC=com >>> bindpass=123@lab port=389 >>> ldapconfig: >>> binddn = CN=dota,ou=member,DC=lab,DC=com >>> hostname = 192.168.123.61 >>> port = false >>> queryfilter = (diaplayname=%u) >>> searchbase = ou=member,DC=lab,DC=com >>> >>> >> Dn: CN=dota,OU=member,DC=lab,DC=com >>> 0> objectClass: >>> 0> cn: >>> 0> distinguishedName: >>> 0> instanceType: >>> 0> whenCreated: >>> 0> whenChanged: >>> 0> displayName: >>> 0> uSNCreated: >>> 0> uSNChanged: >>> 0> name: >>> 0> objectGUID: >>> 0> userAccountControl: >>> 0> badPwdCount: >>> 0> codePage: >>> 0> countryCode: >>> 0> badPasswordTime: >>> 0> lastLogoff: >>> 0> lastLogon: >>> 0> pwdLastSet: >>> 0> primaryGroupID: >>> 0> objectSid: >>> 0> accountExpires: >>> 0> logonCount: >>> 0> sAMAccountName: >>> 0> sAMAccountType: >>> 0> userPrincipalName: >>> 0> objectCategory: >>> 0> dSCorePropagationData: >>> 0> lastLogonTimestamp: >>> >>> 2013/8/25 Kirk Jantzer : >>> > It appears your queryfilter may be incorrect - You are trying to match >>> the >>> > %u in CloudStack to 'disPlayname' in AD? Verify that whatever you put >>> into >>> > the username field in CS matches whatever is in the 'disPlayname' field >>> in >>> > AD (this can be found by opening AD Users and Computers, selecting the >>> menu >>> > option to show advanced properties, then looking at the user, then >>> clicking >>> > the 'attributes' tab. >>> > >>> > >>> > Regards, >>> > >>> > Kirk Jantzer >>> > http://about.met/kirkjantzer >>> > >>> > >>> > On Sat, Aug 24, 2013 at 12:48 PM, 不坏阿峰 wrote: >>> > >>> >> Cloudstack4.1.1 >>> >> (1). i create same user: dota on Active Directory and CS >>> >> (2). i have test ldap query by binddn cn=dota,ou=member,dc=lab,dc=com, >>> >> it is ok,so active directory ldap is ready. >>> >> (3). have two user under ou=member, dc=lab,dc=com: dota , csuser01 >>> >> (4). enable integration.api.port =8096, and restart CS-mangement >>> >> >>> >> Q1: from the CS log,
Re: How is Cloudstack work with Active Directory
i have tried search ldap from global settings before, but can not find. my Cloudstack upgrade from 4.0.2, maybe the new database scheme not be imported ? 2013/8/26 Suresh Sadhu : > IAN did this part, please visit below link: > > https://www.youtube.com/watch?v=-3LG8wP7Zac&hd=1 > > regards > sadhu > > -Original Message- > From: 不坏阿峰 [mailto:onlydeb...@gmail.com] > Sent: 26 August 2013 14:20 > To: users@cloudstack.apache.org > Subject: Re: How is Cloudstack work with Active Directory > > thank you for your quick reply. > hope that CS4.2 can user external ldap server easily. > > and is there some script to import AD ldap user into cs ? > > > > 2013/8/26 Suresh Sadhu : >> Please find my answers below: >> >> >> -Original Message- >> From: 不坏阿峰 [mailto:onlydeb...@gmail.com] >> Sent: 26 August 2013 13:21 >> To: users@cloudstack.apache.org >> Subject: Re: How is Cloudstack work with Active Directory >> >> about my Question,when use active directory LDAP for >> authentication , if i want use 3 user in AD, i need create 3 same >> account in CS ? >> >> ***sadhu** >> yes ,as per the current implementation ..it requires same accounts in CS. >> >> just now ,i test use dota, this user exist both on AD and CS, just >> different password. i test use dota and user password in AD, can >> login. >> >> as my experience, if use a LDAP server, just need one user to bind the >> ldap, then can query and do authentication on all user in the >> specific OU. but CS seam some different. >> >> **sadhu*** >> Yes you are right ,One user is enough to bind and rest of users will >> validate but in CS case initial verification happens at DB level and if its >> fail then authentication happens at LDAP level. due to this reason(firest >> ;level authentication happening in db level) you need to create same >> user(like same user with different password) in CS as well. Hope this info >> will help. >> * >> >> could you explain it? >> >> thanks >> >> 2013/8/26 Ian Duffy : >>> Try sAMAccountName=%u >>> >>> >>> On 26 August 2013 03:15, 不坏阿峰 wrote: >>> >>>> in AD 2008, do not have uid, so i user disPlayname=%u,%u is the >>>> cloudstack username. >>>> >>>> i also follow this ,install cloudmoney and ldapconfig it. >>>> >>>> http://kirkjantzer.blogspot.com/2013/03/ldap-authentication-in-cloud >>>> stack-v401.html >>>> >>>> > ldap config hostname=192.168.123.61 >>>> > searchbase=ou=member,DC=lab,DC=com >>>> queryfilter=(diaplayname=%u) binddn=CN=dota,ou=member,DC=lab,DC=com >>>> bindpass=123@lab port=389 >>>> ldapconfig: >>>> binddn = CN=dota,ou=member,DC=lab,DC=com hostname = 192.168.123.61 >>>> port = false queryfilter = (diaplayname=%u) searchbase = >>>> ou=member,DC=lab,DC=com >>>> >>>> >> Dn: CN=dota,OU=member,DC=lab,DC=com >>>> 0> objectClass: >>>> 0> cn: >>>> 0> distinguishedName: >>>> 0> instanceType: >>>> 0> whenCreated: >>>> 0> whenChanged: >>>> 0> displayName: >>>> 0> uSNCreated: >>>> 0> uSNChanged: >>>> 0> name: >>>> 0> objectGUID: >>>> 0> userAccountControl: >>>> 0> badPwdCount: >>>> 0> codePage: >>>> 0> countryCode: >>>> 0> badPasswordTime: >>>> 0> lastLogoff: >>>> 0> lastLogon: >>>> 0> pwdLastSet: >>>> 0> primaryGroupID: >>>> 0> objectSid: >>>> 0> accountExpires: >>>> 0> logonCount: >>>> 0> sAMAccountName: >>>> 0> sAMAccountType: >>>> 0> userPrincipalName: >>>> 0> objectCategory: >>>> 0> dSCorePropagationData: >>>> 0> lastLogonTimestamp: >>>> >>>> 2013/8/25 Kirk Jantzer : >>>> > It appears your queryfilter may be incorrect - You are trying to >>>> > match >>>> the >>>> > %u in CloudStack to 'disPlayname' in AD? Verify that whatever you >>>> > put >>>> into >>>> > the username field in CS matches whatever is in the 'disPlayname' >>>> > field >>>> in >>>> > AD (th
Re: How is Cloudstack work with Active Directory
follow Ian suggestion. sAMAccountName=%u , work for windows 2008 AD 2013/8/26 Kirk Jantzer : > What Suresh is refering to is something someone is working on for a future > version of CS. In the current versions, I'm not aware of any global > settings for ldap. See this blog post about creating a script a script to > sync your LDAP users into CS. While this may not work for you, it is a > starting point on the idea behind bulk adding LDAP based users into CS. > > I take from your reply earlier that things are working as expected now?? > > > Regards, > > Kirk Jantzer > http://about.me/kirkjantzer > > > On Mon, Aug 26, 2013 at 10:31 AM, 不坏阿峰 wrote: > >> i have tried search ldap from global settings before, but can not find. >> my Cloudstack upgrade from 4.0.2, maybe the new database scheme not be >> imported ? >> >> 2013/8/26 Suresh Sadhu : >> > IAN did this part, please visit below link: >> > >> > https://www.youtube.com/watch?v=-3LG8wP7Zac&hd=1 >> > >> > regards >> > sadhu >> > >> > -Original Message- >> > From: 不坏阿峰 [mailto:onlydeb...@gmail.com] >> > Sent: 26 August 2013 14:20 >> > To: users@cloudstack.apache.org >> > Subject: Re: How is Cloudstack work with Active Directory >> > >> > thank you for your quick reply. >> > hope that CS4.2 can user external ldap server easily. >> > >> > and is there some script to import AD ldap user into cs ? >> > >> > >> > >> > 2013/8/26 Suresh Sadhu : >> >> Please find my answers below: >> >> >> >> >> >> -Original Message- >> >> From: 不坏阿峰 [mailto:onlydeb...@gmail.com] >> >> Sent: 26 August 2013 13:21 >> >> To: users@cloudstack.apache.org >> >> Subject: Re: How is Cloudstack work with Active Directory >> >> >> >> about my Question,when use active directory LDAP for >> >> authentication , if i want use 3 user in AD, i need create 3 same >> >> account in CS ? >> >> >> >> ***sadhu** >> >> yes ,as per the current implementation ..it requires same accounts in >> CS. >> >> >> >> just now ,i test use dota, this user exist both on AD and CS, just >> >> different password. i test use dota and user password in AD, can >> >> login. >> >> >> >> as my experience, if use a LDAP server, just need one user to bind the >> >> ldap, then can query and do authentication on all user in the >> >> specific OU. but CS seam some different. >> >> >> >> **sadhu*** >> >> Yes you are right ,One user is enough to bind and rest of users will >> validate but in CS case initial verification happens at DB level and if >> its fail then authentication happens at LDAP level. due to this >> reason(firest ;level authentication happening in db level) you need to >> create same user(like same user with different password) in CS as well. >> Hope this info will help. >> >> * >> >> >> >> could you explain it? >> >> >> >> thanks >> >> >> >> 2013/8/26 Ian Duffy : >> >>> Try sAMAccountName=%u >> >>> >> >>> >> >>> On 26 August 2013 03:15, 不坏阿峰 wrote: >> >>> >> >>>> in AD 2008, do not have uid, so i user disPlayname=%u,%u is the >> >>>> cloudstack username. >> >>>> >> >>>> i also follow this ,install cloudmoney and ldapconfig it. >> >>>> >> >>>> http://kirkjantzer.blogspot.com/2013/03/ldap-authentication-in-cloud >> >>>> stack-v401.html >> >>>> >> >>>> > ldap config hostname=192.168.123.61 >> >>>> > searchbase=ou=member,DC=lab,DC=com >> >>>> queryfilter=(diaplayname=%u) binddn=CN=dota,ou=member,DC=lab,DC=com >> >>>> bindpass=123@lab port=389 >> >>>> ldapconfig: >> >>>> binddn = CN=dota,ou=member,DC=lab,DC=com hostname = 192.168.123.61 >> >>>> port = false queryfilter = (diaplayname=%u) searchbase = >> >>>> ou=member,DC=lab,DC=com >> >>>> >> >>>> >> Dn: CN=dota,OU=member,DC=lab,DC=com >> >>>> 0> objectClass: >> >>>> 0> cn: >> >>>> 0> distinguishedName:
fail to login after recovery Cloud MySQL database.
Cloudstack 4.1.1 (upgrade from 4.0.2) i want to try back and recovery Database.after than i can not login what i did (1)service cloudstack-management stop (2)mysqldump -u root -p cloud > cloudstack-backup.sql (3)cloudstack-setup-databases cloud:password@localhost \ --deploy-as=root:password \ -i 192.168.230.2 (4)mysqldump -u root -p cloud < cloudstack-backup.sql also try way from phpmyadmin (5)cloudstack-setup-management (6) service cloudstack-management start i know i did a very very stupid thing~.. pls help me to recovery back. Thanks a lot. when i do this, i can login, but no old config. # cloudstack-setup-databases cloud:password@localhost \ --deploy-as=root:password \ -i 192.168.230.2 ## some erro when start, but service is running ## 2013-08-26 23:52:24,807 DEBUG [utils.script.Script] (Timer-1:null) Classpath resource: file:/usr/share/cloudstack-management/webapps/client/WEB-INF/classes/scripts/vm/systemvm/injectkeys.sh 2013-08-26 23:52:24,807 DEBUG [utils.script.Script] (Timer-1:null) Absolute path = /usr/share/cloudstack-management/webapps/client/WEB-INF/classes/scripts/vm/systemvm/injectkeys.sh 2013-08-26 23:52:24,840 DEBUG [utils.crypt.DBEncryptionUtil] (Timer-1:null) Error while decrypting: Z/fQVh0fDAljHblryB00Kg== ## when i want to login after recovery backup mysql ## 2013-08-26 23:57:24,019 DEBUG [cloud.api.ApiServlet] (catalina-exec-8:null) ===START=== 192.168.123.28 -- GET command=listCapabilities&response=json&sessionkey=null&_=1377536243369 2013-08-26 23:57:24,072 DEBUG [cloud.api.ApiServlet] (catalina-exec-8:null) ===END=== 192.168.123.28 -- GET command=listCapabilities&response=json&sessionkey=null&_=1377536243369 2013-08-26 23:57:27,417 DEBUG [cloud.api.ApiServlet] (catalina-exec-5:null) ===START=== 192.168.123.28 -- POST null 2013-08-26 23:57:27,434 DEBUG [cloud.user.AccountManagerImpl] (catalina-exec-5:null) Attempting to log in user: admin in domain 1 2013-08-26 23:57:27,435 DEBUG [server.auth.MD5UserAuthenticator] (catalina-exec-5:null) Retrieving user: admin 2013-08-26 23:57:27,463 DEBUG [utils.crypt.DBEncryptionUtil] (catalina-exec-5:null) Error while decrypting: 9pzEBgPyi47AVs1+H3s//innPpGJ094Ds17ytVDJiOzL81fpGa8n+TZkdUkNQSsfFQfK3IFOMguXR1pLZGHg79Vwekg1ljTmj1F+5qemLvX6P5Rv+ajEmajh0AjUVCY3 2013-08-26 23:57:27,476 ERROR [cloud.api.ApiServlet] (catalina-exec-5:null) unknown exception writing api response com.cloud.utils.exception.CloudRuntimeException: Caught: com.mysql.jdbc.JDBC4PreparedStatement@371c1463: SELECT user.id, user.username, user.password, user.firstname, user.lastname, user.account_id, user.email, user.state, user.api_key, user.secret_key, user.created, user.removed, user.timezone, user.registration_token, user.is_registered, user.incorrect_login_attempts, account.account_name, account.type, account.domain_id, account.state FROM user INNER JOIN account ON user.account_id=account.id WHERE user.username = _binary'admin' AND account.domain_id = 1 AND user.removed IS NULL ORDER BY RAND() LIMIT 1 at com.cloud.utils.db.GenericDaoBase.searchIncludingRemoved(GenericDaoBase.java:417) at com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:125) at com.cloud.utils.db.GenericDaoBase.searchIncludingRemoved(GenericDaoBase.java:350) at com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:125) at com.cloud.utils.db.GenericDaoBase.findOneIncludingRemovedBy(GenericDaoBase.java:860) at com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:125) at com.cloud.utils.db.GenericDaoBase.findOneBy(GenericDaoBase.java:871) at com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:125) at com.cloud.user.dao.UserAccountDaoImpl.getUserAccount(UserAccountDaoImpl.java:50) at com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:125) at com.cloud.server.auth.MD5UserAuthenticator.authenticate(MD5UserAuthenticator.java:49) at com.cloud.user.AccountManagerImpl.getUserAccount(AccountManagerImpl.java:1912) at com.cloud.user.AccountManagerImpl.authenticateUser(AccountManagerImpl.java:1784) at com.cloud.api.ApiServer.loginUser(ApiServer.java:766) at com.cloud.api.ApiServlet.processRequest(ApiServlet.java:210) at com.cloud.api.ApiServlet.doPost(ApiServlet.java:71) at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.
Re: fail to login after recovery Cloud MySQL database.
can not run, require password. while put password, can run. >>> Error: ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO) i mention that after i upgrade from 4.0.2 to 4.1.1, it's ok, work fine and i create VPC ,vpn and etc. i have run one week. so i want can recover back. thanks. 2013/8/27 Travis Graham : > Since you are on 4.1.1, try this: > > cloudstack-setup-databases cloud:password@localhost --deploy-as=root -i > 192.168.230.2 > > Remove the password for your --deploy-as= > > > Travis > > > On Aug 26, 2013, at 1:00 PM, 不坏阿峰 wrote: > >> Cloudstack 4.1.1 (upgrade from 4.0.2) >> >> i want to try back and recovery Database.after than i can not login >> >> what i did >> (1)service cloudstack-management stop >> (2)mysqldump -u root -p cloud > cloudstack-backup.sql >> (3)cloudstack-setup-databases cloud:password@localhost \ >> --deploy-as=root:password \ >> -i 192.168.230.2 >> (4)mysqldump -u root -p cloud < cloudstack-backup.sql >> also try way from phpmyadmin >> (5)cloudstack-setup-management >> (6) service cloudstack-management start >> >> i know i did a very very stupid thing~.. pls help me to recovery back. >> >> Thanks a lot. >> >> when i do this, i can login, but no old config. >> # cloudstack-setup-databases cloud:password@localhost \ >> --deploy-as=root:password \ >> -i 192.168.230.2 >> >> >> ## some erro when start, but service is running ## >> >> 2013-08-26 23:52:24,807 DEBUG [utils.script.Script] (Timer-1:null) >> Classpath resource: >> file:/usr/share/cloudstack-management/webapps/client/WEB-INF/classes/scripts/vm/systemvm/injectkeys.sh >> 2013-08-26 23:52:24,807 DEBUG [utils.script.Script] (Timer-1:null) >> Absolute path = >> /usr/share/cloudstack-management/webapps/client/WEB-INF/classes/scripts/vm/systemvm/injectkeys.sh >> 2013-08-26 23:52:24,840 DEBUG [utils.crypt.DBEncryptionUtil] >> (Timer-1:null) Error while decrypting: Z/fQVh0fDAljHblryB00Kg== >> >> ## when i want to login after recovery backup mysql ## >> >> 2013-08-26 23:57:24,019 DEBUG [cloud.api.ApiServlet] >> (catalina-exec-8:null) ===START=== 192.168.123.28 -- GET >> command=listCapabilities&response=json&sessionkey=null&_=1377536243369 >> 2013-08-26 23:57:24,072 DEBUG [cloud.api.ApiServlet] >> (catalina-exec-8:null) ===END=== 192.168.123.28 -- GET >> command=listCapabilities&response=json&sessionkey=null&_=1377536243369 >> 2013-08-26 23:57:27,417 DEBUG [cloud.api.ApiServlet] >> (catalina-exec-5:null) ===START=== 192.168.123.28 -- POST null >> 2013-08-26 23:57:27,434 DEBUG [cloud.user.AccountManagerImpl] >> (catalina-exec-5:null) Attempting to log in user: admin in domain 1 >> 2013-08-26 23:57:27,435 DEBUG [server.auth.MD5UserAuthenticator] >> (catalina-exec-5:null) Retrieving user: admin >> 2013-08-26 23:57:27,463 DEBUG [utils.crypt.DBEncryptionUtil] >> (catalina-exec-5:null) Error while decrypting: >> 9pzEBgPyi47AVs1+H3s//innPpGJ094Ds17ytVDJiOzL81fpGa8n+TZkdUkNQSsfFQfK3IFOMguXR1pLZGHg79Vwekg1ljTmj1F+5qemLvX6P5Rv+ajEmajh0AjUVCY3 >> 2013-08-26 23:57:27,476 ERROR [cloud.api.ApiServlet] >> (catalina-exec-5:null) unknown exception writing api response >> com.cloud.utils.exception.CloudRuntimeException: Caught: >> com.mysql.jdbc.JDBC4PreparedStatement@371c1463: SELECT user.id, >> user.username, user.password, user.firstname, user.lastname, >> user.account_id, user.email, user.state, user.api_key, >> user.secret_key, user.created, user.removed, user.timezone, >> user.registration_token, user.is_registered, >> user.incorrect_login_attempts, account.account_name, account.type, >> account.domain_id, account.state FROM user INNER JOIN account ON >> user.account_id=account.id WHERE user.username = _binary'admin' AND >> account.domain_id = 1 AND user.removed IS NULL ORDER BY RAND() LIMIT >> 1 >>at >> com.cloud.utils.db.GenericDaoBase.searchIncludingRemoved(GenericDaoBase.java:417) >>at >> com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:125) >>at >> com.cloud.utils.db.GenericDaoBase.searchIncludingRemoved(GenericDaoBase.java:350) >>at >> com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:125) >>at >> com.cloud.utils.db.GenericDaoBase.findOneIncludingRemovedBy(GenericDaoBase.java:860) >>
Re: fail to login after recovery Cloud MySQL database.
i have fixed it. follow the post: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Management+Controller+Failure+and+Replacement before i did not purge old cloudstack, will have above issue. my another question is that how Cloudstack working with mysql, i found that has encrypted the communication. such as: db.properties 2013/8/27 不坏阿峰 : > can not run, require password. while put password, can run. >>>> > Error: > ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using > password: NO) > > i mention that after i upgrade from 4.0.2 to 4.1.1, it's ok, work fine > and i create VPC ,vpn and etc. i have run one week. so i want can > recover back. > > thanks. > > > > 2013/8/27 Travis Graham : >> Since you are on 4.1.1, try this: >> >> cloudstack-setup-databases cloud:password@localhost --deploy-as=root -i >> 192.168.230.2 >> >> Remove the password for your --deploy-as= >> >> >> Travis >> >> >> On Aug 26, 2013, at 1:00 PM, 不坏阿峰 wrote: >> >>> Cloudstack 4.1.1 (upgrade from 4.0.2) >>> >>> i want to try back and recovery Database.after than i can not login >>> >>> what i did >>> (1)service cloudstack-management stop >>> (2)mysqldump -u root -p cloud > cloudstack-backup.sql >>> (3)cloudstack-setup-databases cloud:password@localhost \ >>> --deploy-as=root:password \ >>> -i 192.168.230.2 >>> (4)mysqldump -u root -p cloud < cloudstack-backup.sql >>> also try way from phpmyadmin >>> (5)cloudstack-setup-management >>> (6) service cloudstack-management start >>> >>> i know i did a very very stupid thing~.. pls help me to recovery back. >>> >>> Thanks a lot. >>> >>> when i do this, i can login, but no old config. >>> # cloudstack-setup-databases cloud:password@localhost \ >>> --deploy-as=root:password \ >>> -i 192.168.230.2 >>> >>> >>> ## some erro when start, but service is running ## >>> >>> 2013-08-26 23:52:24,807 DEBUG [utils.script.Script] (Timer-1:null) >>> Classpath resource: >>> file:/usr/share/cloudstack-management/webapps/client/WEB-INF/classes/scripts/vm/systemvm/injectkeys.sh >>> 2013-08-26 23:52:24,807 DEBUG [utils.script.Script] (Timer-1:null) >>> Absolute path = >>> /usr/share/cloudstack-management/webapps/client/WEB-INF/classes/scripts/vm/systemvm/injectkeys.sh >>> 2013-08-26 23:52:24,840 DEBUG [utils.crypt.DBEncryptionUtil] >>> (Timer-1:null) Error while decrypting: Z/fQVh0fDAljHblryB00Kg== >>> >>> ## when i want to login after recovery backup mysql ## >>> >>> 2013-08-26 23:57:24,019 DEBUG [cloud.api.ApiServlet] >>> (catalina-exec-8:null) ===START=== 192.168.123.28 -- GET >>> command=listCapabilities&response=json&sessionkey=null&_=1377536243369 >>> 2013-08-26 23:57:24,072 DEBUG [cloud.api.ApiServlet] >>> (catalina-exec-8:null) ===END=== 192.168.123.28 -- GET >>> command=listCapabilities&response=json&sessionkey=null&_=1377536243369 >>> 2013-08-26 23:57:27,417 DEBUG [cloud.api.ApiServlet] >>> (catalina-exec-5:null) ===START=== 192.168.123.28 -- POST null >>> 2013-08-26 23:57:27,434 DEBUG [cloud.user.AccountManagerImpl] >>> (catalina-exec-5:null) Attempting to log in user: admin in domain 1 >>> 2013-08-26 23:57:27,435 DEBUG [server.auth.MD5UserAuthenticator] >>> (catalina-exec-5:null) Retrieving user: admin >>> 2013-08-26 23:57:27,463 DEBUG [utils.crypt.DBEncryptionUtil] >>> (catalina-exec-5:null) Error while decrypting: >>> 9pzEBgPyi47AVs1+H3s//innPpGJ094Ds17ytVDJiOzL81fpGa8n+TZkdUkNQSsfFQfK3IFOMguXR1pLZGHg79Vwekg1ljTmj1F+5qemLvX6P5Rv+ajEmajh0AjUVCY3 >>> 2013-08-26 23:57:27,476 ERROR [cloud.api.ApiServlet] >>> (catalina-exec-5:null) unknown exception writing api response >>> com.cloud.utils.exception.CloudRuntimeException: Caught: >>> com.mysql.jdbc.JDBC4PreparedStatement@371c1463: SELECT user.id, >>> user.username, user.password, user.firstname, user.lastname, >>> user.account_id, user.email, user.state, user.api_key, >>> user.secret_key, user.created, user.removed, user.timezone, >>> user.registration_token, user.is_registered, >>> user.incorrect_login_attempts, account.account_name, account.type, >>> account.domain_id, account.state FROM user INNER JOIN account ON >>> user.account_id=account.id WHERE user.username = _binary'admin' AND >>> account.domain_id = 1 AND user
Re: guest host cannot access internet, but ssvm,vrouter can
you can call me Feng. Sorry that some Chinese in the previous mail. it work now. just i do not know that CS4.1.1 have the vrouter outgoing control by Engress rules. thanks to your reply 2013/8/27 Daan Hoogland : > H onlydebian / 不坏阿峰 (hope you can give me some latin alliteration of your > name), > > Did you assign ipaddresses? And configure a firewall and NAT? > > regards, > Daan > > On Wed, Aug 21, 2013 at 2:25 PM, 不坏阿峰 wrote: >> guest host cannot access internet, but ssvm,vrouter can >> Cloudstack4.1.1(upgrade from 4.0.2), one kvm host ubuntu12.04 ,two xen >> advanced network >> >> ssvm,console proxy vm,vrouter can access internet. >> guest host <=> vrouter ,ok >> guest 1 <=> guest 2 in same vlan ,ping ok.guest 1 on kvm host, >> guest 2 on xen >> >> but guest 1 and 2 can not access internet. >> >> could you give some guide.
Re: How is Cloudstack work with Active Directory
nfo["count"]; $i++)
{
echo "Porcessing user [" . $info[$i]["cn"][0]."]\n";
//do stuff here
if (array_searchRecursive($info[$i]["cn"][0],$cloudAccounts) === false)
{
//Create user account
$result =request("createAccount", array(
"accounttype" => "0",
"email" => $info[$i]["mail"][0],
"firstname" => $info[$i]["givenname"][0],
"lastname" => $info[$i]['sn'][0],
"password" => "password", //$info[$i]['userpassword'][0],
"username" => $info[$i]['cn'][0],
"networkdomain" => "lab.com",
"timezone" => "Etc/UTC",
));
} else {
echo "User alredy exists!\n";
}
}
} else {
echo "No users found...\n";
}
//Unbind
ldap_unbind($ldapconn);
} else {
echo "LDAP bind failed...\n";
}
}
?>
###
2013/8/26 不坏阿峰 :
> follow Ian suggestion.
> sAMAccountName=%u , work for windows 2008 AD
>
> 2013/8/26 Kirk Jantzer :
>> What Suresh is refering to is something someone is working on for a future
>> version of CS. In the current versions, I'm not aware of any global
>> settings for ldap. See this blog post about creating a script a script to
>> sync your LDAP users into CS. While this may not work for you, it is a
>> starting point on the idea behind bulk adding LDAP based users into CS.
>>
>> I take from your reply earlier that things are working as expected now??
>>
>>
>> Regards,
>>
>> Kirk Jantzer
>> http://about.me/kirkjantzer
>>
>>
>> On Mon, Aug 26, 2013 at 10:31 AM, 不坏阿峰 wrote:
>>
>>> i have tried search ldap from global settings before, but can not find.
>>> my Cloudstack upgrade from 4.0.2, maybe the new database scheme not be
>>> imported ?
>>>
>>> 2013/8/26 Suresh Sadhu :
>>> > IAN did this part, please visit below link:
>>> >
>>> > https://www.youtube.com/watch?v=-3LG8wP7Zac&hd=1
>>> >
>>> > regards
>>> > sadhu
>>> >
>>> > -Original Message-
>>> > From: 不坏阿峰 [mailto:onlydeb...@gmail.com]
>>> > Sent: 26 August 2013 14:20
>>> > To: users@cloudstack.apache.org
>>> > Subject: Re: How is Cloudstack work with Active Directory
>>> >
>>> > thank you for your quick reply.
>>> > hope that CS4.2 can user external ldap server easily.
>>> >
>>> > and is there some script to import AD ldap user into cs ?
>>> >
>>> >
>>> >
>>> > 2013/8/26 Suresh Sadhu :
>>> >> Please find my answers below:
>>> >>
>>> >>
>>> >> -Original Message-
>>> >> From: 不坏阿峰 [mailto:onlydeb...@gmail.com]
>>> >> Sent: 26 August 2013 13:21
>>> >> To: users@cloudstack.apache.org
>>> >> Subject: Re: How is Cloudstack work with Active Directory
>>> >>
>>> >> about my Question,when use active directory LDAP for
>>> >> authentication , if i want use 3 user in AD, i need create 3 same
>>> >> account in CS ?
>>> >>
>>> >> ***sadhu**
>>> >> yes ,as per the current implementation ..it requires same accounts in
>>> CS.
>>> >>
>>> >> just now ,i test use dota, this user exist both on AD and CS, just
>>> >> different password. i test use dota and user password in AD, can
>>> >> login.
>>> >>
>>> >> as my experience, if use a LDAP server, just need one user to bind the
>>> >> ldap, then can query and do authentication on all user in the
>>> >> specific OU. but CS seam some different.
>>> >>
>>> >> **sadhu***
>>> >> Yes you are right ,One user is enough to bind and rest of users will
>>> validate but in CS case initial verification happens at DB level and if
>>> its fail then authentication happens at LDAP level. due to this
>>> reason(firest ;level authentication happening in db level) you need to
>>> create same user(like same user with different password) in CS as well.
>>> Hope this info will help.
>>> >> *
>>> >>
>>> >> could you explain it?
>>> >
Re: vm with Cloudstack+openvswitch+KVM can not access extranal network, can ping gateway
wish some expert come to help me.~~` 2013/8/24 不坏阿峰 : > can someone help? > > 2013/8/23 不坏阿峰 : >> i did it.Guestvlan300 Isolated 192.168.31.0/24 ,Egress rule, >> 0.0.0.0/0 all. >> and when i initail vrouter on Xen host, guest host can access >> internet. but vroute on kvm+openvswitch Host can not. >> >> 2013/8/23 Ahmad Emneina : >>> I believe you have to create an egress networking rule to allow for vm's to >>> reach the internet. >>> >>> >>> On Thu, Aug 22, 2013 at 7:53 PM, 不坏阿峰 wrote: >>> >>>> vm with openvswitch+KVM can not access extranal network, can ping gateway >>>> >>>> Cloudstack4.1.1 >>>> A: one kvm host ubuntu12.04 with openvswitch, >>>> B: xen server6.0, >>>> C: one kvm host centos with openvswitch >>>> >>>> in cloudstack have two network. >>>> Guestvlan301 Isolated 192.168.31.0/24 ,Egress rule, 0.0.0.0/0 all >>>> Guestvlan300 Isolated 192.168.31.0/24 ,Egress rule, 0.0.0.0/0 all >>>> >>>> >>>> ①:vrouter301 run on Xen, Public IP Address 192.168.240.54 Guest IP >>>> Address 192.168.31.1 >>>>vm in vlan301 ,can ping gateway 192.168.31.1 and can access >>>> internet. vm can run on kvm or xen, both ok. >>>> >>>> ②:vronter300 run on Kvm with openvswitch, Public IP Address >>>> 192.168.240.53 Guest IP Address 192.168.30.1 >>>>vm in vlan300 ,can ping gateway 192.168.30.1, but can not access >>>> internet. vrouter can access internet. >>>> >>>> how to make vm under kvm+openvswitch to access outside network and internet >>>> >>>> >>>> [root@centos-kvm01 libvirt]# ovs-vsctl show >>>> 7cb5f505-7ac1-4403-9f9d-101882ed7bad >>>> Bridge kvmmgt >>>> Port kvmmgt >>>> Interface kvmmgt >>>> type: internal >>>> Port "eth0" >>>> Interface "eth0" >>>> Bridge "cloudbr0" >>>> Port "cloudbr0" >>>> Interface "cloudbr0" >>>> type: internal >>>> Port "eth1" >>>> Interface "eth1" ## Eth1 uplink port is Esxi >>>> vswitch in promiscuous mode, Xen server Eth1 uplink this too, can >>>> work fine ; Kvm use native bridge work fine too. >>>> Port "vnet3" >>>> tag: 240 >>>> Interface "vnet3" >>>> Port "vnet0" >>>> tag: 301 >>>> Interface "vnet0" >>>> Port "vnet1" >>>> tag: 300 >>>> Interface "vnet1" >>>> Port "vnet4" >>>> tag: 240 >>>> Interface "vnet4" >>>> Bridge "cloud0" >>>> Port "cloud0" >>>> Interface "cloud0" >>>> type: internal >>>> Port "vnet2" >>>> Interface "vnet2" >>>> Bridge storage >>>> Port "eth2" >>>> Interface "eth2" >>>> Port storage >>>> Interface storage >>>> type: internal >>>> ovs_version: "1.10.0" >>>> >>>> >>>> i do the test, >>>> one VM 192.168.30.90 run ping 192.168.123.1 >>>> vrouter 192.168.30.1(outside IP 192.168.240.53 vlan 240) run ping >>>> www.google.com >>>> >>>> [root@centos-kvm01 ~]# ovs-dpctl dump-flows |grep 30.90 >>>> >>>> >>>> in_port(9),eth(src=02:00:07:94:00:09,dst=02:00:3c:30:00:06),eth_type(0x0806),arp(sip=192.168.30.1,tip=192.168.30.90,op=2,sha=02:00:07:94:00:09,tha=02:00:3c:30:00:06), >>>> packets:0, bytes:0, used:never, actions:push_vlan(vid=300,pcp=0),5 >>>> >>>> in_port(11),eth(src=06:28:b6:00:01:20,dst=00:50:56:97:5c:55),eth_type(0x0800),ipv4(src=192.168.30.90,dst=192.168.123.1,proto=1,tos=0,ttl=63,frag=no),icmp(type=8,code=0), >>>> packets:5855, bytes:573790, used:0.810s, >>>> actions:push_vlan(vid=240,pcp=0),5 >>>> >>>> in_port(5),eth(src=02:0
Re: vm with Cloudstack+openvswitch+KVM can not access extranal network, can ping gateway
this is different. i have configed the Engress rules, so that vm(run on KVM+OVS host) can access external&internet when vrouter run on Xen. but when vrouter run on KVM+OVS host , vm(run on KVM+OVS host) can not access external network. 2013/8/27 Daan Hoogland : > Feng, > > Did you solve this mail along with the other one you send? It seems > like the same question. > > regards, > Daan > > On Tue, Aug 27, 2013 at 4:26 PM, 不坏阿峰 wrote: >> wish some expert come to help me.~~` >> >> 2013/8/24 不坏阿峰 : >>> can someone help? >>> >>> 2013/8/23 不坏阿峰 : >>>> i did it.Guestvlan300 Isolated 192.168.31.0/24 ,Egress rule, >>>> 0.0.0.0/0 all. >>>> and when i initail vrouter on Xen host, guest host can access >>>> internet. but vroute on kvm+openvswitch Host can not. >>>> >>>> 2013/8/23 Ahmad Emneina : >>>>> I believe you have to create an egress networking rule to allow for vm's >>>>> to >>>>> reach the internet. >>>>> >>>>> >>>>> On Thu, Aug 22, 2013 at 7:53 PM, 不坏阿峰 wrote: >>>>> >>>>>> vm with openvswitch+KVM can not access extranal network, can ping gateway >>>>>> >>>>>> Cloudstack4.1.1 >>>>>> A: one kvm host ubuntu12.04 with openvswitch, >>>>>> B: xen server6.0, >>>>>> C: one kvm host centos with openvswitch >>>>>> >>>>>> in cloudstack have two network. >>>>>> Guestvlan301 Isolated 192.168.31.0/24 ,Egress rule, 0.0.0.0/0 all >>>>>> Guestvlan300 Isolated 192.168.31.0/24 ,Egress rule, 0.0.0.0/0 all >>>>>> >>>>>> >>>>>> ①:vrouter301 run on Xen, Public IP Address 192.168.240.54 Guest IP >>>>>> Address 192.168.31.1 >>>>>>vm in vlan301 ,can ping gateway 192.168.31.1 and can access >>>>>> internet. vm can run on kvm or xen, both ok. >>>>>> >>>>>> ②:vronter300 run on Kvm with openvswitch, Public IP Address >>>>>> 192.168.240.53 Guest IP Address 192.168.30.1 >>>>>>vm in vlan300 ,can ping gateway 192.168.30.1, but can not access >>>>>> internet. vrouter can access internet. >>>>>> >>>>>> how to make vm under kvm+openvswitch to access outside network and >>>>>> internet >>>>>> >>>>>> >>>>>> [root@centos-kvm01 libvirt]# ovs-vsctl show >>>>>> 7cb5f505-7ac1-4403-9f9d-101882ed7bad >>>>>> Bridge kvmmgt >>>>>> Port kvmmgt >>>>>> Interface kvmmgt >>>>>> type: internal >>>>>> Port "eth0" >>>>>> Interface "eth0" >>>>>> Bridge "cloudbr0" >>>>>> Port "cloudbr0" >>>>>> Interface "cloudbr0" >>>>>> type: internal >>>>>> Port "eth1" >>>>>> Interface "eth1" ## Eth1 uplink port is Esxi >>>>>> vswitch in promiscuous mode, Xen server Eth1 uplink this too, can >>>>>> work fine ; Kvm use native bridge work fine too. >>>>>> Port "vnet3" >>>>>> tag: 240 >>>>>> Interface "vnet3" >>>>>> Port "vnet0" >>>>>> tag: 301 >>>>>> Interface "vnet0" >>>>>> Port "vnet1" >>>>>> tag: 300 >>>>>> Interface "vnet1" >>>>>> Port "vnet4" >>>>>> tag: 240 >>>>>> Interface "vnet4" >>>>>> Bridge "cloud0" >>>>>> Port "cloud0" >>>>>> Interface "cloud0" >>>>>> type: internal >>>>>> Port "vnet2" >>>>>> Interface "vnet2" >>>>>> Bridge storage >>>>>> Port "eth2" >>>>>> Interface "eth2" >>>
Re: vm with Cloudstack+openvswitch+KVM can not access extranal network, can ping gateway
vrouter run on Xen host, is ok. or run kvm host without ovs ,working too 2013/8/27 Daan Hoogland : > That would seem to be a bug. Can you migrate the router to a xen host > to see it working again? > > On Tue, Aug 27, 2013 at 4:57 PM, 不坏阿峰 wrote: >> this is different. >> >> i have configed the Engress rules, so that vm(run on KVM+OVS host) >> can access external&internet when vrouter run on Xen. >> but when vrouter run on KVM+OVS host , vm(run on KVM+OVS host) can >> not access external network. >> >> >> 2013/8/27 Daan Hoogland : >>> Feng, >>> >>> Did you solve this mail along with the other one you send? It seems >>> like the same question. >>> >>> regards, >>> Daan >>> >>> On Tue, Aug 27, 2013 at 4:26 PM, 不坏阿峰 wrote: >>>> wish some expert come to help me.~~` >>>> >>>> 2013/8/24 不坏阿峰 : >>>>> can someone help? >>>>> >>>>> 2013/8/23 不坏阿峰 : >>>>>> i did it.Guestvlan300 Isolated 192.168.31.0/24 ,Egress rule, >>>>>> 0.0.0.0/0 all. >>>>>> and when i initail vrouter on Xen host, guest host can access >>>>>> internet. but vroute on kvm+openvswitch Host can not. >>>>>> >>>>>> 2013/8/23 Ahmad Emneina : >>>>>>> I believe you have to create an egress networking rule to allow for >>>>>>> vm's to >>>>>>> reach the internet. >>>>>>> >>>>>>> >>>>>>> On Thu, Aug 22, 2013 at 7:53 PM, 不坏阿峰 wrote: >>>>>>> >>>>>>>> vm with openvswitch+KVM can not access extranal network, can ping >>>>>>>> gateway >>>>>>>> >>>>>>>> Cloudstack4.1.1 >>>>>>>> A: one kvm host ubuntu12.04 with openvswitch, >>>>>>>> B: xen server6.0, >>>>>>>> C: one kvm host centos with openvswitch >>>>>>>> >>>>>>>> in cloudstack have two network. >>>>>>>> Guestvlan301 Isolated 192.168.31.0/24 ,Egress rule, 0.0.0.0/0 all >>>>>>>> Guestvlan300 Isolated 192.168.31.0/24 ,Egress rule, 0.0.0.0/0 all >>>>>>>> >>>>>>>> >>>>>>>> ①:vrouter301 run on Xen, Public IP Address 192.168.240.54 Guest IP >>>>>>>> Address 192.168.31.1 >>>>>>>>vm in vlan301 ,can ping gateway 192.168.31.1 and can access >>>>>>>> internet. vm can run on kvm or xen, both ok. >>>>>>>> >>>>>>>> ②:vronter300 run on Kvm with openvswitch, Public IP Address >>>>>>>> 192.168.240.53 Guest IP Address 192.168.30.1 >>>>>>>>vm in vlan300 ,can ping gateway 192.168.30.1, but can not access >>>>>>>> internet. vrouter can access internet. >>>>>>>> >>>>>>>> how to make vm under kvm+openvswitch to access outside network and >>>>>>>> internet >>>>>>>> >>>>>>>> >>>>>>>> [root@centos-kvm01 libvirt]# ovs-vsctl show >>>>>>>> 7cb5f505-7ac1-4403-9f9d-101882ed7bad >>>>>>>> Bridge kvmmgt >>>>>>>> Port kvmmgt >>>>>>>> Interface kvmmgt >>>>>>>> type: internal >>>>>>>> Port "eth0" >>>>>>>> Interface "eth0" >>>>>>>> Bridge "cloudbr0" >>>>>>>> Port "cloudbr0" >>>>>>>> Interface "cloudbr0" >>>>>>>> type: internal >>>>>>>> Port "eth1" >>>>>>>> Interface "eth1" ## Eth1 uplink port is Esxi >>>>>>>> vswitch in promiscuous mode, Xen server Eth1 uplink this too, can >>>>>>>> work fine ; Kvm use native bridge work fine too. >>>>>>>> Port "vnet3" >>>>>>>> tag: 240 >>>>>>>> Interface "vnet3" >>>>>>>> Port "vnet0" >>>>>>>>
CS4.2.1 SVM can not start
i have try clean DB and re initial CS4.2.1. in Xen server pool, nfs primary storage have attached., it is ok. i search other person meet same problem, but no solution. http://permalink.gmane.org/gmane.comp.apache.cloudstack.user/8728 hope some one can give me some support. thanks -> 2014-01-29 23:37:07,747 DEBUG [cloud.deploy.DeploymentPlanningManagerImpl] (secstorage-1:null) Deploy avoids pods: null, clusters: null, hosts: [1] 2014-01-29 23:37:07,749 DEBUG [cloud.deploy.DeploymentPlanningManagerImpl] (secstorage-1:null) DeploymentPlanner allocation algorithm: com.cloud.deploy.FirstFitPlanner_EnhancerByCloudStack_1de5a3b1@9317ccb 2014-01-29 23:37:07,749 DEBUG [cloud.deploy.DeploymentPlanningManagerImpl] (secstorage-1:null) Trying to allocate a host and storage pools from dc:1, pod:1,cluster:null, requested cpu: 500, requested ram: 268435456 2014-01-29 23:37:07,749 DEBUG [cloud.deploy.DeploymentPlanningManagerImpl] (secstorage-1:null) Is ROOT volume READY (pool already allocated)?: No 2014-01-29 23:37:07,749 DEBUG [cloud.deploy.FirstFitPlanner] (secstorage-1:null) Searching resources only under specified Pod: 1 2014-01-29 23:37:07,749 DEBUG [cloud.deploy.FirstFitPlanner] (secstorage-1:null) Listing clusters in order of aggregate capacity, that have (atleast one host with) enough CPU and RAM capacity under this Pod: 1 2014-01-29 23:37:07,759 DEBUG [cloud.deploy.DeploymentPlanningManagerImpl] (secstorage-1:null) Checking resources in Cluster: 1 under Pod: 1 2014-01-29 23:37:07,759 DEBUG [allocator.impl.FirstFitAllocator] (secstorage-1:FirstFitRoutingAllocator) Looking for hosts in dc: 1 pod:1 cluster:1 2014-01-29 23:37:07,763 DEBUG [allocator.impl.FirstFitAllocator] (secstorage-1:FirstFitRoutingAllocator) FirstFitAllocator has 2 hosts to check for allocation: [Host[-2-Routing], Host[-1-Routing]] 2014-01-29 23:37:07,767 DEBUG [allocator.impl.FirstFitAllocator] (secstorage-1:FirstFitRoutingAllocator) Found 2 hosts for allocation after prioritization: [Host[-2-Routing], Host[-1-Routing]] 2014-01-29 23:37:07,767 DEBUG [allocator.impl.FirstFitAllocator] (secstorage-1:FirstFitRoutingAllocator) Looking for speed=500Mhz, Ram=256 2014-01-29 23:37:07,772 DEBUG [cloud.capacity.CapacityManagerImpl] (secstorage-1:FirstFitRoutingAllocator) Checking if host: 2 has enough capacity for requested CPU: 500 and requested RAM: 268435456 , cpuOverprovisioningFactor: 1.0 2014-01-29 23:37:07,775 DEBUG [cloud.capacity.CapacityManagerImpl] (secstorage-1:FirstFitRoutingAllocator) Hosts's actual total CPU: 13590 and CPU after applying overprovisioning: 13590 2014-01-29 23:37:07,775 DEBUG [cloud.capacity.CapacityManagerImpl] (secstorage-1:FirstFitRoutingAllocator) Free CPU: 13590 , Requested CPU: 500 2014-01-29 23:37:07,776 DEBUG [cloud.capacity.CapacityManagerImpl] (secstorage-1:FirstFitRoutingAllocator) Free RAM: 9669118976 , Requested RAM: 268435456 2014-01-29 23:37:07,776 DEBUG [cloud.capacity.CapacityManagerImpl] (secstorage-1:FirstFitRoutingAllocator) Host has enough CPU and RAM available 2014-01-29 23:37:07,776 DEBUG [cloud.capacity.CapacityManagerImpl] (secstorage-1:FirstFitRoutingAllocator) STATS: Can alloc CPU from host: 2, used: 0, reserved: 0, actual total: 13590, total with overprovisioning: 13590; requested cpu:500,alloc_from_last_host?:false ,considerReservedCapacity?: true 2014-01-29 23:37:07,776 DEBUG [cloud.capacity.CapacityManagerImpl] (secstorage-1:FirstFitRoutingAllocator) STATS: Can alloc MEM from host: 2, used: 0, reserved: 0, total: 9669118976; requested mem: 268435456,alloc_from_last_host?:false ,considerReservedCapacity?: true 2014-01-29 23:37:07,776 DEBUG [allocator.impl.FirstFitAllocator] (secstorage-1:FirstFitRoutingAllocator) Found a suitable host, adding to list: 2 2014-01-29 23:37:07,776 DEBUG [allocator.impl.FirstFitAllocator] (secstorage-1:FirstFitRoutingAllocator) Host name: xen01, hostId: 1 is in avoid set, skipping this and trying other available hosts 2014-01-29 23:37:07,776 DEBUG [allocator.impl.FirstFitAllocator] (secstorage-1:FirstFitRoutingAllocator) Host Allocator returning 1 suitable hosts 2014-01-29 23:37:07,777 DEBUG [cloud.deploy.DeploymentPlanningManagerImpl] (secstorage-1:null) Checking suitable pools for volume (Id, Type): (19,ROOT) 2014-01-29 23:37:07,778 DEBUG [cloud.deploy.DeploymentPlanningManagerImpl] (secstorage-1:null) We need to allocate new storagepool for this volume 2014-01-29 23:37:07,778 DEBUG [cloud.deploy.DeploymentPlanningManagerImpl] (secstorage-1:null) Calling StoragePoolAllocators to find suitable pools 2014-01-29 23:37:07,780 DEBUG [storage.allocator.LocalStoragePoolAllocator] (secstorage-1:null) LocalStoragePoolAllocator trying to find storage pool to fit the vm 2014-01-29 23:37:07,780 DEBUG [storage.allocator.ClusterScopeStoragePoolAllocator] (secstorage-1:null) ClusterScopeStoragePoolAllocator looking for storage pool 2014-01-29 23:37:07,780 DEBUG [storage.allocator.ClusterS
