Re: Proxmox and cloudstack
Proxmox everything is good and convenience . The only issue is do not have IP management where you have to manage your own IP allocation manually. Cloudstack have very difficult issue. is on Changing compute offering. / Scalling of a VM . Example,if you want to upgrade the ram from eg 3G to 4G, or 1Core to 2 core etc, there is no fast way to do, you have to create a new compute offering and then apply to a VM. If you need frequently to change this value, i think is a nightmare Cloudstack is good for mass creating vm with same spec. Proxmox is to configure it one by one. On Tue, Nov 21, 2023 at 8:40 PM Ivan Kudryavtsev wrote: > Hi, no problem at all. > > Вт, 21 нояб. 2023 г. в 16:30, Gary Dixon .invalid>: > > > I believe Windows based VM's in Proxmox have an issue on booting up > > properly when on KVM hosts. We are also seeing this in Cloudstack > > > > > > Gary Dixon > > Senior Technical Consultant > > 0161 537 4980 <0161%20537%204980> > > +44 7989717661 <+44%207989717661> > > gary.di...@quadris.co.uk > > www.quadris.com > > Innovation House, 12‑13 Bredbury Business Park > > Bredbury Park Way, Bredbury, Stockport, SK6 2SN > > -Original Message- > > From: Francisco Arencibia Quesada > > Sent: Tuesday, November 21, 2023 12:10 PM > > To: users@cloudstack.apache.org > > Subject: Proxmox and cloudstack > > > > Morning guys, > > > > Has anyone tested the compatibility between proxmox and cloudstack. > > Cloudstack does support KVM, and proxmox uses kvm, but I would like to > > hear some feedbacks. > > > > > > Thanks as asual > > Regards > > > -- Regards, Hean Seng
Storage not in virsh pool-list
HI
in KVM host ,
virsh pool-list
it did not show primary storage that is enabled in GUI
the storage is healthy in GUI, but virsh pool-list does not show .
Agent Log:
2023-08-22 19:30:34,067 INFO [kvm.storage.LibvirtStorageAdaptor]
(agentRequest-Handler-1:null) (logid:ad31d0e2) Trying to fetch storage pool
bfb5965d-b463-3111-84a2-3f1609ffe81a from libvirt
MGMT Log:
2023-08-23 03:43:05,926 DEBUG [c.c.a.t.Request]
(AgentManager-Handler-7:null) (logid:) Seq 22-6027223676305325212:
Processing: { Ans: , MgmtId: 132241052848475, via: 22, Ver: v1, Flags: 10,
[{"com.cloud.agent.api.Answer":{"result":"false","details":"com.cloud.utils.exception.CloudRuntimeException:
com.cloud.utils.exception.CloudRuntimeException: Could not fetch storage
pool bfb5965d-b463-3111-84a2-3f1609ffe81a from libvirt
at
com.cloud.hypervisor.kvm.storage.KVMStoragePoolManager.getPhysicalDisk(KVMStoragePoolManager.java:314)
at
com.cloud.hypervisor.kvm.resource.wrapper.LibvirtDeleteVMSnapshotCommandWrapper.execute(LibvirtDeleteVMSnapshotCommandWrapper.java:97)
at
com.cloud.hypervisor.kvm.resource.wrapper.LibvirtDeleteVMSnapshotCommandWrapper.execute(LibvirtDeleteVMSnapshotCommandWrapper.java:43)
at
com.cloud.hypervisor.kvm.resource.wrapper.LibvirtRequestWrapper.execute(LibvirtRequestWrapper.java:78)
at
com.cloud.hypervisor.kvm.resource.LibvirtComputingResource.executeRequest(LibvirtComputingResource.java:1648)
at com.cloud.agent.Agent.processRequest(Agent.java:661)
at com.cloud.agent.Agent$AgentRequestHandler.doTask(Agent.java:1079)
at com.cloud.utils.nio.Task.call(Task.java:83)
at com.cloud.utils.nio.Task.call(Task.java:29)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at
CLoudstack Version : 4.15 , on Ubuntu 18/20
And thus the VM disk inside is not able to start
Any one have experience to solve this
--
Regards,
Hean Seng
Re: Regions In 4.18
The Reagions in Cloudstack seems no functionalities . For multiple country / location, you may just deploy in different Zone. On Sat, Aug 19, 2023 at 2:38 AM Carlo Fernandez wrote: > Hi Dan, > > What kind of functionality do Regions provide? > > In essence, I'm looking to connect multiple geographic sites together. The > documentation doesn't make any mention of how to do this besides via the > use of Regions. > > Is there a new way to connect CloudStack instances together? I'd like to > connect Site A to Site B and Site C, all using their own management servers. > > Is this possible in CS 4.18? > > Any assistance would be highly appreciated! > > > Thank you, > > Carlo Fernandez. > > From: Daan Hoogland > Sent: 18 August 2023 05:10 > To: users@cloudstack.apache.org > Subject: Re: Regions In 4.18 > > Carlo, > > Regions are a thing but do not deliver much functionality. I don't know of > a regions button so I can't help you there. > -- Regards, Hean Seng
Cloudstack 4.15 on Ubuntu 20 issue
Hi
I am facing issue on Cloudstack 4.15. KVM, (ubuntu 20) agent, i am
assigning 4000M RAM to a VM ,however inside the VM , only it is getting
240M RAM.
Other of the hypervisor I am running Cloudstack on Ubuntu 18,and it has no
such issue. Those VM that previously ran fine , transfer over here, it
seems to have this issue.
following is running at hypervisor , and seem statement 4000M is correct
/usr/bin/qemu-system-x86_64 -name guest=i-2-9735-VM,debug-threads=on -S
-object
secret,id=masterKey0,format=raw,file=/var/lib/libvirt/qemu/domain-2-i-2-9735-VM/master-key.aes
-machine pc-i440fx-4.2,accel=kvm,usb=off,dump-guest-core=off -cpu qemu64 -m
4000 -overcommit mem-lock=off -smp 2,sockets=2,cores=1,threads=1 -uuid
18eb1d52-1887-4d4d-94ae-7ba9916f06de -smbios type=1,manufacturer=Apache
Software Foundation,product=CloudStack KVM
Hypervisor,uuid=18eb1d52-1887-4d4d-94ae-7ba9916f06de -no-user-config
-nodefaults -chardev socket,id=charmonitor,fd=34,server,nowait -mon
chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-shutdown
-boot strict=on -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2
-device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x4 -blockdev
{"driver":"file","filename":"/mnt/bfb5965d-b463-3111-84a2-3f1609ffe81a/b4120a39-7a5a-47a7-a2b0-ecb850a46858","node-name":"libvirt-3-storage","cache":{"direct":true,"no-flush":false},"auto-read-only":true,"discard":"unmap"}
-blockdev
{"node-name":"libvirt-3-format","read-only":true,"cache":{"direct":true,"no-flush":false},"driver":"qcow2","file":"libvirt-3-storage","backing":null}
-blockdev
{"driver":"file","filename":"/mnt/bfb5965d-b463-3111-84a2-3f1609ffe81a/d2a84eb3-50c3-4928-8927-b40edebb3195","node-name":"libvirt-2-storage","cache":{"direct":true,"no-flush":false},"auto-read-only":true,"discard":"unmap"}
-blockdev
{"node-name":"libvirt-2-format","read-only":false,"cache":{"direct":true,"no-flush":false},"driver":"qcow2","file":"libvirt-2-storage","backing":"libvirt-3-format"}
-device
virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=libvirt-2-format,id=virtio-disk0,bootindex=2,write-cache=on,serial=d2a84eb350c349288927
-device ide-cd,bus=ide.1,unit=0,id=ide0-1-0,bootindex=1 -netdev
tap,fd=36,id=hostnet0,vhost=on,vhostfd=37 -device
virtio-net-pci,netdev=hostnet0,id=net0,mac=1e:00:0b:00:19:49,bus=pci.0,addr=0x3
-chardev pty,id=charserial0 -device
isa-serial,chardev=charserial0,id=serial0 -chardev
socket,id=charchannel0,fd=38,server,nowait -device
virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.
qemu.guest_agent.0 -device usb-tablet,id=input0,bus=usb.0,port=1 -vnc
172.20.236.42:0,password -device cirrus-vga,id=video0,bus=pci.0,addr=0x2
-device i6300esb,id=watchdog0,bus=pci.0,addr=0x7 -watchdog-action none
-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x6 -sandbox
on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny
-msg timestamp=on
--
Regards,
Hean Seng
Re: IP Spoofing and IP Theft
gt;> > Hivelocity, LLC > >> > > >> > > >> > > >> > On Thu, May 18, 2023 at 11:07 AM Wei ZHOU > >> wrote: > >> > > >> > > Yes, as Jithin said cloudstack uses iptables/ebtables/ipset to > >> prevent IP > >> > > spoofing in advanced zone with security groups. > >> > > > >> > > If the IP or mac address of vm instance is modified inside the vm by > >> the > >> > > user, the vm will not work. > >> > > > >> > > -Wei > >> > > > >> > > > >> > > On Thursday, 18 May 2023, Jithin Raju > >> wrote: > >> > > > >> > > > Hi Willard, > >> > > > > >> > > > I believe there is something implemented using iptables,ebtables > to > >> > > > prevent IP spoofing for security group enabled zones. You need to > >> take > >> > > this > >> > > > into account if you are using security group enabled zones. > >> > > > > >> > > > -Jithin > >> > > > > >> > > > From: Will Conrad > >> > > > Date: Thursday, 18 May 2023 at 1:08 PM > >> > > > To: users@cloudstack.apache.org > >> > > > Subject: IP Spoofing and IP Theft > >> > > > Hello Community! > >> > > > > >> > > > It looks like cloudstack has built-iin protection to prevent IP > >> > > spoofing, I > >> > > > am wondering what kind (if any) of protections cloudstack has > >> built-in > >> > to > >> > > > protect the environment from IP theft, or is this a consideration > >> that > >> > > > should be taken into account when designing the network layout and > >> > > > offerings for tenants? > >> > > > > >> > > > Regards, > >> > > > > >> > > > Willard Conrad > >> > > > DevOps Engineer > >> > > > Hivelocity, LLC > >> > > > > >> > > > > >> > > > > >> > > > > >> > > > >> > > >> > > > -- Regards, Hean Seng
Re: VR User Disabled
Even i try to delete the network also cannoot, it post following exception com.cloud.exception.ResourceUnavailableException: Resource [DataCenter:1] is unreachable: Can't find all necessary running routers! at com.cloud.network.element.VirtualRouterElement.implement(VirtualRouterElement.java:251) at org.apache.cloudstack.engine.orchestration.NetworkOrchestrator.implementNetworkElements(NetworkOrchestrator.java:1392) at org.apache.cloudstack.engine.orchestration.NetworkOrchestrator.implementNetworkElementsAndResources(NetworkOrchestrator.java:1327) at org.apache.cloudstack.engine.orchestration.NetworkOrchestrator.restartNetwork(NetworkOrchestrator.java:3166) at com.cloud.network.NetworkServiceImpl.restartNetwork(NetworkServiceImpl.java:1994) I try restarting network also have similar error. On Wed, Apr 12, 2023 at 4:53 PM Hean Seng wrote: > Any one have idea ? Now the VR cannot use and cannot delete . Previous is > ok, after system power off and on back, it become like this. > > On Wed, Apr 12, 2023 at 4:54 AM Hean Seng wrote: > >> I trying to Stop the VR , and in DB update vm_instance table to removed. >> to a date , and nwo the Shared Nework has no VR, however it do not auto >> create back the VR >> >> I not sure how to make it create back the VR automatically. >> >> On Wed, Apr 12, 2023 at 4:45 AM Hean Seng wrote: >> >>> Yes, i an using admin , it somehow do not recognize the VR is belong >>> to them, but in Guest Nework, the VR is there. >>> >>> This VR not able to assign DHCP to VM. >>> >>> I not sure how this happen >>> >>> >>> >>> >>> On Wed, Apr 12, 2023 at 4:43 AM Wei ZHOU wrote: >>> >>>> If so, only root admin can restart the network. >>>> >>>> -Wei >>>> >>>> On Tuesday, 11 April 2023, Hean Seng wrote: >>>> >>>> > Hi >>>> > >>>> > It is shared network , not dedicated to domain / account. >>>> > >>>> > >>>> > All VM shall get IP from DHCP (from VR) >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > On Wed, Apr 12, 2023 at 3:48 AM Wei ZHOU >>>> wrote: >>>> > >>>> > > Hi Hean, >>>> > > >>>> > > Is the shared network dedicated to a domain or an account ? >>>> > > >>>> > > -Wei >>>> > > >>>> > > On Tuesday, 11 April 2023, Hean Seng wrote: >>>> > > >>>> > > > Hi >>>> > > > >>>> > > > Cloudstack 4.15 on Ubuntu 20., Advance with Security Group >>>> > > > >>>> > > > Some strange behavior , the Network VR is running , i try to >>>> restart >>>> > > > Network and Clean up, it show "Can't find all necessary running >>>> > routers!" >>>> > > > . >>>> > > > >>>> > > > When i view the log , it show below: >>>> > > > >>>> > > > com.cloud.exception.PermissionDeniedException: The owner of >>>> > > > VM[User|i-1669-1778-VM] is disabled: 1669 >>>> > > > >>>> > > > >>>> > > > it is running at VR , but now sure why it show VM user Disable . >>>> > > > >>>> > > > >>>> > > > How can I enable it , so than i can destroy and rebuild the >>>> network. >>>> > > > >>>> > > > >>>> > > > Or which table in my sql that i can update this ? >>>> > > > >>>> > > > >>>> > > > >>>> > > > -- >>>> > > > Regards, >>>> > > > Hean Seng >>>> > > > >>>> > > >>>> > >>>> > >>>> > -- >>>> > Regards, >>>> > Hean Seng >>>> > >>>> >>> >>> >>> -- >>> Regards, >>> Hean Seng >>> >> >> >> -- >> Regards, >> Hean Seng >> > > > -- > Regards, > Hean Seng > -- Regards, Hean Seng
Re: VR User Disabled
Any one have idea ? Now the VR cannot use and cannot delete . Previous is ok, after system power off and on back, it become like this. On Wed, Apr 12, 2023 at 4:54 AM Hean Seng wrote: > I trying to Stop the VR , and in DB update vm_instance table to removed. > to a date , and nwo the Shared Nework has no VR, however it do not auto > create back the VR > > I not sure how to make it create back the VR automatically. > > On Wed, Apr 12, 2023 at 4:45 AM Hean Seng wrote: > >> Yes, i an using admin , it somehow do not recognize the VR is belong to >> them, but in Guest Nework, the VR is there. >> >> This VR not able to assign DHCP to VM. >> >> I not sure how this happen >> >> >> >> >> On Wed, Apr 12, 2023 at 4:43 AM Wei ZHOU wrote: >> >>> If so, only root admin can restart the network. >>> >>> -Wei >>> >>> On Tuesday, 11 April 2023, Hean Seng wrote: >>> >>> > Hi >>> > >>> > It is shared network , not dedicated to domain / account. >>> > >>> > >>> > All VM shall get IP from DHCP (from VR) >>> > >>> > >>> > >>> > >>> > >>> > On Wed, Apr 12, 2023 at 3:48 AM Wei ZHOU >>> wrote: >>> > >>> > > Hi Hean, >>> > > >>> > > Is the shared network dedicated to a domain or an account ? >>> > > >>> > > -Wei >>> > > >>> > > On Tuesday, 11 April 2023, Hean Seng wrote: >>> > > >>> > > > Hi >>> > > > >>> > > > Cloudstack 4.15 on Ubuntu 20., Advance with Security Group >>> > > > >>> > > > Some strange behavior , the Network VR is running , i try to >>> restart >>> > > > Network and Clean up, it show "Can't find all necessary running >>> > routers!" >>> > > > . >>> > > > >>> > > > When i view the log , it show below: >>> > > > >>> > > > com.cloud.exception.PermissionDeniedException: The owner of >>> > > > VM[User|i-1669-1778-VM] is disabled: 1669 >>> > > > >>> > > > >>> > > > it is running at VR , but now sure why it show VM user Disable . >>> > > > >>> > > > >>> > > > How can I enable it , so than i can destroy and rebuild the >>> network. >>> > > > >>> > > > >>> > > > Or which table in my sql that i can update this ? >>> > > > >>> > > > >>> > > > >>> > > > -- >>> > > > Regards, >>> > > > Hean Seng >>> > > > >>> > > >>> > >>> > >>> > -- >>> > Regards, >>> > Hean Seng >>> > >>> >> >> >> -- >> Regards, >> Hean Seng >> > > > -- > Regards, > Hean Seng > -- Regards, Hean Seng
Re: VR User Disabled
I trying to Stop the VR , and in DB update vm_instance table to removed. to a date , and nwo the Shared Nework has no VR, however it do not auto create back the VR I not sure how to make it create back the VR automatically. On Wed, Apr 12, 2023 at 4:45 AM Hean Seng wrote: > Yes, i an using admin , it somehow do not recognize the VR is belong to > them, but in Guest Nework, the VR is there. > > This VR not able to assign DHCP to VM. > > I not sure how this happen > > > > > On Wed, Apr 12, 2023 at 4:43 AM Wei ZHOU wrote: > >> If so, only root admin can restart the network. >> >> -Wei >> >> On Tuesday, 11 April 2023, Hean Seng wrote: >> >> > Hi >> > >> > It is shared network , not dedicated to domain / account. >> > >> > >> > All VM shall get IP from DHCP (from VR) >> > >> > >> > >> > >> > >> > On Wed, Apr 12, 2023 at 3:48 AM Wei ZHOU wrote: >> > >> > > Hi Hean, >> > > >> > > Is the shared network dedicated to a domain or an account ? >> > > >> > > -Wei >> > > >> > > On Tuesday, 11 April 2023, Hean Seng wrote: >> > > >> > > > Hi >> > > > >> > > > Cloudstack 4.15 on Ubuntu 20., Advance with Security Group >> > > > >> > > > Some strange behavior , the Network VR is running , i try to restart >> > > > Network and Clean up, it show "Can't find all necessary running >> > routers!" >> > > > . >> > > > >> > > > When i view the log , it show below: >> > > > >> > > > com.cloud.exception.PermissionDeniedException: The owner of >> > > > VM[User|i-1669-1778-VM] is disabled: 1669 >> > > > >> > > > >> > > > it is running at VR , but now sure why it show VM user Disable . >> > > > >> > > > >> > > > How can I enable it , so than i can destroy and rebuild the network. >> > > > >> > > > >> > > > Or which table in my sql that i can update this ? >> > > > >> > > > >> > > > >> > > > -- >> > > > Regards, >> > > > Hean Seng >> > > > >> > > >> > >> > >> > -- >> > Regards, >> > Hean Seng >> > >> > > > -- > Regards, > Hean Seng > -- Regards, Hean Seng
Re: VR User Disabled
Yes, i an using admin , it somehow do not recognize the VR is belong to them, but in Guest Nework, the VR is there. This VR not able to assign DHCP to VM. I not sure how this happen On Wed, Apr 12, 2023 at 4:43 AM Wei ZHOU wrote: > If so, only root admin can restart the network. > > -Wei > > On Tuesday, 11 April 2023, Hean Seng wrote: > > > Hi > > > > It is shared network , not dedicated to domain / account. > > > > > > All VM shall get IP from DHCP (from VR) > > > > > > > > > > > > On Wed, Apr 12, 2023 at 3:48 AM Wei ZHOU wrote: > > > > > Hi Hean, > > > > > > Is the shared network dedicated to a domain or an account ? > > > > > > -Wei > > > > > > On Tuesday, 11 April 2023, Hean Seng wrote: > > > > > > > Hi > > > > > > > > Cloudstack 4.15 on Ubuntu 20., Advance with Security Group > > > > > > > > Some strange behavior , the Network VR is running , i try to restart > > > > Network and Clean up, it show "Can't find all necessary running > > routers!" > > > > . > > > > > > > > When i view the log , it show below: > > > > > > > > com.cloud.exception.PermissionDeniedException: The owner of > > > > VM[User|i-1669-1778-VM] is disabled: 1669 > > > > > > > > > > > > it is running at VR , but now sure why it show VM user Disable . > > > > > > > > > > > > How can I enable it , so than i can destroy and rebuild the network. > > > > > > > > > > > > Or which table in my sql that i can update this ? > > > > > > > > > > > > > > > > -- > > > > Regards, > > > > Hean Seng > > > > > > > > > > > > > -- > > Regards, > > Hean Seng > > > -- Regards, Hean Seng
Re: VR User Disabled
Do you know where is the link for Shared Network and its VR. ? On Wed, Apr 12, 2023 at 3:53 AM Hean Seng wrote: > Hi > > It is shared network , not dedicated to domain / account. > > > All VM shall get IP from DHCP (from VR) > > > > > > On Wed, Apr 12, 2023 at 3:48 AM Wei ZHOU wrote: > >> Hi Hean, >> >> Is the shared network dedicated to a domain or an account ? >> >> -Wei >> >> On Tuesday, 11 April 2023, Hean Seng wrote: >> >> > Hi >> > >> > Cloudstack 4.15 on Ubuntu 20., Advance with Security Group >> > >> > Some strange behavior , the Network VR is running , i try to restart >> > Network and Clean up, it show "Can't find all necessary running >> routers!" >> > . >> > >> > When i view the log , it show below: >> > >> > com.cloud.exception.PermissionDeniedException: The owner of >> > VM[User|i-1669-1778-VM] is disabled: 1669 >> > >> > >> > it is running at VR , but now sure why it show VM user Disable . >> > >> > >> > How can I enable it , so than i can destroy and rebuild the network. >> > >> > >> > Or which table in my sql that i can update this ? >> > >> > >> > >> > -- >> > Regards, >> > Hean Seng >> > >> > > > -- > Regards, > Hean Seng > -- Regards, Hean Seng
Re: VR User Disabled
Hi It is shared network , not dedicated to domain / account. All VM shall get IP from DHCP (from VR) On Wed, Apr 12, 2023 at 3:48 AM Wei ZHOU wrote: > Hi Hean, > > Is the shared network dedicated to a domain or an account ? > > -Wei > > On Tuesday, 11 April 2023, Hean Seng wrote: > > > Hi > > > > Cloudstack 4.15 on Ubuntu 20., Advance with Security Group > > > > Some strange behavior , the Network VR is running , i try to restart > > Network and Clean up, it show "Can't find all necessary running routers!" > > . > > > > When i view the log , it show below: > > > > com.cloud.exception.PermissionDeniedException: The owner of > > VM[User|i-1669-1778-VM] is disabled: 1669 > > > > > > it is running at VR , but now sure why it show VM user Disable . > > > > > > How can I enable it , so than i can destroy and rebuild the network. > > > > > > Or which table in my sql that i can update this ? > > > > > > > > -- > > Regards, > > Hean Seng > > > -- Regards, Hean Seng
VR User Disabled
Hi Cloudstack 4.15 on Ubuntu 20., Advance with Security Group Some strange behavior , the Network VR is running , i try to restart Network and Clean up, it show "Can't find all necessary running routers!" . When i view the log , it show below: com.cloud.exception.PermissionDeniedException: The owner of VM[User|i-1669-1778-VM] is disabled: 1669 it is running at VR , but now sure why it show VM user Disable . How can I enable it , so than i can destroy and rebuild the network. Or which table in my sql that i can update this ? -- Regards, Hean Seng
Re: Compute offerings and Disk offerings
Hi If you allow them in the Offering, then of cause they have the flexibility and you too have the flexibility . In the current control , there is no variable to restrict user from doing that, and only admin can do. It all depend on the offering you created. . Probably you can try is restrict it at offering, and when you need to change, first change the Vm to another offering first, then only migrate the volumn. On Thu, Mar 30, 2023 at 4:01 PM wrote: > Hey jordan, > > thx for your reply! I am suing custom offerings, my problem is to deny the > customer to change the Disk offering in the UI wizard when creating a new > VM. Of course I can use the strictness, but then I am unable to migrate the > volume from local to shared storage or vice versa later in time. > > Regards, > Swen > > -Ursprüngliche Nachricht- > Von: jordan j > Gesendet: Donnerstag, 30. März 2023 08:15 > An: users@cloudstack.apache.org > Betreff: Re: Compute offerings and Disk offerings > > I have the same hardware setup and use the same configuration. > Not sure if one can run away from having multiple compute offerings for > each storage type and server group. > The only thing that reduced the amount of compute offerings is to set both > compute and disk offerings to be custom. > So actually you have just one offering per specific server/storage group > with resources customizable by the users. > > Regards, > Jordan > > On Wed, Mar 29, 2023 at 6:47 PM Hean Seng wrote: > > > So what you actually wish to achieve ? > > > > On Wed, Mar 29, 2023 at 11:41 PM wrote: > > > > > Hi Hean, > > > > > > sure, this works, but is not really flexible and you run into > > > problems when using the override function in the UI wizard. > > > > > > -Ursprüngliche Nachricht- > > > Von: Hean Seng > > > Gesendet: Mittwoch, 29. März 2023 17:20 > > > An: users@cloudstack.apache.org > > > Betreff: Re: Compute offerings and Disk offerings > > > > > > Hi > > > > > > In Compute offering, you can choose if the compute offering is Local > > > or Shared Storage . > > > > > > And you can also tag the storage with Tags, and define the tag in > > > Compute offering. > > > > > > Like this, it will goes to the storage you wish to. > > > > > > > > > On Wed, Mar 29, 2023 at 11:12 PM wrote: > > > > > > > Hey all, > > > > > > > > > > > > > > > > does someone use local AND shared storage in Cloudstack? I am > > > > using tags on storage level which I use in Disk offerings then to > > > > assign them to shared or local storage. I use xcp-ng as hypervisor > > > > and each host has shared or local storage, but not both. > > > > > > > > I created a default-compute-offering without mapping it directly > > > > to a Disk offering vi api, because the UI wants to have a Disk > > > > offering mapped. In the VM installation wizard I can choose > > > > between local an shared storage and it works fine. > > > > > > > > > > > > > > > > But I run into some issues: > > > > > > > > 1. I am unable to configure the default Disk offering which will > > be > > > > used when not overriding root disk offering > > > > > > > > It looks like CS is using the one with the lowest id in den database. > > > > > > > > 2. When I want to migrate a running VM from local to shared > > storage > > > > (or > > > > vice versa) via UI "Migrate instance to another host" I see the > > > > other hosts, but there are shown as not suitable. > > > > 3. When I want to migrate a Volume from local to shared storage > > (or > > > > vice versa) via UI "Migrate volume" I do not see the other type of > > > > storage even when enable the "Replace disk offering" button. > > > > > > > > > > > > > > > > Is my workflow just not correct, or do we have some kind of issue > > > > here? I hope someone else already using this setup and can tell me > > > > how it was configured. Thanks for help! > > > > > > > > > > > > > > > > Regards, > > > > > > > > Swen > > > > > > > > > > > > > > -- > > > Regards, > > > Hean Seng > > > > > > > > > > > > > -- > > Regards, > > Hean Seng > > > > > -- Regards, Hean Seng
Re: Compute offerings and Disk offerings
So what you actually wish to achieve ? On Wed, Mar 29, 2023 at 11:41 PM wrote: > Hi Hean, > > sure, this works, but is not really flexible and you run into problems > when using the override function in the UI wizard. > > -Ursprüngliche Nachricht- > Von: Hean Seng > Gesendet: Mittwoch, 29. März 2023 17:20 > An: users@cloudstack.apache.org > Betreff: Re: Compute offerings and Disk offerings > > Hi > > In Compute offering, you can choose if the compute offering is Local or > Shared Storage . > > And you can also tag the storage with Tags, and define the tag in Compute > offering. > > Like this, it will goes to the storage you wish to. > > > On Wed, Mar 29, 2023 at 11:12 PM wrote: > > > Hey all, > > > > > > > > does someone use local AND shared storage in Cloudstack? I am using > > tags on storage level which I use in Disk offerings then to assign > > them to shared or local storage. I use xcp-ng as hypervisor and each > > host has shared or local storage, but not both. > > > > I created a default-compute-offering without mapping it directly to a > > Disk offering vi api, because the UI wants to have a Disk offering > > mapped. In the VM installation wizard I can choose between local an > > shared storage and it works fine. > > > > > > > > But I run into some issues: > > > > 1. I am unable to configure the default Disk offering which will be > > used when not overriding root disk offering > > > > It looks like CS is using the one with the lowest id in den database. > > > > 2. When I want to migrate a running VM from local to shared storage > > (or > > vice versa) via UI "Migrate instance to another host" I see the other > > hosts, but there are shown as not suitable. > > 3. When I want to migrate a Volume from local to shared storage (or > > vice versa) via UI "Migrate volume" I do not see the other type of > > storage even when enable the "Replace disk offering" button. > > > > > > > > Is my workflow just not correct, or do we have some kind of issue > > here? I hope someone else already using this setup and can tell me how > > it was configured. Thanks for help! > > > > > > > > Regards, > > > > Swen > > > > > > -- > Regards, > Hean Seng > > > -- Regards, Hean Seng
Re: Cloudstck L2 Network.
Hi Wei Zhou I understand for Isolated and Shared. But for L2 network , how can I know which physical network it is connected to? Now I have 2 phy network . Phy1 : Guest + Manangement + Storage Phy2 : Public So for L2 , which Phy Network the traffic will flow to On Wed, Mar 29, 2023 at 11:26 PM Wei ZHOU wrote: > Hi Hean, > > You can select physical networks when creating a shared network. However, > it is not possible for isolated networks and L2 networks. > The physical network of isolated/L2 networks are determined by the tags of > network offering. > > Prior to 4.18, all physical networks must have tags if there are multiple > physical guest networks. > With PR https://github.com/apache/cloudstack/pull/6781 merged into 4.18, > one of the physical networks can have null tags , the networks created from > network offering with null tags will be created on the physical network > with null tags. > The other physical networks and network offerings must have tags. > > > -Wei > > > > On Wed, 29 Mar 2023 at 16:41, Hean Seng wrote: > > > Hi > > > > For creating Isolated Network, and Guest network, we can choose which > > Physical Network interface that it need to bind to . > > > > However for L2 network, there is no interface to select . Can I know > that > > fo the L2 network that created , which interface of the Physical > Interface > > it bind to ? > > > > Or i understand wrong of L2 network. > > > > > > > > -- > > Regards, > > Hean Seng > > > -- Regards, Hean Seng
Re: Compute offerings and Disk offerings
Hi In Compute offering, you can choose if the compute offering is Local or Shared Storage . And you can also tag the storage with Tags, and define the tag in Compute offering. Like this, it will goes to the storage you wish to. On Wed, Mar 29, 2023 at 11:12 PM wrote: > Hey all, > > > > does someone use local AND shared storage in Cloudstack? I am using tags on > storage level which I use in Disk offerings then to assign them to shared > or > local storage. I use xcp-ng as hypervisor and each host has shared or local > storage, but not both. > > I created a default-compute-offering without mapping it directly to a Disk > offering vi api, because the UI wants to have a Disk offering mapped. In > the > VM installation wizard I can choose between local an shared storage and it > works fine. > > > > But I run into some issues: > > 1. I am unable to configure the default Disk offering which will be > used when not overriding root disk offering > > It looks like CS is using the one with the lowest id in den database. > > 2. When I want to migrate a running VM from local to shared storage > (or > vice versa) via UI "Migrate instance to another host" I see the other > hosts, > but there are shown as not suitable. > 3. When I want to migrate a Volume from local to shared storage (or > vice versa) via UI "Migrate volume" I do not see the other type of storage > even when enable the "Replace disk offering" button. > > > > Is my workflow just not correct, or do we have some kind of issue here? I > hope someone else already using this setup and can tell me how it was > configured. Thanks for help! > > > > Regards, > > Swen > > -- Regards, Hean Seng
Cloudstck L2 Network.
Hi For creating Isolated Network, and Guest network, we can choose which Physical Network interface that it need to bind to . However for L2 network, there is no interface to select . Can I know that fo the L2 network that created , which interface of the Physical Interface it bind to ? Or i understand wrong of L2 network. -- Regards, Hean Seng
Re: Local storage and share storage in one zone, Hostname for VR
Hi Wei zhou Thanks for reply . I saw the cs4cloud.internal is at virtual router properties that created for the Account: Network domain cs4cloud.internal Is there any template or default value it that i can change so that every time the VR created , it use my preferred name for Netowrk Domain. On Wed, Mar 29, 2023 at 3:52 PM Wei ZHOU wrote: > Hi Hean, > > The network domain is determined by this order > - domain of the network > - network domain of the account > - network domain of the domain > - network domain of the zone > - cs + accountid + cloud.local (guest domain suffix of the zone) > > You can update the network with a new network domain. > > -Wei > > On Wed, 29 Mar 2023 at 08:51, Hean Seng wrote: > > > Hi > > > > I create a Advance zone that have 2 Pod . > > > > Pod 1 - Hypervisors (kvm) are using share storage . So I have 3 > physical > > network , One for Management and Guest, Second one for VLAN network > > (Public). and another one for Storage network on NFS . > > > > Pod 2 - Hypervisors (KVM) on Local storage, For this I only need 2 > Physical > > network. One for Management, Guest, and Storage( basically just for > > Secondary Storage), and another network for VLAN (public Traffic) > > > > > > However for the zone ,creating it seems not able to do so . If choose 3 > > physical network, all Hypervisors will need to have 3 physical network . > > > > Is this some sort of limitation here ? Or any work around ? > > > > > > Another issue is , reverse dns name for VR is always resolve to > > r-484-vm.cs4cloud.internal > > > > r-484-vm is the name of the virtual router. > > > > > > > > Can I know where to change the name cs4cloud.internal to my preference > name > > ? > > > > > > -- > > Regards, > > Hean Seng > > > -- Regards, Hean Seng
Local storage and share storage in one zone, Hostname for VR
Hi I create a Advance zone that have 2 Pod . Pod 1 - Hypervisors (kvm) are using share storage . So I have 3 physical network , One for Management and Guest, Second one for VLAN network (Public). and another one for Storage network on NFS . Pod 2 - Hypervisors (KVM) on Local storage, For this I only need 2 Physical network. One for Management, Guest, and Storage( basically just for Secondary Storage), and another network for VLAN (public Traffic) However for the zone ,creating it seems not able to do so . If choose 3 physical network, all Hypervisors will need to have 3 physical network . Is this some sort of limitation here ? Or any work around ? Another issue is , reverse dns name for VR is always resolve to r-484-vm.cs4cloud.internal r-484-vm is the name of the virtual router. Can I know where to change the name cs4cloud.internal to my preference name ? -- Regards, Hean Seng
Re: Apache CloudStack 4.18 LTS is released
Seems 4.18 not yet available for Ubuntu Variant. On Mon, Mar 20, 2023 at 8:26 PM Info Manager wrote: > Hi, you can use shapeblue rep also > > On Mon, Mar 20, 2023, 13:43 Pratik Chandrakar > wrote: > > > Hi all, > > This is to inform you that the 4.18 Package is currently not available > for > > Debian on https://download.cloudstack.org/ubuntu/dists/ > > > > On Mon, Mar 20, 2023 at 3:07 PM Daan Hoogland wrote: > > > > > We are pleased to announce that the Apache CloudStack 4.18.0.0 LTS > > > Releaseis out. > > > > > > The Apache Software Foundation Announces Apache® CloudStack® v4.18. > > > > > > Apache CloudStack 4.18.0.0 is a 4.18 LTS release with 300+ new > features, > > > improvements, and bug fixes since 4.17, including 19 major new > features. > > > Some of the highlights include: > > > > > > - Edge Zones > > > > > > - Autoscaling > > > > > > - Managed User Data > > > > > > - Two-Factor Authentication Framework > > > > > > - Support for Time-based OTP (TOTP) Authenticator > > > > > > - Volume Encryption > > > > > > - SDN Integration – Tungsten Fabric > > > > > > - Ceph Multi Monitor Support > > > > > > - API-Driven Console Access > > > > > > - Console Access Security Improvements > > > > > > - New Global settings UI > > > > > > - Configurable MTU for VR > > > > > > - Adaptative Affinity Groups > > > > > > - Custom DNS Servers for Networks > > > > > > - Improved Guest OS Support Framework > > > > > > - Support for Enterprise Linux 9 > > > > > > - Networker Backup Plugin for KVM Hypervisor > > > > > > - Custom Quota Tariffs > > > > > > - Secure VNC for KVM > > > > > > Documentation > > > > > > The full list of new features can be found in the project release notes > > at > > > > http://docs.cloudstack.apache.org/en/4.18.0.0/releasenotes/changes.html > > > > > > The CloudStack documentation includes upgrade instructions from > previous > > > versions of Apache CloudStack, and can be found at: > > > http://docs.cloudstack.apache.org/en/4.18.0.0/upgrading/index.html > > > > > > The official installation, administration and API documentation for > each > > of > > > the releases are available on our documentation page: > > > http://docs.cloudstack.apache.org/ > > > > > > Downloads > > > > > > The official source code for the 4.18.0.0 release can be downloaded > from > > > our downloads page: http://cloudstack.apache.org/downloads.html > > > > > > In addition to the official source code release, individual > contributors > > > have also made convenience binaries available on the Apache CloudStack > > > download page, and can be found at: > > > https://download.cloudstack.org/ubuntu/dists/ > > > > > > https://download.cloudstack.org/centos/7/ > > > > > > https://download.cloudstack.org/centos/8/ > > > > > > https://download.cloudstack.org/suse/15 > > > > > > https://www.shapeblue.com/packages/ > > > > > > > > > -- > > *Regards,* > > *Pratik Chandrakar* > > > -- Regards, Hean Seng
Cloudstack 4.17.2.0 , NoVNC Console
Hi I trying on Cloudstack 4.17.2.0, on Ubuntu 22 (both MGMT and Slave) Installation all goes well, and service bootup normally. However , the noVNC console is not function second time access it. After the SystemVM (consoleproxy) bootup , I click View Console, and I manage to view the console . However after I click view console again, it will for a while trying to connect, and then show connection fail. I reboot again the ConsoleProxy SystemVM, and I manage to connect back first time the View Console, and second time, it cannot again. Anyone have clue on what is the issue ? -- Regards, Hean Seng
Re: Intrusion Detection in ACS
Hi You should do port mirroring at your Switch or Router , instead of Cloud Node . On Fri, Jul 22, 2022 at 12:20 AM Gary Dixon wrote: > > > Hi All > > > > ACS 4.15.2 > > Hypervisor: KVM > > HyperVisor OS: Ubuntu 20.04 > > > > I have been tasked with providing an Intrusion Detection solution for our > Cloud customers. Our ACS guest traffic isolation utilises VXLAN and so I > have been advised that we cannot implement port mirroring at the physical > switch layer. > > I have been looking at port mirroring at the KVM host level with setting > up ingess/egress qdiscs with TC filters to port mirror the guest traffic > along a gretap tunnel to the IDS appliance (which is hosted on another > platform). So far this seems to mostly work. > > > > I’m wondering if this is a viable way of implementing IDS ? As for > automating the process could this be done as a Cloudstack custom plugin or > would this have to be automated externally to cloudstack. Trying to > research into this has been challenging to say the least. I would really > appreciate if any of you have any pointers or let me know if I am barking > up the wrong tree. > > > > Best regards > > > > *Gary Dixon***** > > Technical Consultant > > T: 0161 537 4980 <0161%20537%204980> > > W: www.quadris.co.uk > > *The information contained in this e-mail from Quadris may be confidential > and privileged for the private use of the named recipient. The contents of > this e-mail may not necessarily represent the official views of Quadris. > If you have received this information in error you must not copy, > distribute or take any action or reliance on its contents. Please destroy > any hard copies and delete this message.* > > > -- Regards, Hean Seng
Re: VXLAN impemetation
Hi Wido, Thanks for the reply, I will go through the links give. On Mon, Mar 21, 2022 at 3:48 PM Wido den Hollander wrote: > Hi, > > On 3/21/22 04:23, Hean Seng wrote: > > Hi > > > > Is anybody using VXLAN in their AdvanceNetowrking in production ? Any > > experience to share ? > > > > Yes, we are using VXLAN in production with KVM and CloudStack for a few > years now. > > > We are planning to set up Cloud Server for customers, and allow customers > > to have direct connection to their cloud server (physical connection), > > something like cloud-connect in AWS or GoogleCloud . > > > > VLAN isolation looks like the proper way of doing this, but it has a > future > > limitation of 4000 accounts per zone might be the trouble. VXLAN shall > > solve this , but is a multicast network , and I am not sure if any > > limitation is unforeseen. > > > > Exactly for this reason (and more) we use VXLAN. It scales much better > then VLANs do. > > I have done a few talks about this: > > - > > https://www.slideshare.net/ShapeBlue/deploying-cloudstack-and-ceph-with-flexible-vxlan-and-bgp-networking > - https://www.youtube.com/watch?v=X02bxtIC0u4 > - https://www.youtube.com/watch?v=ZKCuX9yRz7Y > > A few main points to think about: > > - Avoid VXLAN with Multicast and use BGP+EVPN > - You need a modified version of the modifyvxlan.sh script [0] > - Use FRR for BGP on the host > - Cumulus Linux for Top-of-Rack switches are nice, but it's not mandatory > > Wido > > [0]: > > https://github.com/PCextreme/cloudstack/blob/vxlan-bgp-evpn/scripts/vm/network/vnet/modifyvxlan.sh > > > Anyone who has used VXLAN network implementation in Cloudstack, would > > appreciate sharing the experiences . > > > > Thank you. > > > -- Regards, Hean Seng
VXLAN impemetation
Hi Is anybody using VXLAN in their AdvanceNetowrking in production ? Any experience to share ? We are planning to set up Cloud Server for customers, and allow customers to have direct connection to their cloud server (physical connection), something like cloud-connect in AWS or GoogleCloud . VLAN isolation looks like the proper way of doing this, but it has a future limitation of 4000 accounts per zone might be the trouble. VXLAN shall solve this , but is a multicast network , and I am not sure if any limitation is unforeseen. Anyone who has used VXLAN network implementation in Cloudstack, would appreciate sharing the experiences . Thank you. -- Regards, Hean Seng
Re: Cloudstack 4.16 - GUI unable to submit SSL
@Wei Zhou
Thanks for informing the db is keystore, i solve this in a very stupid
way, clean install a Cloudstack 4.15 , and upload a SSL fron GUI .
After done, dump the table keystore out, and restore to Cloudstack 4.16 db
, keystore table , Then destroy ConsoleVM , let it rebuild back,and SSL
is coming out .
The cloudmokey API seems not working as expecting, the SSL is seens inside
keystore DB, but it doesn't work ! I do not know if my fault or not , but
follow what show in Shapeblue. Upon checking DB content, the key is
there, but somehow console proxy not able to configure https using the key.
I am trying to compile the source with the updated patch, but seems issue
on compiling, always a dependency issue although I followed the doc online
. Tried on Ubuntu 20 and Ubuntu 18, and keep having dependency issue.
Ubuntu 18, When using Java 8, it give
javac: invalid target release: 11
When using Java11, it have some warning, at the end show something like
cannot find deps .
Ubuntu 20 even weird , keep having dependency issue like : dpkg-checkbuilddeps:
error: Unmet build dependencies: python (>= 2.7) nodejs (>= 12)
I wonder what the environment expert here compiling the source . I am
interested to try it out also . Hope can get some guides here.
On Thu, Jan 13, 2022 at 11:13 PM Wei ZHOU wrote:
> Hi Hean,
>
> Could you please check by the following steps ?
>
> (1) check if key/certs are saved in DB.
> Please check the `keystore` table in DB.
>
> (2) check if global settings are set correctly. When you change the values,
> please restart mgmt server and CPVM.
> consoleproxy.sslEnabled (should be 'true')
> consoleproxy.url.domain (should be '*.domain.com')
>
> (3) check if port 443 is listening in CPVM.
>
> netstat -anltp
>
> In /var/log/cloud.log in CPVM, you should see the logs like below
>
> 2022-01-13 13:00:30,811 INFO
> [cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl]
> (Console-Proxy-Main:null) Start initializing SSL
> 2022-01-13 13:00:30,811 INFO
> [cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl]
> (Console-Proxy-Main:null) Initializing SSL from passed-in certificate
> 2022-01-13 13:00:30,814 INFO
> [cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl]
> (Console-Proxy-Main:null) Key manager factory is initialized
> 2022-01-13 13:00:30,818 INFO
> [cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl]
> (Console-Proxy-Main:null) Trust manager factory is initialized
> 2022-01-13 13:00:30,819 INFO
> [cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl]
> (Console-Proxy-Main:null) SSL context is initialized
> 2022-01-13 13:00:30,838 INFO
> [cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl]
> (Console-Proxy-Main:null) create HTTPS server instance on port: 443
>
>
>
> You should be able to upload an ssl certificate by cloning the cloudstack
> repository and setting up a local cloudstack UI.
> see
> https://github.com/apache/cloudstack/blob/main/ui/README.md#development
>
>
> -Wei
>
>
> On Mon, 10 Jan 2022 at 10:52, Hean Seng wrote:
>
> > I not sure related to this or not, I ssh login to Console Proxy , and
> > seems port 443 is not listening there .
> >
> > Is there anyway I can can check in the console proxy, see if the cert is
> > properly deploy to the console proxy vm.
> >
> > On Mon, Jan 10, 2022 at 5:31 PM Suresh Anaparti <
> > suresh.anapa...@shapeblue.com> wrote:
> >
> > > Hi,
> > >
> > > I could see a related issue created here
> > > https://github.com/apache/cloudstack/issues/5634
> > >
> > > If you have the similar issue with Letsencrypt certs, you add more
> > details
> > > there. Otherwise, please create a new issue with the details.
> > >
> > >
> > > Regards,
> > > Suresh
> > >
> > > On 08/01/22, 11:59 AM, "Hean Seng" wrote:
> > >
> > > hi. Suresh
> > >
> > > I am gemnerating Letsenctyp and instll the cert using the API .
> > > I running.time as show in the shapeblue document. It successfully
> > > running
> > > the API
> > >
> > >
> > > "customcertificate": {
> > >
> > > "message": "Certificate has been successfully updated, if its
> the
> > > server certificate we would reboot all running console proxy VMs
> and
> > > secondary storage VMs to propagate the new certificate, please
> give a
> > > few
> > > minutes for console access and storage services service to be up
> and
> > > working again"
> > >
> >
Install from source
Hi Any one have guide to compile the source from Ubuntu 20 . I am trying to compatible using Ubuntu 20 , following error show: dch warning: new version (4.16.0.0~focal~focal) is less than the current version number (4.16.0.0~focal). dpkg-checkbuilddeps: error: Unmet build dependencies: python (>= 2.7) nodejs (>= 12) The documentation online, seems not know the environment for install/compile it to Ubuntu20 -- Regards, Hean Seng
Re: Cloudstack 4.16 - GUI unable to submit SSL
I not sure related to this or not, I ssh login to Console Proxy , and
seems port 443 is not listening there .
Is there anyway I can can check in the console proxy, see if the cert is
properly deploy to the console proxy vm.
On Mon, Jan 10, 2022 at 5:31 PM Suresh Anaparti <
suresh.anapa...@shapeblue.com> wrote:
> Hi,
>
> I could see a related issue created here
> https://github.com/apache/cloudstack/issues/5634
>
> If you have the similar issue with Letsencrypt certs, you add more details
> there. Otherwise, please create a new issue with the details.
>
>
> Regards,
> Suresh
>
> On 08/01/22, 11:59 AM, "Hean Seng" wrote:
>
> hi. Suresh
>
> I am gemnerating Letsenctyp and instll the cert using the API .
> I running.time as show in the shapeblue document. It successfully
> running
> the API
>
>
> "customcertificate": {
>
> "message": "Certificate has been successfully updated, if its the
> server certificate we would reboot all running console proxy VMs and
> secondary storage VMs to propagate the new certificate, please give a
> few
> minutes for console access and storage services service to be up and
> working again"
>
> }
>
> }
>
>
>
> running 2time, first time is chain + root
> second time is cert. perm and privatekey pkcs8
>
> after upload, destroy and let it rebuild the console proxy , after
> all
> up, it seems https://ip-.domain in console cannot load as expected
>
>
>
>
> On Wed, Jan 5, 2022 at 8:12 PM Suresh Anaparti <
> suresh.anapa...@shapeblue.com> wrote:
>
> > Hi,
> >
> > You can check the certificate configuration process through API/cmk
> here:
> > https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/
> >
> >
> > Regards,
> > Suresh
> >
> > On 05/01/22, 4:55 PM, "Hean Seng" wrote:
> >
> > Any body know how to use the API to upload this cert for console
> proxy,
> > Otherwise this 4.16 is not workable . This function seems no
> > alternative to make it work
> >
> >
> >
> >
>
>
>
> > On Mon, Jan 3, 2022 at 4:08 PM Hean Seng wrote:
> >
> > > Is there anyway to manual update it before 4.16.1 release ,
> > otherwise the
> > > SSL cannot be install.
> > >
> > > On Mon, Jan 3, 2022 at 3:06 PM Suresh Anaparti <
> > > suresh.anapa...@shapeblue.com> wrote:
> > >
> > >> Good, thanks for the update Pearl!
> > >>
> > >>
> > >> Regards,
> > >> Suresh
> > >>
> > >> On 03/01/22, 12:31 PM, "Pearl d'Silva" <
> pearl.dsi...@shapeblue.com>
> > >> wrote:
> > >>
> > >> Hi,
> > >>
> > >> This seems to be an issue in 4.16.0 but has been
> addressed with:
> > >> https://github.com/apache/cloudstack/pull/5682/ and should be
> > available
> > >> in 4.16.1.
> > >>
> > >> Thanks,
> > >> Pearl
> > >>
> > >> [
> > >>
> >
> https://opengraph.githubassets.com/a85d63087cbc026a03525dcc5d491e900913e0ad6e2b09a6dd8eb27f392c60a8/apache/cloudstack/pull/5682
> > >> ]<https://github.com/apache/cloudstack/pull/5682/>
> > >> UI : Fix SSL certificate submit button not working by
> dhslove ·
> > Pull
> > >> Request #5682 · apache/cloudstack<
> > >> https://github.com/apache/cloudstack/pull/5682/>
> > >> Description This PR fixes an issue where clicking the
> Submit
> > button
> > >> in the SSL Certificates dialog in the Infrastructure Summary
> UI did
> > not
> > >> work. Types of changes Breaking change (fix o...
> > >> github.com
> > >>
> > >>
> > >>
> > >> From: Deepak Kumar
> > >> Sent: Monday, January 3, 2022 12:23 PM
> > >> To: users@cloudstack.apache.org <
> users@cloudstack.apache.org>
> >
Re: Cloudstack 4.16 - GUI unable to submit SSL
hi. Suresh
I am gemnerating Letsenctyp and instll the cert using the API .
I running.time as show in the shapeblue document. It successfully running
the API
"customcertificate": {
"message": "Certificate has been successfully updated, if its the
server certificate we would reboot all running console proxy VMs and
secondary storage VMs to propagate the new certificate, please give a few
minutes for console access and storage services service to be up and
working again"
}
}
running 2time, first time is chain + root
second time is cert. perm and privatekey pkcs8
after upload, destroy and let it rebuild the console proxy , after all
up, it seems https://ip-.domain in console cannot load as expected
On Wed, Jan 5, 2022 at 8:12 PM Suresh Anaparti <
suresh.anapa...@shapeblue.com> wrote:
> Hi,
>
> You can check the certificate configuration process through API/cmk here:
> https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/
>
>
> Regards,
> Suresh
>
> On 05/01/22, 4:55 PM, "Hean Seng" wrote:
>
> Any body know how to use the API to upload this cert for console proxy,
> Otherwise this 4.16 is not workable . This function seems no
> alternative to make it work
>
>
>
>
> On Mon, Jan 3, 2022 at 4:08 PM Hean Seng wrote:
>
> > Is there anyway to manual update it before 4.16.1 release ,
> otherwise the
> > SSL cannot be install.
> >
> > On Mon, Jan 3, 2022 at 3:06 PM Suresh Anaparti <
> > suresh.anapa...@shapeblue.com> wrote:
> >
> >> Good, thanks for the update Pearl!
> >>
> >>
> >> Regards,
> >> Suresh
> >>
> >> On 03/01/22, 12:31 PM, "Pearl d'Silva"
> >> wrote:
> >>
> >> Hi,
> >>
> >> This seems to be an issue in 4.16.0 but has been addressed with:
> >> https://github.com/apache/cloudstack/pull/5682/ and should be
> available
> >> in 4.16.1.
> >>
> >> Thanks,
> >> Pearl
> >>
> >> [
> >>
> https://opengraph.githubassets.com/a85d63087cbc026a03525dcc5d491e900913e0ad6e2b09a6dd8eb27f392c60a8/apache/cloudstack/pull/5682
> >> ]<https://github.com/apache/cloudstack/pull/5682/>
> >> UI : Fix SSL certificate submit button not working by dhslove ·
> Pull
> >> Request #5682 · apache/cloudstack<
> >> https://github.com/apache/cloudstack/pull/5682/>
> >> Description This PR fixes an issue where clicking the Submit
> button
> >> in the SSL Certificates dialog in the Infrastructure Summary UI did
> not
> >> work. Types of changes Breaking change (fix o...
> >> github.com
> >>
> >>
> >>
> >> From: Deepak Kumar
> >> Sent: Monday, January 3, 2022 12:23 PM
> >> To: users@cloudstack.apache.org
> >> Subject: Re: Cloudstack 4.16 - GUI unable to submit SSL
> >>
> >> Hi Hean Seng,
> >>
> >> I am facing the same issue.
> >>
> >> Thanks & Regards,
> >> Deepak Kumar
> >> IndiQus Global Technical Support
> >> www.indiqus.com<http://www.indiqus.com>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> On Sun, Jan 2, 2022 at 11:55 PM Hean Seng
> wrote:
> >>
> >> > Hi
> >> >
> >> > I am using Cloudstack 4.16 , Ubuntu 20 for Mgmt server.
> >> >
> >> > Infrastructure ->. Summary -> SSL Certification
> >> >
> >> > Entering all the SSL detail, and click submit , but the
> click has
> >> no
> >> > responding .
> >> > Clecking the MGMT log, and nothing seems processed .
> >> >
> >> > Tried on both Chrome, Safari and same issue .
> >> > Tried the same SSL to Cloudstack 4.15 , and it has no issue
> >> submitting the
> >> > SSL
> >> >
> >> > Anybody facing the same issue ?
> >> >
> >> >
> >> > --
> >> > Regards,
> >> > Hean Seng
> >>
Re: Cloudstack 4.16 - GUI unable to submit SSL
Any body know how to use the API to upload this cert for console proxy, Otherwise this 4.16 is not workable . This function seems no alternative to make it work On Mon, Jan 3, 2022 at 4:08 PM Hean Seng wrote: > Is there anyway to manual update it before 4.16.1 release , otherwise the > SSL cannot be install. > > On Mon, Jan 3, 2022 at 3:06 PM Suresh Anaparti < > suresh.anapa...@shapeblue.com> wrote: > >> Good, thanks for the update Pearl! >> >> >> Regards, >> Suresh >> >> On 03/01/22, 12:31 PM, "Pearl d'Silva" >> wrote: >> >> Hi, >> >> This seems to be an issue in 4.16.0 but has been addressed with: >> https://github.com/apache/cloudstack/pull/5682/ and should be available >> in 4.16.1. >> >> Thanks, >> Pearl >> >> [ >> https://opengraph.githubassets.com/a85d63087cbc026a03525dcc5d491e900913e0ad6e2b09a6dd8eb27f392c60a8/apache/cloudstack/pull/5682 >> ]<https://github.com/apache/cloudstack/pull/5682/> >> UI : Fix SSL certificate submit button not working by dhslove · Pull >> Request #5682 · apache/cloudstack< >> https://github.com/apache/cloudstack/pull/5682/> >> Description This PR fixes an issue where clicking the Submit button >> in the SSL Certificates dialog in the Infrastructure Summary UI did not >> work. Types of changes Breaking change (fix o... >> github.com >> >> >> >> From: Deepak Kumar >> Sent: Monday, January 3, 2022 12:23 PM >> To: users@cloudstack.apache.org >> Subject: Re: Cloudstack 4.16 - GUI unable to submit SSL >> >> Hi Hean Seng, >> >> I am facing the same issue. >> >> Thanks & Regards, >> Deepak Kumar >> IndiQus Global Technical Support >> www.indiqus.com<http://www.indiqus.com> >> >> >> >> >> >> >> >> >> On Sun, Jan 2, 2022 at 11:55 PM Hean Seng wrote: >> >> > Hi >> > >> > I am using Cloudstack 4.16 , Ubuntu 20 for Mgmt server. >> > >> > Infrastructure ->. Summary -> SSL Certification >> > >> > Entering all the SSL detail, and click submit , but the click has >> no >> > responding . >> > Clecking the MGMT log, and nothing seems processed . >> > >> > Tried on both Chrome, Safari and same issue . >> > Tried the same SSL to Cloudstack 4.15 , and it has no issue >> submitting the >> > SSL >> > >> > Anybody facing the same issue ? >> > >> > >> > -- >> > Regards, >> > Hean Seng >> > >> >> -- >> This message is intended only for the use of the individual or entity >> to >> which it is addressed and may contain confidential and/or privileged >> information. If you are not the intended recipient, please delete the >> original message and any copy of it from your computer system. You are >> hereby notified that any dissemination, distribution or copying of >> this >> communication is strictly prohibited unless proper authorization has >> been >> obtained for such action. If you have received this communication in >> error, >> please notify the sender immediately. Although IndiQus attempts to >> sweep >> e-mail and attachments for viruses, it does not guarantee that both >> are >> virus-free and accepts no liability for any damage sustained as a >> result of >> viruses. >> >> > > -- > Regards, > Hean Seng > -- Regards, Hean Seng
Re: Cloudstack 4.16 - GUI unable to submit SSL
Is there anyway to manual update it before 4.16.1 release , otherwise the SSL cannot be install. On Mon, Jan 3, 2022 at 3:06 PM Suresh Anaparti < suresh.anapa...@shapeblue.com> wrote: > Good, thanks for the update Pearl! > > > Regards, > Suresh > > On 03/01/22, 12:31 PM, "Pearl d'Silva" > wrote: > > Hi, > > This seems to be an issue in 4.16.0 but has been addressed with: > https://github.com/apache/cloudstack/pull/5682/ and should be available > in 4.16.1. > > Thanks, > Pearl > > [ > https://opengraph.githubassets.com/a85d63087cbc026a03525dcc5d491e900913e0ad6e2b09a6dd8eb27f392c60a8/apache/cloudstack/pull/5682 > ]<https://github.com/apache/cloudstack/pull/5682/> > UI : Fix SSL certificate submit button not working by dhslove · Pull > Request #5682 · apache/cloudstack< > https://github.com/apache/cloudstack/pull/5682/> > Description This PR fixes an issue where clicking the Submit button in > the SSL Certificates dialog in the Infrastructure Summary UI did not work. > Types of changes Breaking change (fix o... > github.com > > > > From: Deepak Kumar > Sent: Monday, January 3, 2022 12:23 PM > To: users@cloudstack.apache.org > Subject: Re: Cloudstack 4.16 - GUI unable to submit SSL > > Hi Hean Seng, > > I am facing the same issue. > > Thanks & Regards, > Deepak Kumar > IndiQus Global Technical Support > www.indiqus.com<http://www.indiqus.com> > > > > > > > > > On Sun, Jan 2, 2022 at 11:55 PM Hean Seng wrote: > > > Hi > > > > I am using Cloudstack 4.16 , Ubuntu 20 for Mgmt server. > > > > Infrastructure ->. Summary -> SSL Certification > > > > Entering all the SSL detail, and click submit , but the click has no > > responding . > > Clecking the MGMT log, and nothing seems processed . > > > > Tried on both Chrome, Safari and same issue . > > Tried the same SSL to Cloudstack 4.15 , and it has no issue > submitting the > > SSL > > > > Anybody facing the same issue ? > > > > > > -- > > Regards, > > Hean Seng > > > > -- > This message is intended only for the use of the individual or entity > to > which it is addressed and may contain confidential and/or privileged > information. If you are not the intended recipient, please delete the > original message and any copy of it from your computer system. You are > hereby notified that any dissemination, distribution or copying of this > communication is strictly prohibited unless proper authorization has > been > obtained for such action. If you have received this communication in > error, > please notify the sender immediately. Although IndiQus attempts to > sweep > e-mail and attachments for viruses, it does not guarantee that both are > virus-free and accepts no liability for any damage sustained as a > result of > viruses. > > -- Regards, Hean Seng
Cloudstack 4.16 - GUI unable to submit SSL
Hi I am using Cloudstack 4.16 , Ubuntu 20 for Mgmt server. Infrastructure ->. Summary -> SSL Certification Entering all the SSL detail, and click submit , but the click has no responding . Clecking the MGMT log, and nothing seems processed . Tried on both Chrome, Safari and same issue . Tried the same SSL to Cloudstack 4.15 , and it has no issue submitting the SSL Anybody facing the same issue ? -- Regards, Hean Seng
Re: DDoS protection
Hi I suppose this is not related to Cloudstack. You need to Network Provider that support DDOS protection On Sun, Oct 31, 2021 at 2:40 AM Ranjit Jadhav wrote: > Hello, > > What are options available for DDoS protection which we can integrate with > Cloudstack? > > Thank you, > Ranjit > -- Regards, Hean Seng
Re: Experience with clustered/shared filesystems based on SAN storage on KVM?
Hi For CEPH, it is not expected to have all power down, or a sudden of power down, for a proper data center environment. NFS is good, however other then the high availability limitation of it, NFS is filesystem formatted at storage end, This indeed may cause to very high CPU usage of Storage server if the IO requirement is high for VM. Performance issues may occur if this happens. This especially if you hosted database server and Email server, which require a lot of write of a small files . ISCSI and SANS is better for block storage requirement. However in this Cloudstack support of this ISCSI or SANS, it can only configure as local storage, Cluster Filesystem is nightmare . On Sat, Oct 30, 2021 at 3:35 AM Mauro Ferraro - G2K Hosting < mferr...@g2khosting.com> wrote: > Ignazio, many thanks for your feedback. > > In the past we try ceph and it works great, until an electrical outage > broken it and we don't want to continue with this technology at least at > it get better or we can geo replicate it in othe site. Other thing is, > when something big occurs ceph take a lot of time to recovery and > repair, so this will leave you offline until the process finish, but you > never know if your information is safe until finish, we can say, is not. > For a cluster of replica 3, of 80TB it can take a week or more. This is > not an option for us. > > Previusly we use NFS as separated primary storages, and now we still > with NFS until we get a replacement. NFS is great too, because you can > get an stable solution with KVM and QCOW2, if something happends you > have lot of chances of start all again with low risk of degradation. You > can start all again in hours. The main problem is the performance > bottleneck and high availability of the VMs at storage side. > > That is the main reason we want to test linstor, because it promise some > features, like replication with DRDB, HA, and performance all in one. At > this point we cannot finish the configuration in ACS 4.16 RC2, because > there is not documentation and we are having some problem with Linstor, > ZFS and ACS that we are not able to discover. > > What solution recommends for a ACS cluster for deploy aprox 1000 VMs?. > > Regards, > > Mauro > > El 29/10/2021 a las 15:56, Ignazio Cassano escribió: > > Hi Mauro, what would you like to store on the clustered file system ? > > If you want use it for virtual machine disks I think nfs is a good > > solution. > > Clustered file system could be used if your virtualization nodes have > > a lot of disks. > > I usually I prefer use a nas or a San. > > If you have a San you can use iscsi with clustered logical volumes. > > Each logical volume can host a virtual machine volume and clustered > > lvm can handle locks. > > Ignazio > > > > > > > > Il Gio 28 Ott 2021, 14:02 Mauro Ferraro - G2K Hosting > > ha scritto: > > > > Hi, > > > > We are trying to make a lab with ACS 4.16 and Linstor. As soon as we > > finish the tests we can give you some approach for the results. Are > > someone already try this technology?. > > > > Regards, > > > > El 28/10/2021 a las 02:34, Pratik Chandrakar escribió: > > > Since NFS alone doesn't offer HA. What do you recommend for HA NFS? > > > > > > On Thu, Oct 28, 2021 at 7:37 AM Hean Seng > > wrote: > > > > > >> I have similar consideration when start exploring Cloudstack , > > but in > > >> reality Clustered Filesystem is not easy to maintain. You > > seems have > > >> choice of OCFS or GFS2 , gfs2 is hard to maintain and in > > redhat , ocfs > > >> recently only maintained in oracle linux. I believe you do not > > want to > > >> choose solution that is very propriety . Thus just SAN or > > ISCSI o is not > > >> really a direct solution here , except you want to encapsulate > > it in NFS > > >> and facing Cloudstack Storage. > > >> > > >> It work good on CEPH and NFS , but performance wise, NFS is > > better . And > > >> all documentation and features you saw in Cloudstack , it work > > perfectly > > >> on NFS. > > >> > > >> If you choose CEPH, may be you have to compensate with some > > performance > > >> degradation, > > >> > > >> > > >> > > >> On Thu, Oct 28, 2021 at 12:44 AM Leandro Mendes > > > > >> wrote: > > >> >
Re: Experience with clustered/shared filesystems based on SAN storage on KVM?
Hi Vivek Which part of XCP xen better then KVM ? Performance ?Is tht NFS for XCP also ? On Fri, Oct 29, 2021 at 4:14 PM Vivek Kumar wrote: > I have been using GFS2 with shared mount point in production KVM since > long, Trust me you need to have an expert to manage your whole cluster > otherwise it becomes very hard to manage, NFS works pretty fine with KVM, > if you are planning to use ISCSi or FC, XenServer/XCP and VMware works far > far better then KVM and very easy to manage. > > > > > Vivek Kumar > Sr. Manager - Cloud & DevOps > IndiQus Technologies > M +91 7503460090 > www.indiqus.com > > > > > > On 29-Oct-2021, at 1:14 PM, Hean Seng wrote: > > > > For primitive way for NFS HA, you can consider is just using DRDB . > > > > I think is not yet supported linstor here. > > > > > > > > On Fri, Oct 29, 2021 at 2:29 PM Piotr Pisz wrote: > > > >> Hi > >> > >> So we plan to use linstor in parallel to ceph as a fast resource on nvme > >> cards. > >> Its advantage is that it natively supports zfs with deduplication and > >> compression :-) > >> The test results were more than passable. > >> > >> Regards, > >> Piotr > >> > >> > >> -Original Message- > >> From: Mauro Ferraro - G2K Hosting > >> Sent: Thursday, October 28, 2021 2:02 PM > >> To: users@cloudstack.apache.org; Pratik Chandrakar < > >> chandrakarpra...@gmail.com> > >> Subject: Re: Experience with clustered/shared filesystems based on SAN > >> storage on KVM? > >> > >> Hi, > >> > >> We are trying to make a lab with ACS 4.16 and Linstor. As soon as we > >> finish the tests we can give you some approach for the results. Are > someone > >> already try this technology?. > >> > >> Regards, > >> > >> El 28/10/2021 a las 02:34, Pratik Chandrakar escribió: > >>> Since NFS alone doesn't offer HA. What do you recommend for HA NFS? > >>> > >>> On Thu, Oct 28, 2021 at 7:37 AM Hean Seng wrote: > >>> > >>>> I have similar consideration when start exploring Cloudstack , but > >>>> in reality Clustered Filesystem is not easy to maintain. You seems > >>>> have choice of OCFS or GFS2 , gfs2 is hard to maintain and in redhat > >>>> , ocfs recently only maintained in oracle linux. I believe you do > not > >> want to > >>>> choose solution that is very propriety . Thus just SAN or ISCSI o is > >> not > >>>> really a direct solution here , except you want to encapsulate it in > >>>> NFS and facing Cloudstack Storage. > >>>> > >>>> It work good on CEPH and NFS , but performance wise, NFS is better . > >>>> And all documentation and features you saw in Cloudstack , it work > >>>> perfectly on NFS. > >>>> > >>>> If you choose CEPH, may be you have to compensate with some > >>>> performance degradation, > >>>> > >>>> > >>>> > >>>> On Thu, Oct 28, 2021 at 12:44 AM Leandro Mendes > >>>> > >>>> wrote: > >>>> > >>>>> I've been using Ceph in prod for volumes for some time. Note that > >>>> although > >>>>> I had several cloudstack installations, this one runs on top of > >>>>> Cinder, but it basic translates as libvirt and rados. > >>>>> > >>>>> It is totally stable and performance IMHO is enough for virtualized > >>>>> services. > >>>>> > >>>>> IO might suffer some penalization due the data replication inside > Ceph. > >>>>> Elasticsearch for instance, the degradation would be a bit worse as > >>>>> there is replication also in the application size, but IMHO, unless > >>>>> you need extreme low latency it would be ok. > >>>>> > >>>>> > >>>>> Best, > >>>>> > >>>>> Leandro. > >>>>> > >>>>> On Thu, Oct 21, 2021, 11:20 AM Brussk, Michael < > >>>> michael.bru...@nttdata.com > >>>>> wrote: > >>>>> > >>>>>> Hello community, > >>>>>> > >>>>>> today I need your experience and knowhow about clustered/shared > >>>>>> filesystems based on SAN storage to be used with KVM. > >>>>>> We need to consider about a clustered/shared filesystem based on > >>>>>> SAN storage (no NFS or iSCSI), but do not have any knowhow or > >>>>>> experience > >>>> with > >>>>>> this. > >>>>>> Those I would like to ask if there any productive used environments > >>>>>> out there based on SAN storage on KVM? > >>>>>> If so, which clustered/shared filesystem you are using and how is > >>>>>> your experience with that (stability, reliability, maintainability, > >>>>> performance, > >>>>>> useability,...)? > >>>>>> Furthermore, if you had already to consider in the past between SAN > >>>>>> storage or CEPH, I would also like to participate on your > >>>> considerations > >>>>>> and results :) > >>>>>> > >>>>>> Regards, > >>>>>> Michael > >>>>>> > >>>> > >>>> -- > >>>> Regards, > >>>> Hean Seng > >>>> > >>> > >> > >> > > > > -- > > Regards, > > Hean Seng > > -- Regards, Hean Seng
Re: Experience with clustered/shared filesystems based on SAN storage on KVM?
For primitive way for NFS HA, you can consider is just using DRDB . I think is not yet supported linstor here. On Fri, Oct 29, 2021 at 2:29 PM Piotr Pisz wrote: > Hi > > So we plan to use linstor in parallel to ceph as a fast resource on nvme > cards. > Its advantage is that it natively supports zfs with deduplication and > compression :-) > The test results were more than passable. > > Regards, > Piotr > > > -Original Message- > From: Mauro Ferraro - G2K Hosting > Sent: Thursday, October 28, 2021 2:02 PM > To: users@cloudstack.apache.org; Pratik Chandrakar < > chandrakarpra...@gmail.com> > Subject: Re: Experience with clustered/shared filesystems based on SAN > storage on KVM? > > Hi, > > We are trying to make a lab with ACS 4.16 and Linstor. As soon as we > finish the tests we can give you some approach for the results. Are someone > already try this technology?. > > Regards, > > El 28/10/2021 a las 02:34, Pratik Chandrakar escribió: > > Since NFS alone doesn't offer HA. What do you recommend for HA NFS? > > > > On Thu, Oct 28, 2021 at 7:37 AM Hean Seng wrote: > > > >> I have similar consideration when start exploring Cloudstack , but > >> in reality Clustered Filesystem is not easy to maintain. You seems > >> have choice of OCFS or GFS2 , gfs2 is hard to maintain and in redhat > >> , ocfs recently only maintained in oracle linux. I believe you do not > want to > >> choose solution that is very propriety . Thus just SAN or ISCSI o is > not > >> really a direct solution here , except you want to encapsulate it in > >> NFS and facing Cloudstack Storage. > >> > >> It work good on CEPH and NFS , but performance wise, NFS is better . > >> And all documentation and features you saw in Cloudstack , it work > >> perfectly on NFS. > >> > >> If you choose CEPH, may be you have to compensate with some > >> performance degradation, > >> > >> > >> > >> On Thu, Oct 28, 2021 at 12:44 AM Leandro Mendes > >> > >> wrote: > >> > >>> I've been using Ceph in prod for volumes for some time. Note that > >> although > >>> I had several cloudstack installations, this one runs on top of > >>> Cinder, but it basic translates as libvirt and rados. > >>> > >>> It is totally stable and performance IMHO is enough for virtualized > >>> services. > >>> > >>> IO might suffer some penalization due the data replication inside Ceph. > >>> Elasticsearch for instance, the degradation would be a bit worse as > >>> there is replication also in the application size, but IMHO, unless > >>> you need extreme low latency it would be ok. > >>> > >>> > >>> Best, > >>> > >>> Leandro. > >>> > >>> On Thu, Oct 21, 2021, 11:20 AM Brussk, Michael < > >> michael.bru...@nttdata.com > >>> wrote: > >>> > >>>> Hello community, > >>>> > >>>> today I need your experience and knowhow about clustered/shared > >>>> filesystems based on SAN storage to be used with KVM. > >>>> We need to consider about a clustered/shared filesystem based on > >>>> SAN storage (no NFS or iSCSI), but do not have any knowhow or > >>>> experience > >> with > >>>> this. > >>>> Those I would like to ask if there any productive used environments > >>>> out there based on SAN storage on KVM? > >>>> If so, which clustered/shared filesystem you are using and how is > >>>> your experience with that (stability, reliability, maintainability, > >>> performance, > >>>> useability,...)? > >>>> Furthermore, if you had already to consider in the past between SAN > >>>> storage or CEPH, I would also like to participate on your > >> considerations > >>>> and results :) > >>>> > >>>> Regards, > >>>> Michael > >>>> > >> > >> -- > >> Regards, > >> Hean Seng > >> > > > > -- Regards, Hean Seng
Re: Experience with clustered/shared filesystems based on SAN storage on KVM?
I have similar consideration when start exploring Cloudstack , but in reality Clustered Filesystem is not easy to maintain. You seems have choice of OCFS or GFS2 , gfs2 is hard to maintain and in redhat , ocfs recently only maintained in oracle linux. I believe you do not want to choose solution that is very propriety . Thus just SAN or ISCSI o is not really a direct solution here , except you want to encapsulate it in NFS and facing Cloudstack Storage. It work good on CEPH and NFS , but performance wise, NFS is better . And all documentation and features you saw in Cloudstack , it work perfectly on NFS. If you choose CEPH, may be you have to compensate with some performance degradation, On Thu, Oct 28, 2021 at 12:44 AM Leandro Mendes wrote: > I've been using Ceph in prod for volumes for some time. Note that although > I had several cloudstack installations, this one runs on top of Cinder, > but it basic translates as libvirt and rados. > > It is totally stable and performance IMHO is enough for virtualized > services. > > IO might suffer some penalization due the data replication inside Ceph. > Elasticsearch for instance, the degradation would be a bit worse as there > is replication also in the application size, but IMHO, unless you need > extreme low latency it would be ok. > > > Best, > > Leandro. > > On Thu, Oct 21, 2021, 11:20 AM Brussk, Michael > > wrote: > > > Hello community, > > > > today I need your experience and knowhow about clustered/shared > > filesystems based on SAN storage to be used with KVM. > > We need to consider about a clustered/shared filesystem based on SAN > > storage (no NFS or iSCSI), but do not have any knowhow or experience with > > this. > > Those I would like to ask if there any productive used environments out > > there based on SAN storage on KVM? > > If so, which clustered/shared filesystem you are using and how is your > > experience with that (stability, reliability, maintainability, > performance, > > useability,...)? > > Furthermore, if you had already to consider in the past between SAN > > storage or CEPH, I would also like to participate on your considerations > > and results :) > > > > Regards, > > Michael > > > -- Regards, Hean Seng
Re: Root disk resizing
I am confirmed Ubuntu 20. 18 . 16, Debian 11, 10 9 . CentOS 8 7 , FreeBSD 13, Fedora 34 , all has been tested with no issue for resizing root partition . On Mon, Oct 11, 2021 at 8:31 PM Wei ZHOU wrote: > I checked a ubuntu 18.04 template in my testing environment. > The root partition can be resized automatically after volume resize. > It has installed cloud-init 20.3-2 and cloud-guest-utils 0.30 > > -Wei > > On Mon, 11 Oct 2021 at 11:06, Wido den Hollander wrote: > > > > > > > On 10/10/21 10:35 AM, Ranjit Jadhav wrote: > > > Hello folks, > > > > > > I have implemented cloudstack with Xenserver Host. The template has > been > > > made out of VM with basic centos 7 and following package installed on > it > > > > > > sudo yum -y cloud-init > > > sudo yum -y install cloud-utils-growpart > > > sudo yum -y install gdisk > > > > > > > > > After creating new VM with this template, root disk is created as per > > size > > > mention in template or we are able to increase it at them time of > > creation. > > > > > > But later when we try to increase root disk again, it increases disk > > space > > > but "/" partiton do not get autoresize. > > > > > > > As far as I know it only grows the partition once, eg, upon first boot. > > I won't do it again afterwards. > > > > Wido > > > > > > > > Following parameters were passed in userdata > > > > > > #cloud-config > > > growpart: > > > mode: auto > > > devices: ["/"] > > > ignore_growroot_disabled: true > > > > > > > > > Thanks & Regards, > > > Ranjit > > > > > > -- Regards, Hean Seng
Re: Adding OS Type
So recommendation is choose , Debian 10 Os Type, but the OS is on Debian 11 ? On Thu, Sep 23, 2021 at 4:35 PM Andrija Panic wrote: > When you add a new OS type to ACS - your upgrade to next ACS version will > break (due to DB IDs being hardcoded in the upgrade paths/files) > > DO NOT add a new OS type, unless your hypervisor has introduced some major > improvements in e.g. Ubuntu 20 vs Ubuntu 18 - just use the newest OS type > (if really installing Ubuntu 20.04, then use e.g. 18.04) > > Consider yourself warned in regards to failure in future upgrades :) > > Best, > > On Wed, 22 Sept 2021 at 22:34, Wei ZHOU wrote: > > > Hi Hean, > > > > The details are not applicable for kvm. I do not know why it is required. > > you can use the same details as other guest os > > > > xenserver.dynamicMin = 536870912 > > xenserver.dynamicMax = 137438953472 > > > > I suggest you NOT add a new guest os if you use 4.15.0.0 or older > versions, > > because the upgrade sql from 4.15.0.0 to 4.15.1.0 have hardcoded id for > > some guest os. > > no issue with 4.15.1.0 or 4.15.2.0. > > > > -Wei > > > > On Wed, 22 Sept 2021 at 22:09, Hean Seng wrote: > > > > > Hi > > > > > > Do you know what is addGuestOS Details (*Map of (key/value pairs))**. > > > *refer > > > to? > > > > > > This compulsory field, and do not know what it means . I am using KVM > , > > > the API doc did not explain on i t. > > > > > > > > > > > > > > > > > > > > > > > > On Mon, Sep 20, 2021 at 3:48 PM Hean Seng wrote: > > > > > > > How about is that possible to change the OSType for existing > > > > Uploaed Template. > > > > > > > > Currently we upload Ubuntu 20 type Other Ubuntu , after added the > New > > > > OS, with to change to Proper OS Type > > > > > > > > On Mon, Sep 20, 2021 at 3:46 PM Hean Seng > wrote: > > > > > > > >> Thanks for this info. Overlook on this API. > > > >> > > > >> On Mon, Sep 20, 2021 at 2:13 PM Daan Hoogland < > > daan.hoogl...@gmail.com> > > > >> wrote: > > > >> > > > >>> yes, there are some APIs to aid with that: > > > >>> http://cloudstack.apache.org/api/apidocs-4.15/apis/addGuestOs.html > > > >>> > > > > > > http://cloudstack.apache.org/api/apidocs-4.15/apis/addGuestOsMapping.html > > > >>> > > > >>> On Mon, Sep 20, 2021 at 3:25 AM Hean Seng > > wrote: > > > >>> > > > >>> > Hi > > > >>> > > > > >>> > Is there any way to add OS Type in ACS template ? Currently > using > > > >>> 4.15 > > > >>> > > > > >>> > We need to add in as new OS is coming out , eg Debian 11, > Ubuntu > > 20 > > > >>> etc. > > > >>> > > > > >>> > > > > >>> > -- > > > >>> > Regards, > > > >>> > Hean Seng > > > >>> > > > > >>> > > > >>> > > > >>> -- > > > >>> Daan > > > >>> > > > >> > > > >> > > > >> -- > > > >> Regards, > > > >> Hean Seng > > > >> > > > > > > > > > > > > -- > > > > Regards, > > > > Hean Seng > > > > > > > > > > > > > -- > > > Regards, > > > Hean Seng > > > > > > > > -- > > Andrija Panić > -- Regards, Hean Seng
Re: Adding OS Type
Hi Do you know what is addGuestOS Details (*Map of (key/value pairs))**. *refer to? This compulsory field, and do not know what it means . I am using KVM , the API doc did not explain on i t. On Mon, Sep 20, 2021 at 3:48 PM Hean Seng wrote: > How about is that possible to change the OSType for existing > Uploaed Template. > > Currently we upload Ubuntu 20 type Other Ubuntu , after added the New > OS, with to change to Proper OS Type > > On Mon, Sep 20, 2021 at 3:46 PM Hean Seng wrote: > >> Thanks for this info. Overlook on this API. >> >> On Mon, Sep 20, 2021 at 2:13 PM Daan Hoogland >> wrote: >> >>> yes, there are some APIs to aid with that: >>> http://cloudstack.apache.org/api/apidocs-4.15/apis/addGuestOs.html >>> http://cloudstack.apache.org/api/apidocs-4.15/apis/addGuestOsMapping.html >>> >>> On Mon, Sep 20, 2021 at 3:25 AM Hean Seng wrote: >>> >>> > Hi >>> > >>> > Is there any way to add OS Type in ACS template ? Currently using >>> 4.15 >>> > >>> > We need to add in as new OS is coming out , eg Debian 11, Ubuntu 20 >>> etc. >>> > >>> > >>> > -- >>> > Regards, >>> > Hean Seng >>> > >>> >>> >>> -- >>> Daan >>> >> >> >> -- >> Regards, >> Hean Seng >> > > > -- > Regards, > Hean Seng > -- Regards, Hean Seng
Re: Adding OS Type
How about is that possible to change the OSType for existing Uploaed Template. Currently we upload Ubuntu 20 type Other Ubuntu , after added the New OS, with to change to Proper OS Type On Mon, Sep 20, 2021 at 3:46 PM Hean Seng wrote: > Thanks for this info. Overlook on this API. > > On Mon, Sep 20, 2021 at 2:13 PM Daan Hoogland > wrote: > >> yes, there are some APIs to aid with that: >> http://cloudstack.apache.org/api/apidocs-4.15/apis/addGuestOs.html >> http://cloudstack.apache.org/api/apidocs-4.15/apis/addGuestOsMapping.html >> >> On Mon, Sep 20, 2021 at 3:25 AM Hean Seng wrote: >> >> > Hi >> > >> > Is there any way to add OS Type in ACS template ? Currently using 4.15 >> > >> > We need to add in as new OS is coming out , eg Debian 11, Ubuntu 20 >> etc. >> > >> > >> > -- >> > Regards, >> > Hean Seng >> > >> >> >> -- >> Daan >> > > > -- > Regards, > Hean Seng > -- Regards, Hean Seng
Re: Adding OS Type
Thanks for this info. Overlook on this API. On Mon, Sep 20, 2021 at 2:13 PM Daan Hoogland wrote: > yes, there are some APIs to aid with that: > http://cloudstack.apache.org/api/apidocs-4.15/apis/addGuestOs.html > http://cloudstack.apache.org/api/apidocs-4.15/apis/addGuestOsMapping.html > > On Mon, Sep 20, 2021 at 3:25 AM Hean Seng wrote: > > > Hi > > > > Is there any way to add OS Type in ACS template ? Currently using 4.15 > > > > We need to add in as new OS is coming out , eg Debian 11, Ubuntu 20 > etc. > > > > > > -- > > Regards, > > Hean Seng > > > > > -- > Daan > -- Regards, Hean Seng
Adding OS Type
Hi Is there any way to add OS Type in ACS template ? Currently using 4.15 We need to add in as new OS is coming out , eg Debian 11, Ubuntu 20 etc. -- Regards, Hean Seng
Re: High increase in bandwidth usage
This should not happen, Cloudstack Is just web application, it does not consume any bandwidth . The one consume bandwidth is the VM inside . On Wed, Sep 8, 2021 at 10:52 PM Alex Mattioli wrote: > Hi, > > That would be bandwidth between which hosts? Also, what exactly would > you call normal and excessive bandwidth usage? > > Regards > Alex > > > > > -Original Message- > From: Saurabh Rapatwar > Sent: 08 September 2021 16:46 > To: users@cloudstack.apache.org > Cc: d...@cloudstack.apache.org > Subject: Re: High increase in bandwidth usage > > Hi > > I am facing the same problem. Please suggest any solution group members. > > Thanks in advance > > On Tue, 7 Sep, 2021, 11:30 pm R R, wrote: > > > I installed a cloudstack server on a bare metal server (all in one > > installation). The bandwidth usage was normal. After a couple days, > > the bandwidth usage was very high, got several emails as well from the > > DC. I tried to limit it using wondershaper. Worked for a while, but > > then I was locked out of the machine. Couldn't ssh into the machine. > > Had to format the machine. > > > > The same thing happened again. I am able to ssh into the system for > > now, bandwidth usage is high, cloudstack server isn't responding. > > Attaching ss of cloudstack management server logs. > > > > Please address me if I am doing something wrong, or the solution to > > this problem. > > > -- Regards, Hean Seng
Re: [DISCUSS] SystemVM template upgrade improvements
This is good idea. Or else , we shall allow manual upload via. GUI, and mark for system template . On Wed, Sep 1, 2021 at 9:08 PM Pearl d'Silva wrote: > I probably missed adding the PR link to the feature - > https://github.com/apache/cloudstack/pull/4329. Please do provide you > inputs. > > > Thanks, > Pearl > > > From: Pearl d'Silva > Sent: Wednesday, September 1, 2021 5:49 PM > To: d...@cloudstack.apache.org > Subject: [DISCUSS] SystemVM template upgrade improvements > > Hi All, > > We have been working on a feature that simplifies SystemVM template > install and upgrades for CloudStack. Historically we've required users to > seed the template on secondary storage during fresh installation and > register the template before an upgrade - this really does not make > CloudStack turnkey, as we end up maintaining and managing them as a > separate component - for example, users can't simply do an apt-get upgrade > or yum upgrade to upgrade CloudStack. > > The feature works by automatically initiating registration of the SystemVM > templates during upgrades or when the first secondary storage is added to a > zone where the SystemVM template hasn't been seeded. This feature addresses > several operational pain points for example, when the admin user forgets to > register the SystemVM template prior to an upgrade and faces the issue of > having to roll back the database midway during the upgrade process. With > this feature the upgrade process is seamless, such that the end users do > not need to worry about having to perform template registration, but rather > have the upgrade process take care of everything that is required. > > In order to facilitate this feature, the SystemVM templates have to be > bundled with the cloudstack-management rpm/deb package which causes the > total noredist cloudstack-management package size to increase to about > 1.6GB. We currently are packaging templates of only the three widely > supported hypervisors - KVM, XenServer/XCP-ng and VMWare. > (These templates are only packaged if the build is initiated with the > noredist flag.) > > We'd like to get your opinion on this idea. > > Thanks & Regards, > Pearl Dsilva > > > > > > > -- Regards, Hean Seng
Step for recover from fail
Hi We need to prepare for system fail and recovery process . Is that correct for following steps: 1) Fresh Install of Cloudstack 2) Restore the DB table from dump that previously saved ( cloud database) is that correct ? Is that anything I need to take concern of ? -- Regards, Hean Seng
Re: IPV6 in Isolated/VPC networks
p to have it reconfigure
> IPv4 nics, firewall, NAT etc
>
> *
> Next, I created a /64 network for the isolated guest network on eth0 of VR
> using radvd:
>
> # cat /etc/radvd.conf
> interface eth0
> {
> AdvSendAdvert on;
> MinRtrAdvInterval 5;
> MaxRtrAdvInterval 15;
> prefix 2001:470:ed36:1::/64
> {
> AdvOnLink on;
> AdvAutonomous on;
> };
> };
> systemctl restart radvd
> All guest VMs nics and VR's eth0 gets IPv6 address (SLAAC) in this
> ...:1::/64 network
> * Finally I added a static route in toy core-router for the new /64
> IPv6 range in the isolated network
> 2001:470:ed36:1::/64 via dev
>
> *
> ... and I enabled firewall rules to allow any traffic to pass for the new
> /64 network
>
> And voila all done! I create a domain record that points to my guest
> VM IPv6 address a test webserver on
> http://ipv6-isolated-ntwk-demo.yadav.cloud/
>
> (Note: I'll get rid of the tunnel and request a new /48 block after a few
> days, sharing this solely for testing purposes)
>
>
> Regards.
>
>
> From: Wido den Hollander
> Sent: Tuesday, July 20, 2021 12:46
> To: d...@cloudstack.apache.org
> Subject: Re: IPV6 in Isolated/VPC networks
>
>
>
> Op 19-07-2021 om 20:38 schreef Kristaps Cudars:
> > Hi Wido,
> >
> > I assume that flouting ip will not work grate with ingress/egress acl on
> VR.
> >
> > From regular ACS user perspective:
> > I have Instance with dualstack its running web app on 443.
> > I want to swap instances for whatever reason.
> > In case of IPv4 change d-nat rule.
> > In case of IPv6 if flouting IP was not created upfront he will need to
> change dns entry that usually has 24h ttl. Inconvenience degradation in
> experience.
> >
>
> Yes, but, keep in mind that the IP you are using can also be terminated
> on the VR where HAProxy proxies request to the backend VM (could even be
> v4!)
>
> I'm not against DHCPv6, but I have seen many issues with implementing
> it. Therefor I always stick to SLAAC.
>
> > From ACS admin perspective:
> > I don’t want to have these tickets in helpdesk.
> > You needed to create another flouting IP that it would be seamless- will
> not work as answer.
> >
>
> I understand that as well.
>
> Wido
>
> >
> > On 2021/07/19 09:05:54, Wido den Hollander wrote:
> >>
> >>
> >> Op 16-07-2021 om 21:46 schreef Kristaps Cudars:
> >>> Hi Wido,
> >>>
> >>> Your proposal is to sacrifice ability to reassign IPv6 to instance,
> have internal domain prefix, and list/db in ACS what IPv6 has been assigned
> to what instance and go with RA and SLAAC. For route signaling to switch
> use BGP/OSPFv3 or manual pre-creation.
> >>>
> >>
> >> You can still list the IPs which have been assigned. You'll know exactly
> >> what IPv6 address a VM has because of the prefix + MAC. Privacy
> >> Extensions need to be disabled in the VM.
> >>
> >> This already works in CloudStack in Shared Networks in this way.
> >>
> >> Using secondary IPs you can always have 'floating' IPv6 addressess.
> >>
> >> Wido
> >>
> >>> Option with RA and managed flag that DHCPv6 is in use to support
> preset information and ability to create route information from ACS is not
> an option as DHCPv6 its failing?
> >>>
> >>>
> >>> On 2021/07/16 15:17:42, Wido den Hollander wrote:
> >>>>
> >>>>
> >>>> Op 16-07-2021 om 16:42 schreef Hean Seng:
> >>>>> Hi Wido,
> >>>>>
> >>>>> In current setup, each Cloudstack have own VR, so in this new IPv6
> subnet
> >>>>> allocation , each VR (which have Frr) will need to have peering with
> ISP
> >>>>> router (and either BGP or Static Route) , and there is 1000
> Acocunts, it
> >>>>> will 1000 BGP session with ISP router , Am I right for this ? or I
> >>>>> understand wrong .
> >>>>>
> >>>>
> >>>> Yes, that is correct. A /56 would also be sufficient or a /60 which is
> >>>> enough to allocate a few /64 subnets.
> >>>>
> >>>> 1000 BGP connections isn't really a problem for a proper router at the
> >>>> ISP. OSPF(v3) would be better, but as I said that's poorly supported.
> >>>>
> >>>> The ISP could also install 1000 static routes, but that means that the
> >>>&g
Re: Cloustack Usage , Start date End Date
I saw this in log, which is 5minutes 2021-08-05 17:48:06,181 INFO [cloud.usage.UsageManagerImpl] (Usage-Job-1:null) (logid:) Parsing usage records between Thu Aug 05 17:43:05 UTC 2021 and Thu Aug 05 17:48:06 UTC 2021 On Fri, Aug 6, 2021 at 1:47 AM Hean Seng wrote: > > I. suppose if define usage.stats.job.aggregation.range = 60. , it shall > means start date and end date will hav 60min , right . > > this previously no issue, which if define 60, it will start and end > date will be 60minues. However there one time, unexpecting restart the > services, and cause to not update the pid id of usage job, there > after this issue happen. > > No matter how i update usage.stats.job.aggregation.range to any value, it > will update the record fo 5 minutes (start and end date) , this cause to a > lot of record to the mysql table . And i never update this for 5minutes. > > Not sure where is bug of this and how to solve it. > > > > > On Thu, Aug 5, 2021 at 11:31 PM K B Shiv Kumar > wrote: > >> Ideally a single restart should be good enough. However I vaguely >> remember facing this issue. I faintly remember if we changed the >> usage.stats.job.exec.time to something a little ahead, it picked up >> properly after that. I don't know why, coz they ideally are not related. >> Maybe it takes the other variables into consideration on every execution >> time. >> >> PS: Here is a summary of my findings with usage server sometime(as in >> some versions back) ago. While they may not be relevant to your problem, it >> may help understand the variables better. >> >> usage.stats.job.exec.time = 00:10 >> usage.execution.timezone = >> usage.aggregation.timezone = >> usage.stats.job.aggregation.range = 60 >> usage.sanity.check.interval = 2 >> >> Additional Notes >> usage.stats.job.aggregation.range = 60 >> Aggregate usage in what period ? The above specifies aggregation every 60 >> minutes ie every hour. >> >> usage.stats.job.exec.time = 00:10 >> It seems there is a bug in the ACS usage script. Irrespective of whatever >> time you give in usage.stats.job.exec.time, it will always execute at the >> execution time zone's 00th minute that is at the fresh hour (assuming >> usage.stats.job.aggregation.range = 60). >> >> usage.execution.timezone = Asia/Kolkatta >> This basically tells the cloudstack usage when to run periodically. >> Ideally it should run periodically at the above time as per the frequency. >> For example it should run at the 10th minute IST every hour. But it won't. >> See above. >> >> usage.aggregation.timezone = >> This is important. The above values tell you what interval to aggregate. >> It also tells you when the script will run and as per what time zone the >> script run is defined (see bug). It however does not tell you how to >> aggregate. For example hour … Is it HH:00:00 to HH:59:59 ? Is it HH:30:00 >> to HH+1:29:59 ? Why not HH:07:00 to HH+1:06:59 ? That is where this value >> comes to play. It will aggregate usage from HH:00:00 to HH:59:59 as per >> this zone. Then why does my DB show strange values like HH:15:00 to >> HH+1:14:59 ? The reason is whatever be the aggregation timezone, the value >> in the DB will always be stored in UTC. >> Best Regards, >> >> K B Shiv Kumar >> IndiQus Technologies >> >> > On 05-Aug-2021, at 20:18, Hean Seng wrote: >> > >> > Yes, both had restarted . Shall I restart both again ? >> > >> > On Thu, Aug 5, 2021 at 1:19 PM Sudharma Jain >> wrote: >> > >> >> Hi, >> >> >> >> I believe you haven't restarted the usage service after setting the >> >> configuration. >> >> >> >> Thanks, >> >> Sudharma >> >> >> >> On Wed, Aug 4, 2021 at 8:32 PM Hean Seng wrote: >> >> >> >>> Hi >> >>> >> >>> I had configure following : >> >>> >> >>> usage.stats.job.aggregation.range = 480 >> >>> >> >>> >> >>> However my usage record show : >> >>> >> >>> "enddate": "2021-08-03'T'18:00:52+00:00", >> >>> >> >>> "startdate": "2021-08-03'T'17:55:51+00:00", >> >>> >> >>> >> >>> Although running every 480min, but it creating one record every >> >>> 5minutes. This make generating a lot of record to Database, >> >>> >> >>> Is there anybody can advise me where record search is few hour one >> >>> calculation * for the start and end date". , which parameter to >> >>> configure for this. >> >>> >> >>> >> >>> >> >>> >> >>> -- >> >>> Regards, >> >>> Hean Seng >> >>> >> >> >> > >> > >> > -- >> > Regards, >> > Hean Seng >> >> > > -- > Regards, > Hean Seng > -- Regards, Hean Seng
Re: Cloustack Usage , Start date End Date
I. suppose if define usage.stats.job.aggregation.range = 60. , it shall means start date and end date will hav 60min , right . this previously no issue, which if define 60, it will start and end date will be 60minues. However there one time, unexpecting restart the services, and cause to not update the pid id of usage job, there after this issue happen. No matter how i update usage.stats.job.aggregation.range to any value, it will update the record fo 5 minutes (start and end date) , this cause to a lot of record to the mysql table . And i never update this for 5minutes. Not sure where is bug of this and how to solve it. On Thu, Aug 5, 2021 at 11:31 PM K B Shiv Kumar wrote: > Ideally a single restart should be good enough. However I vaguely remember > facing this issue. I faintly remember if we changed the > usage.stats.job.exec.time to something a little ahead, it picked up > properly after that. I don't know why, coz they ideally are not related. > Maybe it takes the other variables into consideration on every execution > time. > > PS: Here is a summary of my findings with usage server sometime(as in some > versions back) ago. While they may not be relevant to your problem, it may > help understand the variables better. > > usage.stats.job.exec.time = 00:10 > usage.execution.timezone = > usage.aggregation.timezone = > usage.stats.job.aggregation.range = 60 > usage.sanity.check.interval = 2 > > Additional Notes > usage.stats.job.aggregation.range = 60 > Aggregate usage in what period ? The above specifies aggregation every 60 > minutes ie every hour. > > usage.stats.job.exec.time = 00:10 > It seems there is a bug in the ACS usage script. Irrespective of whatever > time you give in usage.stats.job.exec.time, it will always execute at the > execution time zone's 00th minute that is at the fresh hour (assuming > usage.stats.job.aggregation.range = 60). > > usage.execution.timezone = Asia/Kolkatta > This basically tells the cloudstack usage when to run periodically. > Ideally it should run periodically at the above time as per the frequency. > For example it should run at the 10th minute IST every hour. But it won't. > See above. > > usage.aggregation.timezone = > This is important. The above values tell you what interval to aggregate. > It also tells you when the script will run and as per what time zone the > script run is defined (see bug). It however does not tell you how to > aggregate. For example hour … Is it HH:00:00 to HH:59:59 ? Is it HH:30:00 > to HH+1:29:59 ? Why not HH:07:00 to HH+1:06:59 ? That is where this value > comes to play. It will aggregate usage from HH:00:00 to HH:59:59 as per > this zone. Then why does my DB show strange values like HH:15:00 to > HH+1:14:59 ? The reason is whatever be the aggregation timezone, the value > in the DB will always be stored in UTC. > Best Regards, > > K B Shiv Kumar > IndiQus Technologies > > > On 05-Aug-2021, at 20:18, Hean Seng wrote: > > > > Yes, both had restarted . Shall I restart both again ? > > > > On Thu, Aug 5, 2021 at 1:19 PM Sudharma Jain > wrote: > > > >> Hi, > >> > >> I believe you haven't restarted the usage service after setting the > >> configuration. > >> > >> Thanks, > >> Sudharma > >> > >> On Wed, Aug 4, 2021 at 8:32 PM Hean Seng wrote: > >> > >>> Hi > >>> > >>> I had configure following : > >>> > >>> usage.stats.job.aggregation.range = 480 > >>> > >>> > >>> However my usage record show : > >>> > >>> "enddate": "2021-08-03'T'18:00:52+00:00", > >>> > >>> "startdate": "2021-08-03'T'17:55:51+00:00", > >>> > >>> > >>> Although running every 480min, but it creating one record every > >>> 5minutes. This make generating a lot of record to Database, > >>> > >>> Is there anybody can advise me where record search is few hour one > >>> calculation * for the start and end date". , which parameter to > >>> configure for this. > >>> > >>> > >>> > >>> > >>> -- > >>> Regards, > >>> Hean Seng > >>> > >> > > > > > > -- > > Regards, > > Hean Seng > > -- Regards, Hean Seng
Re: Cloustack Usage , Start date End Date
Yes, both had restarted . Shall I restart both again ? On Thu, Aug 5, 2021 at 1:19 PM Sudharma Jain wrote: > Hi, > > I believe you haven't restarted the usage service after setting the > configuration. > > Thanks, > Sudharma > > On Wed, Aug 4, 2021 at 8:32 PM Hean Seng wrote: > > > Hi > > > > I had configure following : > > > > usage.stats.job.aggregation.range = 480 > > > > > > However my usage record show : > > > > "enddate": "2021-08-03'T'18:00:52+00:00", > > > > "startdate": "2021-08-03'T'17:55:51+00:00", > > > > > > Although running every 480min, but it creating one record every > > 5minutes. This make generating a lot of record to Database, > > > > Is there anybody can advise me where record search is few hour one > > calculation * for the start and end date". , which parameter to > > configure for this. > > > > > > > > > > -- > > Regards, > > Hean Seng > > > -- Regards, Hean Seng
Cloustack Usage , Start date End Date
Hi I had configure following : usage.stats.job.aggregation.range = 480 However my usage record show : "enddate": "2021-08-03'T'18:00:52+00:00", "startdate": "2021-08-03'T'17:55:51+00:00", Although running every 480min, but it creating one record every 5minutes. This make generating a lot of record to Database, Is there anybody can advise me where record search is few hour one calculation * for the start and end date". , which parameter to configure for this. -- Regards, Hean Seng
Re: IPV6 in Isolated/VPC networks
I think if doing this way , since you were to implement on peering ip between vr and phsical router , then would need keep /56 or 48 at Clodustack ? We can only add /64 subnet to Cloudstack only (instead of keep the /56 or 48 there). I saw other software provider do is adding /64 subnet to their system, and after that allocate subnet to the VM (from the previous added list). May be considering the OSPF if really on this. It really a nightmare for maintaining 1000 or few thousand of BGP session. You can imagine your Cisco Router list of few thousand BGP session there. On Fri, Jul 16, 2021 at 11:17 PM Wido den Hollander wrote: > > > Op 16-07-2021 om 16:42 schreef Hean Seng: > > Hi Wido, > > > > In current setup, each Cloudstack have own VR, so in this new IPv6 > subnet > > allocation , each VR (which have Frr) will need to have peering with ISP > > router (and either BGP or Static Route) , and there is 1000 Acocunts, it > > will 1000 BGP session with ISP router , Am I right for this ? or I > > understand wrong . > > > > Yes, that is correct. A /56 would also be sufficient or a /60 which is > enough to allocate a few /64 subnets. > > 1000 BGP connections isn't really a problem for a proper router at the > ISP. OSPF(v3) would be better, but as I said that's poorly supported. > > The ISP could also install 1000 static routes, but that means that the > ISP's router needs to have those configured. > > http://docs.frrouting.org/en/latest/ospf6d.html > (While looking up this URL I see that Frr recently put in a lot of work > in OSPFv3, seems better now) > > > I understand IPv6 is different then IPv4, and in IPv6 it suppose each > > devices have own IP. It just how to realize in easy way. > > > > > > > > > > > > > > > > > > > > On Fri, Jul 16, 2021 at 8:17 PM Wido den Hollander > wrote: > > > >> > >> > >> Op 16-07-2021 om 05:54 schreef Hean Seng: > >>> Hi Wido, > >>> > >>> My initial thought is not like this, it is the /48 at ISP router, and > >> /64 > >>> subnet assign to AdvanceZoneVR, AdvanceZoneVR responsible is > >>> distribule IPv6 ip (from the assigned /64 sunet) to VM, and not > routing > >>> the traffic, in the VM that get the IPv6 IP will default route to ISP > >>> router as gw. It can may be a bridge over via Advancezone-VR. > >>> > >> > >> How would you bridge this? That sounds like NAT? > >> > >> IPv6 is meant to be routed. Not to be translated or bridged in any way. > >> > >> The way a made the drawing is exactly how IPv6 should work in a VPC > >> environment. > >> > >> Traffic flows through the VR where it can do firewalling of the traffic. > >> > >>> However, If do as the way described in the drawing, then i suppose will > >> be > >>> another kind of virtual router going to introduce , to get hold the /48 > >> in > >>> this virtual router right ? > >>> > >> > >> It can be the same VR. But keep in mind that IPv6 != IPv4. > >> > >> The VR will get Frr as a new daemon which can talk BGP with the upper > >> network to route traffic. > >> > >>> After this, The Advance Zone, NAT's VR will peer with this new IPv6 > VR > >>> for getting the IPv6 /64 prefix ? > >>> > >> > >> IPv4 will be behind NAT, but IPv6 will not be behind NAT. > >> > >>> If do in this way, then I guess you just only need Static route, with > >>> peering ip both end as one /48 can have a lot of /64 on it. And > >> hardware > >>> budgeting for new IPv6-VR will become very important, as all traffic > will > >>> need to pass over it . > >>> > >> > >> Routing or NAT is the same for the VR. You don't need a very beefy VR > >> for this. > >> > >>> It will be like > >>> > >>> ISP Router -- > (new IPV6-VR ) > AdvanceZone-VR > VM > >>> > >>> Relationship of (new IPv6 VR) and AdvanceZone-VR , may be considering > on > >>> OSPF instead of BGP , otherwise few thousand of AdvanceZone-VR wil > have > >>> few thousand of BGP session. on new-IPv6-VR > >>> > >>> Also, I suppose we cannot do ISP router. -->. Advancezone VR direct, > , > >>> otherwise ISP router will be full of /64 prefix route either on BGP( > Many > >>> BGP Session) , or Many Static route . If
Re: IPV6 in Isolated/VPC networks
Hi Wido, In current setup, each Cloudstack have own VR, so in this new IPv6 subnet allocation , each VR (which have Frr) will need to have peering with ISP router (and either BGP or Static Route) , and there is 1000 Acocunts, it will 1000 BGP session with ISP router , Am I right for this ? or I understand wrong . I understand IPv6 is different then IPv4, and in IPv6 it suppose each devices have own IP. It just how to realize in easy way. On Fri, Jul 16, 2021 at 8:17 PM Wido den Hollander wrote: > > > Op 16-07-2021 om 05:54 schreef Hean Seng: > > Hi Wido, > > > > My initial thought is not like this, it is the /48 at ISP router, and > /64 > > subnet assign to AdvanceZoneVR, AdvanceZoneVR responsible is > > distribule IPv6 ip (from the assigned /64 sunet) to VM, and not routing > > the traffic, in the VM that get the IPv6 IP will default route to ISP > > router as gw. It can may be a bridge over via Advancezone-VR. > > > > How would you bridge this? That sounds like NAT? > > IPv6 is meant to be routed. Not to be translated or bridged in any way. > > The way a made the drawing is exactly how IPv6 should work in a VPC > environment. > > Traffic flows through the VR where it can do firewalling of the traffic. > > > However, If do as the way described in the drawing, then i suppose will > be > > another kind of virtual router going to introduce , to get hold the /48 > in > > this virtual router right ? > > > > It can be the same VR. But keep in mind that IPv6 != IPv4. > > The VR will get Frr as a new daemon which can talk BGP with the upper > network to route traffic. > > > After this, The Advance Zone, NAT's VR will peer with this new IPv6 VR > > for getting the IPv6 /64 prefix ? > > > > IPv4 will be behind NAT, but IPv6 will not be behind NAT. > > > If do in this way, then I guess you just only need Static route, with > > peering ip both end as one /48 can have a lot of /64 on it. And > hardware > > budgeting for new IPv6-VR will become very important, as all traffic will > > need to pass over it . > > > > Routing or NAT is the same for the VR. You don't need a very beefy VR > for this. > > > It will be like > > > > ISP Router -- > (new IPV6-VR ) > AdvanceZone-VR > VM > > > > Relationship of (new IPv6 VR) and AdvanceZone-VR , may be considering on > > OSPF instead of BGP , otherwise few thousand of AdvanceZone-VR wil have > > few thousand of BGP session. on new-IPv6-VR > > > > Also, I suppose we cannot do ISP router. -->. Advancezone VR direct, , > > otherwise ISP router will be full of /64 prefix route either on BGP( Many > > BGP Session) , or Many Static route . If few thousand account, ti will > > be few thousand of BGP session with ISP router or few thousand static > route > > which is not possible . > > > > > > > > > > > > > > On Thu, Jul 15, 2021 at 10:47 PM Wido den Hollander > wrote: > > > >> But you still need routing. See the attached PNG (and draw.io XML). > >> > >> You need to route the /48 subnet TO the VR which can then route it to > >> the Virtual Networks behind the VR. > >> > >> There is no other way then routing with either BGP or a Static route. > >> > >> Wido > >> > >> Op 15-07-2021 om 12:39 schreef Hean Seng: > >>> Or explain like this : > >>> > >>> 1) Cloudstack generate list of /64 subnet from /48 that Network admin > >>> assigned to Cloudstack > >>> 2) Cloudsack allocated the subnet (that generated from step1) to > Virtual > >>> Router, one Virtual Router have one subniet /64 > >>> 3) Virtual Router allocate single IPv6 (within the range of /64 > >>> allocated to VR) to VM > >>> > >>> > >>> > >>> > >>> > >>> > >>> On Thu, Jul 15, 2021 at 6:25 PM Hean Seng >>> <mailto:heans...@gmail.com>> wrote: > >>> > >>> Hi Wido, > >>> > >>> I think the /48 is at physical router as gateway , and subnet of > /64 > >>> at VR of Cloudstack. Cloudstack only keep which /48 prefix and > >>> vlan information of this /48 to be later split the /64. to VR. > >>> > >>> And the instances is getting singe IPv6 of /64 IP. The VR is > >>> getting /64. The default gateway shall goes to /48 of physical > >>> router ip . In this case ,does not need any BGP router . &
Re: IPV6 in Isolated/VPC networks
Hi Wido, My initial thought is not like this, it is the /48 at ISP router, and /64 subnet assign to AdvanceZoneVR, AdvanceZoneVR responsible is distribule IPv6 ip (from the assigned /64 sunet) to VM, and not routing the traffic, in the VM that get the IPv6 IP will default route to ISP router as gw. It can may be a bridge over via Advancezone-VR. However, If do as the way described in the drawing, then i suppose will be another kind of virtual router going to introduce , to get hold the /48 in this virtual router right ? After this, The Advance Zone, NAT's VR will peer with this new IPv6 VR for getting the IPv6 /64 prefix ? If do in this way, then I guess you just only need Static route, with peering ip both end as one /48 can have a lot of /64 on it. And hardware budgeting for new IPv6-VR will become very important, as all traffic will need to pass over it . It will be like ISP Router -- > (new IPV6-VR ) > AdvanceZone-VR > VM Relationship of (new IPv6 VR) and AdvanceZone-VR , may be considering on OSPF instead of BGP , otherwise few thousand of AdvanceZone-VR wil have few thousand of BGP session. on new-IPv6-VR Also, I suppose we cannot do ISP router. -->. Advancezone VR direct, , otherwise ISP router will be full of /64 prefix route either on BGP( Many BGP Session) , or Many Static route . If few thousand account, ti will be few thousand of BGP session with ISP router or few thousand static route which is not possible . On Thu, Jul 15, 2021 at 10:47 PM Wido den Hollander wrote: > But you still need routing. See the attached PNG (and draw.io XML). > > You need to route the /48 subnet TO the VR which can then route it to > the Virtual Networks behind the VR. > > There is no other way then routing with either BGP or a Static route. > > Wido > > Op 15-07-2021 om 12:39 schreef Hean Seng: > > Or explain like this : > > > > 1) Cloudstack generate list of /64 subnet from /48 that Network admin > > assigned to Cloudstack > > 2) Cloudsack allocated the subnet (that generated from step1) to Virtual > > Router, one Virtual Router have one subniet /64 > > 3) Virtual Router allocate single IPv6 (within the range of /64 > > allocated to VR) to VM > > > > > > > > > > > > > > On Thu, Jul 15, 2021 at 6:25 PM Hean Seng > <mailto:heans...@gmail.com>> wrote: > > > > Hi Wido, > > > > I think the /48 is at physical router as gateway , and subnet of /64 > > at VR of Cloudstack. Cloudstack only keep which /48 prefix and > > vlan information of this /48 to be later split the /64. to VR. > > > > And the instances is getting singe IPv6 of /64 IP. The VR is > > getting /64. The default gateway shall goes to /48 of physical > > router ip . In this case ,does not need any BGP router . > > > > > > Similar concept as IPv4 : > > > > /48 subnet of IPv6 is equivalent to current /24 subnet of IPv4 that > > created in Network. > > and /64 of IPv6 is equivalent to single IP of IPv4 assign to VM. > > > > > > > > > > On Thu, Jul 15, 2021 at 5:31 PM Wido den Hollander > <mailto:w...@widodh.nl>> wrote: > > > > > > > > Op 14-07-2021 om 16:44 schreef Hean Seng: > > > Hi > > > > > > I replied in another thread, i think do not need implement > > BGP or OSPF, > > > that would be complicated . > > > > > > We only need assign IPv6 's /64 prefix to Virtual Router > > (VR) in NAT > > > zone, and the VR responsible to deliver single IPv6 to VM via > > DHCP6. > > > > > > In VR, you need to have Default IPv6 route to Physical > > Router's /48. IP > > > as IPv6 Gateway. Thens should be done . > > > > > > Example : > > > Physical Router Interface > > > IPv6 IP : 2000:::1/48 > > > > > > Cloudstack virtual router : 2000::200:201::1/64 with > > default ipv6 > > > route to router ip 2000:::1 > > > and Clodustack Virtual router dhcp allocate IP to VM , and > > VM will have > > > default route to VR. IPv6 2000::200:201::1 > > > > > > So in cloudstack need to allow user to enter , IPv6 > > gwateway , and > > > the /48 Ipv6 prefix , then it will self allocate the /64 ip > > to the VR , > >
Re: IPV6 in Isolated/VPC networks
Or explain like this : 1) Cloudstack generate list of /64 subnet from /48 that Network admin assigned to Cloudstack 2) Cloudsack allocated the subnet (that generated from step1) to Virtual Router, one Virtual Router have one subniet /64 3) Virtual Router allocate single IPv6 (within the range of /64 allocated to VR) to VM On Thu, Jul 15, 2021 at 6:25 PM Hean Seng wrote: > Hi Wido, > > I think the /48 is at physical router as gateway , and subnet of /64 at VR > of Cloudstack. Cloudstack only keep which /48 prefix and vlan information > of this /48 to be later split the /64. to VR. > > And the instances is getting singe IPv6 of /64 IP. The VR is getting > /64. The default gateway shall goes to /48 of physical router ip . In > this case ,does not need any BGP router . > > > Similar concept as IPv4 : > > /48 subnet of IPv6 is equivalent to current /24 subnet of IPv4 that > created in Network. > and /64 of IPv6 is equivalent to single IP of IPv4 assign to VM. > > > > > On Thu, Jul 15, 2021 at 5:31 PM Wido den Hollander wrote: > >> >> >> Op 14-07-2021 om 16:44 schreef Hean Seng: >> > Hi >> > >> > I replied in another thread, i think do not need implement BGP or OSPF, >> > that would be complicated . >> > >> > We only need assign IPv6 's /64 prefix to Virtual Router (VR) in NAT >> > zone, and the VR responsible to deliver single IPv6 to VM via DHCP6. >> > >> > In VR, you need to have Default IPv6 route to Physical Router's /48. >> IP >> > as IPv6 Gateway. Thens should be done . >> > >> > Example : >> > Physical Router Interface >> > IPv6 IP : 2000:::1/48 >> > >> > Cloudstack virtual router : 2000::200:201::1/64 with default ipv6 >> > route to router ip 2000:::1 >> > and Clodustack Virtual router dhcp allocate IP to VM , and VM will >> have >> > default route to VR. IPv6 2000::200:201::1 >> > >> > So in cloudstack need to allow user to enter , IPv6 gwateway , and >> > the /48 Ipv6 prefix , then it will self allocate the /64 ip to the VR >> , >> > and maintain make sure not ovelap allocation >> > >> > >> >> But NAT is truly not the solution with IPv6. IPv6 is supposed to be >> routable. In addition you should avoid DHCPv6 as much as possible as >> that's not really the intended use-case for address allocation with IPv6. >> >> In order to route an /48 IPv6 subnet to the VR you have a few >> possibilities: >> >> - Static route from the upperlying routers which are outside of CloudStack >> - BGP >> - OSPFv3 (broken in most cases!) >> - DHCPv6 Prefix Delegation >> >> BGP and/or Static routes are still the best bet here. >> >> So what you do is that you tell CloudStack that you will route >> 2001:db8::/48 to the VR, the VR can then use that to split it up into >> multiple /64 subnets going towards the instances: >> >> - 2001:db8::/64 >> - 2001:db8:1::/64 >> - 2001:db8:2::/64 >> ... >> - 2001:db8:f::/64 >> >> And go on. >> >> In case of BGP you indeed have to tell the VR a few things: >> >> - It's own AS number >> - The peer's address(es) >> >> With FRR you can simply say: >> >> neighbor 2001:db8:4fa::179 remote-as external >> >> The /48 you need to have at the VR anyway in case of either a static >> route or BGP. >> >> We just need to add a NullRoute on the VR for that /48 so that traffic >> will not be routed to the upper gateway in case of the VR can't find a >> route. >> >> Wido >> >> > >> > >> > >> > >> > >> > On Wed, Jul 14, 2021 at 8:55 PM Alex Mattioli >> > mailto:alex.matti...@shapeblue.com>> >> wrote: >> > >> > Hi Wido, >> > That's pretty much in line with our thoughts, thanks for the input. >> > I believe we agree on the following points then: >> > >> > - FRR with BGP (no OSPF) >> > - Route /48 (or/56) down to the VR >> > - /64 per network >> > - SLACC for IP addressing >> > >> > I believe the next big question is then "on which level of ACS do we >> > manage AS numbers?". I see two options: >> > 1) Private AS number on a per-zone basis >> > 2) Root Admin assigned AS number on a domain/account basis >> > 3) End-user driven AS number on a per network basis (for bring your >> > own AS and
Re: IPV6 in Isolated/VPC networks
Hi Wido, I think the /48 is at physical router as gateway , and subnet of /64 at VR of Cloudstack. Cloudstack only keep which /48 prefix and vlan information of this /48 to be later split the /64. to VR. And the instances is getting singe IPv6 of /64 IP. The VR is getting /64. The default gateway shall goes to /48 of physical router ip . In this case ,does not need any BGP router . Similar concept as IPv4 : /48 subnet of IPv6 is equivalent to current /24 subnet of IPv4 that created in Network. and /64 of IPv6 is equivalent to single IP of IPv4 assign to VM. On Thu, Jul 15, 2021 at 5:31 PM Wido den Hollander wrote: > > > Op 14-07-2021 om 16:44 schreef Hean Seng: > > Hi > > > > I replied in another thread, i think do not need implement BGP or OSPF, > > that would be complicated . > > > > We only need assign IPv6 's /64 prefix to Virtual Router (VR) in NAT > > zone, and the VR responsible to deliver single IPv6 to VM via DHCP6. > > > > In VR, you need to have Default IPv6 route to Physical Router's /48. IP > > as IPv6 Gateway. Thens should be done . > > > > Example : > > Physical Router Interface > > IPv6 IP : 2000:::1/48 > > > > Cloudstack virtual router : 2000::200:201::1/64 with default ipv6 > > route to router ip 2000:::1 > > and Clodustack Virtual router dhcp allocate IP to VM , and VM will have > > default route to VR. IPv6 2000::200:201::1 > > > > So in cloudstack need to allow user to enter , IPv6 gwateway , and > > the /48 Ipv6 prefix , then it will self allocate the /64 ip to the VR , > > and maintain make sure not ovelap allocation > > > > > > But NAT is truly not the solution with IPv6. IPv6 is supposed to be > routable. In addition you should avoid DHCPv6 as much as possible as > that's not really the intended use-case for address allocation with IPv6. > > In order to route an /48 IPv6 subnet to the VR you have a few > possibilities: > > - Static route from the upperlying routers which are outside of CloudStack > - BGP > - OSPFv3 (broken in most cases!) > - DHCPv6 Prefix Delegation > > BGP and/or Static routes are still the best bet here. > > So what you do is that you tell CloudStack that you will route > 2001:db8::/48 to the VR, the VR can then use that to split it up into > multiple /64 subnets going towards the instances: > > - 2001:db8::/64 > - 2001:db8:1::/64 > - 2001:db8:2::/64 > ... > - 2001:db8:f::/64 > > And go on. > > In case of BGP you indeed have to tell the VR a few things: > > - It's own AS number > - The peer's address(es) > > With FRR you can simply say: > > neighbor 2001:db8:4fa::179 remote-as external > > The /48 you need to have at the VR anyway in case of either a static > route or BGP. > > We just need to add a NullRoute on the VR for that /48 so that traffic > will not be routed to the upper gateway in case of the VR can't find a > route. > > Wido > > > > > > > > > > > > > On Wed, Jul 14, 2021 at 8:55 PM Alex Mattioli > > mailto:alex.matti...@shapeblue.com>> > wrote: > > > > Hi Wido, > > That's pretty much in line with our thoughts, thanks for the input. > > I believe we agree on the following points then: > > > > - FRR with BGP (no OSPF) > > - Route /48 (or/56) down to the VR > > - /64 per network > > - SLACC for IP addressing > > > > I believe the next big question is then "on which level of ACS do we > > manage AS numbers?". I see two options: > > 1) Private AS number on a per-zone basis > > 2) Root Admin assigned AS number on a domain/account basis > > 3) End-user driven AS number on a per network basis (for bring your > > own AS and IP scenario) > > > > Thoughts? > > > > Cheers > > Alex > > > > > > > > > > -Original Message- > > From: Wido den Hollander mailto:w...@widodh.nl>> > > Sent: 13 July 2021 15:08 > > To: d...@cloudstack.apache.org <mailto:d...@cloudstack.apache.org>; > > Alex Mattioli > <mailto:alex.matti...@shapeblue.com>> > > Cc: Wei Zhou > <mailto:wei.z...@shapeblue.com>>; Rohit Yadav > > mailto:rohit.ya...@shapeblue.com>>; > > Gabriel Beims Bräscher > <mailto:gabr...@pcextreme.nl>> > > Subject: Re: IPV6 in Isolated/VPC networks > > > > > > > > On 7/7/21 1:16 PM, Alex Mattioli wrote: > > > Hi all, > > > @Wei Zhou<mailto:wei.z...
Re: IPV6 in Isolated/VPC networks
Yes, sorry for that, can use NAT 6 also .I mentiioned DHCP6 , and you can point the gateway to /48 gw, and this does not need any BGP. Maintain BGP or OSPF is good, but is a lot more complicated , On Wed, Jul 14, 2021 at 10:57 PM Alex Mattioli wrote: > Hi Hean, > Do you mean using NAT66? Or did I miss something? > > Regards, > Alex > > > > > -Original Message- > From: Hean Seng > Sent: 14 July 2021 16:44 > To: users@cloudstack.apache.org > Cc: Wido den Hollander ; d...@cloudstack.apache.org; Wei > Zhou ; Rohit Yadav ; > Gabriel Beims Bräscher > Subject: Re: IPV6 in Isolated/VPC networks > > Hi > > I replied in another thread, i think do not need implement BGP or OSPF, > that would be complicated . > > We only need assign IPv6 's /64 prefix to Virtual Router (VR) in NAT > zone, and the VR responsible to deliver single IPv6 to VM via DHCP6. > > In VR, you need to have Default IPv6 route to Physical Router's /48. IP as > IPv6 Gateway. Thens should be done . > > Example : > Physical Router Interface > IPv6 IP : 2000:::1/48 > > Cloudstack virtual router : 2000::200:201::1/64 with default ipv6 > route to router ip 2000:::1 and Clodustack Virtual router dhcp allocate > IP to VM , and VM will have default route to VR. IPv6 2000::200:201::1 > > So in cloudstack need to allow user to enter , IPv6 gwateway , and the > /48 Ipv6 prefix , then it will self allocate the /64 ip to the VR , and > maintain make sure not ovelap allocation > > > > > > > > On Wed, Jul 14, 2021 at 8:55 PM Alex Mattioli > > wrote: > > > Hi Wido, > > That's pretty much in line with our thoughts, thanks for the input. I > > believe we agree on the following points then: > > > > - FRR with BGP (no OSPF) > > - Route /48 (or/56) down to the VR > > - /64 per network > > - SLACC for IP addressing > > > > I believe the next big question is then "on which level of ACS do we > > manage AS numbers?". I see two options: > > 1) Private AS number on a per-zone basis > > 2) Root Admin assigned AS number on a domain/account basis > > 3) End-user driven AS number on a per network basis (for bring your > > own AS and IP scenario) > > > > Thoughts? > > > > Cheers > > Alex > > > > > > > > > > -Original Message- > > From: Wido den Hollander > > Sent: 13 July 2021 15:08 > > To: d...@cloudstack.apache.org; Alex Mattioli > > > > Cc: Wei Zhou ; Rohit Yadav < > > rohit.ya...@shapeblue.com>; Gabriel Beims Bräscher > > > > Subject: Re: IPV6 in Isolated/VPC networks > > > > > > > > On 7/7/21 1:16 PM, Alex Mattioli wrote: > > > Hi all, > > > @Wei Zhou<mailto:wei.z...@shapeblue.com> @Rohit Yadav > rohit.ya...@shapeblue.com> and myself are investigating how to enable > > IPV6 support on Isolated and VPC networks and would like your input on > it. > > > At the moment we are looking at implementing FRR with BGP (and > > > possibly > > OSPF) on the ACS VR. > > > > > > We are looking for requirements, recommendations, ideas, rants, > > etc...etc... > > > > > > > Ok! Here we go. > > > > I think that you mean that the VR will actually route the IPv6 traffic > > and for that you need to have a way of getting a subnet routed to the VR. > > > > BGP is probably you best bet here. Although OSPFv3 technically > > supports this it is very badly implemented in Frr for example. > > > > Now FRR is a very good router and one of the fancy features it > > supports is BGP Unnumered. This allows for auto configuration of BGP > > over a L2 network when both sides are sending Router Advertisements. > > This is very easy for flexible BGP configurations where both sides have > dynamic IPs. > > > > What you want to do is that you get a /56, /48 or something which is > > >/64 bits routed to the VR. > > > > Now you can sub-segment this into separate /64 subnets. You don't want > > to go smaller then a /64 is that prevents you from using SLAAC for > > IPv6 address configuration. This is how it works for Shared Networks > > now in Basic and Advanced Zones. > > > > FRR can now also send out the Router Advertisements on the downlinks > > sending out: > > > > - DNS servers > > - DNS domain > > - Prefix (/64) to be used > > > > There is no need for DHCPv6. You can calculate the IPv6 address the VM > > will obtain by using the MAC and the prefix. > > > > So in short: > > > > - Using BGP you routed a /48 to the VR > > - Now you split this into /64 subnets towards the isolated networks > > > > Wido > > > > > Alex Mattioli > > > > > > > > > > > > > > > > > > -- > Regards, > Hean Seng > -- Regards, Hean Seng
Re: IPV6 in Isolated/VPC networks
Hi I replied in another thread, i think do not need implement BGP or OSPF, that would be complicated . We only need assign IPv6 's /64 prefix to Virtual Router (VR) in NAT zone, and the VR responsible to deliver single IPv6 to VM via DHCP6. In VR, you need to have Default IPv6 route to Physical Router's /48. IP as IPv6 Gateway. Thens should be done . Example : Physical Router Interface IPv6 IP : 2000:::1/48 Cloudstack virtual router : 2000::200:201::1/64 with default ipv6 route to router ip 2000:::1 and Clodustack Virtual router dhcp allocate IP to VM , and VM will have default route to VR. IPv6 2000::200:201::1 So in cloudstack need to allow user to enter , IPv6 gwateway , and the /48 Ipv6 prefix , then it will self allocate the /64 ip to the VR , and maintain make sure not ovelap allocation On Wed, Jul 14, 2021 at 8:55 PM Alex Mattioli wrote: > Hi Wido, > That's pretty much in line with our thoughts, thanks for the input. I > believe we agree on the following points then: > > - FRR with BGP (no OSPF) > - Route /48 (or/56) down to the VR > - /64 per network > - SLACC for IP addressing > > I believe the next big question is then "on which level of ACS do we > manage AS numbers?". I see two options: > 1) Private AS number on a per-zone basis > 2) Root Admin assigned AS number on a domain/account basis > 3) End-user driven AS number on a per network basis (for bring your own AS > and IP scenario) > > Thoughts? > > Cheers > Alex > > > > > -Original Message- > From: Wido den Hollander > Sent: 13 July 2021 15:08 > To: d...@cloudstack.apache.org; Alex Mattioli > Cc: Wei Zhou ; Rohit Yadav < > rohit.ya...@shapeblue.com>; Gabriel Beims Bräscher > Subject: Re: IPV6 in Isolated/VPC networks > > > > On 7/7/21 1:16 PM, Alex Mattioli wrote: > > Hi all, > > @Wei Zhou<mailto:wei.z...@shapeblue.com> @Rohit Yadav rohit.ya...@shapeblue.com> and myself are investigating how to enable > IPV6 support on Isolated and VPC networks and would like your input on it. > > At the moment we are looking at implementing FRR with BGP (and possibly > OSPF) on the ACS VR. > > > > We are looking for requirements, recommendations, ideas, rants, > etc...etc... > > > > Ok! Here we go. > > I think that you mean that the VR will actually route the IPv6 traffic and > for that you need to have a way of getting a subnet routed to the VR. > > BGP is probably you best bet here. Although OSPFv3 technically supports > this it is very badly implemented in Frr for example. > > Now FRR is a very good router and one of the fancy features it supports is > BGP Unnumered. This allows for auto configuration of BGP over a L2 network > when both sides are sending Router Advertisements. This is very easy for > flexible BGP configurations where both sides have dynamic IPs. > > What you want to do is that you get a /56, /48 or something which is > >/64 bits routed to the VR. > > Now you can sub-segment this into separate /64 subnets. You don't want to > go smaller then a /64 is that prevents you from using SLAAC for IPv6 > address configuration. This is how it works for Shared Networks now in > Basic and Advanced Zones. > > FRR can now also send out the Router Advertisements on the downlinks > sending out: > > - DNS servers > - DNS domain > - Prefix (/64) to be used > > There is no need for DHCPv6. You can calculate the IPv6 address the VM > will obtain by using the MAC and the prefix. > > So in short: > > - Using BGP you routed a /48 to the VR > - Now you split this into /64 subnets towards the isolated networks > > Wido > > > Alex Mattioli > > > > > > > > > > -- Regards, Hean Seng
Re: Console Proxy & SSL
I suggest you just do SSL for console proxy, and setup another server with SSL cert and reverse proxy to your Management server . On Fri, Jul 2, 2021 at 4:22 AM Andrija Panic wrote: > Hi Mike, > > certificate for securing UI and the certificate for securing access to > Console of the VM (i.e. securing HTTPS access from browser to the public IP > of the CPVM/SSVM) are 2 completely different things - and you can/should > use 2 different certificates. > > Please read this article - it's very comprehensive and up to date in > regards to the steps - afterwards, I'm happy to answer any additional > questions you might have: > https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/ > > > Your second email - is referring to a cloudstack agent certificate that is > generated by default to secure agent-to-mgmt communication - nothing to do > with the other 2 you are configuring. > > Cheers, > > > On Thu, 1 Jul 2021 at 19:39, Corey, Mike > wrote: > > > To help me with troubleshooting, could one of the developers let me know > > where the wildcard certificate is loaded into the ssvm and consolevm? Is > > there a way to verify the custom wildcard cert I’ve uploaded is where it > > should be? I’m seeing this error in the ACS logs. > > > > Should the CA wildcard certificate issuer & CN be in the “presented these > > certificates” section of log? > > > > > > 2021-07-01 13:23:12,070 DEBUG [o.a.c.c.p.RootCACustomTrustManager] > > (pool-13-thread-1:null) (logid:) A client/agent attempting connection > from > > address=10.#.#.# has presented these certificate(s): > > Certificate [1] : > > Serial: 85b01fc4f045cf08 > > Not Before:Thu Jul 01 01:03:33 EDT 2021 > > Not After:Fri Jul 01 13:03:33 EDT 2022 > > Signature Algorithm:SHA256withRSA > > Version:3 > > Subject DN:C=cloudstack, O=cloudstack, OU=cloudstack, CN=v-17-VM > > Issuer DN:CN=ca.cloudstack.apache.org > > Alternative Names:[[7, 10.#.#.#], [7, 10.#.#.#], [2, v-17-VM]] > > Certificate [2] : > > Serial: 3b2fcee96e685c62 > > Not Before:Mon May 03 00:43:22 EDT 2021 > > Not After:Wed Apr 26 12:43:22 EDT 2051 > > Signature Algorithm:SHA256withRSA > > Version:3 > > Subject DN:CN=ca.cloudstack.apache.org > > Issuer DN:CN=ca.cloudstack.apache.org > > Alternative Names:null > > > > 2021-07-01 13:23:12,071 ERROR [o.a.c.c.p.RootCACustomTrustManager] > > (pool-13-thread-1:null) (logid:) Certificate ownership verification > failed > > for client: 10.#.#.# > > 2021-07-01 13:23:12,073 ERROR [c.c.u.n.Link] > > (AgentManager-SSLHandshakeHandler-4:null) (logid:) SSL error caught > during > > wrap data: Certificate ownership verification failed for client: > 10.#.#.#, > > for local address=/10.#.#.#:8250, remote address=/10.#.#.#:36082. > > 2021-07-01 13:23:17,464 ERROR [c.c.u.n.Link] > > (AgentManager-SSLHandshakeHandler-4:null) (logid:) SSL error caught > during > > wrap data: Empty server certificate chain, for local > > address=/10.#.#.#:8250, remote address=/10.#.#.##:36084. > > > > > > > > > > From: Corey, Mike > > Sent: Thursday, July 1, 2021 10:33 AM > > To: users > > Subject: [CAUTION] Console Proxy & SSL > > > > Hi, > > > > I could use some clarification here on TLS/SSL usage. I’ve secured my > ACS > > UI with a CA issued certificate. This certificate has the FQDN of my ACS > > server as the CN. The certificate is valid and the Management UI > > connection is secured in the web browser. > > > > I’m now trying to modify the Console Proxy SSL Certificate base on this > > page: > > > http://docs.cloudstack.apache.org/en/latest/adminguide/systemvm.html#using-a-ssl-certificate-for-the-console-proxy > > > > I have created the wildcard CA issued certificate as *. > along > > with the unencrypted key per the steps on above wiki page. > > > > After the changes are made in the UI under Infrastructure – SSL > > Certificates, the consolevm reboots; however it doesn’t appear it is > > loading my CA certificate with the wildcard. > > > > Answer this please --- I should be able to have two separate > certificates: > > one for the UI management (FQDN of ACS) and one for console proxy session > > (wildcard). > > > > I had this on the 4.14 lab implementation but unfortunately my build > notes > > on this step were poor ☹. > > > > > > Mike Corey > > > > Technology Senior Consultant, IT CS CTW Operation & Virtualization > Service > > US > > > > SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United > > States > > > > T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com > mike.co...@sap.com> > > > > > > [cid:image003.png@01D76E64.7F7C0C60] > > > > > > > > -- > > Andrija Panić > -- Regards, Hean Seng
Re: Cloudstack Usage --- not owner
Hi Andrija, I enabled the value , vm.network.stats.interval to > 0 where it will calculate the traffic from the network port assigned ( which i suppose include local and external) , I am fine for this ( network usage = lan + wan traffic), which similar to previous VPS data usage calculation before migrated to Cloudstack . However , it seems not all calculated accurately , this especially after the issue happened. For external devices, you mention, can you recommend software that may be put into consideration as an alternative . On Wed, Jun 30, 2021 at 4:06 AM Andrija Panic wrote: > stats are pulled from VR in case traffic passes THORUGH those VRs. > In shared networks, traffic does NOT passes THROUGH the VR, but through > some external device - thus no statistics is expected to appear - all good, > no problem. > > On Fri, 25 Jun 2021 at 17:13, Hean Seng wrote: > > > Hi > > > > yes, there are traffic running at the interface . I not sure the logic > > behind on calculating the data, if not would be easy to troubleshoot. > > > > > > > > > > On Fri, Jun 25, 2021 at 10:54 PM Daan Hoogland > > wrote: > > > > > if you look at the hypervisors, do you see traffic data for the nics > > there? > > > > > > On Fri, Jun 25, 2021 at 4:32 PM Hean Seng wrote: > > > > > > > Yes, thats right, I am Advance zone with Security Group, and > Shared > > > > Network with Public IP range, However, I had change value of > > > > vm.network.stats.interval. > > > > so that calculate the Lan traffic of the Network Interface . So it > > should > > > > work for calculating all traffic incur in the network interface . > But > > > > seems not, about 50% of it not calculating. > > > > > > > > > > > > > > > > On Fri, Jun 25, 2021 at 9:51 PM Daan Hoogland < > daan.hoogl...@gmail.com > > > > > > > wrote: > > > > > > > > > The only thing I can think of is that the VM is not on a network > that > > > > > provides routing. for instance in a basic zone or on a shared > network > > > > with > > > > > a public ip range. > > > > > > > > > > On Fri, Jun 25, 2021 at 12:23 PM Hean Seng > > wrote: > > > > > > > > > > > HI Daan > > > > > > > > > > > > > > > > > > My usage record have this , this is one of the example that do > not > > > > have. > > > > > > record of type 4 and 5, but have type 1, > > > > > > > > > > > > select * from usage_event where account_id=3391; > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ---+-++-+-+-++-+-+-++---+--+ > > > > > > > > > > > > | id| type| account_id | created > > > | > > > > > > zone_id | resource_id | resource_name | offering_id | > > > template_id > > > > | > > > > > > size| resource_type | processed | virtual_size | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > +---+-++-+-+-++-+-+-++---+--+ > > > > > > > > > > > > | 75910 | NET.IPASSIGN| 3391 | 2021-05-06 > > 10:16:55 > > > | > > > > > > 1 |2396 | 11.11.1.11 |NULL | 0 | > > > > > > 0 > > > > > > | DirectAttached | 1 | NULL | > > > > > > > > > > > > | 75911 | VOLUME.CREATE | 3391 | 2021-05-06 > > 10:16:55 > > > | > > > > > > 1 |6472 | ROOT-3649 |NULL | > 210 > > | > > > > > > 21474836480 | NULL
Re: Cloudstack Usage --- not owner
Hi yes, there are traffic running at the interface . I not sure the logic behind on calculating the data, if not would be easy to troubleshoot. On Fri, Jun 25, 2021 at 10:54 PM Daan Hoogland wrote: > if you look at the hypervisors, do you see traffic data for the nics there? > > On Fri, Jun 25, 2021 at 4:32 PM Hean Seng wrote: > > > Yes, thats right, I am Advance zone with Security Group, and Shared > > Network with Public IP range, However, I had change value of > > vm.network.stats.interval. > > so that calculate the Lan traffic of the Network Interface . So it should > > work for calculating all traffic incur in the network interface . But > > seems not, about 50% of it not calculating. > > > > > > > > On Fri, Jun 25, 2021 at 9:51 PM Daan Hoogland > > wrote: > > > > > The only thing I can think of is that the VM is not on a network that > > > provides routing. for instance in a basic zone or on a shared network > > with > > > a public ip range. > > > > > > On Fri, Jun 25, 2021 at 12:23 PM Hean Seng wrote: > > > > > > > HI Daan > > > > > > > > > > > > My usage record have this , this is one of the example that do not > > have. > > > > record of type 4 and 5, but have type 1, > > > > > > > > select * from usage_event where account_id=3391; > > > > > > > > > > > > > > > > > > ---+-++-+-+-++-+-+-++---+--+ > > > > > > > > | id| type| account_id | created > | > > > > zone_id | resource_id | resource_name | offering_id | > template_id > > | > > > > size| resource_type | processed | virtual_size | > > > > > > > > > > > > > > > > > > +---+-++-+-+-++-+-+-++---+--+ > > > > > > > > | 75910 | NET.IPASSIGN| 3391 | 2021-05-06 10:16:55 > | > > > > 1 |2396 | 11.11.1.11 |NULL | 0 | > > > > 0 > > > > | DirectAttached | 1 | NULL | > > > > > > > > | 75911 | VOLUME.CREATE | 3391 | 2021-05-06 10:16:55 > | > > > > 1 |6472 | ROOT-3649 |NULL | 210 | > > > > 21474836480 | NULL | 1 | NULL | > > > > > > > > | 75912 | VM.CREATE | 3391 | 2021-05-06 10:16:55 > | > > > > 1 |3649 | VM-38629-vasuflor | 51 | 210 | > > > > NULL > > > > | KVM| 1 | NULL | > > > > > > > > | 75913 | NETWORK.OFFERING.ASSIGN | 3391 | 2021-05-06 10:17:06 > | > > > > 1 |3649 | 3753 | 6 |NULL | > > > > 1 | NULL | 1 | NULL | > > > > > > > > | 75914 | SG.ASSIGN | 3391 | 2021-05-06 10:17:06 > | > > > > 1 |3649 | NULL |3664 |NULL | > > > > NULL > > > > | NULL | 1 | NULL | > > > > > > > > | 75915 | VM.START| 3391 | 2021-05-06 10:17:06 > | > > > > 1 |3649 | VM-38629-vasuflor | 51 | 210 | > > > > NULL > > > > | KVM| 1 | NULL | > > > > > > > > > > > > > > > > > > +---+-++-+-+-++-+-+-++---+--+ > > > > > > > > 6 row > > > > > > > > mysql> select * from usage_network where account_id=3391; > > > > > > > > Empty set (0.00 sec) > > > > > > > > > > > > > > > > mysql> select * from usage_network_offering where account_id=3391 > > > > > > > > -> ; > > > > > > > > > > > > > > > > > > +-++---++-+-
Re: Cloudstack Usage --- not owner
Yes, thats right, I am Advance zone with Security Group, and Shared Network with Public IP range, However, I had change value of vm.network.stats.interval. so that calculate the Lan traffic of the Network Interface . So it should work for calculating all traffic incur in the network interface . But seems not, about 50% of it not calculating. On Fri, Jun 25, 2021 at 9:51 PM Daan Hoogland wrote: > The only thing I can think of is that the VM is not on a network that > provides routing. for instance in a basic zone or on a shared network with > a public ip range. > > On Fri, Jun 25, 2021 at 12:23 PM Hean Seng wrote: > > > HI Daan > > > > > > My usage record have this , this is one of the example that do not have. > > record of type 4 and 5, but have type 1, > > > > select * from usage_event where account_id=3391; > > > > > > > ---+-++-+-+-++-+-+-++---+--+ > > > > | id| type| account_id | created | > > zone_id | resource_id | resource_name | offering_id | template_id | > > size| resource_type | processed | virtual_size | > > > > > > > +---+-++-+-+-++-+-+-++---+--+ > > > > | 75910 | NET.IPASSIGN| 3391 | 2021-05-06 10:16:55 | > > 1 |2396 | 11.11.1.11 |NULL | 0 | > > 0 > > | DirectAttached | 1 | NULL | > > > > | 75911 | VOLUME.CREATE | 3391 | 2021-05-06 10:16:55 | > > 1 |6472 | ROOT-3649 |NULL | 210 | > > 21474836480 | NULL | 1 | NULL | > > > > | 75912 | VM.CREATE | 3391 | 2021-05-06 10:16:55 | > > 1 |3649 | VM-38629-vasuflor | 51 | 210 | > > NULL > > | KVM| 1 | NULL | > > > > | 75913 | NETWORK.OFFERING.ASSIGN | 3391 | 2021-05-06 10:17:06 | > > 1 |3649 | 3753 | 6 |NULL | > > 1 | NULL | 1 | NULL | > > > > | 75914 | SG.ASSIGN | 3391 | 2021-05-06 10:17:06 | > > 1 |3649 | NULL |3664 |NULL | > > NULL > > | NULL | 1 | NULL | > > > > | 75915 | VM.START| 3391 | 2021-05-06 10:17:06 | > > 1 |3649 | VM-38629-vasuflor | 51 | 210 | > > NULL > > | KVM| 1 | NULL | > > > > > > > +---+-++-+-+-++-+-+-++---+--+ > > > > 6 row > > > > mysql> select * from usage_network where account_id=3391; > > > > Empty set (0.00 sec) > > > > > > > > mysql> select * from usage_network_offering where account_id=3391 > > > > -> ; > > > > > > > +-++---++-++-+-++ > > > > | zone_id | account_id | domain_id | vm_instance_id | > network_offering_id | > > is_default | created | deleted | nic_id | > > > > > > > +-++---++-++-+-++ > > > > | 1 | 3391 | 3383 | 3649 | > 6 | > > 1 | 2021-05-06 10:17:06 | NULL| 3753 | > > > > > > > +-++---++-++-+-++ > > > > 1 row in set (0.01 sec) > > > > > > > > > > > > On Fri, Jun 25, 2021 at 3:40 PM Daan Hoogland > > wrote: > > > > > Hean, > > > To be honest, no i don't. You can start looking at any log records > > related > > > to the VMs and than track to their nics. Also look at the > > > usage_event-table, to see if any records are there. First in the cloud > > DB, > > > and if these are there in the cloud_usage DB. > > > Sorry to not have an obviously useful clue for you. > > > >
Re: Cloudstack Usage --- not owner
HI Daan My usage record have this , this is one of the example that do not have. record of type 4 and 5, but have type 1, select * from usage_event where account_id=3391; ---+-++-+-+-++-+-+-++---+--+ | id| type| account_id | created | zone_id | resource_id | resource_name | offering_id | template_id | size| resource_type | processed | virtual_size | +---+-++-+-+-++-+-+-++---+--+ | 75910 | NET.IPASSIGN| 3391 | 2021-05-06 10:16:55 | 1 |2396 | 11.11.1.11 |NULL | 0 | 0 | DirectAttached | 1 | NULL | | 75911 | VOLUME.CREATE | 3391 | 2021-05-06 10:16:55 | 1 |6472 | ROOT-3649 |NULL | 210 | 21474836480 | NULL | 1 | NULL | | 75912 | VM.CREATE | 3391 | 2021-05-06 10:16:55 | 1 |3649 | VM-38629-vasuflor | 51 | 210 |NULL | KVM| 1 | NULL | | 75913 | NETWORK.OFFERING.ASSIGN | 3391 | 2021-05-06 10:17:06 | 1 |3649 | 3753 | 6 |NULL | 1 | NULL | 1 | NULL | | 75914 | SG.ASSIGN | 3391 | 2021-05-06 10:17:06 | 1 |3649 | NULL |3664 |NULL | NULL | NULL | 1 | NULL | | 75915 | VM.START| 3391 | 2021-05-06 10:17:06 | 1 |3649 | VM-38629-vasuflor | 51 | 210 |NULL | KVM| 1 | NULL | +---+-++-+-+-++-+-+-++---+--+ 6 row mysql> select * from usage_network where account_id=3391; Empty set (0.00 sec) mysql> select * from usage_network_offering where account_id=3391 -> ; +-++---++-++-+-++ | zone_id | account_id | domain_id | vm_instance_id | network_offering_id | is_default | created | deleted | nic_id | +-++---++-++-+-++ | 1 | 3391 | 3383 | 3649 | 6 | 1 | 2021-05-06 10:17:06 | NULL| 3753 | +-++---++-++-+-++ 1 row in set (0.01 sec) On Fri, Jun 25, 2021 at 3:40 PM Daan Hoogland wrote: > Hean, > To be honest, no i don't. You can start looking at any log records related > to the VMs and than track to their nics. Also look at the > usage_event-table, to see if any records are there. First in the cloud DB, > and if these are there in the cloud_usage DB. > Sorry to not have an obviously useful clue for you. > > On Thu, Jun 24, 2021 at 7:49 PM Hean Seng wrote: > > > Hi Daan, > > > > Thanks for reply. I deleted the null record, and manage to make it work > > again. The it will auto generate back the record with correct ID . > > > > > > However, I am facing the issue is the Usage Type 4, and 5 (Network sent > > and received) are not populated . Other Type like Type1 is always > working. > > > > Fyi, I am using share network, and set the parameter > > vm.network.stats.interval=300 > > so that the VM statistic is updated . > > > > This issue not happen on all VM, but part of it. ( about 50%) . I > > tried look at the DB, and seem cannot find the clue what actually diff , > in > > term of those updated and those is not. > > > > The record is appearing in usage_network_offering and seems good. Do you > > have any idea of this ? > > > > > > > > > > > > > > > > > > > > > > On Mon, Jun 21, 2021 at 3:19 PM Daan Hoogland > > wrote: > > > > > Sorry Hean, wasn't on line most of the weekend, Is it running now? > > > as you wrote this two days ago, it should already have run twice > > (assuming > > > you didn't change a lot) > > > > > > On Sat, Jun 19, 2021 at 8:41 PM Hean Seng wrote: > > > > > > > And it will insert another success is NULL to usage_job table , > right ?
Re: Cloudstack Usage --- not owner
Hi Daan, Thanks for reply. I deleted the null record, and manage to make it work again. The it will auto generate back the record with correct ID . However, I am facing the issue is the Usage Type 4, and 5 (Network sent and received) are not populated . Other Type like Type1 is always working. Fyi, I am using share network, and set the parameter vm.network.stats.interval=300 so that the VM statistic is updated . This issue not happen on all VM, but part of it. ( about 50%) . I tried look at the DB, and seem cannot find the clue what actually diff , in term of those updated and those is not. The record is appearing in usage_network_offering and seems good. Do you have any idea of this ? On Mon, Jun 21, 2021 at 3:19 PM Daan Hoogland wrote: > Sorry Hean, wasn't on line most of the weekend, Is it running now? > as you wrote this two days ago, it should already have run twice (assuming > you didn't change a lot) > > On Sat, Jun 19, 2021 at 8:41 PM Hean Seng wrote: > > > And it will insert another success is NULL to usage_job table , right ? > > > > i deleted the null record and restart usage servoce and see following > in > > usage log : > > > > 2021-06-19 18:37:52,912 INFO [cloud.usage.UsageManagerImpl] (main:null) > > (logid:) Implementation Version is 4.15.0.0 > > > > 2021-06-19 18:37:55,942 DEBUG [cloud.usage.UsageManagerImpl] (main:null) > > (logid:) Usage stats aggregation time zone: GMT > > > > 2021-06-19 18:37:55,952 DEBUG [cloud.usage.UsageManagerImpl] (main:null) > > (logid:) Execution Time: Sat Jun 19 00:15:00 UTC 2021 > > > > 2021-06-19 18:37:55,953 DEBUG [cloud.usage.UsageManagerImpl] (main:null) > > (logid:) Current Time: Sat Jun 19 18:37:55 UTC 2021 > > > > It seem execution time before current time ? Is that normal ? > > > > > > > > > > > > On Sun, Jun 20, 2021 at 2:39 AM Hean Seng wrote: > > > > > > > > So, I shall stop the Cloudstack-Usage services and delete all record > > where > > > success is NULL , and start back the usage service ? > > > > > > > > > On Sat, Jun 19, 2021 at 11:00 PM Daan Hoogland < > daan.hoogl...@gmail.com> > > > wrote: > > > > > >> Heanm, > > >> > > >> On Sat, Jun 19, 2021 at 5:27 AM Hean Seng wrote: > > >> > > >> > i have no unprocess job , but still have this issue: > > >> > > > >> > 2021-06-19 10:09:57,657 DEBUG [cloud.usage.UsageManagerImpl] > > >> > (Usage-HB-1:null) (logid:) Scheduling Usage job... > > >> > > > >> > 2021-06-19 10:09:57,657 INFO [cloud.usage.UsageManagerImpl] > > >> > (Usage-Job-1:null) (logid:) starting usage job... > > >> > > > >> > 2021-06-19 10:09:57,661 DEBUG [cloud.usage.UsageManagerImpl] > > >> > (Usage-Job-1:null) (logid:) Not owner of usage job, skipping... > > >> > > > >> this line ^^ means there is a unprocessed job owned by another > proccess > > >> ... > > >> > > >> > > >> > 2021-06-19 10:09:57,661 INFO [cloud.usage.UsageManagerImpl] > > >> > (Usage-Job-1:null) (logid:) usage job complete > > >> > > > >> > > > >> > mysql> select id, pid, start_date ,end_date , success, heartbeat > from > > >> > usage_job where success=0 order by start_date desc limit 100; > > >> > > > >> you should search for `where success is null` > > >> > > >> > > >> > Empty set (0.00 sec) > > >> > > > >> > > > >> > > > >> > > > >> > On Fri, Jun 18, 2021 at 11:01 PM Hean Seng > > wrote: > > >> > > > >> > > yes, I restarted the mgmt server, wait till can login web > > interface > > >> . > > >> > > then only restart usage . > > >> > > > > >> > > I did follwoig also : > > >> > > > > >> > > * stop usage server > > >> > > > > >> > > * remove the record from usage_job for the unprocessed job > > >> > > > > >> > > * start usage server again > > >> > > > > >> > > > > >> > > > > >> > > Still same thing. Not sure where the Cloudstack keep the Usage > > server > > >> > PID > > >> > > id , and keep getting wrong id. > > >> > > >
Re: [DISCUSS] Rocky 8.4 and CloudStack
My Opinion is if support on Stream, might as well just proceed on Fedora Server. Alternatively can consider Rocky or Alma , but this two variant is quite new. On Tue, Jun 22, 2021 at 11:40 PM Rohit Yadav wrote: > Both I guess, 8-Stream may not same kind of stability like an LTS release. > > Regards. > > Regards, > Rohit Yadav > > > From: n...@li.nux.ro > Sent: Tuesday, June 22, 2021 8:11:45 PM > To: d...@cloudstack.apache.org > Cc: users@cloudstack.apache.org > Subject: Re: [DISCUSS] Rocky 8.4 and CloudStack > > Hi, > > Drop support for CentOS8, 8-Stream or both? > > Regards > > On 2021-06-22 08:41, Rohit Yadav wrote: > > All, > > > > With GA release of Rocky Linux 8.4 > > (https://docs.rockylinux.org/release_notes/8.4) does it make sense now > > to completely drop support for CentOS8 in the next major release? I > > did a quick test and it seems rpms built on centos8 container continue > > to work on Rocky release. Thoughts? > > > > Regards, > > Rohit Yadav > > > > -- Regards, Hean Seng
Re: Cloudstack Usage --- not owner
So, I shall stop the Cloudstack-Usage services and delete all record where success is NULL , and start back the usage service ? On Sat, Jun 19, 2021 at 11:00 PM Daan Hoogland wrote: > Heanm, > > On Sat, Jun 19, 2021 at 5:27 AM Hean Seng wrote: > > > i have no unprocess job , but still have this issue: > > > > 2021-06-19 10:09:57,657 DEBUG [cloud.usage.UsageManagerImpl] > > (Usage-HB-1:null) (logid:) Scheduling Usage job... > > > > 2021-06-19 10:09:57,657 INFO [cloud.usage.UsageManagerImpl] > > (Usage-Job-1:null) (logid:) starting usage job... > > > > 2021-06-19 10:09:57,661 DEBUG [cloud.usage.UsageManagerImpl] > > (Usage-Job-1:null) (logid:) Not owner of usage job, skipping... > > > this line ^^ means there is a unprocessed job owned by another proccess > ... > > > > 2021-06-19 10:09:57,661 INFO [cloud.usage.UsageManagerImpl] > > (Usage-Job-1:null) (logid:) usage job complete > > > > > > mysql> select id, pid, start_date ,end_date , success, heartbeat from > > usage_job where success=0 order by start_date desc limit 100; > > > you should search for `where success is null` > > > > Empty set (0.00 sec) > > > > > > > > > > On Fri, Jun 18, 2021 at 11:01 PM Hean Seng wrote: > > > > > yes, I restarted the mgmt server, wait till can login web interface . > > > then only restart usage . > > > > > > I did follwoig also : > > > > > > * stop usage server > > > > > > * remove the record from usage_job for the unprocessed job > > > > > > * start usage server again > > > > > > > > > > > > Still same thing. Not sure where the Cloudstack keep the Usage server > > PID > > > id , and keep getting wrong id. > > > > > > > > > > > > > > > > > > > > > On Fri, Jun 18, 2021 at 4:31 PM Boris Stoyanov < > > > boris.stoya...@shapeblue.com> wrote: > > > > > >> Hi Hean Seng, > > >> > > >> Have you waited the management service to come up and then restarted > > >> usage service? It might be some race condition? > > >> > > >> Bobby. > > >> > > >> From: Hean Seng > > >> Date: Friday, 18 June 2021, 7:31 > > >> To: users@cloudstack.apache.org > > >> Subject: Cloudstack Usage --- not owner > > >> Hi > > >> > > >> I have mysql hang, and restarted mysql, restarted cloudstack mgmt, and > > >> usage. > > >> > > >> After that facing issue of following: > > >> > > >> duration is 120 minutes) > > >> > > >> 2021-06-18 04:25:49,656 DEBUG [cloud.usage.UsageManagerImpl] > > >> (Usage-HB-1:null) (logid:) Scheduling Usage job... > > >> > > >> 2021-06-18 04:25:49,657 INFO [cloud.usage.UsageManagerImpl] > > >> (Usage-Job-1:null) (logid:) starting usage job... > > >> > > >> 2021-06-18 04:25:49,669 DEBUG [cloud.usage.UsageManagerImpl] > > >> (Usage-Job-1:null) (logid:) Not owner of usage job, skipping... > > >> > > >> 2021-06-18 04:25:49,669 INFO [cloud.usage.UsageManagerImpl] > > >> (Usage-Job-1:null) (logid:) usage job complete > > >> > > >> > > >> > > >> Seems usage pid is not updated to db . > > >> > > >> Andybody know how to fix this ? > > >> > > >> -- > > >> Regards, > > >> Hean Seng > > >> > > >> > > >> > > >> > > > > > > -- > > > Regards, > > > Hean Seng > > > > > > > > > -- > > Regards, > > Hean Seng > > > > > -- > Daan > -- Regards, Hean Seng
Re: Cloudstack Usage --- not owner
And it will insert another success is NULL to usage_job table , right ? i deleted the null record and restart usage servoce and see following in usage log : 2021-06-19 18:37:52,912 INFO [cloud.usage.UsageManagerImpl] (main:null) (logid:) Implementation Version is 4.15.0.0 2021-06-19 18:37:55,942 DEBUG [cloud.usage.UsageManagerImpl] (main:null) (logid:) Usage stats aggregation time zone: GMT 2021-06-19 18:37:55,952 DEBUG [cloud.usage.UsageManagerImpl] (main:null) (logid:) Execution Time: Sat Jun 19 00:15:00 UTC 2021 2021-06-19 18:37:55,953 DEBUG [cloud.usage.UsageManagerImpl] (main:null) (logid:) Current Time: Sat Jun 19 18:37:55 UTC 2021 It seem execution time before current time ? Is that normal ? On Sun, Jun 20, 2021 at 2:39 AM Hean Seng wrote: > > So, I shall stop the Cloudstack-Usage services and delete all record where > success is NULL , and start back the usage service ? > > > On Sat, Jun 19, 2021 at 11:00 PM Daan Hoogland > wrote: > >> Heanm, >> >> On Sat, Jun 19, 2021 at 5:27 AM Hean Seng wrote: >> >> > i have no unprocess job , but still have this issue: >> > >> > 2021-06-19 10:09:57,657 DEBUG [cloud.usage.UsageManagerImpl] >> > (Usage-HB-1:null) (logid:) Scheduling Usage job... >> > >> > 2021-06-19 10:09:57,657 INFO [cloud.usage.UsageManagerImpl] >> > (Usage-Job-1:null) (logid:) starting usage job... >> > >> > 2021-06-19 10:09:57,661 DEBUG [cloud.usage.UsageManagerImpl] >> > (Usage-Job-1:null) (logid:) Not owner of usage job, skipping... >> > >> this line ^^ means there is a unprocessed job owned by another proccess >> ... >> >> >> > 2021-06-19 10:09:57,661 INFO [cloud.usage.UsageManagerImpl] >> > (Usage-Job-1:null) (logid:) usage job complete >> > >> > >> > mysql> select id, pid, start_date ,end_date , success, heartbeat from >> > usage_job where success=0 order by start_date desc limit 100; >> > >> you should search for `where success is null` >> >> >> > Empty set (0.00 sec) >> > >> > >> > >> > >> > On Fri, Jun 18, 2021 at 11:01 PM Hean Seng wrote: >> > >> > > yes, I restarted the mgmt server, wait till can login web interface >> . >> > > then only restart usage . >> > > >> > > I did follwoig also : >> > > >> > > * stop usage server >> > > >> > > * remove the record from usage_job for the unprocessed job >> > > >> > > * start usage server again >> > > >> > > >> > > >> > > Still same thing. Not sure where the Cloudstack keep the Usage server >> > PID >> > > id , and keep getting wrong id. >> > > >> > > >> > > >> > > >> > > >> > > >> > > On Fri, Jun 18, 2021 at 4:31 PM Boris Stoyanov < >> > > boris.stoya...@shapeblue.com> wrote: >> > > >> > >> Hi Hean Seng, >> > >> >> > >> Have you waited the management service to come up and then restarted >> > >> usage service? It might be some race condition? >> > >> >> > >> Bobby. >> > >> >> > >> From: Hean Seng >> > >> Date: Friday, 18 June 2021, 7:31 >> > >> To: users@cloudstack.apache.org >> > >> Subject: Cloudstack Usage --- not owner >> > >> Hi >> > >> >> > >> I have mysql hang, and restarted mysql, restarted cloudstack mgmt, >> and >> > >> usage. >> > >> >> > >> After that facing issue of following: >> > >> >> > >> duration is 120 minutes) >> > >> >> > >> 2021-06-18 04:25:49,656 DEBUG [cloud.usage.UsageManagerImpl] >> > >> (Usage-HB-1:null) (logid:) Scheduling Usage job... >> > >> >> > >> 2021-06-18 04:25:49,657 INFO [cloud.usage.UsageManagerImpl] >> > >> (Usage-Job-1:null) (logid:) starting usage job... >> > >> >> > >> 2021-06-18 04:25:49,669 DEBUG [cloud.usage.UsageManagerImpl] >> > >> (Usage-Job-1:null) (logid:) Not owner of usage job, skipping... >> > >> >> > >> 2021-06-18 04:25:49,669 INFO [cloud.usage.UsageManagerImpl] >> > >> (Usage-Job-1:null) (logid:) usage job complete >> > >> >> > >> >> > >> >> > >> Seems usage pid is not updated to db . >> > >> >> > >> Andybody know how to fix this ? >> > >> >> > >> -- >> > >> Regards, >> > >> Hean Seng >> > >> >> > >> >> > >> >> > >> >> > > >> > > -- >> > > Regards, >> > > Hean Seng >> > > >> > >> > >> > -- >> > Regards, >> > Hean Seng >> > >> >> >> -- >> Daan >> > > > -- > Regards, > Hean Seng > -- Regards, Hean Seng
Re: Cloudstack Usage --- not owner
i have no unprocess job , but still have this issue: 2021-06-19 10:09:57,657 DEBUG [cloud.usage.UsageManagerImpl] (Usage-HB-1:null) (logid:) Scheduling Usage job... 2021-06-19 10:09:57,657 INFO [cloud.usage.UsageManagerImpl] (Usage-Job-1:null) (logid:) starting usage job... 2021-06-19 10:09:57,661 DEBUG [cloud.usage.UsageManagerImpl] (Usage-Job-1:null) (logid:) Not owner of usage job, skipping... 2021-06-19 10:09:57,661 INFO [cloud.usage.UsageManagerImpl] (Usage-Job-1:null) (logid:) usage job complete mysql> select id, pid, start_date ,end_date , success, heartbeat from usage_job where success=0 order by start_date desc limit 100; Empty set (0.00 sec) On Fri, Jun 18, 2021 at 11:01 PM Hean Seng wrote: > yes, I restarted the mgmt server, wait till can login web interface . > then only restart usage . > > I did follwoig also : > > * stop usage server > > * remove the record from usage_job for the unprocessed job > > * start usage server again > > > > Still same thing. Not sure where the Cloudstack keep the Usage server PID > id , and keep getting wrong id. > > > > > > > On Fri, Jun 18, 2021 at 4:31 PM Boris Stoyanov < > boris.stoya...@shapeblue.com> wrote: > >> Hi Hean Seng, >> >> Have you waited the management service to come up and then restarted >> usage service? It might be some race condition? >> >> Bobby. >> >> From: Hean Seng >> Date: Friday, 18 June 2021, 7:31 >> To: users@cloudstack.apache.org >> Subject: Cloudstack Usage --- not owner >> Hi >> >> I have mysql hang, and restarted mysql, restarted cloudstack mgmt, and >> usage. >> >> After that facing issue of following: >> >> duration is 120 minutes) >> >> 2021-06-18 04:25:49,656 DEBUG [cloud.usage.UsageManagerImpl] >> (Usage-HB-1:null) (logid:) Scheduling Usage job... >> >> 2021-06-18 04:25:49,657 INFO [cloud.usage.UsageManagerImpl] >> (Usage-Job-1:null) (logid:) starting usage job... >> >> 2021-06-18 04:25:49,669 DEBUG [cloud.usage.UsageManagerImpl] >> (Usage-Job-1:null) (logid:) Not owner of usage job, skipping... >> >> 2021-06-18 04:25:49,669 INFO [cloud.usage.UsageManagerImpl] >> (Usage-Job-1:null) (logid:) usage job complete >> >> >> >> Seems usage pid is not updated to db . >> >> Andybody know how to fix this ? >> >> -- >> Regards, >> Hean Seng >> >> >> >> > > -- > Regards, > Hean Seng > -- Regards, Hean Seng
Re: Cloudstack Usage --- not owner
yes, I restarted the mgmt server, wait till can login web interface . then only restart usage . I did follwoig also : * stop usage server * remove the record from usage_job for the unprocessed job * start usage server again Still same thing. Not sure where the Cloudstack keep the Usage server PID id , and keep getting wrong id. On Fri, Jun 18, 2021 at 4:31 PM Boris Stoyanov wrote: > Hi Hean Seng, > > Have you waited the management service to come up and then restarted usage > service? It might be some race condition? > > Bobby. > > From: Hean Seng > Date: Friday, 18 June 2021, 7:31 > To: users@cloudstack.apache.org > Subject: Cloudstack Usage --- not owner > Hi > > I have mysql hang, and restarted mysql, restarted cloudstack mgmt, and > usage. > > After that facing issue of following: > > duration is 120 minutes) > > 2021-06-18 04:25:49,656 DEBUG [cloud.usage.UsageManagerImpl] > (Usage-HB-1:null) (logid:) Scheduling Usage job... > > 2021-06-18 04:25:49,657 INFO [cloud.usage.UsageManagerImpl] > (Usage-Job-1:null) (logid:) starting usage job... > > 2021-06-18 04:25:49,669 DEBUG [cloud.usage.UsageManagerImpl] > (Usage-Job-1:null) (logid:) Not owner of usage job, skipping... > > 2021-06-18 04:25:49,669 INFO [cloud.usage.UsageManagerImpl] > (Usage-Job-1:null) (logid:) usage job complete > > > > Seems usage pid is not updated to db . > > Andybody know how to fix this ? > > -- > Regards, > Hean Seng > > > > -- Regards, Hean Seng
Cloudstack Usage --- not owner
Hi I have mysql hang, and restarted mysql, restarted cloudstack mgmt, and usage. After that facing issue of following: duration is 120 minutes) 2021-06-18 04:25:49,656 DEBUG [cloud.usage.UsageManagerImpl] (Usage-HB-1:null) (logid:) Scheduling Usage job... 2021-06-18 04:25:49,657 INFO [cloud.usage.UsageManagerImpl] (Usage-Job-1:null) (logid:) starting usage job... 2021-06-18 04:25:49,669 DEBUG [cloud.usage.UsageManagerImpl] (Usage-Job-1:null) (logid:) Not owner of usage job, skipping... 2021-06-18 04:25:49,669 INFO [cloud.usage.UsageManagerImpl] (Usage-Job-1:null) (logid:) usage job complete Seems usage pid is not updated to db . Andybody know how to fix this ? -- Regards, Hean Seng
Re: [DISCUSS] Moving to OpenVPN as the remote access VPN provider
If thinking of only Site-to-Site VPN , then OpenVPN and WireGuard is no much different , or even current one is gpod. Only only time setup at router. However if considering of Mobile Client, OpenVPN is more complicated. The only concern now is multiple people in the same public IP need to access the VPN. And this consideration will be OpenVPN or Wireguard to handle this requirement. And for this purpose of multiple people in same public ip need to access to VPN, then we will have think of usability and easy installation of VPN client. We are using OpenVPN for more then 5 years, but always there is new PC need to configure VPN Client, windows , android, ios, it is painful ( we are not using access server) . Currently we test on WireGuard, just forgot about performance or whatsoever, just the conveniences of implementation, that is very great and easy for client installation , even mobile client on phone or tablet. On Fri, Jun 11, 2021 at 5:04 PM Daan Hoogland wrote: > This is a potential religious debate, I think it makes the most sense to > try and make the provider optional and let the operator or even the > end-user decide. I see how this is an extra challenge, but does it make > sense? > > On Thu, Jun 10, 2021 at 10:24 AM Rohit Yadav > wrote: > > > All, > > > > We've historically supported openswan and nowadays strongswan as the VPN > > provider in VR for both site-to-site and remote access modes. After > > discussing the situation with a few users and colleagues I learnt that > > OpenVPN is generally far easier to use, have clients for most OS and > > platforms (desktop, laptop, tablet, phones...) and allows multiple > clients > > in the same public IP (for example, multiple people in the office > sharing a > > client-side public IP/nat while trying to connect to a VPC or an isolated > > network) and for these reasons many users actually deploy pfSense or > setup > > a OpenVPN server in their isolated network or VPC and use that instead. > > > > Therefore for the point-to-point VPN use-case of remote access [1] does > it > > make sense to switch to OpenVPN? Or, are there users using > > strongswan/ipsec/l2tpd for remote access VPN? > > > > A general-purpose VPN-framework/provider where an account or admin (via > > offering) can specify which VPN provider they want in the network > > (strongswan/ipsec, OpenVPN, Wireguard...). However, it may be more > complex > > to implement and maintain. Any other thoughts in general about VPN > > implementation and support in CloudStack? Thanks. > > > > [1] > > > http://docs.cloudstack.apache.org/en/latest/adminguide/networking_and_traffic.html#remote-access-vpn > > > > > > > > Regards. > > > > > > > > > > -- > Daan > -- Regards, Hean Seng
Re: [DISCUSS] Moving to OpenVPN as the remote access VPN provider
If would to change / add VPN protocol, I would suggest WiredGuard. OpenVPN is great, but key-based installation is much more difficult / painful to configure Windows Base Client. / Mobile Client (Android. IOS) OpenVPN easier deployment is on Access Server , which is paid services ( correct me if I am wrong ) On Thu, Jun 10, 2021 at 9:31 PM Stênio Firmino wrote: > OpenVPN support will be great. S2S > -- > Stênio Firmino Filho > Chefe de Seção Técnica - SCINT - CETiSP > Superintendência de Tecnologia da Informação > Universidade de São Paulo > Av. Prof. Luciano Gualberto, travessa 3, 71 > CEP 05.508-010 - São Paulo/SP > > > On Thu, Jun 10, 2021 at 8:46 AM Andrija Panic > wrote: > > > +1 > > > > as it's, these days, a de facto standard for every VPN device/provider - > > and there is great support with OpenVPN clients for all client Operating > > Systems. > > > > On Thu, 10 Jun 2021 at 11:24, Alex Mattioli > > > wrote: > > > > > +1 on OpenVPN, and then a framework later on. > > > > > > > > > > > > > > > -Original Message- > > > From: Rohit Yadav > > > Sent: 10 June 2021 10:25 > > > To: d...@cloudstack.apache.org; users@cloudstack.apache.org > > > Subject: [DISCUSS] Moving to OpenVPN as the remote access VPN provider > > > > > > All, > > > > > > We've historically supported openswan and nowadays strongswan as the > VPN > > > provider in VR for both site-to-site and remote access modes. After > > > discussing the situation with a few users and colleagues I learnt that > > > OpenVPN is generally far easier to use, have clients for most OS and > > > platforms (desktop, laptop, tablet, phones...) and allows multiple > > clients > > > in the same public IP (for example, multiple people in the office > > sharing a > > > client-side public IP/nat while trying to connect to a VPC or an > isolated > > > network) and for these reasons many users actually deploy pfSense or > > setup > > > a OpenVPN server in their isolated network or VPC and use that instead. > > > > > > Therefore for the point-to-point VPN use-case of remote access [1] does > > it > > > make sense to switch to OpenVPN? Or, are there users using > > > strongswan/ipsec/l2tpd for remote access VPN? > > > > > > A general-purpose VPN-framework/provider where an account or admin (via > > > offering) can specify which VPN provider they want in the network > > > (strongswan/ipsec, OpenVPN, Wireguard...). However, it may be more > > complex > > > to implement and maintain. Any other thoughts in general about VPN > > > implementation and support in CloudStack? Thanks. > > > > > > [1] > > > > > > http://docs.cloudstack.apache.org/en/latest/adminguide/networking_and_traffic.html#remote-access-vpn > > > > > > > > > > > > Regards. > > > > > > > > > > > > > > > > > > > -- > > > > Andrija Panić > > > -- Regards, Hean Seng
Re: Windows Virtual Machine on Cloudstack KVM Platform
Hi Andrija Yes, that is fedora driver i installed VirtIO, performance look a lot better then without VirtIO. On Fri, Jun 4, 2021 at 8:06 PM Andrija Panic wrote: > Yes, Windows guests can run perfectly fine/stable and fast on KVM > > - Instead of 'Windows XXX" version guest OS type, chose "Windows PV" when > you register Windows ISO - this ensures all SCSI/NIC hardware is VirtIO > (optimal performance), otherwise if you chose Windows XXX (2012, 2016, etc) > - the hardware emulated by KVM is IDE controller, Intel e1000 NIC etc - > completely unusable slow performance. > - Ensure you add VirtIO drivers for SCSI disk controller inside Windows > (during Windows Setup - just like any proprietary SCSI controller), so you > can completely Windows setup on custom SCSI controller (RedHat VirtIO SCSI > controller) > - Later install NIC VirtIO driver > - There you go > > Drivers you can download from Fedora site: (ISO file, so you can attach it > during Windows deployment, just like in old days with proprietary scsi > controllers) > https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/ > > there is "latest" and there is "stable" -judge for yourself which one you > want to use > If you at some point start getting BSOD in Windows - it's 99% due to some > bug in VirtIO drivers (happened with Win2008/2012, 4-5 years ago in my ex > company - just upgrade VirtIO drivers with newer ones, sometimes RTFM the > driver Release notes will also help :wink) > > Best, > > On Fri, 4 Jun 2021 at 04:11, Hean Seng wrote: > > > HI > > > > Is there anybody running Windows on Cloudstack KVM platform, is there > any > > performance issue ? > > > > For Cloudstack KVM, running Windows, how can I know is using VirtIO > driver > > or not ? Seems I not able to choose if to use VirtIO or not . > > > > Thank you. > > > > -- > > Regards, > > Hean Seng > > > > > -- > > Andrija Panić > -- Regards, Hean Seng
Windows Virtual Machine on Cloudstack KVM Platform
HI Is there anybody running Windows on Cloudstack KVM platform, is there any performance issue ? For Cloudstack KVM, running Windows, how can I know is using VirtIO driver or not ? Seems I not able to choose if to use VirtIO or not . Thank you. -- Regards, Hean Seng
Re: Centos 7.9 - cloud-init password reset?
》〉So, what you are saying is to install cloud-init takes care of the reset password ? yes 》〉No needs to be changed on Cloud-init on CentOS. 8, 7 , Ubuntu 20 , FreeBSD13 etc. Right? No need. On Fri, May 21, 2021 at 1:40 PM 조대형 wrote: > Thanks, Hean > > > So, what you are saying is to install cloud-init takes care of the reset > password ? > No needs to be changed on Cloud-init on CentOS. 8, 7 , Ubuntu 20 , > FreeBSD13 etc. Right? > > > > > -----Original Message- > From: Hean Seng [mailto:heans...@gmail.com] > Sent: Friday, May 21, 2021 2:35 PM > To: users@cloudstack.apache.org > Subject: Re: Centos 7.9 - cloud-init password reset? > > The change password for new OS, like CentOS. 8, 7 , Ubuntu 20 , FreeBSD13 > , there is no need any script, just the Cloud-Init will do. > > The change pass script only for older OS, like Ubuntu 16, CentOS6 etc. > > > I manage to do it for CentOS 7, 8, Ubuntu 20. and FreeBSD 13, with > Cloud-Init, it has no issue . > > > For CentOS 8, you need to install network-script , as default is depend on > Network Maager . > > > > > > > > > > On Fri, May 21, 2021 at 12:45 PM 조대형 wrote: > > > Hi, > > > > I have attached the logs that I execute the password script and > cloud-init. > > > > # ./password.bash > > > > Results : executed password reset file. > > > > Cloud Password Manager: Searching for ConfigDrive > > Cloud Password Manager: ConfigDrive not found > > Cloud Password Manager: Detecting primary network > > Cloud Password Manager: Trying to find userdata server > > Cloud Password Manager: Operating System is using NetworkManager > > Cloud Password Manager: Found userdata server IP VR's IP address in > > NetworkManager config > > Cloud Password Manager: Sending request to userdata server at VR's IP > > address to get public key > > Cloud Password Manager: Got response from userdata server at VR's IP > > address > > Cloud Password Manager: Did not receive any public keys from userdata > > server > > Cloud Password Manager: Sending request to userdata server at VR's IP > > address to get the password > > Cloud Password Manager: Got response from userdata server at VR's IP > > address > > Cloud Password Manager: VM has already saved a password from the userdata > > server at VR's IP address > > > > > > > > # cloud-init init > > > > Cloud-init v. 20.3-10.el8 running 'init' at Fri, 21 May 2021 04:40:34 > > +. Up 268624.75 seconds. > > ci-info: +++Net device > > info > > ci-info: > > > ++--+-+-++---+ > > ci-info: | Device | Up | Address | Mask > | > > Scope | Hw-Address| > > ci-info: > > > ++--+-+-++---+ > > ci-info: | eth0 | True | VR'S IP address1 | > > 255.255.255.192 | global | 1e:00:8f:00:02:8f | > > ci-info: | eth0 | True | fe80::1c00:8fff:fe00:28f/64 |. > > | link | 1e:00:8f:00:02:8f | > > ci-info: | lo | True | 127.0.0.1 |255.0.0.0 > > | host | . | > > ci-info: | lo | True | ::1/128 |. > > | host | . | > > ci-info: > > > ++--+-+-++---+ > > ci-info: +Route IPv4 > > info++ > > ci-info: > > > +---+-++-+---+---+ > > ci-info: | Route | Destination | Gateway | Genmask | Interface > > | Flags | > > ci-info: > > > +---+-++-+---+---+ > > ci-info: | 0 | 0.0.0.0 | x.x.x.1 | 0.0.0.0 |eth0 | > > UG | > > ci-info: | 1 | x.x.x.0 | 0.0.0.0 | 255.255.255.192 |eth0 | > > U | > > ci-info: > > > +---+-++-+---+---+ > > ci-info: +++Route IPv6 info+++ > > ci-info: +---+-+-+---+---+ > > ci-info: | Route | Destination | Gateway | Interface | Flags | > > ci-info: +---+-+-+---+---+ > > ci-info: | 1 | fe80::/64 |:: |eth0 | U | > > ci-info: | 3
Re: Centos 7.9 - cloud-init password reset?
gt; > >
> > > -Original Message-
> > > From: Andrija Panic [mailto:andrija.pa...@gmail.com]
> > > Sent: Friday, May 14, 2021 7:24 AM
> > > To: users
> > > Subject: Re: Centos 7.9 - cloud-init password reset?
> > >
> > > Would it be nice if you could update the ACS documentation on the
> > > password-reset script, to very briefly explain how the same can be
> > achieved
> > > with cloud-init, and what to look-for (i.e. issues you had etc)
> > >
> > > This would help the product and other users which might have the same
> > > issue.
> > >
> > > Thanks,
> > >
> > > On Thu, 13 May 2021 at 11:27, Yordan Kostov
> > wrote:
> > >
> > > > Thank you Alireza!
> > > >
> > > > I tested it and it is working!
> > > >
> > > > Best regards,
> > > > Jordan
> > > >
> > > > -Original Message-
> > > > From: Yordan Kostov
> > > > Sent: Wednesday, May 12, 2021 1:17 PM
> > > > To: users@cloudstack.apache.org
> > > > Subject: RE: Centos 7.9 - cloud-init password reset?
> > > >
> > > >
> > > > [X] This message came from outside your organization
> > > >
> > > >
> > > > Thank you Alireza,
> > > >
> > > > I am currently reconfiguring the template from scratch and
> > > > will test!
> > > >
> > > > Best regards,
> > > > Jordan
> > > >
> > > > -Original Message-
> > > > From: Alireza Eskandari
> > > > Sent: Tuesday, May 11, 2021 5:09 PM
> > > > To: users@cloudstack.apache.org
> > > > Subject: Re: Centos 7.9 - cloud-init password reset?
> > > >
> > > >
> > > > [X] This message came from outside your organization
> > > >
> > > >
> > > > Hi
> > > > You should check log files in /run/cloud-init directory for the root
> > > cause.
> > > > If cloud-init cannot find the datasource, it won't run.
> > > > The better way to configure datasource in cloud-init is using
> > > > ds-identify.cfg file Delete
> "/etc/cloud/cloud.cfg.d/99_cloudstack.cfg"
> > > > and create "/etc/cloud/ds-identify.cfg" file with this content:
> > > > datasource: ConfigDrive, CloudStack
> > > > Then check output of this command:
> > > > DEBUG_LEVEL=2 DI_LOG=stderr /usr/lib/cloud-init/ds-identify --force
> > > > Unfortunately cloud-init is poorly documented and you should do some
> > > > try and error to fix it.
> > > > Take a look at this link:
> > > >
> > > >
> https://urldefense.com/v3/__https://cloudinit.readthedocs.io/en/latest
> > > >
> /topics/faq.html__;!!A6UyJA!2vfkFVGQOoMM0mDg1l-3C6bstn_Yp1e6L5bcnqYmIw
> > > > w2wWMz3EgdTU6-DlC5Z-6zLeBde_X0gZxc$
> > > >
> > > > On Tue, May 11, 2021 at 7:52 AM Yordan Kostov
> > > > wrote:
> > > >
> > > > > Hey everyone,
> > > > >
> > > > > I try to use cloud-init for password reset but for
> > > > > some reason it does not work. I thought it is out of the box ☹.
> Here
> > > > > is my
> > > > > config:
> > > > >
> > > > > == Centos 7.9 minimal
> > > > >
> > > > > yum -y install cloud-init cloud-utils-growpart systemctl enable
> > > > > cloud-init
> > > > >
> > > > > echo "datasource:
> > > > > CloudStack: {}
> > > > > None: {}
> > > > > datasource_list:
> > > > > CloudStack" > /etc/cloud/cloud.cfg.d/99_cloudstack.cfg
> > > > >
> > > > >
> > > > > echo "system_info:
> > > > > default_user:
> > > > > name: root
> > > > > disable_root: 0
> > > > > ssh_pwauth: 1" > /etc/cloud/cloud.cfg.d/80_root.cfg
> > > > >
> > > > > First and foremost cloud-init does not run at all. There is noting
> > > > > in the logs /var/logs/cloud-init.log When launched manual via
> > > > > cloud-init init, logs say it is all successful but root password is
> > > not changed.
> > > > >
> > > > > Not sure If I do something wrong but everyplace I do read says it
> > > > > should be working without pretty much complications.
> > > > > Do I do something wrong?
> > > > >
> > > > > Regards,
> > > > > Jordan
> > > > >
> > > >
> > >
> > >
> > > --
> > >
> > > Andrija Panić
> > >
> > >
> >
> >
>
>
--
Regards,
Hean Seng
Re: Template Download - No route to host
You need someone understand network to help you on designing the network for the Cloudstack , and some system knowledge to get this up and running. On Thu, May 13, 2021 at 11:12 PM Corey, Mike wrote: > Hi, > > > > I’m not a Linux guy by trade so please forgive my ignorance. The default > template is not downloading and I’m getting the “no route to host” from ACS > and inside my SSVM. The SSVM cannot ping it’s public IP gateway either. > And obviously it can’t hit the web… > > > > root@s-2-VM:~# curl http://www.shapeblue.com > > curl: (7) Failed to connect to www.shapeblue.com port 80: No route to host > > > > Google suggests I check the IPTABLES; however, as mentioned I’m not all > that familiar with Linux family. I certainly don’t want to open up > everything to the www. > > > > Default route is the public IP gateway as expected… default via > dev eth2 > > > > SSVM can ping the public IP of the Console System VM. > > > > Should I even have to do anything with IPTables on the SSVM? My physical > network is the same as I have on the previous 4.14 ACS lab on VMware and > the same public ip scope. > > > > Many thanks! > > > > > > > > *Mike Corey* > > > Technology Senior Consultant, IT CS CTW Operation & Virtualization Service > US > > > *SAP AMERICA, INC.* 3999 West Chester Pike, Newtown Square, 19073 United > States > > > T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com > > > > > > > -- Regards, Hean Seng
Re: Basic and Advanced Networking
You can't . the host is appear in a zone, and in a zone, you can only choose either basic or advance networking On Tue, May 11, 2021 at 1:39 AM Alessandro Caviglione < c.alessan...@gmail.com> wrote: > Hi guys, > just a question... is there a way to use both Basic and Advanced networking > on some KVM hosts? > -- Regards, Hean Seng
Re: VM console keeps pausing to the point of being unusable
e recipient is responsible for verifying its authenticity before acting > on the contents. Any views or opinions presented are solely those of the > author and do not necessarily represent those of Oakford Technology Limited. > Registered address: Oakford Technology Limited, The Manor House, Potterne, > Wiltshire. SN10 5PN. > Registered in England and Wales No. 5971519 > > Disclaimer Notice: > This email has been sent by Oakford Technology Limited, while we have > checked this e-mail and any attachments for viruses, we can not guarantee > that they are virus-free. You must therefore take full responsibility for > virus checking. > This message and any attachments are confidential and should only be read > by those to whom they are addressed. If you are not the intended recipient, > please contact us, delete the message from your computer and destroy any > copies. Any distribution or copying without our prior permission is > prohibited. > Internet communications are not always secure and therefore Oakford > Technology Limited does not accept legal responsibility for this message. > The recipient is responsible for verifying its authenticity before acting > on the contents. Any views or opinions presented are solely those of the > author and do not necessarily represent those of Oakford Technology Limited. > Registered address: Oakford Technology Limited, The Manor House, Potterne, > Wiltshire. SN10 5PN. > Registered in England and Wales No. 5971519 > > -- Regards, Hean Seng
Re: IPv6 Issue in Cloudstack
Yes, I means changing ipv6. Adding secondary IP, seems not adding second IPv6 also . For my case now, the IPv6 ad MAC is not the same also : MAC: link/ether 1e:00:0d:00:01:ec brd ff:ff:ff:ff:ff:ff IPV6; inet6 x:x:x:x:1c00:dff:fe00:1ec/64 scope global mngtmpaddr dynamic valid_lft 2591848sec preferred_lft 604648sec inet6 fe80::1c00:dff:fe00:1ec/64 scope link It seems last 6 digit same, others is different. On Sat, May 1, 2021 at 3:03 PM Wido den Hollander wrote: > > > On 5/1/21 8:48 AM, Hean Seng wrote: > > Hi Wido > > > > The issue solved . Need to configure ra in router vlan. Previously we > > set "ipv6 nd ra suppress" , for other systems to work, after change to > > Cloudstack, it need to remove this and make it have announcement of IPv6 > to > > VM. > > > > Yes. The Routers need to send IPv6 Router Advertisements in order to > have the VM configure itself and know where to send traffic to. > > > By the way, This way of configuring IPv6, if IPv6 need to change, how > can > > we replace this IPv6 ? > > > > I don't understand this question. Do you mean how to change the IPv6 > address of a VM? > > If so, that's not possible. You can add secondary IPs, but the primary > IP is based on the MAC of the VM. > > Wido > > > > > > > > > > > > > > > > > > > > > On Sat, May 1, 2021 at 2:37 PM Wido den Hollander > wrote: > > > >> Can you check with tcpdump on the host and sniff the vnetX device of the > >> VM to see if you ICMPv6 packages reach the VM? > >> > >> Security Grouping with IPv6 works with KVM, so it has to be a > >> configuration issue somewhere. > >> > >> Wido > >> > >> On 4/30/21 8:59 PM, Hean Seng wrote: > >>> Hi > >>> > >>> I am using 4.15 , hypervisor is ubuntu 18 , KVM , yes, I am on advance > >> with > >>> SG > >>> > >>> I set the Security Group: > >>> > >>> ICMP > >>> -1 -1 ::/0 > >>> > >>> But seems still cannot ping the VM. > >>> > >>> Or even add in rules for ALL > >>> > >>> All . All ::/0 > >>> > >>> > >>> Seems not able to PING. > >>> > >>> > >>> After configure , this is the rules in ip6tables > >>> > >>> > >>> Chain i-2-10-VM (1 references) > >>> target prot opt source destination > >>> ACCEPT ipv6-icmpanywhere anywhere > >>> ACCEPT all anywhere anywhere state NEW > >>> DROP all anywhere anywhere > >>> > >>> > >>> > >>> > >>> Chain i-2-10-VM-eg (1 references) > >>> > >>> target prot opt source destination > >>> > >>> RETURN all anywhere anywhere > >>> > >>> > >>> Chain i-2-10-def (2 references) > >>> > >>> target prot opt source destination > >>> > >>> ACCEPT all anywhere anywhere state > >>> RELATED,ESTABLISHED > >>> > >>> ACCEPT ipv6-icmpfe80::/64ip6-allnodes > PHYSDEV > >>> match --physdev-out vnet3 --physdev-is-bridged ipv6-icmp > >>> router-advertisement HL match HL == 255 > >>> > >>> RETURN ipv6-icmpanywhere ip6-allrouters > PHYSDEV > >>> match --physdev-in vnet3 --physdev-is-bridged ipv6-icmp > >> router-solicitation > >>> HL match HL == 255 > >>> > >>> DROP ipv6-icmpanywhere anywhere > PHYSDEV > >>> match --physdev-in vnet3 --physdev-is-bridged ipv6-icmp > >> router-advertisement > >>> > >>> RETURN ipv6-icmpanywhere anywhere > PHYSDEV > >>> match --physdev-in vnet3 --physdev-is-bridged ipv6-icmp > >>> neighbour-solicitation HL match HL == 255 > >>> > >>> ACCEPT ipv6-icmpanywhere anywhere > PHYSDEV > >>> match --physdev-out vnet3 --physdev-is-bridged ipv6-icmp > >>> neighbour-solicitation HL match HL == 255 > >>> > >>> RETURN ipv6-icmpanywhere anywhere > PHYSDEV > >>> match --physdev-in vnet3 --physdev-is-bridged ipv6-icmp
Re: IPv6 Issue in Cloudstack
Hi Wido The issue solved . Need to configure ra in router vlan. Previously we set "ipv6 nd ra suppress" , for other systems to work, after change to Cloudstack, it need to remove this and make it have announcement of IPv6 to VM. By the way, This way of configuring IPv6, if IPv6 need to change, how can we replace this IPv6 ? On Sat, May 1, 2021 at 2:37 PM Wido den Hollander wrote: > Can you check with tcpdump on the host and sniff the vnetX device of the > VM to see if you ICMPv6 packages reach the VM? > > Security Grouping with IPv6 works with KVM, so it has to be a > configuration issue somewhere. > > Wido > > On 4/30/21 8:59 PM, Hean Seng wrote: > > Hi > > > > I am using 4.15 , hypervisor is ubuntu 18 , KVM , yes, I am on advance > with > > SG > > > > I set the Security Group: > > > > ICMP > > -1 -1 ::/0 > > > > But seems still cannot ping the VM. > > > > Or even add in rules for ALL > > > > All . All ::/0 > > > > > > Seems not able to PING. > > > > > > After configure , this is the rules in ip6tables > > > > > > Chain i-2-10-VM (1 references) > > target prot opt source destination > > ACCEPT ipv6-icmpanywhere anywhere > > ACCEPT all anywhere anywhere state NEW > > DROP all anywhere anywhere > > > > > > > > > > Chain i-2-10-VM-eg (1 references) > > > > target prot opt source destination > > > > RETURN all anywhere anywhere > > > > > > Chain i-2-10-def (2 references) > > > > target prot opt source destination > > > > ACCEPT all anywhere anywhere state > > RELATED,ESTABLISHED > > > > ACCEPT ipv6-icmpfe80::/64ip6-allnodes PHYSDEV > > match --physdev-out vnet3 --physdev-is-bridged ipv6-icmp > > router-advertisement HL match HL == 255 > > > > RETURN ipv6-icmpanywhere ip6-allrouters PHYSDEV > > match --physdev-in vnet3 --physdev-is-bridged ipv6-icmp > router-solicitation > > HL match HL == 255 > > > > DROP ipv6-icmpanywhere anywhere PHYSDEV > > match --physdev-in vnet3 --physdev-is-bridged ipv6-icmp > router-advertisement > > > > RETURN ipv6-icmpanywhere anywhere PHYSDEV > > match --physdev-in vnet3 --physdev-is-bridged ipv6-icmp > > neighbour-solicitation HL match HL == 255 > > > > ACCEPT ipv6-icmpanywhere anywhere PHYSDEV > > match --physdev-out vnet3 --physdev-is-bridged ipv6-icmp > > neighbour-solicitation HL match HL == 255 > > > > RETURN ipv6-icmpanywhere anywhere PHYSDEV > > match --physdev-in vnet3 --physdev-is-bridged ipv6-icmp > > neighbour-advertisement match-set i-2-10-VM-6 src HL match HL == 255 > > > > ACCEPT ipv6-icmpanywhere anywhere PHYSDEV > > match --physdev-out vnet3 --physdev-is-bridged ipv6-icmp > > neighbour-advertisement HL match HL == 255 > > > > RETURN ipv6-icmpanywhere anywhere PHYSDEV > > match --physdev-in vnet3 --physdev-is-bridged ipv6-icmp packet-too-big > > match-set i-2-10-VM-6 src > > > > ACCEPT ipv6-icmpanywhere anywhere PHYSDEV > > match --physdev-out vnet3 --physdev-is-bridged ipv6-icmp packet-too-big > > > > RETURN ipv6-icmpanywhere anywhere PHYSDEV > > match --physdev-in vnet3 --physdev-is-bridged ipv6-icmp > > destination-unreachable match-set i-2-10-VM-6 src > > > > ACCEPT ipv6-icmpanywhere anywhere PHYSDEV > > match --physdev-out vnet3 --physdev-is-bridged ipv6-icmp > > destination-unreachable > > > > RETURN ipv6-icmpanywhere anywhere PHYSDEV > > match --physdev-in vnet3 --physdev-is-bridged ipv6-icmp time-exceeded > > match-set i-2-10-VM-6 src > > > > ACCEPT ipv6-icmpanywhere anywhere PHYSDEV > > match --physdev-out vnet3 --physdev-is-bridged ipv6-icmp time-exceeded > > > > RETURN ipv6-icmpanywhere anywhere PHYSDEV > > match --physdev-in vnet3 --physdev-is-bridged ipv6-icmp parameter-problem > > match-set i-2-10-VM-6 src > > > > ACCEPT ipv6-icmpanywhere anyw
Re: IPv6 Issue in Cloudstack
> SG is that the CIDR list is an IPv6 CIDR (e.g. cidrlist="::/0", instead of > cidrlist="0.0.0.0/0"). > > From what you mentioned it is probably missing SG Ingress rules for IPv6 > and, by default, it is dropping all the IPv6 packages. > > Regards, > Gabriel. > > Em sex., 30 de abr. de 2021 às 12:17, Hean Seng > escreveu: > > > We using share network, on Security Group, KVM . > > > > On Fri, Apr 30, 2021 at 6:28 PM Alex Mattioli < > alex.matti...@shapeblue.com > > > > > wrote: > > > > > Hi Hean, > > > > > > What type of network and hypervisor are you using? Also, which version > of > > > ACS? > > > > > > Regards, > > > Alex > > > > > > > > > > > > > > > > > > -Original Message- > > > From: Hean Seng > > > Sent: 30 April 2021 08:34 > > > To: users@cloudstack.apache.org > > > Subject: IPv6 Issue in Cloudstack > > > > > > Hi > > > > > > I setup the IPv6 in VM. Outbound form VM is no issue, can ping all the > > > Ipv6 ip outside . > > > > > > But Inboud th IPv6 IP in VM seems all not accessible . > > > > > > And seem there no Security Group to manange the IPv6 rules . The SG is > > > only for IPv4. > > > > > > and I saw ipv6tables -L , there is a lot of rules there . Not sure is > > > preconfigured by Cloudstack or Default Linux. And I guess that is > > blocking > > > access > > > > > > Anybody have experience on enabling IPv6 in Cloudstack VM and the > > > Ipv6table rules there ? > > > > > > > > > -- > > > Regards, > > > Hean Seng > > > > > > > > > -- > > Regards, > > Hean Seng > > > -- Regards, Hean Seng
Re: IPv6 Issue in Cloudstack
We using share network, on Security Group, KVM . On Fri, Apr 30, 2021 at 6:28 PM Alex Mattioli wrote: > Hi Hean, > > What type of network and hypervisor are you using? Also, which version of > ACS? > > Regards, > Alex > > > > > > -Original Message- > From: Hean Seng > Sent: 30 April 2021 08:34 > To: users@cloudstack.apache.org > Subject: IPv6 Issue in Cloudstack > > Hi > > I setup the IPv6 in VM. Outbound form VM is no issue, can ping all the > Ipv6 ip outside . > > But Inboud th IPv6 IP in VM seems all not accessible . > > And seem there no Security Group to manange the IPv6 rules . The SG is > only for IPv4. > > and I saw ipv6tables -L , there is a lot of rules there . Not sure is > preconfigured by Cloudstack or Default Linux. And I guess that is blocking > access > > Anybody have experience on enabling IPv6 in Cloudstack VM and the > Ipv6table rules there ? > > > -- > Regards, > Hean Seng > -- Regards, Hean Seng
IPv6 Issue in Cloudstack
Hi I setup the IPv6 in VM. Outbound form VM is no issue, can ping all the Ipv6 ip outside . But Inboud th IPv6 IP in VM seems all not accessible . And seem there no Security Group to manange the IPv6 rules . The SG is only for IPv4. and I saw ipv6tables -L , there is a lot of rules there . Not sure is preconfigured by Cloudstack or Default Linux. And I guess that is blocking access Anybody have experience on enabling IPv6 in Cloudstack VM and the Ipv6table rules there ? -- Regards, Hean Seng
Re: S3 API in Cloudstack
Where can I download the plug in ? or this is paid plugin? On Thu, Apr 22, 2021 at 10:56 AM X Guest wrote: > You need the s3 plugin. > http://docs.cloudstack.apache.org/en/latest/developersguide/plugins.html > > regards. > > On Thu, Apr 22, 2021, at 9:05 AM, Hean Seng wrote: > > Hi > > > > I am exploring / testing S3 API in Cloudstack. In documentation, it > seems > > mentioned have this features. > > > > However, not able to get it up and running. Anybody have clue for get > this > > up. ? or some documentation for read and try it out > > > > Thank you > > > > -- > > Regards, > > Hean Seng > > > > -- > https://xguest.net/ > -- Regards, Hean Seng
S3 API in Cloudstack
Hi I am exploring / testing S3 API in Cloudstack. In documentation, it seems mentioned have this features. However, not able to get it up and running. Anybody have clue for get this up. ? or some documentation for read and try it out Thank you -- Regards, Hean Seng
Re: Multiple Guest Subnets Default Network
ght. You have two /28s with Public IPs > and want your VM to have one IP from each? > > > > > > Cheers > > > > > > Alex > > > > > > alex.matti...@shapeblue.com > > > > > > www.shapeblue.com > > > > > > 3 London Bridge Street, 3rd floor, News Building, London SE1 > 9SGUK > > > > > > @shapeblue -Original Message- > > > > > > From: anonymousjones666 anonymousjones...@protonmail.com.INVALID > > > > > > Sent: 15 April 2021 12:00 > > > > > > To: users@cloudstack.apache.org > > > > > > Subject: Multiple Guest Subnets Default Network Hello Is it > > > > > > possible to add multiple guest subnets to one guest network with > CS 4.15 ? > > > > > > As an example we have a /28 subnet ( public ) and can deploy > instances from this however, we can add another subnet to the > defaultGuestNetwork ( using the legacy dashbaord ) but when deploying an > instance we can only add an IP address from the initial /28 subnet and not > the other we added. > > > > > > Are there any options to add multiple public subnets to one > single guest network ? > > > > > > Thank You > > > -- Regards, Hean Seng
Re: Creating Default Firewall Rules
I had ask this before , but seems not possible yet now. On Fri, Apr 16, 2021 at 11:43 PM Wido den Hollander wrote: > > > On 15/04/2021 19:17, Alex Mattioli wrote: > > As far as I know not, but sounds like a very interesting future feature > to me. > > > Indeed, not possible, but it's very interesting. You probably want to > handle this on Domain/Account level or somewhere along those lines. > > Wido > > > > > Alex > > > > alex.matti...@shapeblue.com > > www.shapeblue.com > > 3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK > > @shapeblue > > > > > > > > > > -Original Message- > > From: anonymousjones666 > > Sent: 15 April 2021 17:09 > > To: users@cloudstack.apache.org > > Subject: Creating Default Firewall Rules > > > > Is it possible to create a default firewall rule in all created CS > firewalls. > > > > Example: > > > > If we wanted to block port 25 for all customers by default then > allow/remove the rule for each customer when we permit ? > > > > Sent with [ProtonMail](https://protonmail.com) Secure Email. > > > -- Regards, Hean Seng
Re: Multiple Guest Subnets Default Network
At this moment, What I am doing is crate One Subnet one Netowrk . On Thu, Apr 15, 2021 at 6:59 PM anonymousjones666 wrote: > Yes you are right. We are using the legacy interface to add but when > trying to use the subnet we can only use the subnet that was added during > the network setup. See screenshot. > > > Sent with ProtonMail Secure Email. > > ‐‐‐ Original Message ‐‐‐ > On Thursday, April 15, 2021 11:58 AM, anonymousjones666 > wrote: > > > Hi Alex. > > > > To clarify:- > > > > Right now we have a single /28 assigned to the DefaultGuestNetwork which > we can assign to instances. > > > > What we want is to add another public subnet ( different to our initial > /28 ) and also use this subnet in the DefaultGuestNetwork so we have > multiple IP subnets to assign to any instance deployed using this network. > > > > To answer your question - we dont want to assign 2 IPs to instances > rather assign a single IP to any instance from multiple public subnets. > From what I see now we can only use the subnet ( /28 ) that was initially > added when setting up the guestnetwork. > > > > I have attached a screenshot of what we did but the second IP range > cannot be used when deploying an instance > > > > ‐‐‐ Original Message ‐‐‐ > > On Thursday, April 15, 2021 11:58 AM, anonymousjones666 > anonymousjones...@protonmail.com wrote: > > > > > Hi Alex. > > > To clarify:- > > > Right now we have a single /28 assigned to the DefaultGuestNetwork > which we can assign to instances. > > > What we want is to add another public subnet ( different to our > initial /28 ) and also use this subnet in the DefaultGuestNetwork so we > have multiple IP subnets to assign to any instance deployed using this > network. > > > To answer your question - we dont want to assign 2 IPs to instances > rather assign a single IP to any instance from multiple public subnets. > From what I see now we can only use the subnet ( /28 ) that was initially > added when setting up the guestnetwork. > > > I have attached a screenshot of what we did but the second IP range > cannot be used when deploying an instance > > > Sent with ProtonMail Secure Email. > > > ‐‐‐ Original Message ‐‐‐ > > > On Thursday, April 15, 2021 11:09 AM, Alex Mattioli > alex.matti...@shapeblue.com wrote: > > > > > > > Hi Mr 666. > > > > Let me see if I got it right. You have two /28s with Public IPs and > want your VM to have one IP from each? > > > > Cheers > > > > Alex > > > > alex.matti...@shapeblue.com > > > > www.shapeblue.com > > > > 3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK > > > > @shapeblue > > > > -Original Message- > > > > From: anonymousjones666 anonymousjones...@protonmail.com.INVALID > > > > Sent: 15 April 2021 12:00 > > > > To: users@cloudstack.apache.org > > > > Subject: Multiple Guest Subnets Default Network > > > > Hello > > > > Is it possible to add multiple guest subnets to one guest network > with CS 4.15 ? > > > > As an example we have a /28 subnet ( public ) and can deploy > instances from this however, we can add another subnet to the > defaultGuestNetwork ( using the legacy dashbaord ) but when deploying an > instance we can only add an IP address from the initial /28 subnet and not > the other we added. > > > > Are there any options to add multiple public subnets to one single > guest network ? > > > > Thank You > > -- Regards, Hean Seng
Re: Multiple Guest Subnets Default Network
He should be means Multiple Subnet into one network. At this new interface, it seems cannot (Share network) , but you can use the Legacy interface to do so. Or you can create multiple ShareNetwork with one Subnet each network. However IPv6 is an issue here. On Thu, Apr 15, 2021 at 6:10 PM Alex Mattioli wrote: > Hi Mr 666. > > Let me see if I got it right. You have two /28s with Public IPs and want > your VM to have one IP from each? > > Cheers > Alex > > alex.matti...@shapeblue.com > www.shapeblue.com > 3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK > @shapeblue > > > > > -Original Message- > From: anonymousjones666 > Sent: 15 April 2021 12:00 > To: users@cloudstack.apache.org > Subject: Multiple Guest Subnets Default Network > > Hello > > Is it possible to add multiple guest subnets to one guest network with CS > 4.15 ? > > As an example we have a /28 subnet ( public ) and can deploy instances > from this however, we can add another subnet to the defaultGuestNetwork ( > using the legacy dashbaord ) but when deploying an instance we can only add > an IP address from the initial /28 subnet and not the other we added. > > Are there any options to add multiple public subnets to one single guest > network ? > > Thank You > -- Regards, Hean Seng
Re: Request failed with status code 530
OK. i try to simulate again see if get it back On Thu, Apr 15, 2021 at 12:09 AM Nicolas Vazquez < nicolas.vazq...@shapeblue.com> wrote: > Ok, that looks like an issue. Can you please report it if not existing > already on: https://github.com/apache/cloudstack/issues with the steps > you have done to reproduce it? > > > Regards, > > Nicolas Vazquez > > ____ > From: Hean Seng > Sent: Wednesday, April 14, 2021 11:49 AM > To: users@cloudstack.apache.org > Subject: Re: Request failed with status code 530 > > Hi > > I think this is really a bug, each host suppose have one local storage > only, but it return two, after digging to storage_pool , it become NULL in > uuid , after i remove this record, then listHosts accessible now. > > select * from storage_pool_host_ref where host_id=17; > > > ++-+-+-+--+---+ > > | id | host_id | pool_id | created | last_updated | local_path > | > > > ++-+-+-+--+---+ > > | 27 | 17 | 3 | 2021-04-12 18:45:27 | NULL | > /mnt/1f45642b-f8f3-349f-8e46-8f3eb983da23 | > > | 28 | 17 | 14 | 2021-04-12 18:45:27 | NULL | > /var/lib/libvirt/images | > > | 29 | 17 | 15 | 2021-04-12 18:51:50 | NULL | > /var/lib/libvirt/images | > > > ++-+-+-+--+---+ > > > > mysql> select id, uuid, name, status from storage_pool where id=14; > > ++--+-+-+ > > | id | uuid | name| status | > > ++--+-+-+ > > | 14 | NULL | lax-06 | Maintenance | > > ++--+-+-+ > > 1 row in set (0.00 sec) > > > mysql> select id, uuid, name, status from storage_pool where id=15; > > > ++--+-+-+ > > | id | uuid | name > | status | > > > ++--+-+-+ > > | 15 | 30717adf-46ba-43fe-bac9-038ef6039fda | lax-06 > | Maintenance | > > > ++--+-+-+ > > 1 row in set (0.00 sec) > > > > > > > On Wed, Apr 14, 2021 at 10:17 PM Nicolas Vazquez < > nicolas.vazq...@shapeblue.com> wrote: > > > Thanks, > > > > Have you deleted any storage pool accesible to the host? Please check if > > there are not missing references on the table 'storage_pool_host_ref' for > > host_id = 17. It could also be the case that a record on that table is > > pointing to a removed storage pool > > > > Can you try putting the host into maintenance first before deleting it? > > > > > > Regards, > > > > Nicolas Vazquez > > > > > > From: Hean Seng > > Sent: Wednesday, April 14, 2021 10:30 AM > > To: users@cloudstack.apache.org > > Subject: Re: Request failed with status code 530 > > > > Hi Nicolas, > > > > Thanks for reply , following is error : > > >>> # # cmk listHosts id=17 > > > > 2021-04-14 13:26:47,391 DEBUG [c.c.a.ApiServer] > > (qtp1644231115-2156:ctx-47a63ef7 ctx-6c8f0fae) (logid:f5043840) CIDRs > from > > which account 'Acct[b10cca30-6fb6-11eb-b8cc-ce70b13735fa-admin]' is > allowed > > to perform API calls: 0.0.0.0/0,::/0 > > > > 2021-04-14 13:26:47,396 DEBUG [c.c.a.q.QueryManagerImpl] > > (qtp1644231115-2156:ctx-47a63ef7 ctx-6c8f0fae) (logid:f5043840) > > >>>Searching for hosts>>> > > > > 2021-04-14 13:26:47,402 DEBUG [c.c.a.q.QueryManagerImpl] > > (qtp1644231115-2156:ctx-47a63ef7 ctx-6c8f0fae) (logid:f5043840) > > >>>Generating Response>>> > > > > 2021-04-14 13:26:47,408 ERROR [c.c.a.ApiServer] > > (qtp1644231115-2156:ctx-47a63ef7 ctx-6c8f0fae) (logid:f5043840) unhandled > > exception executing api command: [Ljava.lang.String;@34315235 > > > > java.lang.NullPointerException > > > > at > > > > > com.cloud.storage.StorageManagerImpl.isLocalStorageActiveOnHost(StorageManagerImpl.java:4
Re: Request failed with status code 530
Hi I think this is really a bug, each host suppose have one local storage only, but it return two, after digging to storage_pool , it become NULL in uuid , after i remove this record, then listHosts accessible now. select * from storage_pool_host_ref where host_id=17; ++-+-+-+--+---+ | id | host_id | pool_id | created | last_updated | local_path | ++-+-+-+--+---+ | 27 | 17 | 3 | 2021-04-12 18:45:27 | NULL | /mnt/1f45642b-f8f3-349f-8e46-8f3eb983da23 | | 28 | 17 | 14 | 2021-04-12 18:45:27 | NULL | /var/lib/libvirt/images | | 29 | 17 | 15 | 2021-04-12 18:51:50 | NULL | /var/lib/libvirt/images | ++-+-+-+--+---+ mysql> select id, uuid, name, status from storage_pool where id=14; ++--+-+-+ | id | uuid | name| status | ++--+-+-+ | 14 | NULL | lax-06 | Maintenance | ++--+-+-+ 1 row in set (0.00 sec) mysql> select id, uuid, name, status from storage_pool where id=15; ++--+-+-+ | id | uuid | name | status | ++--+-+-+ | 15 | 30717adf-46ba-43fe-bac9-038ef6039fda | lax-06 | Maintenance | ++--+-+-+ 1 row in set (0.00 sec) On Wed, Apr 14, 2021 at 10:17 PM Nicolas Vazquez < nicolas.vazq...@shapeblue.com> wrote: > Thanks, > > Have you deleted any storage pool accesible to the host? Please check if > there are not missing references on the table 'storage_pool_host_ref' for > host_id = 17. It could also be the case that a record on that table is > pointing to a removed storage pool > > Can you try putting the host into maintenance first before deleting it? > > > Regards, > > Nicolas Vazquez > > > From: Hean Seng > Sent: Wednesday, April 14, 2021 10:30 AM > To: users@cloudstack.apache.org > Subject: Re: Request failed with status code 530 > > Hi Nicolas, > > Thanks for reply , following is error : > >>> # # cmk listHosts id=17 > > 2021-04-14 13:26:47,391 DEBUG [c.c.a.ApiServer] > (qtp1644231115-2156:ctx-47a63ef7 ctx-6c8f0fae) (logid:f5043840) CIDRs from > which account 'Acct[b10cca30-6fb6-11eb-b8cc-ce70b13735fa-admin]' is allowed > to perform API calls: 0.0.0.0/0,::/0 > > 2021-04-14 13:26:47,396 DEBUG [c.c.a.q.QueryManagerImpl] > (qtp1644231115-2156:ctx-47a63ef7 ctx-6c8f0fae) (logid:f5043840) > >>>Searching for hosts>>> > > 2021-04-14 13:26:47,402 DEBUG [c.c.a.q.QueryManagerImpl] > (qtp1644231115-2156:ctx-47a63ef7 ctx-6c8f0fae) (logid:f5043840) > >>>Generating Response>>> > > 2021-04-14 13:26:47,408 ERROR [c.c.a.ApiServer] > (qtp1644231115-2156:ctx-47a63ef7 ctx-6c8f0fae) (logid:f5043840) unhandled > exception executing api command: [Ljava.lang.String;@34315235 > > java.lang.NullPointerException > > at > > com.cloud.storage.StorageManagerImpl.isLocalStorageActiveOnHost(StorageManagerImpl.java:404) > > at jdk.internal.reflect.GeneratedMethodAccessor372.invoke(Unknown Source) > > at > > java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > > at java.base/java.lang.reflect.Method.invoke(Method.java:566) > > at > > org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344) > > at > > org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198) > > at > > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) > > at > > org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:95) > > at > > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) > > at > > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212) > > at com.sun.proxy.$Proxy96.isLocalStorageActiveOnHost(Unknown Source) > > at com.cloud.api.ApiDBUtils.isLocalStorageActiveOnHost(
Re: Request failed with status code 530
ts and the > deleteHost API calls? > > > Regards, > > Nicolas Vazquez > > > From: Hean Seng > Sent: Tuesday, April 13, 2021 4:47 PM > To: users@cloudstack.apache.org > Subject: Request failed with status code 530 > > Hi > > I added a host to a wrong cluster, deleted it and re-add to the correct > cluster . After that found that duplicate host inside the cluster , and > after delete it the duplicated record, it come with error > "Request failed with status code 530" > > MYSQL record ; > > 16 | lax-06 | Removed | Disabled | NULL > > 17 | lax-06 | Up | Enabled| 2130706689 > > > Duplicated Host deleted is id=16 , but now the error happens is 17. > > In API : > > cmk listHosts id=17 > > Error: (HTTP 530, error code ) > > for 16 , is return empty record. > > API log show" > > 2021-04-13 19:41:41,395 INFO [a.c.c.a.ApiServer] > (qtp1644231115-1244:ctx-eba7bffd ctx-95331a28) (logid:1e346c12) (userId=2 > accountId=2 sessionId=node01qfrx0iypf3ts1q1kf43fexp7u174) 127.0.0.1 -- GET > > command=listHosts=17=json=X3J4ui0AxuwP2zbYqrTrZxHzYLg > 530 null > > I tried to forced delete host 17. but seems error also; > > cmk deletehost id=17 forced=true > > Error: (HTTP 530, error code ) > > > Any one help to give me idea of what's going on, and how to solve > this problem > > > > > -- > Regards, > Hean Seng > > nicolas.vazq...@shapeblue.com > www.shapeblue.com > 3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK > @shapeblue > > > > -- Regards, Hean Seng
Request failed with status code 530
Hi I added a host to a wrong cluster, deleted it and re-add to the correct cluster . After that found that duplicate host inside the cluster , and after delete it the duplicated record, it come with error "Request failed with status code 530" MYSQL record ; 16 | lax-06 | Removed | Disabled | NULL 17 | lax-06 | Up | Enabled| 2130706689 Duplicated Host deleted is id=16 , but now the error happens is 17. In API : cmk listHosts id=17 Error: (HTTP 530, error code ) for 16 , is return empty record. API log show" 2021-04-13 19:41:41,395 INFO [a.c.c.a.ApiServer] (qtp1644231115-1244:ctx-eba7bffd ctx-95331a28) (logid:1e346c12) (userId=2 accountId=2 sessionId=node01qfrx0iypf3ts1q1kf43fexp7u174) 127.0.0.1 -- GET command=listHosts=17=json=X3J4ui0AxuwP2zbYqrTrZxHzYLg 530 null I tried to forced delete host 17. but seems error also; cmk deletehost id=17 forced=true Error: (HTTP 530, error code ) Any one help to give me idea of what's going on, and how to solve this problem -- Regards, Hean Seng
Re: Strange Behaviour of Usage Job
Hi Thanks for the reply, Some record is well calculated, but many of them is not. I try to compare records for those populated vs non populated, but some not much significant difference . I not sure what suppose to be a healthy even vs non-heathy event. The always issue happen is Network Usage, other of usage record no issue, likeVm power on time etc. is well populated.ontime. On Tue, Apr 13, 2021 at 6:57 PM Daan Hoogland wrote: > Hean, > > if you purge usage_job you'll need to stop/start the usage server. > usage_event are repopulated from the cloud-database, don't purger them > there and the cloud_usage.cloud_event table will get repopulated. > usage_network is an intermediary table, you can truncate it and it will be > filled again. It does not contain a final result however. > > On Thu, Mar 18, 2021 at 11:31 AM Hean Seng wrote: > > > Hi Abhishek, > > > > The timezone is correct , now is on GMT . > > > > Can I know if this table, usage_job, usage_events , and usage_network > > table are able to manual purge it ? > > > > I am thinking to puge it and let he repopulate again see > > > > > > > > > > > > > > On Thu, Mar 18, 2021 at 6:24 PM Abhishek Kumar < > > abhishek.ku...@shapeblue.com> > > wrote: > > > > > Hi, > > > > > > You may check usage aggregation and execution timezone values (global > > > configs - usage.aggregation.timezone, usage.execution.timezone). > > > Go through this blog if it helps > > > https://www.shapeblue.com/cloudstack-usage-service-deep-dive/ > > > [https://www.shapeblue.com/wp-content/uploads/2013/05/blog1.png]< > > > https://www.shapeblue.com/cloudstack-usage-service-deep-dive/> > > > CloudStack Usage Service | CloudStack Feature Deep Dive - The > CloudStack > > > Company<https://www.shapeblue.com/cloudstack-usage-service-deep-dive/> > > > Introduction CloudStack usage is a complimentary service which tracks > end > > > user consumption of CloudStack resources and summarises this in a > > separate > > > database for reporting or billing. The usage database can be queried > > > directly, through the CloudStack API, or it can be integrated into > > external > > > billing or reporting systems. For background information on the usage > > > service […] > > > www.shapeblue.com > > > Regards, > > > Abhishek > > > > > > From: Hean Seng > > > Sent: 16 March 2021 12:38 > > > To: users@cloudstack.apache.org > > > Subject: Strange Behaviour of Usage Job > > > > > > Hi > > > > > > I am facing strange behaviour of Usage Job , > > > > > > table usage_job > > > > > > id : 8998 > > > > > > Host: > > > > > > pid : 964941 > > > > > > job_type : 1 > > > > > > scheduled: 0 > > > > > > start_millis : 161587080 > > > > > > end_millis: 161587079 > > > > > > exec_time 2 > > > > > > start_date 2021-03-16 05:00:00 > > > > > > end_date: 2021-03-16 04:59:59 > > > > > > success: 0 > > > > > > heartbeat: 2021-03-16 05:02:57 > > > > > > And this job record fail due to end_date before start date . > > > > > > Anybody caa help me on what issue, there is many of this fail job > over > > > the db record of usage_job table . > > > > > > -- > > > Regards, > > > Hean Seng > > > > > > abhishek.ku...@shapeblue.com > > > www.shapeblue.com > > > 3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK > > > @shapeblue > > > > > > > > > > > > > > > > -- > > Regards, > > Hean Seng > > > > > -- > Daan > -- Regards, Hean Seng
Re: Hostbill struggles
You need the hostname , or can choose the generated hostname On Wed, Mar 31, 2021 at 8:51 PM wrote: > Hi Lucian, > > I see that you're using cloudstack2, just "cloudstack and select > "CloudHosting" from "provisioning type, in case you want to provision > accounts "flexible accounts" where a customer can use the resources to > build custom VMs. If not, you can go with Single VPS, where the resources > are specified for each package. > > Regarding hostname, you must pay attention to order page and order type > template, for compatibility with cloudstack version module. See the img : > https://imgur.com/daCKTYC > > > Regards, > Cristian > > > -Original Message- > From: n...@li.nux.ro > Sent: Tuesday, March 30, 2021 5:49 PM > To: d...@cloudstack.apache.org > Cc: users@cloudstack.apache.org > Subject: Hostbill struggles > > Hi, > > In the hope I am not the only poor soul trying to use Hostbill with > Cloudstack, has anyone managed to get it working? Need some help. > > I have successfully created products linked to Cloudstack2 module, tried > my best at configuring it, however several hours later I am yet to produce > an actual VM launch. > > The first issue is on the "new server" page, as a client, I get a "Please > select VM size" that seems to be unrelated to any field that is displayed > (the product IS linked to a valid service offering!). > > Another random issue is when ordering the product it requires completing a > "hostname", any random string seem to do it, but I do wonder what the heck > is this fields purpose as it just seems to get in the way more than > anything. > > Relevant screenshots: https://imgur.com/a/f3KsAWf > > Any thoughts? > > Regards, > Lucian > > -- Regards, Hean Seng
Re: Strange Behaviour of Usage Job
Hi Abhishek, The timezone is correct , now is on GMT . Can I know if this table, usage_job, usage_events , and usage_network table are able to manual purge it ? I am thinking to puge it and let he repopulate again see On Thu, Mar 18, 2021 at 6:24 PM Abhishek Kumar wrote: > Hi, > > You may check usage aggregation and execution timezone values (global > configs - usage.aggregation.timezone, usage.execution.timezone). > Go through this blog if it helps > https://www.shapeblue.com/cloudstack-usage-service-deep-dive/ > [https://www.shapeblue.com/wp-content/uploads/2013/05/blog1.png]< > https://www.shapeblue.com/cloudstack-usage-service-deep-dive/> > CloudStack Usage Service | CloudStack Feature Deep Dive - The CloudStack > Company<https://www.shapeblue.com/cloudstack-usage-service-deep-dive/> > Introduction CloudStack usage is a complimentary service which tracks end > user consumption of CloudStack resources and summarises this in a separate > database for reporting or billing. The usage database can be queried > directly, through the CloudStack API, or it can be integrated into external > billing or reporting systems. For background information on the usage > service […] > www.shapeblue.com > Regards, > Abhishek > > From: Hean Seng > Sent: 16 March 2021 12:38 > To: users@cloudstack.apache.org > Subject: Strange Behaviour of Usage Job > > Hi > > I am facing strange behaviour of Usage Job , > > table usage_job > > id : 8998 > > Host: > > pid : 964941 > > job_type : 1 > > scheduled: 0 > > start_millis : 161587080 > > end_millis: 161587079 > > exec_time 2 > > start_date 2021-03-16 05:00:00 > > end_date: 2021-03-16 04:59:59 > > success: 0 > > heartbeat: 2021-03-16 05:02:57 > > And this job record fail due to end_date before start date . > > Anybody caa help me on what issue, there is many of this fail job over > the db record of usage_job table . > > -- > Regards, > Hean Seng > > abhishek.ku...@shapeblue.com > www.shapeblue.com > 3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK > @shapeblue > > > > -- Regards, Hean Seng
Re: Low VM IOPS via Shared Mountpoint
To achieve Good I/O, you may need a more decent Raid Card, and Fast Disk (for example, SSD or NVME) . To do on ISCSI, you need to have very good and dedicated Network Throughput as well. On Thu, Mar 18, 2021 at 2:34 AM Wido den Hollander wrote: > Hi, > > Are you using direct I/O on the KVM host? > > And inside KVM, virtio-scsi or virtio-blk? > > QCOW2 Thin, Sparse or Fat images? > > Wido > > On 17/03/2021 15:57, Дикевич Евгений Александрович wrote: > > Hello. > > I'm testing CloudStack with KVM and Shared Mountpoint. > > I have 2 identical nodes (Oracle Linux 7.9 with UEK6) with iSCSI Luns > and OCFS2 on them. When I tested IOPS in VM by FIO I had about 2000 read > IOPS but when I used same test on KVM host I got about 30K. There were no > other VMs except the test one. > > MB someone can help me. > > Внимание! > > Это электронное письмо и все прикрепленные к нему файлы являются > конфиденциальными и предназначены исключительно для использования лицом > (лицами), которому (которым) оно предназначено. Если Вы не являетесь лицом > (лицами), которому (которым) предназначено это письмо, не копируйте и не > разглашайте его содержимое и удалите это сообщение и все вложения из Вашей > почтовой системы. Любое несанкционированное использование, распространение, > раскрытие, печать или копирование этого электронного письма и прикрепленных > к нему файлов, кроме как лицом (лицами) которому (которым) они > предназначены, является незаконным и запрещено. Принимая во внимание, что > передача данных посредством Интернет не является безопасной, мы не несем > никакой ответственности за любой потенциальный ущерб, причиненный в > результате ошибок при передаче данных или этим сообщением и прикрепленными > к нему файлами. > > > > Attention! > > This email and all attachments to it are confidential and are intended > solely for use by the person (or persons) referred to (mentioned) as the > intended recipient (recipients). If you are not the intended recipient of > this email, do not copy or disclose its contents and delete the message and > any attachments to it from your e-mail system. Any unauthorized use, > dissemination, disclosure, printing or copying of this e-mail and files > attached to it, except by the intended recipient, is illegal and is > prohibited. Taking into account that data transmission via Internet is not > secure, we assume no responsibility for any potential damage caused by data > transmission errors or this message and the files attached to it. > > > -- Regards, Hean Seng
Strange Behaviour of Usage Job
Hi I am facing strange behaviour of Usage Job , table usage_job id : 8998 Host: pid : 964941 job_type : 1 scheduled: 0 start_millis : 161587080 end_millis: 161587079 exec_time 2 start_date 2021-03-16 05:00:00 end_date: 2021-03-16 04:59:59 success: 0 heartbeat: 2021-03-16 05:02:57 And this job record fail due to end_date before start date . Anybody caa help me on what issue, there is many of this fail job over the db record of usage_job table . -- Regards, Hean Seng
Advice for setting up multiple Location/Country
Hi All I manage to deploy Cloudstack in one location and running for 2months. The always issue happen is the usage data is always not update for Network. I am thinking to deploy it to other location/ country for deploying VMl . There is option of setting up only One ACS master , or Multiple Master . Any one have opinion for this kind of setup ? -- Regards, Hean Seng
Re: Cloudstack developer training
This is great . Thanks for the contribution On Sat, Feb 27, 2021 at 5:27 PM Slavka Peleva wrote: > Hi Giles, > Thanks for sharing and many thanks to the people who worked on it! > ShapeBlue shared part of it with me a year and a half ago, and these > resources were very helpful for my first steps in CloudStack. > > Kind regards, > Slavka > > On Fri, Feb 26, 2021 at 11:14 PM Alireza Eskandari < > astro.alir...@gmail.com> > wrote: > > > Hi Giles, > > As a CloudStack user, I spent lots of time in the code to figure out how > > different parts work and find the root cause of bugs that I face. > > I also tried to install CloudStack as a project in eclipse and run it > > directly from eclipse from some old documents. > > I have learned some courses in Java to enable myself to contribute to the > > CloudStack codebase. > > But each time I look at the code and its sub-projects, my mind is blown > up! > > I thought maybe it is because I don't have any practical java development > > experience yet but a clear document about the code itself could make > > everything easier to understand. > > I appreciate your valuable work. It is something that I have looked for > > many times! > > Regards, > > > > On Fri, Feb 26, 2021 at 7:13 PM Giles Sirett > > > wrote: > > > > > Hi all > > > > > > One of the biggest challenges with Cloudstack is learning its > > architecture > > > and codebase - its big and its complicated. Onboarding new software > > > engineers can be a daunting process. > > > For the last 2 years, we at ShapeBlue have built up a set of resources > to > > > help us with onboarding on new engineers who will be working on > > Cloudstack. > > > > > > This has evolved into a self-study course that we call "hackerbook"- > the > > > logic being that it's a training course that gets engineers hands-on > > > hacking in the code ASAP. It's a mix of videos, exercises and other > > > resources. > > > > > > Today, we've opensourced this resource in order to make it available to > > > anybody who may want to learn to develop on Cloudstack. > > > > > > Feedback and improvement PRs will be warmly accepted > > > > > > Its currently sitting in a shapeblue repo, happy to move under ASF if > > > anybody thinks that's important > > > > > > https://github.com/shapeblue/hackerbook > > > > > > Happy Hacking > > > > > > Kind regards > > > Giles > > > > > > > > > giles.sir...@shapeblue.com > > > www.shapeblue.com > > > 3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK > > > @shapeblue > > > > > > > > > > > > > > > -- Regards, Hean Seng
