Re: System VM's: Agent state disconnected

[Jayapal Reddy Uradi]

Hi,

Follow the below link for troubleshooting.
https://cwiki.apache.org/confluence/display/CLOUDSTACK/SSVM,+templates,+Secondary+storage+troubleshooting

Thanks,
Jayapal

> On 27-Jan-2016, at 12:51 pm, Mohd Zainal Abidin Rabani  
> wrote:
> 
> Hi,
> 
> I have setup 2 host cloudstack and 1 management server. Host2 is currently 
> down as i want to test HA for VM's.
> 
> From Home > Infrasturcture > System VMs , i can see VM state is running but 
> Agent state is disconnected. How to check error for this issue? And what is 
> work around to prevent this happen again?
> 
> 
> -
> Regards,
> Mohd Zainal Abidin Rabani
> Technical Support
> 
> ModernOne Data Solutions Sdn. Bhd.(1119382-D)
> No. 83-2, Jalan TKS 1,
> Kajang Sentral, 43000 Kajang, Selangor.
> T : 03-8737 0030 | F : 03-8737 0070
> E : zai...@nocser.net
> W : www.modern.com.my | www.nocser.net

Re: Quick note about $dayjob

[Jayapal Reddy Uradi]

All the best Sebastien!

-Jayapal

> On 27-Jan-2016, at 11:55 am, Sanjeev N  wrote:
> 
> All the best with your new startup Sebastien !!
> 
> On Wed, Jan 27, 2016 at 10:50 AM, Paul Angus 
> wrote:
> 
>> +1 Seb
>> 
>> Good luck with the start up. Look us up whenever you're in London. Hope we
>> can still get a few rounds of golf in.
>> 
>> 
>> [image: ShapeBlue] 
>> Paul Angus
>> VP Technology ,  ShapeBlue
>> d:  *+44 203 617 0528 | s: +44 203 603 0540*
>> <+44%20203%20617%200528%20%7C%20s:%20+44%20203%20603%200540>  |  m:
>> *+44 7711 418784* <+44%207711%20418784>
>> e:  *paul.an...@shapeblue.com | t: @cloudyangus*
>>   |  w:
>> *www.shapeblue.com* 
>> a:  53 Chandos Place, Covent Garden London WC2N 4HS UK
>> Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue
>> Services India LLP is a company incorporated in India and is operated under
>> license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a
>> company incorporated in Brasil and is operated under license from Shape
>> Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of
>> South Africa and is traded under license from Shape Blue Ltd. ShapeBlue is
>> a registered trademark.
>> This email and any attachments to it may be confidential and are intended
>> solely for the use of the individual to whom it is addressed. Any views or
>> opinions expressed are solely those of the author and do not necessarily
>> represent those of Shape Blue Ltd or related companies. If you are not the
>> intended recipient of this email, you must neither take any action based
>> upon its contents, nor copy or show it to anyone. Please contact the sender
>> if you believe you have received this email in error.
>> 
>> 
>> -Original Message-
>> From: Ian Rae [mailto:i...@cloudops.com]
>> Sent: 27 January 2016 03:58
>> To: d...@cloudstack.apache.org
>> Cc: market...@cloudstack.apache.org; users@cloudstack.apache.org
>> Subject: Re: Quick note about $dayjob
>> 
>> See - thanks for all your service, hard work, patience and above all,
>> collaboration!!!
>> 
>> On Tue, Jan 26, 2016 at 9:30 AM, Sebastien Goasguen 
>> wrote:
>> 
>>> Hi folks,
>>> 
>>> As some of you might have guessed I am changing $dayjob.
>>> 
>>> This is an exciting time for me, but it also means that I will become
>>> less involved with CloudStack. ( I said *less* involved, did not say I
>>> was going to disappear). I have informed the PMC and offered to stop
>>> my VP role ahead of the March deadline. As you know we have a one-year
>>> rotation for the VP role. However if the PMC does not see a problem
>>> with it I will gladly continue until March.
>>> 
>>> I will keep this brief but I wanted to let you know so that you don’t
>>> wonder why my involvement in recent releases and votes has decreased.
>>> 
>>> It is an exciting time for CloudStack as well, with ever greater
>>> releases ( in large part to Remi, Wilder and a few others), a strong
>>> proposal to offer LTS and the commitment from Accelerite.
>>> 
>>> Change is good, challenges are opportunities says Sensei Wu from
>>> Ninjago :)
>>> 
>>> PS:
>>> If you wonder, I am launching my own container startup called
>>> Skippbox. I will grant myself a shameless plug, and if you know anyone
>>> interested in containers and kubernetes I sure could use some help (
>>> https://github.com/skippbox , 
>>> http://secure-web.cisco.com/1lob7tTDKKx5rXoJ0gYMfPVgziN5g3G21sLYUojD1tsn41RRBjKxf-sieqXxfE1fyUqDaJmvO0NR9T_zCGbHVL8qufzq9vxOlrjtMM-ZkpOBlMb87bhvGL1RABCPKlQroXMyv-yi4gnB2ykdAhzeFiBiAypEx95iOK1zJFChdWMJME3v44OyHL537HJVuKMEt/http%3A%2F%2Fwww.skippbox.com%2Fblog%2F),
>>>  github
>>> stars and PRs :)
>>> 
>>> Cheers,
>>> 
>>> -Sebastien
>> 
>> 
>> 
>> 
>> --
>> Ian Rae
>> CEO | PDG
>> c: 514.944.4008
>> 
>> CloudOps | Cloud Infrastructure and Networking Solutions www.cloudops.com
>> | 420 rue Guy | Montreal | Canada | H3J 1S6
>> Find out more about ShapeBlue and our range of CloudStack related services:
>> IaaS Cloud Design & Build
>>  | CSForge – rapid
>> IaaS deployment framework 
>> CloudStack Consulting  | 
>> CloudStack
>> Software Engineering
>> 
>> CloudStack Infrastructure Support
>>  | CloudStack
>> Bootcamp Training Courses 
>> 

Re: ACS Virtual Routers VPN multiple connections‏

[Jayapal Reddy Uradi]

Hi Patrick,

ACS VR is using the openswan ipsec for vpn.
Only one VPN client connection is supported by openswan when multiple clients 
are trying to connect to same public of the VR. This is the limitation from the 
openswan ipsec.

Thanks,
Jayapal


> On 26-Oct-2015, at 4:33 pm, Patrick W.  wrote:
> 
> Hi All,
> 
> 
> 
> 
> 
> I’d like to get some of your feedback about the operation of
> the VPN feature of ACS Virtual Routers. The main problem encountered is the
> fact that only one single L2TP/IPSec connection can be established at a time,
> from the same physical location, behind the same gateway / router / NAT device
> / single public IP. Two or more clients can establish connections if they’re
> not in the same location and behind the same restrictions listed above.
> 
> As this has been observed on multiple locations, with
> various network topologies, setup and hardware, before digging into the 
> network
> configuration and options, I wanted to ensure it’s not a limitation coming 
> from
> the ACS VR itself.
> 
> 
> 
> 
> 
> Has anyone experienced or bypassed the same constraint?
> 
> 
> 
> 
> 
> Thanks in advance
> 
> patrick 

Re: Firewall API in a basic zone

[Jayapal Reddy Uradi]

In basic zone network there is no firewall/firewall provider.
There is only security groups. So you can’ use the firewall APIs.

Thanks,
Jayapal

> On 16-Oct-2015, at 5:10 pm, Jeff Hair  wrote:
> 
> Hi,
> 
> Is it possible to use the firewall API (createFirewall, createFirewallRule,
> etc) in a basic zone?
> 
> The firewall API requires a public IP ID, which as far as I know you can
> only use in advanced zones.
> 
> Documentation says you can use a hardware firewall in basic zones though.
> 
> So is it possible?
> 
> Jeff

Re: DHCP NIC instead of STATIC

[Jayapal Reddy Uradi]

Update the below fields in you config.




BOOTPROTO=static
IPADDR=192.168.1.10
NETMASK=255.255.255.0


-Jayapal

On 07-Sep-2015, at 5:01 pm, Cristian Ciobanu 
mailto:cristian.c@istream.today>> wrote:

Hello,

 I have a question regarding network connection, how can i change the NIC 
to Static IP allocation, because right now the IP are allocated on DHCP for 
VM's ( Cloudstack KVM )

My network card configuration look like this :

[root@test network-scripts]# cat ifcfg-eth0
DEVICE="eth0"
BOOTPROTO="dhcp"
IPV6INIT="yes"
NM_CONTROLLED="yes"
ONBOOT="yes"
TYPE="Ethernet"
PERSISTENT_DHCLIENT=1

Thanks !

Regards,
Cristian

Re: No Extrenal Traffic from inside of the System VM's

[Jayapal Reddy Uradi]

Is it reaching to your default gateway from the SSVM ?
Trace the packets in hypervisor vif, look for the host iptables rules if it is 
blocking. Also look at the host networking like bridge, vlan.

Thanks,
Jayapal
 
> On 26-Aug-2015, at 10:43 pm, ShapeHost  wrote:
> 
> Hello,
> 
>  After many hours to configure all the cloudstack environment i have only 
> a issue.
> 
>  If i ping the SSVM or Console Proxy from external i don't have any issue 
> but if i try to ping from inside of the VM on external, for example 
> google.com or any website (IP) no respond.
> 
>  Also if i'm not able to connect to internet from internal network then 
> i'm not able to add ISO ot Templates to my SSVM  
> 
> 
>  Please help with this issue.
> 
> Thanks !
> Cristian

Re: error logs for all VRs after upgrading ACS from 4.4.2 to 4.5.1

[Jayapal Reddy Uradi]

Hi Sonali,

Can you please tell me what kind of configuration is there in the VR.
How many public interfaces, number of firewall rules etc approximately.

In our lab we want to try with the similar VR config.

THanks,
Jayapal

On 20-Jul-2015, at 3:13 PM, Sonali Jadhav  wrote:

> Hi Jaypal,
> 
> I did not reboot VR outside of cloudstack, since I was in middle of upgrade. 
> I gave cloudstack-sysvmadm cmd, this is the log,
> 
> [root@CSMgmt01 ~]# cat sysvm.log 
> nohup: ignoring input
> Stopping and starting 1 secondary storage vm(s)...
> Done stopping and starting secondary storage vm(s)
> Stopping and starting 1 console proxy vm(s)...
> Done stopping and starting console proxy vm(s) .
> Stopping and starting 11 running routing vm(s)... 
> 
> After that I cross checked all System VMs and VRs, all showing version 4.5 in 
> CloudStack. But like I said before, after reboot of VRs it was gone. 
> 
> 
> /Sonali
> 
> -Original Message-
> From: Jayapal Reddy Uradi [mailto:jayapalreddy.ur...@citrix.com] 
> Sent: Monday, July 20, 2015 3:00 PM
> To: ; Sonali Jadhav
> Subject: Re: error logs for all VRs after upgrading ACS from 4.4.2 to 4.5.1
> 
> Hi Sonali,
> 
> In our lab setup this issue is not reproduced.
> I am trying to understand how NETWORK_STATS is missed in VR. This can be 
> missed if the VR is rebooted outside the cloudstack. If this is not the case 
> some thing might removed the rule. 
> Can you please recollect to understand how this chain is removed.
> 
> Thanks,
> Jayapal
> 
> 
> 
> 
> On 06-Jul-2015, at 1:44 PM, Sonali Jadhav  wrote:
> 
>> Hi,
>> 
>> I had updated acs from 4.4.2 to 4.5.1 three days back. I successfully 
>> executed cmd " nohup cloudstack-sysvmadm -d IPaddress -u cloud -p password 
>> -a > sysvm.log 2>&1 &"  to update VRs.
>> 
>> I also cross checked from ACS, version of each VR. It was 4.5.
>> 
>> But I was seeing these errors in management logs from few VRs. so like you 
>> said I observed in those VR, NETWORK_STATS chain was missing. I just 
>> rebooted them and then I was able to see that chain in iptables. So I 
>> rebooted all those VRs with error logs. And now it seems to be ok.  
>> 
>> /Sonali
>> 
>> -Original Message-
>> From: Jayapal Reddy Uradi [mailto:jayapalreddy.ur...@citrix.com] 
>> Sent: Monday, July 6, 2015 12:45 PM
>> To: 
>> Subject: Re: error logs for all VRs after upgrading ACS from 4.4.2 to 4.5.1
>> 
>> Hi Sonali,
>> 
>> Can you give me some context on how this issue is seen. I want to understand 
>> when these chains got removed in VR.
>> 
>> Thanks,
>> Jayapal
>> 
>> On 06-Jul-2015, at 12:08 PM, Sonali Jadhav  wrote:
>> 
>>> Sorry, error log was not for all VRs but some. 
>>> 
>>> I don't see NETWORK_STATS chains for those. So, I just rebooted, and then 
>>> there it was. I am suspecting VR was not updated ? weird but I was able to 
>>> see version 4.5 of all VRs in ACS. 
>>> I'll keep watch if error comes again.
>>> 
>>> Thanks for help.
>>> 
>>> /Sonali
>>> 
>>> -Original Message-
>>> From: Jayapal Reddy Uradi [mailto:jayapalreddy.ur...@citrix.com] 
>>> Sent: Monday, July 6, 2015 11:00 AM
>>> To: 
>>> Subject: Re: error logs for all VRs after upgrading ACS from 4.4.2 to 4.5.1
>>> 
>>> 
>>> It seems VR does not have the usage related iptables chains.
>>> Please check the 'iptables -L -nv' for NETWORK_STATS chains.
>>> These rules supposed to be configured on VR start.
>>> 
>>> Thanks,
>>> Jayapal
>>> 
>>> 
>>> 
>>> On 06-Jul-2015, at 10:48 AM, Sonali Jadhav 
>>> mailto:son...@servercentralen.se>>
>>> wrote:
>>> 
>>> Hi,
>>> 
>>> After I upgraded ACS from 4.4.2 to 4.5.1, I am seeing following error in 
>>> management server logs, for each and every VR,
>>> 
>>> 
>>> 2015-07-06 07:08:20,721 INFO  [o.a.c.f.j.i.AsyncJobManagerImpl] 
>>> (AsyncJobMgr-Heartbeat-1:ctx-415ba06d) Begin cleanup expired async-jobs
>>> 2015-07-06 07:08:20,733 INFO  [o.a.c.f.j.i.AsyncJobManagerImpl] 
>>> (AsyncJobMgr-Heartbeat-1:ctx-415ba06d) End cleanup expired async-jobs
>>> 2015-07-06 07:08:20,811 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
>>> (ExternalNetworkMonitor-1:ctx-8a22f14d) External devices stats collector is 
>>> running...
>>> 2015-07-06 07:08:20,833 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
&

Re: error logs for all VRs after upgrading ACS from 4.4.2 to 4.5.1

[Jayapal Reddy Uradi]

Hi Sonali,

In our lab setup this issue is not reproduced.
I am trying to understand how NETWORK_STATS is missed in VR. This can be missed 
if the VR is rebooted outside the cloudstack. If this is not the case some 
thing might removed the rule. 
Can you please recollect to understand how this chain is removed.

Thanks,
Jayapal




On 06-Jul-2015, at 1:44 PM, Sonali Jadhav  wrote:

> Hi,
> 
> I had updated acs from 4.4.2 to 4.5.1 three days back. I successfully 
> executed cmd " nohup cloudstack-sysvmadm -d IPaddress -u cloud -p password -a 
> > sysvm.log 2>&1 &"  to update VRs.
> 
> I also cross checked from ACS, version of each VR. It was 4.5.
> 
> But I was seeing these errors in management logs from few VRs. so like you 
> said I observed in those VR, NETWORK_STATS chain was missing. I just rebooted 
> them and then I was able to see that chain in iptables. So I rebooted all 
> those VRs with error logs. And now it seems to be ok.  
> 
> /Sonali
> 
> -Original Message-
> From: Jayapal Reddy Uradi [mailto:jayapalreddy.ur...@citrix.com] 
> Sent: Monday, July 6, 2015 12:45 PM
> To: 
> Subject: Re: error logs for all VRs after upgrading ACS from 4.4.2 to 4.5.1
> 
> Hi Sonali,
> 
> Can you give me some context on how this issue is seen. I want to understand 
> when these chains got removed in VR.
> 
> Thanks,
> Jayapal
> 
> On 06-Jul-2015, at 12:08 PM, Sonali Jadhav  wrote:
> 
>> Sorry, error log was not for all VRs but some. 
>> 
>> I don't see NETWORK_STATS chains for those. So, I just rebooted, and then 
>> there it was. I am suspecting VR was not updated ? weird but I was able to 
>> see version 4.5 of all VRs in ACS. 
>> I'll keep watch if error comes again.
>> 
>> Thanks for help.
>> 
>> /Sonali
>> 
>> -Original Message-
>> From: Jayapal Reddy Uradi [mailto:jayapalreddy.ur...@citrix.com] 
>> Sent: Monday, July 6, 2015 11:00 AM
>> To: 
>> Subject: Re: error logs for all VRs after upgrading ACS from 4.4.2 to 4.5.1
>> 
>> 
>> It seems VR does not have the usage related iptables chains.
>> Please check the 'iptables -L -nv' for NETWORK_STATS chains.
>> These rules supposed to be configured on VR start.
>> 
>> Thanks,
>> Jayapal
>> 
>> 
>> 
>> On 06-Jul-2015, at 10:48 AM, Sonali Jadhav 
>> mailto:son...@servercentralen.se>>
>> wrote:
>> 
>> Hi,
>> 
>> After I upgraded ACS from 4.4.2 to 4.5.1, I am seeing following error in 
>> management server logs, for each and every VR,
>> 
>> 
>> 2015-07-06 07:08:20,721 INFO  [o.a.c.f.j.i.AsyncJobManagerImpl] 
>> (AsyncJobMgr-Heartbeat-1:ctx-415ba06d) Begin cleanup expired async-jobs
>> 2015-07-06 07:08:20,733 INFO  [o.a.c.f.j.i.AsyncJobManagerImpl] 
>> (AsyncJobMgr-Heartbeat-1:ctx-415ba06d) End cleanup expired async-jobs
>> 2015-07-06 07:08:20,811 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
>> (ExternalNetworkMonitor-1:ctx-8a22f14d) External devices stats collector is 
>> running...
>> 2015-07-06 07:08:20,833 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
>> (ExternalNetworkMonitor-1:ctx-8a22f14d) Network 204 is not configured for 
>> external networking, so skipping usage check.
>> 2015-07-06 07:08:20,835 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
>> (ExternalNetworkMonitor-1:ctx-8a22f14d) Network 219 is not configured for 
>> external networking, so skipping usage check.
>> 2015-07-06 07:08:20,838 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
>> (ExternalNetworkMonitor-1:ctx-8a22f14d) Network 220 is not configured for 
>> external networking, so skipping usage check.
>> 2015-07-06 07:08:20,846 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
>> (ExternalNetworkMonitor-1:ctx-8a22f14d) Network 211 is not configured for 
>> external networking, so skipping usage check.
>> 2015-07-06 07:08:20,851 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
>> (ExternalNetworkMonitor-1:ctx-8a22f14d) Network 212 is not configured for 
>> external networking, so skipping usage check.
>> 2015-07-06 07:08:20,853 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
>> (ExternalNetworkMonitor-1:ctx-8a22f14d) Network 213 is not configured for 
>> external networking, so skipping usage check.
>> 2015-07-06 07:08:20,855 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
>> (ExternalNetworkMonitor-1:ctx-8a22f14d) Network 222 is not configured for 
>> external networking, so skipping usage check.
>> 2015-07-06 07:08:20,858 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
>> (ExternalNetworkMonitor-1:ctx-8a22f14d) Network 223 is not configured for 
>&

Re: error logs for all VRs after upgrading ACS from 4.4.2 to 4.5.1

[Jayapal Reddy Uradi]

Hi Sonali,

Can you please check the MS logs for NetworkUsageCommand and answer for the 
errors on VR start after upgrade.

Thanks,
Jayapal
On 06-Jul-2015, at 1:44 PM, Sonali Jadhav 
 wrote:

> Hi,
> 
> I had updated acs from 4.4.2 to 4.5.1 three days back. I successfully 
> executed cmd " nohup cloudstack-sysvmadm -d IPaddress -u cloud -p password -a 
> > sysvm.log 2>&1 &"  to update VRs.
> 
> I also cross checked from ACS, version of each VR. It was 4.5.
> 
> But I was seeing these errors in management logs from few VRs. so like you 
> said I observed in those VR, NETWORK_STATS chain was missing. I just rebooted 
> them and then I was able to see that chain in iptables. So I rebooted all 
> those VRs with error logs. And now it seems to be ok.  
> 
> /Sonali
> 
> -Original Message-
> From: Jayapal Reddy Uradi [mailto:jayapalreddy.ur...@citrix.com] 
> Sent: Monday, July 6, 2015 12:45 PM
> To: 
> Subject: Re: error logs for all VRs after upgrading ACS from 4.4.2 to 4.5.1
> 
> Hi Sonali,
> 
> Can you give me some context on how this issue is seen. I want to understand 
> when these chains got removed in VR.
> 
> Thanks,
> Jayapal
> 
> On 06-Jul-2015, at 12:08 PM, Sonali Jadhav  wrote:
> 
>> Sorry, error log was not for all VRs but some. 
>> 
>> I don't see NETWORK_STATS chains for those. So, I just rebooted, and then 
>> there it was. I am suspecting VR was not updated ? weird but I was able to 
>> see version 4.5 of all VRs in ACS. 
>> I'll keep watch if error comes again.
>> 
>> Thanks for help.
>> 
>> /Sonali
>> 
>> -Original Message-
>> From: Jayapal Reddy Uradi [mailto:jayapalreddy.ur...@citrix.com] 
>> Sent: Monday, July 6, 2015 11:00 AM
>> To: 
>> Subject: Re: error logs for all VRs after upgrading ACS from 4.4.2 to 4.5.1
>> 
>> 
>> It seems VR does not have the usage related iptables chains.
>> Please check the 'iptables -L -nv' for NETWORK_STATS chains.
>> These rules supposed to be configured on VR start.
>> 
>> Thanks,
>> Jayapal
>> 
>> 
>> 
>> On 06-Jul-2015, at 10:48 AM, Sonali Jadhav 
>> mailto:son...@servercentralen.se>>
>> wrote:
>> 
>> Hi,
>> 
>> After I upgraded ACS from 4.4.2 to 4.5.1, I am seeing following error in 
>> management server logs, for each and every VR,
>> 
>> 
>> 2015-07-06 07:08:20,721 INFO  [o.a.c.f.j.i.AsyncJobManagerImpl] 
>> (AsyncJobMgr-Heartbeat-1:ctx-415ba06d) Begin cleanup expired async-jobs
>> 2015-07-06 07:08:20,733 INFO  [o.a.c.f.j.i.AsyncJobManagerImpl] 
>> (AsyncJobMgr-Heartbeat-1:ctx-415ba06d) End cleanup expired async-jobs
>> 2015-07-06 07:08:20,811 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
>> (ExternalNetworkMonitor-1:ctx-8a22f14d) External devices stats collector is 
>> running...
>> 2015-07-06 07:08:20,833 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
>> (ExternalNetworkMonitor-1:ctx-8a22f14d) Network 204 is not configured for 
>> external networking, so skipping usage check.
>> 2015-07-06 07:08:20,835 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
>> (ExternalNetworkMonitor-1:ctx-8a22f14d) Network 219 is not configured for 
>> external networking, so skipping usage check.
>> 2015-07-06 07:08:20,838 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
>> (ExternalNetworkMonitor-1:ctx-8a22f14d) Network 220 is not configured for 
>> external networking, so skipping usage check.
>> 2015-07-06 07:08:20,846 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
>> (ExternalNetworkMonitor-1:ctx-8a22f14d) Network 211 is not configured for 
>> external networking, so skipping usage check.
>> 2015-07-06 07:08:20,851 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
>> (ExternalNetworkMonitor-1:ctx-8a22f14d) Network 212 is not configured for 
>> external networking, so skipping usage check.
>> 2015-07-06 07:08:20,853 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
>> (ExternalNetworkMonitor-1:ctx-8a22f14d) Network 213 is not configured for 
>> external networking, so skipping usage check.
>> 2015-07-06 07:08:20,855 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
>> (ExternalNetworkMonitor-1:ctx-8a22f14d) Network 222 is not configured for 
>> external networking, so skipping usage check.
>> 2015-07-06 07:08:20,858 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
>> (ExternalNetworkMonitor-1:ctx-8a22f14d) Network 223 is not configured for 
>> external networking, so skipping usage check.
>> 2015-07-06 07:08:20,884 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
>> (ExternalNetworkMonitor-1:ctx-8a22f14d) Network 215 is not co

Re: error logs for all VRs after upgrading ACS from 4.4.2 to 4.5.1

[Jayapal Reddy Uradi]

Hi Sonali,

Can you give me some context on how this issue is seen. I want to understand 
when these chains got removed in VR.

Thanks,
Jayapal

On 06-Jul-2015, at 12:08 PM, Sonali Jadhav  wrote:

> Sorry, error log was not for all VRs but some. 
> 
> I don't see NETWORK_STATS chains for those. So, I just rebooted, and then 
> there it was. I am suspecting VR was not updated ? weird but I was able to 
> see version 4.5 of all VRs in ACS. 
> I'll keep watch if error comes again.
> 
> Thanks for help.
> 
> /Sonali
> 
> -----Original Message-
> From: Jayapal Reddy Uradi [mailto:jayapalreddy.ur...@citrix.com] 
> Sent: Monday, July 6, 2015 11:00 AM
> To: 
> Subject: Re: error logs for all VRs after upgrading ACS from 4.4.2 to 4.5.1
> 
> 
> It seems VR does not have the usage related iptables chains.
> Please check the 'iptables -L -nv' for NETWORK_STATS chains.
> These rules supposed to be configured on VR start.
> 
> Thanks,
> Jayapal
> 
> 
> 
> On 06-Jul-2015, at 10:48 AM, Sonali Jadhav 
> mailto:son...@servercentralen.se>>
> wrote:
> 
> Hi,
> 
> After I upgraded ACS from 4.4.2 to 4.5.1, I am seeing following error in 
> management server logs, for each and every VR,
> 
> 
> 2015-07-06 07:08:20,721 INFO  [o.a.c.f.j.i.AsyncJobManagerImpl] 
> (AsyncJobMgr-Heartbeat-1:ctx-415ba06d) Begin cleanup expired async-jobs
> 2015-07-06 07:08:20,733 INFO  [o.a.c.f.j.i.AsyncJobManagerImpl] 
> (AsyncJobMgr-Heartbeat-1:ctx-415ba06d) End cleanup expired async-jobs
> 2015-07-06 07:08:20,811 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
> (ExternalNetworkMonitor-1:ctx-8a22f14d) External devices stats collector is 
> running...
> 2015-07-06 07:08:20,833 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
> (ExternalNetworkMonitor-1:ctx-8a22f14d) Network 204 is not configured for 
> external networking, so skipping usage check.
> 2015-07-06 07:08:20,835 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
> (ExternalNetworkMonitor-1:ctx-8a22f14d) Network 219 is not configured for 
> external networking, so skipping usage check.
> 2015-07-06 07:08:20,838 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
> (ExternalNetworkMonitor-1:ctx-8a22f14d) Network 220 is not configured for 
> external networking, so skipping usage check.
> 2015-07-06 07:08:20,846 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
> (ExternalNetworkMonitor-1:ctx-8a22f14d) Network 211 is not configured for 
> external networking, so skipping usage check.
> 2015-07-06 07:08:20,851 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
> (ExternalNetworkMonitor-1:ctx-8a22f14d) Network 212 is not configured for 
> external networking, so skipping usage check.
> 2015-07-06 07:08:20,853 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
> (ExternalNetworkMonitor-1:ctx-8a22f14d) Network 213 is not configured for 
> external networking, so skipping usage check.
> 2015-07-06 07:08:20,855 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
> (ExternalNetworkMonitor-1:ctx-8a22f14d) Network 222 is not configured for 
> external networking, so skipping usage check.
> 2015-07-06 07:08:20,858 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
> (ExternalNetworkMonitor-1:ctx-8a22f14d) Network 223 is not configured for 
> external networking, so skipping usage check.
> 2015-07-06 07:08:20,884 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
> (ExternalNetworkMonitor-1:ctx-8a22f14d) Network 215 is not configured for 
> external networking, so skipping usage check.
> 2015-07-06 07:08:20,887 DEBUG [c.c.n.r.VirtualNetworkApplianceManagerImpl] 
> (RouterMonitor-1:ctx-91d5dc5d) Found 10 running routers.
> 2015-07-06 07:08:20,893 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
> (ExternalNetworkMonitor-1:ctx-8a22f14d) Network 216 is not configured for 
> external networking, so skipping usage check.
> 2015-07-06 07:08:20,894 DEBUG [c.c.n.r.VirtualNetworkApplianceManagerImpl] 
> (RouterStatusMonitor-1:ctx-50b5b42f) Found 11 routers to update status.
> 2015-07-06 07:08:20,898 DEBUG [c.c.n.r.VirtualNetworkApplianceManagerImpl] 
> (RouterStatusMonitor-1:ctx-50b5b42f) Found 0 networks to update RvR status.
> 2015-07-06 07:08:20,899 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
> (ExternalNetworkMonitor-1:ctx-8a22f14d) Network 217 is not configured for 
> external networking, so skipping usage check.
> 2015-07-06 07:08:20,910 DEBUG [c.c.a.m.DirectAgentAttache] 
> (DirectAgent-284:ctx-0e4c6018) Seq 5-6790865288121300428: Executing request
> 2015-07-06 07:08:20,915 DEBUG [c.c.h.x.r.CitrixResourceBase] 
> (DirectAgent-284:ctx-0e4c6018) Executing command in VR: 
> /opt/cloud/bin/router_proxy.sh netusage.sh 169.254.2.197 -g
> 2015-07-06 07:08:21,041 DEBUG [c.c.s.s.SnapshotSchedulerImpl] 
> (SnapshotPollTask:ctx-60440aa6) Snapshot scheduler.po

Re: error logs for all VRs after upgrading ACS from 4.4.2 to 4.5.1

[Jayapal Reddy Uradi]

It seems VR does not have the usage related iptables chains.
Please check the 'iptables -L -nv' for NETWORK_STATS chains.
These rules supposed to be configured on VR start.

Thanks,
Jayapal



On 06-Jul-2015, at 10:48 AM, Sonali Jadhav 
mailto:son...@servercentralen.se>>
 wrote:

Hi,

After I upgraded ACS from 4.4.2 to 4.5.1, I am seeing following error in 
management server logs, for each and every VR,


2015-07-06 07:08:20,721 INFO  [o.a.c.f.j.i.AsyncJobManagerImpl] 
(AsyncJobMgr-Heartbeat-1:ctx-415ba06d) Begin cleanup expired async-jobs
2015-07-06 07:08:20,733 INFO  [o.a.c.f.j.i.AsyncJobManagerImpl] 
(AsyncJobMgr-Heartbeat-1:ctx-415ba06d) End cleanup expired async-jobs
2015-07-06 07:08:20,811 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
(ExternalNetworkMonitor-1:ctx-8a22f14d) External devices stats collector is 
running...
2015-07-06 07:08:20,833 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
(ExternalNetworkMonitor-1:ctx-8a22f14d) Network 204 is not configured for 
external networking, so skipping usage check.
2015-07-06 07:08:20,835 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
(ExternalNetworkMonitor-1:ctx-8a22f14d) Network 219 is not configured for 
external networking, so skipping usage check.
2015-07-06 07:08:20,838 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
(ExternalNetworkMonitor-1:ctx-8a22f14d) Network 220 is not configured for 
external networking, so skipping usage check.
2015-07-06 07:08:20,846 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
(ExternalNetworkMonitor-1:ctx-8a22f14d) Network 211 is not configured for 
external networking, so skipping usage check.
2015-07-06 07:08:20,851 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
(ExternalNetworkMonitor-1:ctx-8a22f14d) Network 212 is not configured for 
external networking, so skipping usage check.
2015-07-06 07:08:20,853 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
(ExternalNetworkMonitor-1:ctx-8a22f14d) Network 213 is not configured for 
external networking, so skipping usage check.
2015-07-06 07:08:20,855 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
(ExternalNetworkMonitor-1:ctx-8a22f14d) Network 222 is not configured for 
external networking, so skipping usage check.
2015-07-06 07:08:20,858 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
(ExternalNetworkMonitor-1:ctx-8a22f14d) Network 223 is not configured for 
external networking, so skipping usage check.
2015-07-06 07:08:20,884 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
(ExternalNetworkMonitor-1:ctx-8a22f14d) Network 215 is not configured for 
external networking, so skipping usage check.
2015-07-06 07:08:20,887 DEBUG [c.c.n.r.VirtualNetworkApplianceManagerImpl] 
(RouterMonitor-1:ctx-91d5dc5d) Found 10 running routers.
2015-07-06 07:08:20,893 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
(ExternalNetworkMonitor-1:ctx-8a22f14d) Network 216 is not configured for 
external networking, so skipping usage check.
2015-07-06 07:08:20,894 DEBUG [c.c.n.r.VirtualNetworkApplianceManagerImpl] 
(RouterStatusMonitor-1:ctx-50b5b42f) Found 11 routers to update status.
2015-07-06 07:08:20,898 DEBUG [c.c.n.r.VirtualNetworkApplianceManagerImpl] 
(RouterStatusMonitor-1:ctx-50b5b42f) Found 0 networks to update RvR status.
2015-07-06 07:08:20,899 DEBUG [c.c.n.ExternalDeviceUsageManagerImpl] 
(ExternalNetworkMonitor-1:ctx-8a22f14d) Network 217 is not configured for 
external networking, so skipping usage check.
2015-07-06 07:08:20,910 DEBUG [c.c.a.m.DirectAgentAttache] 
(DirectAgent-284:ctx-0e4c6018) Seq 5-6790865288121300428: Executing request
2015-07-06 07:08:20,915 DEBUG [c.c.h.x.r.CitrixResourceBase] 
(DirectAgent-284:ctx-0e4c6018) Executing command in VR: 
/opt/cloud/bin/router_proxy.sh netusage.sh 169.254.2.197 -g
2015-07-06 07:08:21,041 DEBUG [c.c.s.s.SnapshotSchedulerImpl] 
(SnapshotPollTask:ctx-60440aa6) Snapshot scheduler.poll is being called at 
2015-07-06 05:08:21 GMT
2015-07-06 07:08:21,043 DEBUG [c.c.s.s.SnapshotSchedulerImpl] 
(SnapshotPollTask:ctx-60440aa6) Got 0 snapshots to be executed at 2015-07-06 
05:08:21 GMT
2015-07-06 07:08:21,337 WARN  [c.c.h.x.r.XenServer56Resource] 
(DirectAgent-284:ctx-0e4c6018) Failed to get network usage stats due to
java.lang.NumberFormatException: For input string: "iptables"
   at 
java.lang.NumberFormatException.forInputString(NumberFormatException.java:65)
   at java.lang.Long.parseLong(Long.java:441)
   at java.lang.Long.(Long.java:702)
   at 
com.cloud.hypervisor.xenserver.resource.CitrixResourceBase.getNetworkStats(CitrixResourceBase.java:2225)
   at 
com.cloud.hypervisor.xenserver.resource.XenServer56Resource.execute(XenServer56Resource.java:204)
   at 
com.cloud.hypervisor.xenserver.resource.XenServer56Resource.executeRequest(XenServer56Resource.java:62)
   at 
com.cloud.hypervisor.xenserver.resource.XenServer610Resource.executeRequest(XenServer610Resource.java:87)
   at 
com.cloud.hypervisor.xenserver.resource.XenServer620SP1Resource.executeRequest(XenSe

Re: Public IP Missing.

[Jayapal Reddy Uradi]

Hi Rajsekhar,

Try setting public ip address table columns state=Free, removed= and 
allocated=null.

Thanks,
Jayapal 

On 12-May-2015, at 4:06 AM, raja sekhar  wrote:

> Hi All,
> 
> I have created a shared network in ACS 4.3.1.
> When ever i want to remove the network from UI, it is showing error unable
> to remove network. There are no vm's under this network.
> I tried to remove the network from backend by executing these commands in
> DB.
> 
> update networks set state='Destroy',removed=now() where id=315;
> update vm_instance set state='Stopped' where id=393;
> update vm_instance set removed=now() where id=393;
> update domain_router set public_ip_address='NULL' where id=393;
> update nics set state='Deallocating' where id=747;
> update nics set removed=now() where id=747;
> 
> Now the network is removed from ui, but the public ip is not getting free.
> what is the procedure and commands to be executed in order to free the
> public ip from backend.
> 
> 
> Regards,
> Rajasekhar.

Re: Virtual Router Troubleshooting (howto?)

[Jayapal Reddy Uradi]

Hi Franky,

When VR get started from the Cloudstack management server you will find 
'StartCommand' in logs.
After this command CS sends ping trials  to VR. During this time VR will be in 
starting state.
Once the ping is success CS marks it as running state in CS DB.

You need to follow VR deploy related MS logs.

Thanks,
Jayapal

On 06-May-2015, at 5:07 AM, Franky Hall  wrote:

> So my virtual router was not receiving DHCP requests. When rebooted it would 
> only bring up eth0 and not eth1. So I destroyed it. Cloudstack didn’t 
> recreate it until I made a new VM. I saw the new VR get created in vCenter, 
> but then nothing. CS says ‘Starting’ and nothing is happening in vCenter. The 
> VM exists now, but it’s not running and there are no pending tasks.
> 
> How does one continue troubleshooting from here? I can tail the 
> management-server log, but it’s so verbose it’s nearly impossible to tell 
> what’s related to the VR and what’s not.  How do I see the status on the VR 
> creation? I’d love to learn how to troubleshoot these problems in CloudStack; 
> they always drain hours out of my day and in the end I feel like I didn’t do 
> anything. CS just fixes itself afar a few hours. That’s great and all, but 
> it’s a few hours my entire infrastructure is unusable while my hands are tied.
> 
> I have five dedicated vmware 5.5 hosts running in a DRS cluster with 
> CloudStack 4.4.2. Just looking for tips on how to troubleshoot VR and SS 
> problems..
> 
> Thanks!
> -Franky
> 
> 

Re: XenServer 6.5 - Security Groups

[Jayapal Reddy Uradi]

Hi Rohit,

I don't have the setup right now. Once the setup is up I will update here.

Thanks,
Jayapal

On 24-Apr-2015, at 6:31 PM, Rohit Yadav 
 wrote:

> Hi Jayapal/Somesh,
> 
> Security groups would have never worked with XS 6.5 due to the issues I 
> found; the first one was related to ipset version change, change in 
> input/output and the issue of entry overflow when iphash type was used; the 
> other issue I found and fixed was related to the util.pread2 output which did 
> not include a newline, the actually commands has their last args removed.
> 
> All these issues have been fixed now, and 4.5 seems to work for me with XS 
> 6.5. Though it would be great if others can test and confirm the same.
> 
>> On 23-Apr-2015, at 6:41 am, Jayapal Reddy Uradi 
>>  wrote:
>> 
>> Hi Koushik,
>> 
>> The changes can be done on ipset version also (version 6 and above), So that 
>> no change setname needed for xenserver 6.2.
>> On xenserver upgrade to 6.5 host will restart (correct if I am wrong), on 
>> host restart rules get updated from CS.
>> 
>> THanks,
>> Jayapal
>> 
>> 
>> On 22-Apr-2015, at 10:49 AM, Koushik Das  wrote:
>> 
>>> Would it make sense to use nethash or iphash based on the ipset version? In 
>>> Rohit's change I see that for both XS 6.2 and 6.5 nethash is used.
>>> 
>>> -Original Message-
>>> From: Tim Mackey [mailto:tmac...@gmail.com]
>>> Sent: Wednesday, 22 April 2015 0:11
>>> To: users@cloudstack.apache.org
>>> Subject: Re: XenServer 6.5 - Security Groups
>>> 
>>> Geoff,
>>> 
>>> I just went through the changelog for ipset, and its a pretty safe bet 
>>> that's where the problems are.  In XenServer 6.2, ipset is version 4.5 
>>> while XenServer 6.5 uses ipset version 6.11.  With version 5, upstream did 
>>> a major rewrite of ipset.  iptables also changed, but it's not as dramatic.
>>> I'm going to try and build with Rohit's change and test tonight or tomorrow.
>>> 
>>> -tim
>>> 
>>> On Tue, Apr 21, 2015 at 2:41 AM, Abhinandan Prateek < 
>>> abhinandan.prat...@shapeblue.com> wrote:
>>> 
>>>> The security groups are working but with errors. All the recommended
>>>> settings are in place.
>>>> 
>>>> In the log files there are many delete failures like:
>>>> 
>>>> Failed to delete rule log file /var/run/cloud/i-2-4-VM.ip
>>>> 10.51.212.24-cloud.log:2015-04-17 11:45:08DEBUG [root] Ignoring
>>>> failure to delete rules for vm i-2-4-VM
>>>> 10.51.212.24-cloud.log:2015-04-17 11:45:08DEBUG [root] Ignoring
>>>> failure to delete rules for vm i-2-4-VM
>>>> 10.51.212.24-cloud.log:2015-04-17 11:45:09DEBUG [root] Ignoring
>>>> failure to delete ebtables chain for vm i-2-4-VM
>>>> 10.51.212.24-cloud.log:2015-04-17 11:45:09DEBUG [root] Creating ipset
>>>> chain  i-2-4-VM
>>>> 10.51.212.24-cloud.log:2015-04-17 11:45:09DEBUG [root] Writing log to
>>>> /var/run/cloud/i-2-4-VM.log
>>>> 10.51.212.24-cloud.log:2015-04-17 11:45:09DEBUG [root] Programmed
>>>> default rules for vm i-2-4-VM
>>>> 10.51.212.24-cloud.log:2015-04-17 11:45:09DEBUG [root] No change in
>>>> default info set of vm i-2-4-VM
>>>> 10.51.212.24-cloud.log:2015-04-17 11:45:09DEBUG [root] Seqno increased
>>>> from -1 to 17: reprogamming ingress rules for vm i-2-4-VM
>>>> 10.51.212.24-cloud.log:2015-04-17 11:45:09DEBUG [root] Programming
>>>> network rules for vm  i-2-4-VM seqno=17 numrules=3
>>>> signature=fd07c7713376d8906fb71eb8328224ca guestIp=10.170.20.61,
>>>> update iptables, reason=seqno_change_or_sig_change
>>>> 10.51.212.24-cloud.log:2015-04-17 11:45:09DEBUG [root] ['iptables',
>>>> '-I', 'i-2-4-VM', '-p', 'icmp', '--icmp-type', 'any', '-j', 'ACCEPT']
>>>> 10.51.212.24-cloud.log:2015-04-17 11:45:09DEBUG [root] ipset chain
>>>> already existsi-2-4-VM_tcp_22_22
>>>> 
>>>> 
>>>> Looks like due to delete failure the subsequent rule change fails to
>>>> apply ?
>>>> 
>>>> -abhi
>>>> 
>>>>> On 21-Apr-2015, at 9:56 am, Koushik Das  wrote:
>>>>> 
>>>>> What is the output of "cat /etc/sysctl.conf"? Update it as per
>>>> http://cloudstack-insta

Re: XenServer 6.5 - Security Groups

[Jayapal Reddy Uradi]

Hi Koushik,

The changes can be done on ipset version also (version 6 and above), So that no 
change setname needed for xenserver 6.2.
On xenserver upgrade to 6.5 host will restart (correct if I am wrong), on host 
restart rules get updated from CS.

THanks,
Jayapal


On 22-Apr-2015, at 10:49 AM, Koushik Das  wrote:

> Would it make sense to use nethash or iphash based on the ipset version? In 
> Rohit's change I see that for both XS 6.2 and 6.5 nethash is used.
> 
> -Original Message-
> From: Tim Mackey [mailto:tmac...@gmail.com] 
> Sent: Wednesday, 22 April 2015 0:11
> To: users@cloudstack.apache.org
> Subject: Re: XenServer 6.5 - Security Groups
> 
> Geoff,
> 
> I just went through the changelog for ipset, and its a pretty safe bet that's 
> where the problems are.  In XenServer 6.2, ipset is version 4.5 while 
> XenServer 6.5 uses ipset version 6.11.  With version 5, upstream did a major 
> rewrite of ipset.  iptables also changed, but it's not as dramatic.
> I'm going to try and build with Rohit's change and test tonight or tomorrow.
> 
> -tim
> 
> On Tue, Apr 21, 2015 at 2:41 AM, Abhinandan Prateek < 
> abhinandan.prat...@shapeblue.com> wrote:
> 
>> The security groups are working but with errors. All the recommended 
>> settings are in place.
>> 
>> In the log files there are many delete failures like:
>> 
>> Failed to delete rule log file /var/run/cloud/i-2-4-VM.ip
>> 10.51.212.24-cloud.log:2015-04-17 11:45:08DEBUG [root] Ignoring
>> failure to delete rules for vm i-2-4-VM
>> 10.51.212.24-cloud.log:2015-04-17 11:45:08DEBUG [root] Ignoring
>> failure to delete rules for vm i-2-4-VM
>> 10.51.212.24-cloud.log:2015-04-17 11:45:09DEBUG [root] Ignoring
>> failure to delete ebtables chain for vm i-2-4-VM
>> 10.51.212.24-cloud.log:2015-04-17 11:45:09DEBUG [root] Creating ipset
>> chain  i-2-4-VM
>> 10.51.212.24-cloud.log:2015-04-17 11:45:09DEBUG [root] Writing log to
>> /var/run/cloud/i-2-4-VM.log
>> 10.51.212.24-cloud.log:2015-04-17 11:45:09DEBUG [root] Programmed
>> default rules for vm i-2-4-VM
>> 10.51.212.24-cloud.log:2015-04-17 11:45:09DEBUG [root] No change in
>> default info set of vm i-2-4-VM
>> 10.51.212.24-cloud.log:2015-04-17 11:45:09DEBUG [root] Seqno increased
>> from -1 to 17: reprogamming ingress rules for vm i-2-4-VM
>> 10.51.212.24-cloud.log:2015-04-17 11:45:09DEBUG [root] Programming
>> network rules for vm  i-2-4-VM seqno=17 numrules=3 
>> signature=fd07c7713376d8906fb71eb8328224ca guestIp=10.170.20.61, 
>> update iptables, reason=seqno_change_or_sig_change
>> 10.51.212.24-cloud.log:2015-04-17 11:45:09DEBUG [root] ['iptables',
>> '-I', 'i-2-4-VM', '-p', 'icmp', '--icmp-type', 'any', '-j', 'ACCEPT']
>> 10.51.212.24-cloud.log:2015-04-17 11:45:09DEBUG [root] ipset chain
>> already existsi-2-4-VM_tcp_22_22
>> 
>> 
>> Looks like due to delete failure the subsequent rule change fails to 
>> apply ?
>> 
>> -abhi
>> 
>>> On 21-Apr-2015, at 9:56 am, Koushik Das  wrote:
>>> 
>>> What is the output of "cat /etc/sysctl.conf"? Update it as per
>> http://cloudstack-installation.readthedocs.org/en/latest/hypervisor/xenserver.html.
>> If there was an upgrade from XS 6.2 to XS 6.5, then changes to 
>> sysctl.conf is not persisted.
>>> 
>>> 
>>> On 21-Apr-2015, at 6:24 AM, Tim Mackey  wrote:
>>> 
 Geoff, was this a fresh install of both XenServer and CloudStack, 
 or was there any post install steps or upgrades?  I'm thinking of 
 setting this
>> up
 and tracing things tomorrow.  Might be good to get your logs to 
 compare against what I see.
 On Apr 20, 2015 3:24 PM, "Geoff Higginbottom" < 
 geoff.higginbot...@shapeblue.com> wrote:
 
> FYI we have just re-deployed the environment using ACS 4.4.3 and
>> XenServer
> 6.2 and now it is all working as expected.
> 
> We now need to work out if the problem is with ACS 4.5.1 or 
> XenServer
>> 6.5
> 
> Regards
> 
> Geoff Higginbottom
> 
> D: +44 20 3603 0542 | S: +44 20 3603 0540 | M: +447968161581
> 
> geoff.higginbot...@shapeblue.com
> 
> -Original Message-
> From: Geoff Higginbottom [mailto:geoff.higginbot...@shapeblue.com]
> Sent: 20 April 2015 17:52
> To: users@cloudstack.apache.org
> Subject: RE: XenServer 6.5 - Security Groups
> 
> Many thank Somesh
> 
> Regards
> 
> Geoff Higginbottom
> 
> D: +44 20 3603 0542 | S: +44 20 3603 0540 | M: +447968161581
> 
> geoff.higginbot...@shapeblue.com
> 
> -Original Message-
> From: Somesh Naidu [mailto:somesh.na...@citrix.com]
> Sent: 20 April 2015 15:55
> To: users@cloudstack.apache.org
> Subject: RE: XenServer 6.5 - Security Groups
> 
> I am running 4.5.0. I probably don't use my lab setup that often 
> to encounter these inconsistencies. I will look for any XS 
> hotfixes that
>> have
> fixes around this area and let you know if I find one.
> 
> S

Re: CloudStack hands out IP address of a stopped VM

[Jayapal Reddy Uradi]

 
> Note that, for a given VM, the private_ip_address/private_mac_address in 
> vm_instance table and ip4_address/mac_address in nics table should match.
> 
> It would be interesting to check if this VM was destroyed at some point and 
> then recovered manually or via recoverVirtualMachine API.
> 
> Somesh
> CloudPlatform Escalations
> Citrix Systems, Inc.
> 
> -Original Message-
> From: Kyle Flavin [mailto:kyle.fla...@citrix.com]
> Sent: Tuesday, April 14, 2015 12:10 PM
> To: users@cloudstack.apache.org
> Subject: RE: CloudStack hands out IP address of a stopped VM
> 
> In the WebUI, I saw no NIC associated with the machine (maybe the user 
> deleted it?).  So I went ahead and added one:
> 
> mysql> select * from nics where instance_id='2071';
> +--+--+-+---+---+---+--+-+---++--+---+--+---++---+-+---+-+-+-+-+-+-+--+--+-+
> | id   | uuid | instance_id | mac_address 
>   | ip4_address   | netmask   | gateway  | ip_type | broadcast_uri | 
> network_id | mode | state | strategy | reserver_name | reservation_id 
> | device_id | update_time | isolation_uri | ip6_address | default_nic 
> | vm_type | created | removed | ip6_gateway | ip6_cidr | 
> secondary_ip | display_nic |
> +--+--+-+---+---+---+--+-+---++--+---+--+---++---+-+---+-+-+-+-+-+-+--+--+-+
> | 2793 | 84566500-6a7e-4c3a-8035-d4b98f1ecebe |101 | 
> 06:50:a2:00:0a:ab | 10.1.131.11 | 255.255.254.0 | 10.1.130.1 | Ip4 | 
> vlan://111   |206 | Dhcp | Allocated | Create   | DirectNetworkGuru | 
> NULL   | 0 | 2015-04-14 09:01:30 | vlan://111   | NULL
> |   0 | User| 2015-04-14 16:01:30 | NULL| NULL| NULL  
>|0 |   1 |
> +--+--+-+---+---+---+--+-+---++--+---+--+---++---+-+---+-+-+-+-+-+-+--+--+-+
> 
> 
> 
> However, the IP address assigned in the nics table doesn't match the one in 
> the vm_instance table:
> 
> 
> mysql> select id,name,private_ip_address from vm_instance where 
> name='myhost';
>
> +--+++
> | id   | name   | private_ip_address |
> +--+++
> | 101 | myhost | 10.1.131.0   |
> +--+++
> 1 row in set (0.00 sec)
> 
> 
> Shouldn't that IP have been updated as well?
> 
> 
> -Original Message-
> From: Jayapal Reddy Uradi [mailto:jayapalreddy.ur...@citrix.com]
> Sent: Monday, April 13, 2015 9:47 PM
> To: 
> Subject: Re: CloudStack hands out IP address of a stopped VM
> 
> Hi Kyle,
> 
> My suggestion is take nic entry of the vm which is removed (in the same 
> network) and edit it for your VM.
> While editing take care of the values of instance_id, ip, mac_address, state, 
> default_nic, removed, display_nic and strategy columns.
> 
> 
> Thanks,
> Jayapal
> 
> On 14-Apr-2015, at 9:18 AM, Sanjeev N  wrote:
> 
>> When a vm is in expunging state, NIC table entry should be marked as 
>> removed in DB. If you are sure about the IP address rendered by CS to 
>> the VM , you can try adding the entry in db.
>> 
>> On Tue, Apr 14, 2015 at 2:45 AM, Kyle Flavin  wrote:
>> 
>>> Jayapal,
>>> Is it safe for me to attempt to re-add the entry through the 
>>> database, since the VM is still in use?
>>> 
>>> Also, I've noticed that there are expunged VM's with entries still in 
>>> the NIC table.  Should that be the case?  Or should the record have 
>>> been removed when the VM was deleted?
>>> 
&g

Re: CloudStack hands out IP address of a stopped VM

[Jayapal Reddy Uradi]

Hi Kyle,

My suggestion is take nic entry of the vm which is removed (in the same 
network) and edit it for your VM.
While editing take care of the values of instance_id, ip, mac_address, state, 
default_nic, removed, display_nic and strategy columns.


Thanks,
Jayapal

On 14-Apr-2015, at 9:18 AM, Sanjeev N  wrote:

> When a vm is in expunging state, NIC table entry should be marked as
> removed in DB. If you are sure about the IP address rendered by CS to the
> VM , you can try adding the entry in db.
> 
> On Tue, Apr 14, 2015 at 2:45 AM, Kyle Flavin  wrote:
> 
>> Jayapal,
>> Is it safe for me to attempt to re-add the entry through the database,
>> since the VM is still in use?
>> 
>> Also, I've noticed that there are expunged VM's with entries still in the
>> NIC table.  Should that be the case?  Or should the record have been
>> removed when the VM was deleted?
>> 
>> -Original Message-
>> From: Jayapal Reddy Uradi [mailto:jayapalreddy.ur...@citrix.com]
>> Sent: Sunday, April 12, 2015 10:24 PM
>> To: 
>> Subject: Re: CloudStack hands out IP address of a stopped VM
>> 
>> Hi Kyle,
>> 
>> Cloudstack won't delete the nic entry, When VM is deleted it marked as
>> removed.
>> It might be deleted manually from the DB.
>> 
>> Thanks,
>> Jayapal
>> 
>> 
>> On 11-Apr-2015, at 1:49 AM, Kyle Flavin  wrote:
>> 
>>> Jayapal,
>>> Is there a reason why would the nic entry be empty?  When is the entry
>> cleared?  It looks like it must have been cleared after the VM was stopped.
>>> 
>>> -Original Message-
>>> From: Jayapal Reddy Uradi [mailto:jayapalreddy.ur...@citrix.com]
>>> Sent: Thursday, April 09, 2015 9:01 PM
>>> To: 
>>> Subject: Re: CloudStack hands out IP address of a stopped VM
>>> 
>>> Hi Kyle,
>>> 
>>> When CS picks the ip for new vm from free ip pool excluding nic table
>> ip4_adress.
>>> In your case the nic entry for vm is empty due to this the ip will goes
>> free pool.
>>> 
>>> 
>>> Thanks,
>>> Jayapal
>>> 
>>> On 10-Apr-2015, at 9:20 AM, Sanjeev N 
>>> wrote:
>>> 
>>>> CS would not hand out the IPs of a stopped vm since the lease time is
>>>> infinite. If you are able to reproduce is consistently please open a
>>>> JIRA ticket.
>>>> 
>>>> On Fri, Apr 10, 2015 at 4:17 AM, Kyle Flavin 
>> wrote:
>>>> 
>>>>> Hi Jayapal,
>>>>> The first query against the nics table returned an empty set, while
>>>>> the second returned the hostname and IP address.  Here is the
>>>>> sanitized output from both queries:
>>>>> 
>>>>> 
>>>>> mysql> select instance_id,ip4_address  from nics where
>>>>> mysql> instance_id=;
>>>>> Empty set (0.00 sec)
>>>>> 
>>>>> 
>>>>> mysql> select id, name, private_ip_address  from vm_instance  where
>>>>> id=;
>>>>> +--+++
>>>>> | id   | name   | private_ip_address |
>>>>> +--+++
>>>>> | myid | myhostname | 1.1.1.1   |
>>>>> +--+++
>>>>> 1 row in set (0.00 sec)
>>>>> 
>>>>> 
>>>>> 
>>>>> -Original Message-
>>>>> From: Jayapal Reddy Uradi [mailto:jayapalreddy.ur...@citrix.com]
>>>>> Sent: Thursday, April 09, 2015 5:32 AM
>>>>> To: 
>>>>> Subject: Re: CloudStack hands out IP address of a stopped VM
>>>>> 
>>>>> Hi Kyle,
>>>>> 
>>>>> In my setup I have observed this for stopped VM, the nic table
>>>>> ip4_address set to 'null'.
>>>>> After that I am not able to reproduce the issue.
>>>>> I will keep looking into my setup for this issue.
>>>>> 
>>>>> Can you please send the below commands output from your setup.
>>>>> 
>>>>> #select instance_id,ip4_address  from nics where instance_id=
>>>>> ; #select id, name, private_ip_address  from
>>>>> vm_instance where id=;
>>>>> 
>>>>> 
>>>>> 
>>>>> Thanks,
>>>>> Jayapal
>>>>> 
>>>>> On 09-Apr-2015,

Re: how to capture traffic between VM in Cloudstack

[Jayapal Reddy Uradi]

Hi,

Assuming you have the CS with two isolated network VRs prj01A and prj02B.
You are sending traffic from the VM02B to VM01A.
Hope you configured the NAT rules to reach VM01A.


VM02B (guest)eth0 (prj02B VR) eth2 (public) 
---Hypervisoreth2(prj01A VR)eth0-VM01A

In the above traffic path you can also capture the traffic the VM/VR vif on the 
hypervisor.

Thanks,
Jayapal


On 13-Apr-2015, at 11:01 AM,  <1158656...@qq.com> wrote:

> Hi Team,
> 
>   I have a problem that how to capture traffic between VM in Cloudstack 
> enviroument.Below is my test enviroument(some VM in some project):
> 
> ___ VM01A
> |  
> prj01A--VR
> |___ VM02A
> |
> |___ VM03A
> 
> ___ VM01B
> |  
> prj02B--VR
> |___ VM02B
> 
>   I need to capture traffic from prj02B-VM02B to prj01A-VM01A,from VM03A to 
> VM01A.When use "tcpdump -vv -i eth0" or "tcpdump -vv -i eth2" in VR,there is 
> nothing captured.Where to capture these traffic?

Re: CloudStack hands out IP address of a stopped VM

[Jayapal Reddy Uradi]

Hi Kyle,

Cloudstack won't delete the nic entry, When VM is deleted it marked as removed.
It might be deleted manually from the DB.

Thanks,
Jayapal


On 11-Apr-2015, at 1:49 AM, Kyle Flavin  wrote:

> Jayapal,
> Is there a reason why would the nic entry be empty?  When is the entry 
> cleared?  It looks like it must have been cleared after the VM was stopped.
> 
> -Original Message-----
> From: Jayapal Reddy Uradi [mailto:jayapalreddy.ur...@citrix.com] 
> Sent: Thursday, April 09, 2015 9:01 PM
> To: 
> Subject: Re: CloudStack hands out IP address of a stopped VM
> 
> Hi Kyle,
> 
> When CS picks the ip for new vm from free ip pool excluding nic table 
> ip4_adress.
> In your case the nic entry for vm is empty due to this the ip will goes free 
> pool.
> 
> 
> Thanks,
> Jayapal
> 
> On 10-Apr-2015, at 9:20 AM, Sanjeev N 
> wrote:
> 
>> CS would not hand out the IPs of a stopped vm since the lease time is 
>> infinite. If you are able to reproduce is consistently please open a 
>> JIRA ticket.
>> 
>> On Fri, Apr 10, 2015 at 4:17 AM, Kyle Flavin  wrote:
>> 
>>> Hi Jayapal,
>>> The first query against the nics table returned an empty set, while 
>>> the second returned the hostname and IP address.  Here is the 
>>> sanitized output from both queries:
>>> 
>>> 
>>> mysql> select instance_id,ip4_address  from nics where 
>>> mysql> instance_id=;
>>> Empty set (0.00 sec)
>>> 
>>> 
>>> mysql> select id, name, private_ip_address  from vm_instance  where
>>> id=;
>>> +--+++
>>> | id   | name   | private_ip_address |
>>> +--+++
>>> | myid | myhostname | 1.1.1.1   |
>>> +--+++
>>> 1 row in set (0.00 sec)
>>> 
>>> 
>>> 
>>> -Original Message-
>>> From: Jayapal Reddy Uradi [mailto:jayapalreddy.ur...@citrix.com]
>>> Sent: Thursday, April 09, 2015 5:32 AM
>>> To: 
>>> Subject: Re: CloudStack hands out IP address of a stopped VM
>>> 
>>> Hi Kyle,
>>> 
>>> In my setup I have observed this for stopped VM, the nic table 
>>> ip4_address set to 'null'.
>>> After that I am not able to reproduce the issue.
>>> I will keep looking into my setup for this issue.
>>> 
>>> Can you please send the below commands output from your setup.
>>> 
>>> #select instance_id,ip4_address  from nics where instance_id= 
>>> ; #select id, name, private_ip_address  from vm_instance 
>>> where id=;
>>> 
>>> 
>>> 
>>> Thanks,
>>> Jayapal
>>> 
>>> On 09-Apr-2015, at 6:10 AM, Kyle Flavin  wrote:
>>> 
>>>> I'm trying to get some help understanding the following behavior.
>>>> 
>>>> Yesterday we had an instance of CloudStack giving out the IP address 
>>>> of
>>> a stopped VM to a newly created VM.  The existing server was found in 
>>> the MySQL database with the assigned IP (sanitized outputs):
>>>> 
>>>> mysql> select name,private_ip_address,state  from vm_instance where 
>>>> mysql> name like "%";
>>>> +++-+
>>>> | name   | private_ip_address | state   |
>>>> +++-+
>>>> |  | 1.1.1.1   | Stopped |
>>>> +++-+
>>>> 
>>>> The new server booted up, and was given that same 1.1.1.1 IP as 
>>>> well,
>>> which caused a conflict in our external host management system.
>>>> 
>>>> It looks to me like the DHCP lease is expiring on the stopped VM, 
>>>> and
>>> then CloudStack is just handing it out again.  However, it had 
>>> previously been explained to me that CloudStack would not hand out 
>>> IP's of stopped VM's (and I do see the IP address registered to the VM in 
>>> the database).
>>> Is that true and is this a possible bug, or is that the expected behavior?
>>>> 
>>>> -Kyle
>>> 
>>> 
> 

Re: CloudStack hands out IP address of a stopped VM

[Jayapal Reddy Uradi]

Hi Kyle,

In my setup I have observed this for stopped VM, the nic table ip4_address set 
to 'null'.
After that I am not able to reproduce the issue.
I will keep looking into my setup for this issue.

Can you please send the below commands output from your setup.

#select instance_id,ip4_address  from nics where instance_id= ;
#select id, name, private_ip_address  from vm_instance  where id=;



Thanks,
Jayapal

On 09-Apr-2015, at 6:10 AM, Kyle Flavin  wrote:

> I'm trying to get some help understanding the following behavior.
> 
> Yesterday we had an instance of CloudStack giving out the IP address of a 
> stopped VM to a newly created VM.  The existing server was found in the MySQL 
> database with the assigned IP (sanitized outputs):
> 
> mysql> select name,private_ip_address,state  from vm_instance where name like 
> "%";
> +++-+
> | name   | private_ip_address | state   |
> +++-+
> |  | 1.1.1.1   | Stopped |
> +++-+
> 
> The new server booted up, and was given that same 1.1.1.1 IP as well, which 
> caused a conflict in our external host management system.
> 
> It looks to me like the DHCP lease is expiring on the stopped VM, and then 
> CloudStack is just handing it out again.  However, it had previously been 
> explained to me that CloudStack would not hand out IP’s of stopped VM’s (and 
> I do see the IP address registered to the VM in the database).  Is that true 
> and is this a possible bug, or is that the expected behavior?
> 
> -Kyle

Re: Virtual Routers not responding to dns requests

[Jayapal Reddy Uradi]

bridged
>>>> ACCEPT all  --  anywhere anywherePHYSDEV
>>>> match --physdev-out eth3+ --physdev-is-bridged
>>>> ACCEPT all  --  anywhere anywherePHYSDEV
>>>> match --physdev-out eth6+ --physdev-is-bridged
>>>> ACCEPT all  --  anywhere anywherePHYSDEV
>>>> match --physdev-out bond1+ --physdev-is-bridged
>>>> ACCEPT all  --  anywhere anywherePHYSDEV
>>>> match --physdev-out eth2+ --physdev-is-bridged
>>>> ACCEPT all  --  anywhere anywherePHYSDEV
>>>> match --physdev-out eth5+ --physdev-is-bridged
>>>> ACCEPT all  --  anywhere anywherePHYSDEV
>>>> match --physdev-out eth7+ --physdev-is-bridged
>>>> ACCEPT all  --  anywhere anywherePHYSDEV
>>>> match --physdev-out eth4+ --physdev-is-bridged
>>>> ACCEPT all  --  anywhere anywherePHYSDEV
>>>> match --physdev-out bond2+ --physdev-is-bridged
>>>> DROP   all  --  anywhere anywhere
>>> 
>>> 
>>> 
>>> However, on a xenserver which is running a router which is not working,
>>> we can see the following:
>>> 
>>> Chain FORWARD (policy ACCEPT)
>>>> target prot opt source   destination
>>>> BRIDGE-FIREWALL  all  --  anywhere anywhere
>>>> PHYSDEV match --physdev-is-bridged
>>>> 
>>> ACCEPT all  --  anywhere anywherePHYSDEV
>>>> match --physdev-out eth1+ --physdev-is-bridged
>>>> ACCEPT all  --  anywhere anywherePHYSDEV
>>>> match --physdev-out eth4+ --physdev-is-bridged
>>>> ACCEPT all  --  anywhere anywherePHYSDEV
>>>> match --physdev-out eth3+ --physdev-is-bridged
>>>> ACCEPT all  --  anywhere anywherePHYSDEV
>>>> match --physdev-out eth7+ --physdev-is-bridged
>>>> ACCEPT all  --  anywhere anywherePHYSDEV
>>>> match --physdev-out bond3+ --physdev-is-bridged
>>>> ACCEPT all  --  anywhere anywherePHYSDEV
>>>> match --physdev-out bond0+ --physdev-is-bridged
>>>> ACCEPT all  --  anywhere anywherePHYSDEV
>>>> match --physdev-out eth6+ --physdev-is-bridged
>>>> ACCEPT all  --  anywhere anywherePHYSDEV
>>>> match --physdev-out bond1+ --physdev-is-bridged
>>>> ACCEPT all  --  anywhere anywherePHYSDEV
>>>> match --physdev-out eth5+ --physdev-is-bridged
>>>> ACCEPT all  --  anywhere anywherePHYSDEV
>>>> match --physdev-out bond2+ --physdev-is-bridged
>>>> ACCEPT all  --  anywhere anywherePHYSDEV
>>>> match --physdev-out eth0+ --physdev-is-bridged
>>>> ACCEPT all  --  anywhere anywherePHYSDEV
>>>> match --physdev-out eth2+ --physdev-is-bridged
>>>> ACCEPT all  --  anywhere anywherePHYSDEV
>>>> match --physdev-out eth1 --physdev-is-bridged
>>>> ACCEPT all  --  anywhere anywherePHYSDEV
>>>> match --physdev-out eth4 --physdev-is-bridged
>>>> ACCEPT all  --  anywhere anywherePHYSDEV
>>>> match --physdev-out eth3 --physdev-is-bridged
>>>> ACCEPT all  --  anywhere anywherePHYSDEV
>>>> match --physdev-out eth7 --physdev-is-bridged
>>>> ACCEPT all  --  anywhere anywherePHYSDEV
>>>> match --physdev-out bond3 --physdev-is-bridged
>>>> ACCEPT all  --  anywhere anywherePHYSDEV
>>>> match --physdev-out eth6 --physdev-is-bridged
>>>> ACCEPT all  --  anywhere anywherePHYSDEV
>>>> match --physdev-out bond1 --physdev-is-bridged
>>>> ACCEPT all  --  anywhere anywherePHYSDEV
>>>> match --physdev-out eth5 --physdev-is-bridged
>>>> ACCEPT all  --  anywhere anywherePHYSDEV
>>>> match --physdev-out bond2 --physdev-is-bridged
>>>> ACCEPT all  --  anywhere anywherePHYSDEV
>>>> match --physdev-out eth0 --physdev-is-bri

Re: Virtual Routers not responding to dns requests

[Jayapal Reddy Uradi]

Silly question but Is your xenserver configured bridge mode related settings 
correctly ?

#xe-switch-network-backend bridge
#echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
#echo 1 > /proc/sys/net/bridge/bridge-nf-call-arptables

Thanks,
Jayapal
On 27-Mar-2015, at 1:50 PM, cs user 
mailto:acldstk...@gmail.com>> wrote:

Hi Somesh,

arping looks good, the correct mac address is displayed and we get a
unicast reply from the ip address.

Erik, tried restarting dnsmasq, all looks fine. VR is able to perform
outgoing dns requests. There is nothing in syslog/dnsmasq logs that I can
see. No egress rules are in place. The system vm's are able to perform
dig's against google's dns, but not the virtual router. It seems it is
being blocked at the xen level.

We're seeing the below in the logs when restarting a network (either
ticking clear config or not). This appears to be similar to :

https://issues.apache.org/jira/browse/CLOUDSTACK-7605

We are using basic zones, some have multiple pods, others don't. We see the
same error in both. The routers come up though and go green, and dnsmasq is
populated with the relevant info. DNS lookups work locally on the router,
just not remotely. DHCP is working for new machines which get spun up.

Is there a way to debug this? I've checked the logs on the router
(cloud.log) can't see any errors in there.

2015-03-27 08:12:45,081 DEBUG [o.a.c.e.o.NetworkOrchestrator]
(API-Job-Executor-16:ctx-0b0aa78a job-189235 ctx-77114e2e) Implementing the
network Ntwk[9f5655bf-3101-45d9-83eb-d9061eadc2bb|Guest|47] elements and
resources as a part of network restart

2015-03-27 08:12:45,096 DEBUG [o.a.c.e.o.NetworkOrchestrator]
(API-Job-Executor-16:ctx-0b0aa78a job-189235 ctx-77114e2e) Asking
SecurityGroupProvider to implemenet
Ntwk[9f5655bf-3101-45d9-83eb-d9061eadc2bb|Guest|47]

2015-03-27 08:12:45,103 DEBUG [o.a.c.e.o.NetworkOrchestrator]
(API-Job-Executor-16:ctx-0b0aa78a job-189235 ctx-77114e2e) Asking
VirtualRouter to implemenet
Ntwk[9f5655bf-3101-45d9-83eb-d9061eadc2bb|Guest|47]

2015-03-27 08:12:45,112 DEBUG [c.c.n.r.VirtualNetworkApplianceManagerImpl]
(API-Job-Executor-16:ctx-0b0aa78a job-189235 ctx-77114e2e) Lock is acquired
for network id 204 as a part of router startup in
Dest[Zone(Id)-Pod(Id)-Cluster(Id)-Host(Id)-Storage(Volume(Id|Type-->Pool(Id))]
: Dest[Zone(8)-Pod(null)-Cluster(null)-Host(null)-Storage()]

2015-03-27 08:12:45,119 DEBUG [c.c.n.r.VirtualNetworkApplianceManagerImpl]
(API-Job-Executor-16:ctx-0b0aa78a job-189235 ctx-77114e2e) Skipping VR
deployment: Found a running or starting VR in Pod null id=8

2015-03-27 08:12:45,120 DEBUG [c.c.n.r.VirtualNetworkApplianceManagerImpl]
(API-Job-Executor-16:ctx-0b0aa78a job-189235 ctx-77114e2e) Lock is released
for network id 204 as a part of router startup in
Dest[Zone(Id)-Pod(Id)-Cluster(Id)-Host(Id)-Storage(Volume(Id|Type-->Pool(Id))]
: Dest[Zone(8)-Pod(null)-Cluster(null)-Host(null)-Storage()]

2015-03-27 08:12:45,123 WARN  [o.a.c.e.o.NetworkOrchestrator]
(API-Job-Executor-16:ctx-0b0aa78a job-189235 ctx-77114e2e) Failed to
implement network Ntwk[9f5655bf-3101-45d9-83eb-d9061eadc2bb|Guest|47]
elements and resources as a part of network restart due to

java.lang.NullPointerException

   at
com.cloud.network.element.VirtualRouterElement.getRouters(VirtualRouterElement.java:952)

   at
com.cloud.network.element.VirtualRouterElement.prepareAggregatedExecution(VirtualRouterElement.java:1099)

   at
org.apache.cloudstack.engine.orchestration.NetworkOrchestrator.implementNetworkElementsAndResources(NetworkOrchestrator.java:1090)

   at
org.apache.cloudstack.engine.orchestration.NetworkOrchestrator.restartNetwork(NetworkOrchestrator.java:2430)

   at
com.cloud.network.NetworkServiceImpl.restartNetwork(NetworkServiceImpl.java:1892)

   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

   at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

   at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

   at java.lang.reflect.Method.invoke(Method.java:601)

   at
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)

   at
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)

   at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)

   at
org.apache.cloudstack.network.contrail.management.EventUtils$EventInterceptor.invoke(EventUtils.java:106)

   at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161)

   at
com.cloud.event.ActionEventInterceptor.invoke(ActionEventInterceptor.java:51)

   at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161)

   at
org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationIntercept

Re: [Announce] - New VP Apache Cloudstack

[Jayapal Reddy Uradi]

Congrats Sebastien!

On 24-Mar-2015, at 9:56 AM, Koushik Das 
 wrote:

> Congrats Sebastien and thanks Hugo!
> 
> -Original Message-
> From: Giles Sirett [mailto:giles.sir...@shapeblue.com] 
> Sent: Monday, 23 March 2015 17:11
> To: d...@cloudstack.apache.org; users@cloudstack.apache.org; 
> market...@cloudstack.apache.org
> Subject: [Announce] - New VP Apache Cloudstack
> 
> All
> The Apache Cloudstack PMC is delighted to announce that on March 18 an ASF 
> board resolution was passed to make Sebastien Goasguen the new Chair/VP of 
> Apache CloudStack.
> 
> Sebastien replaces Hugo in this role
> 
> 
> I'm sure you'll all join me in wishing Sebastien all the best for the next 12 
> months and also in thanking Hugo for all of his hard work over the last year.
> 
> Giles
> 
> 
> 
> Find out more about ShapeBlue and our range of CloudStack related services
> 
> IaaS Cloud Design & Build
> CSForge - rapid IaaS deployment framework
> CloudStack Consulting
> CloudStack Software 
> Engineering
> CloudStack Infrastructure 
> Support
> CloudStack Bootcamp Training 
> Courses
> 
> This email and any attachments to it may be confidential and are intended 
> solely for the use of the individual to whom it is addressed. Any views or 
> opinions expressed are solely those of the author and do not necessarily 
> represent those of Shape Blue Ltd or related companies. If you are not the 
> intended recipient of this email, you must neither take any action based upon 
> its contents, nor copy or show it to anyone. Please contact the sender if you 
> believe you have received this email in error. Shape Blue Ltd is a company 
> incorporated in England & Wales. ShapeBlue Services India LLP is a company 
> incorporated in India and is operated under license from Shape Blue Ltd. 
> Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is 
> operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company 
> registered by The Republic of South Africa and is traded under license from 
> Shape Blue Ltd. ShapeBlue is a registered trademark.

Re: irqbalancer on VR not working

[Jayapal Reddy Uradi]

Hi Rene,

On 64 bit templates 1.0.6 not worked.

Please see the below irqbalance logs on VR for 1.0.7
http://pastebin.com/zm6Tbep8


Thanks,
Jayapal

On 18-Mar-2015, at 12:34 AM, Rene Moser  wrote:

> Hi
> 
> On 03/17/2015 05:35 PM, Jayapal Reddy Uradi wrote:
>> Did you test irqbalance 1.0.6 ? It won't work.
>> irqbalance 1.0.7 works.
> 
> On most VRs it worked (somehow on a few VRs it doesn't). But this is a yes I 
> guess.
> 
> I also checked the Debian changelog 
> https://sources.debian.net/src/irqbalance/1.0.6-3/debian/changelog/ and IMHO 
> the relevant fix is "Improve rescan ability to catch a timing race early in 
> irqbalance setup" and/or "Added ability to force irqbalance to rescan irqs on 
> reception of a SIGHUP." in 1.0.4-1
> 
> Did you have other experiences?
> 
> Yours
> René
> 
> 
> 

Re: irqbalancer on VR not working

[Jayapal Reddy Uradi]

Hi Rene,

Did you test irqbalance 1.0.6 ? It won't work. 
irqbalance 1.0.7 works.

Compile 1.0.7 and get irqbalance binary.
Install 1.0.6 from repo and replace binary with 1.0.7 binary.

Thanks,
Jayapal


On 17-Mar-2015, at 9:49 PM, Rene Moser  wrote:

> Hi
> 
> We experienced packet drops and high CPU on one core (only) on a
> multicore VR on high volume traffic.
> 
> After extensive investigation, we identified the irq balancing is not
> working properly, as a result only one core was used for IRQ handing of
> TCP for all 3 interfaces:
> 
> # cat /proc/interrupts
>CPU0CPU1 CPU2 CPU3
>  72: 2704675402000   PCI-MSI-edge  eth0-rxtx-0
>  73: 1272554833000   PCI-MSI-edge  eth0-rxtx-1
>  74: 1277628455000   PCI-MSI-edge  eth0-rxtx-2
>  75: 1278457419000   PCI-MSI-edge  eth0-rxtx-3
>  76:  0000   PCI-MSI-edge  eth0-event-4
>  77: 450819000   PCI-MSI-edge  eth1-rxtx-0
>  78: 370442000   PCI-MSI-edge  eth1-rxtx-1
>  79: 317069000   PCI-MSI-edge  eth1-rxtx-2
>  80: 401197000   PCI-MSI-edge  eth1-rxtx-3
>  81:  0000   PCI-MSI-edge  eth1-event-4
>  82: 2768559207000   PCI-MSI-edge  eth2-rxtx-0
>  83: 1328122336000   PCI-MSI-edge  eth2-rxtx-1
>  84: 1328017908000   PCI-MSI-edge  eth2-rxtx-2
>  85: 1322146180000   PCI-MSI-edge
> 
> Restarting /etc/init.d/ircbalance did not help, but you will find some
> log entries in /var/log/daemon.log
> 
> irqbalance: WARNING: MSI interrupts found in /proc/interrupts
> irqbalance: But none found in sysfs, you need to update your kernel
> irqbalance: Until then, IRQs will be improperly classified
> 
> It turns out, this is a known issue on Debian Wheezy irqbalance version
> 1.0.3-3 https://lists.debian.org/debian-user/2013/05/msg00512.html and
> was patched in 1.0.4-1.
> 
> But the good know is, there is 1.0.6 in wheezy-backports
> 
> aptitude update
> aptitude install -t wheezy-backports irqbalance
> 
> That helped.
> 
> Can this be included in the SystemVM templates as well?
> 
> Yours
> René
> 
> 

Re: CS 4.3.2 virtual router issue

[Jayapal Reddy Uradi]

How system vm template update solved the problem.
Is VR getting more interfaces from the template ?

Thanks,
Jayapal
On 27-Feb-2015, at 9:19 PM, Paul Angus 
 wrote:

> I have seen this behaviour in 4.3.2 - I ended up with at least 5 interfaces 
> on my VRs.  I resolved it by updating my systemVM template as I recall.
> 
> 
> Regards
> 
> Paul Angus
> Cloud Architect
> S: +44 20 3603 0540 | M: +447711418784 | T: CloudyAngus
> paul.an...@shapeblue.com
> 
> -Original Message-
> From: Jayapal Reddy Uradi [mailto:jayapalreddy.ur...@citrix.com]
> Sent: 27 February 2015 03:42
> To: 
> Subject: Re: CS 4.3.2 virtual router issue
> 
> 
> As previously pointed out, Can you please send VR start command, 
> /var/cache/cloud/cmdline file in VR also /var/log/cloud.log.
> These logs helps us to understand where the problem is.
> 
> Thanks,
> Jayapal
> 
> On 27-Feb-2015, at 2:54 AM, John Skinner  wrote:
> 
>> This happens with all routers in that specific zone, the other zone is ok.
>> Messages and cloudstack logs on the router do not offer any insight.
>> You can see the results of ipassoc.sh in messages and that it is
>> clearly setting up postrouting rules for eth3 which should not exist.
>> CloudStack agent log on the host is useless per always, and the qemu
>> log for the routers just display the start command. Virsh dumpxml of
>> the router does show 4 interfaces for the router. I am trying to
>> discover at what point the VM thinks it needs to create that 4th
>> interface. User VMs are being created just fine, as well as the
>> console proxy and secondary storage VMs for that zone.
>> 
>> On Thu, Feb 26, 2015 at 2:29 PM, Somesh Naidu
>> 
>> wrote:
>> 
>>> Strange, I haven't seen that happen before.
>>> 
>>> Is this happening with all routers in the environment or only a
>>> specific one?
>>> 
>>> If latter we might just try recreating it. If former, then probably
>>> have to look at /var/log/messages on the router.
>>> 
>>> Somesh
>>> CloudPlatform Escalations
>>> Citrix Systems, Inc.
>>> 
>>> 
>>> -Original Message-
>>> From: John Skinner [mailto:john.skin...@appcore.com]
>>> Sent: Thursday, February 26, 2015 3:19 PM
>>> To: users@cloudstack.apache.org
>>> Subject: Re: CS 4.3.2 virtual router issue
>>> 
>>> Yeah. As far as CloudStack is concerned, it has 3 NICs - the UI and
>>> the database confirms. The API call also only calls for 3 NICs. How
>>> this 4th NIC is getting created is a mystery. It has the same IP as
>>> the 3rd NIC, it doesn't make any sense.
>>> 
>>> On Thu, Feb 26, 2015 at 2:16 PM, Somesh Naidu
>>> 
>>> wrote:
>>> 
>>>> Did you check the entries in the nics table for that router? That
>>>> might give you some pointers.
>>>> 
>>>> Somesh
>>>> CloudPlatform Escalations
>>>> Citrix Systems, Inc.
>>>> 
>>>> -Original Message-
>>>> From: John Skinner [mailto:john.skin...@appcore.com]
>>>> Sent: Thursday, February 26, 2015 10:59 AM
>>>> To: users@cloudstack.apache.org
>>>> Subject: CS 4.3.2 virtual router issue
>>>> 
>>>> Running CloudStack 4.3.2 with advanced networking using Open vSwitch
>>>> on KVM. I am having an issue where my virtual router is coming up
>>>> with 2 public interfaces when there should only be 1. CloudStack is
>>>> only requesting the 3 interfaces (private, control, and public) but
>>>> the VM is coming up with 4. The second public interface comes up
>>>> with the same IP
>>> as
>>>> the first public interface. This obviously really breaks routing and
>>>> ip forwarding as the postrouting rules in iptables get created for
>>>> the
>>> second
>>>> interface when the traffic is coming in on the 1st interface.
>>>> 
>>>> Has any one seen anything like this? I can't figure out why it is
>>>> getting created with 2 public interfaces.
>>>> 
>>> 
>>> 
>>> 
>>> --
>>> 
>>> *John Skinner*
>>> 
>>> Senior Cloud Engineer - Ops Lead | Appcore
>>> 
>>> 
>>> Office +1.800.735.7104 | Direct +1.515.612.7783
>>> 
>>> john.skin...@appcore.com  |  www.appcore.com
>>> 
>>> -
>>> -
>>> 
>>&

Re: CS 4.3.2 virtual router issue

[Jayapal Reddy Uradi]

As previously pointed out, Can you please send VR start command, 
/var/cache/cloud/cmdline file in VR also /var/log/cloud.log.
These logs helps us to understand where the problem is.

Thanks,
Jayapal

On 27-Feb-2015, at 2:54 AM, John Skinner  wrote:

> This happens with all routers in that specific zone, the other zone is ok.
> Messages and cloudstack logs on the router do not offer any insight. You
> can see the results of ipassoc.sh in messages and that it is clearly
> setting up postrouting rules for eth3 which should not exist. CloudStack
> agent log on the host is useless per always, and the qemu log for the
> routers just display the start command. Virsh dumpxml of the router does
> show 4 interfaces for the router. I am trying to discover at what point the
> VM thinks it needs to create that 4th interface. User VMs are being created
> just fine, as well as the console proxy and secondary storage VMs for that
> zone.
> 
> On Thu, Feb 26, 2015 at 2:29 PM, Somesh Naidu 
> wrote:
> 
>> Strange, I haven't seen that happen before.
>> 
>> Is this happening with all routers in the environment or only a specific
>> one?
>> 
>> If latter we might just try recreating it. If former, then probably have
>> to look at /var/log/messages on the router.
>> 
>> Somesh
>> CloudPlatform Escalations
>> Citrix Systems, Inc.
>> 
>> 
>> -Original Message-
>> From: John Skinner [mailto:john.skin...@appcore.com]
>> Sent: Thursday, February 26, 2015 3:19 PM
>> To: users@cloudstack.apache.org
>> Subject: Re: CS 4.3.2 virtual router issue
>> 
>> Yeah. As far as CloudStack is concerned, it has 3 NICs - the UI and the
>> database confirms. The API call also only calls for 3 NICs. How this 4th
>> NIC is getting created is a mystery. It has the same IP as the 3rd NIC, it
>> doesn't make any sense.
>> 
>> On Thu, Feb 26, 2015 at 2:16 PM, Somesh Naidu 
>> wrote:
>> 
>>> Did you check the entries in the nics table for that router? That might
>>> give you some pointers.
>>> 
>>> Somesh
>>> CloudPlatform Escalations
>>> Citrix Systems, Inc.
>>> 
>>> -Original Message-
>>> From: John Skinner [mailto:john.skin...@appcore.com]
>>> Sent: Thursday, February 26, 2015 10:59 AM
>>> To: users@cloudstack.apache.org
>>> Subject: CS 4.3.2 virtual router issue
>>> 
>>> Running CloudStack 4.3.2 with advanced networking using Open vSwitch on
>>> KVM. I am having an issue where my virtual router is coming up with 2
>>> public interfaces when there should only be 1. CloudStack is only
>>> requesting the 3 interfaces (private, control, and public) but the VM is
>>> coming up with 4. The second public interface comes up with the same IP
>> as
>>> the first public interface. This obviously really breaks routing and ip
>>> forwarding as the postrouting rules in iptables get created for the
>> second
>>> interface when the traffic is coming in on the 1st interface.
>>> 
>>> Has any one seen anything like this? I can't figure out why it is getting
>>> created with 2 public interfaces.
>>> 
>> 
>> 
>> 
>> --
>> 
>> *John Skinner*
>> 
>> Senior Cloud Engineer - Ops Lead | Appcore
>> 
>> 
>> Office +1.800.735.7104 | Direct +1.515.612.7783
>> 
>> john.skin...@appcore.com  |  www.appcore.com
>> 
>> --
>> 
>> The information in this message is intended for the named recipients only.
>> It may contain information that is privileged, confidential or otherwise
>> protected from disclosure. If you are not the intended recipient, you are
>> hereby notified that any disclosure, copying, distribution, or the taking
>> of any action in reliance on the contents of this message is strictly
>> prohibited. If you have received this e-mail in error, do not print it or
>> disseminate it or its contents. In such event, please notify the sender by
>> return e-mail and delete the e-mail file immediately thereafter. Thank you.
>> 
> 
> 
> 
> -- 
> 
> *John Skinner*
> 
> Senior Cloud Engineer - Ops Lead | Appcore
> 
> 
> Office +1.800.735.7104 | Direct +1.515.612.7783
> 
> john.skin...@appcore.com  |  www.appcore.com
> 
> --
> 
> The information in this message is intended for the named recipients only.
> It may contain information that is privileged, confidential or otherwise
> protected from disclosure. If you are not the intended recipient, you are
> hereby notified that any disclosure, copying, distribution, or the taking
> of any action in reliance on the contents of this message is strictly
> prohibited. If you have received this e-mail in error, do not print it or
> disseminate it or its contents. In such event, please notify the sender by
> return e-mail and delete the e-mail file immediately thereafter. Thank you.

Re: Xenserver tools6.1+ UI option

[Jayapal Reddy Uradi]

Hi Prapul,

You need to attach ISO in VM details page and install the tools from the VM.
After installing you will see the updated status.

Thanks,
Jayapal
On 23-Feb-2015, at 1:29 PM, prapul cool  
wrote:

> Hi Jayapal
> 
>   I am upload the screen shot in my blog please go through the below link 
> http://psiclouds.blogspot.in/
> 
> 
> ThanksPrapul
> 
> 
> 
> On Monday, 23 February 2015 12:17 PM, Jayapal Reddy Uradi 
>  wrote:
> 
> 
> Hi Prapul,
> 
> Can you please upload your screen in public location and share the image link.
> You can't attach files in this mailing list.
> 
> THanks,
> Jayapal
> 
> On 23-Feb-2015, at 11:40 AM, prapul cool 
> mailto:prapul_cool2...@yahoo.com.INVALID>>
> wrote:
> 
> HI,
> 
> We are using Xenserver 6.2 with all hot fixes in our cloud environment and 
> created a template with Xentools and deployed the vm.After deploying the vm, 
> status shows that there is no Xentools 6.1+ in UI interface. at the same time 
> in xencenter shows that xentools installed.
> 
> can any one explain the cause for this. what is the purpose of this 
> parameter ?
> 
> please find the attached screen shot for reference.
> 
> Thanks,
> Prapul
> 
> 
> 

Re: Xenserver tools6.1+ UI option

[Jayapal Reddy Uradi]

Hi Prapul,

Can you please upload your screen in public location and share the image link.
You can't attach files in this mailing list.

THanks,
Jayapal

On 23-Feb-2015, at 11:40 AM, prapul cool 
mailto:prapul_cool2...@yahoo.com.INVALID>>
 wrote:

HI,

 We are using Xenserver 6.2 with all hot fixes in our cloud environment and 
created a template with Xentools and deployed the vm.After deploying the vm, 
status shows that there is no Xentools 6.1+ in UI interface. at the same time 
in xencenter shows that xentools installed.

 can any one explain the cause for this. what is the purpose of this 
parameter ?

please find the attached screen shot for reference.

Thanks,
Prapul

Re: How to set limit on “Acquire New IP” for isolated network

[Jayapal Reddy Uradi]

Hi Sonali,

In global settings we have the below option to control the public ips use.
max.project.public.ips  The default maximum number of public IPs that can be 
consumed by a project


Thanks,
Jayapal

On 10-Feb-2015, at 4:11 PM, Sonali Jadhav 
mailto:son...@servercentralen.se>>
 wrote:

Hi,

There is one project, created new isolated network for that project.  I 
observed that user can “Acquire New IP” for isolated network.  How do we set 
limit on how much IP users can acquire ? Because this way, user can consume any 
number of public IPs they want.

Yours sincerely,

Sonali Jadhav | System Administrator
Nordiska Servercentralen
Skype ID: sonali.jadhav.sj
E-mail: 
son...@servercentralen.se

Re: Connection issue with the master

[Jayapal Reddy Uradi]

Hi,

This issue is related to ssl keys.
Can you remove the keys and try restarting MS and recreate systemvms.

Thanks,
Jayapal
On 10-Feb-2015, at 1:52 PM, Salvatore Sciacco 
 wrote:

> Hi,
> 
> I have a few hosts and the systemvm (console proxy) which stopped
> connecting to the master with ssl error:
> 
> 2015-02-10 08:43:46,057 INFO  [cloud.agent.Agent] (Agent-Handler-4:null)
> Reconnecting...
> 2015-02-10 08:43:46,058 INFO  [utils.nio.NioClient] (Agent-Selector:null)
> Connecting to 111.11.1.1:8250
> 2015-02-10 08:43:56,191 ERROR [utils.nio.NioConnection]
> (Agent-Selector:null) Unable to initialize the threads.
> java.io.IOException: SSL: Fail to init SSL! java.io.IOException: Connection
> closed with -1 on reading size.
>at com.cloud.utils.nio.NioClient.init(NioClient.java:87)
>at com.cloud.utils.nio.NioConnection.run(NioConnection.java:111)
>at java.lang.Thread.run(Thread.java:745)
> 
> 
> 
> anybody can sugggest how I can debug the SSL layer? Cients are able to
> connect to the port 8250, but they are disconnected just after the
> connection is established.
> 
> Thank you very much
> 
> S.

Re: Networking in Advance zone with security groups enabled

[Jayapal Reddy Uradi]

Hi Sonali,

For shared network there won't be public interface.
Guest network is the public/direct network.

Thanks,
Jayapal


On 06-Feb-2015, at 2:06 PM, Sonali Jadhav 
 wrote:

> Hi,
> 
> When we create a advance zone with security groups enabled, then I observed 
> there is no need for Public traffic NIC on host. So does that mean we'll be 
> creating Logical networks (shared and isolated) on guest network interface of 
> host ?
> 
> Also in advance zone with security groups enabled, there won't be virtual 
> router created ?
> 
> Is there is good guide for understanding of networking in advance zone with 
> security groups.
> 
> I saw one video of CloudStack 
> Networking - Paul Angus, which made me think it's like there are three types 
> networking scenarios as per type of zones we chose,
> 
> -  Basic zone
> 
> -  Advance zone
> 
> -  Advance zone with security groups enabled
> 
> Am I correct?
> 
> Yours sincerely,
> 
> Sonali Jadhav | System Administrator
> Nordiska Servercentralen
> Skype ID: sonali.jadhav.sj
> E-mail: son...@servercentralen.se

Re: Assigning public IP to Instances

[Jayapal Reddy Uradi]

Hi Umar,

Can you elaborate your zone and network.
>From your explanation I assume you are using basic zone shared networks.

In basic zone shared network guest vm will have the public ip or routable ip 
address.
Configuring ingress rules on the security groups will be able reach the vm.

If you need nat services configure advanced zone isolated network. There you 
can acquire public ip addresses and configure nat services to reach vm.

Thanks,
Jayapal
On 03-Feb-2015, at 2:58 AM, Umar ASHFAQ  wrote:

> Hi guys  ,
> 
> I am having a difficulty assigning public IP to my VMs. I have done the
> installation correctly as my VMS and systemVMs are functional. As of now my
> physical  network configuration in the KVM management server is the
> following :
> 
> cloud0Link encap:Ethernet  HWaddr FE:00:A9:FE:00:D9
> 
>  inet addr:169.254.0.1  Bcast:169.254.255.255  Mask:255.255.0.0
> 
>  inet6 addr: fe80::600a:9ff:fe5e:4305/64 Scope:Link
> 
>  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
> 
>  RX packets:174 errors:0 dropped:0 overruns:0 frame:0
> 
>  TX packets:248 errors:0 dropped:0 overruns:0 carrier:0
> 
>  collisions:0 txqueuelen:0
> 
>  RX bytes:24540 (23.9 KiB)  TX bytes:29990 (29.2 KiB)
> 
> 
> cloudbr0  Link encap:Ethernet  HWaddr 00:1E:C9:EF:35:BD
> 
>  inet addr:10.20.2.115  Bcast:10.20.2.255  Mask:255.255.255.0
> 
>  inet6 addr: fe80::21e:c9ff:feef:35bd/64 Scope:Link
> 
>  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
> 
>  RX packets:1287841 errors:0 dropped:0 overruns:0 frame:0
> 
>  TX packets:851484 errors:0 dropped:0 overruns:0 carrier:0
> 
>  collisions:0 txqueuelen:0
> 
>  RX bytes:2870206525 (2.6 GiB)  TX bytes:1817779263 (1.6 GiB)
> 
> 
> eth3  Link encap:Ethernet  HWaddr 00:1E:C9:EF:35:BD
> 
>  inet6 addr: fe80::21e:c9ff:feef:35bd/64 Scope:Link
> 
>  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
> 
>  RX packets:882322 errors:0 dropped:0 overruns:0 frame:0
> 
>  TX packets:651095 errors:0 dropped:0 overruns:0 carrier:0
> 
>  collisions:0 txqueuelen:1000
> 
>  RX bytes:1060804007 (1011.6 MiB)  TX bytes:388894922 (370.8 MiB)
> 
> 
> loLink encap:Local Loopback
> 
>  inet addr:127.0.0.1  Mask:255.0.0.0
> 
>  inet6 addr: ::1/128 Scope:Host
> 
>  UP LOOPBACK RUNNING  MTU:65536  Metric:1
> 
>  RX packets:756166 errors:0 dropped:0 overruns:0 frame:0
> 
>  TX packets:756166 errors:0 dropped:0 overruns:0 carrier:0
> 
>  collisions:0 txqueuelen:0
> 
>  RX bytes:5709969113 (5.3 GiB)  TX bytes:5709969113 (5.3 GiB)
> 
> 
> virbr0Link encap:Ethernet  HWaddr 52:54:00:9B:A6:9C
> 
>  inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
> 
>  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
> 
>  RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> 
>  TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> 
>  collisions:0 txqueuelen:0
> 
>  RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
> 
> 
> vnet0 Link encap:Ethernet  HWaddr FE:00:A9:FE:00:D9
> 
>  inet6 addr: fe80::fc00:a9ff:fefe:d9/64 Scope:Link
> 
>  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
> 
>  RX packets:25 errors:0 dropped:0 overruns:0 frame:0
> 
>  TX packets:91 errors:0 dropped:0 overruns:0 carrier:0
> 
>  collisions:0 txqueuelen:500
> 
>  RX bytes:1940 (1.8 KiB)  TX bytes:4510 (4.4 KiB)
> 
> 
> vnet1 Link encap:Ethernet  HWaddr FE:BE:4A:00:00:0F
> 
>  inet6 addr: fe80::fcbe:4aff:fe00:f/64 Scope:Link
> 
>  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
> 
>  RX packets:746332 errors:0 dropped:0 overruns:0 frame:0
> 
>  TX packets:495967 errors:0 dropped:0 overruns:0 carrier:0
> 
>  collisions:0 txqueuelen:500
> 
>  RX bytes:2324506042 (2.1 GiB)  TX bytes:1448884234 (1.3 GiB)
> 
> I also do not see the "Acquire a new ip" option under "Network->Guest
> Networks->defaultGuestNetwork" . when i click "defaultGuestNetwork" and
> click "view ip-addresses" it says "No Data To Show". Current I have a VM
> under the private IP of 10.20.2.62 , suppose i want to make this a
> webserver and give it a public IP address from the pool of available public
> IPs my ISP has given me , how do it do it?
> 
> Best
> 
> Umar
> 
> 
> -- 
> *Umar Ashfaq*
> Systems Security Engineer
> Event Network Services Inc.
> um...@eventsnetworkservices.com 
> * Cell 347.781.6978*
> *Office 646. 480. 4805  *
> *Fax  239.790.3710*

Re: How to external IP for Guest Network

[Jayapal Reddy Uradi]

Hi Keerthi,

External dhcp server integration to cloudstack is not there currently.

You can try the following:
1. create shared network offering with out dhcp (or with out any service)
2. Create shared network using this offering. Give ip range and vlan same as 
your dhcp range while creating network..
3. Configure your external dhcp server .
3. Deploy vm in this network. vm will get the ip from the external dhcp server.
4. Take the ip of the vm ip address from the vm console and update the vm nic 
ip in nics table ip4_address.
5. Also manually update your dns record for the vm.

Thanks,
Jayapal


On 02-Feb-2015, at 12:49 PM, Keerthiraja SJ 
 wrote:

> Hi All
> 
> In CloudStack Advance Networking is it possible to use IP without
> Virtualrouter for guest network. Where my Network team will create allocate
> private IP address that will be in vlan. So whenever I create a VM ip
> address has to allocate via external dhcp server and routing should happen
> via my cisco. If so how to do that.
> 
> Thanks,
> Keerthi

Re: problem using own shared network offering

[Jayapal Reddy Uradi]

Hi Stephan,

Can you try the same creating shared network using the API 

Thanks,
Jayapal
On 12-Jan-2015, at 10:58 AM, Sanjeev Neelarapu 
 wrote:

> Hi Stephan,
> 
> ACS 4.4.2 does not support external DHCP server.
> 
> -Sanjeev
> 
> -Original Message-
> From: Stephan Seitz [mailto:s.se...@secretresearchfacility.com] 
> Sent: Friday, January 09, 2015 6:25 PM
> To: users@cloudstack.apache.org
> Subject: problem using own shared network offering
> 
> Hi all,
> 
> I'm trying to connect external, non-ACS hosts to particular VM's (running in 
> advanced Zone on 4.4.2).
> What I've done:
> - adding Hosts on a tagged VLAN at switch-layer
> - creating a new "shared" guestnetwork w/ given VLAN id Here a ran into 
> trouble due to DHCP. One of that external hosts is (and needs to be) a 
> DHCP/TFTP. An ACS Router also answered to DHCP requests which it shoudn't...
> So i went further:
> - deleting that new shared guestnetwork
> - adding a "shared Network Without DHCP Service" NetworkOffering
> - trying to create that new "shared" network w/ given VLAN id w/ my own 
> offering. <-- I'm unable to select other Offerings than the default shared 
> and "quickcloud".
> I'm stuck here. Could someone please shed some light why I can't introduce 
> own shared NetworkOfferings?
> 
> Goal is:
> That existing DHCP/TFTP should be able to kickstart baremetal hosts (as it 
> does since a while) and additionally particular ACS VM's on that network.
> 
> Any tips really appreciated!
> 
> - Stephan
> 
> 

Re: DNS amplification attack to CloudStack VR running dnsmasq

[Jayapal Reddy Uradi]

Please refer the following ticket, It will help 
https://issues.apache.org/jira/browse/CLOUDSTACK-5494


Thanks,
jayapal
On 15-Dec-2014, at 5:52 PM, Andrija Panic  wrote:

> Indra, did you observe this on Shared Network - I had same issue with
> Shared Network (public IPs) in Advanced Zone.
> 
> I think VR for VPC is NOT a problem...
> 
> On 15 December 2014 at 13:13, Indra Pramana  wrote:
>> 
>> Dear all,
>> 
>> We are using CloudStack 4.2.0 with KVM hypervisors.
>> 
>> Is there a way to prevent our virtual routers (VRs) to be targeted by DNS
>> amplification attack? It seems that the DNS services on dnsmasq running on
>> the VRs are by default recursive, causing it to easily be targeted for DNS
>> amplification attack.
>> 
>> Any advice on how to overcome this?
>> 
>> Looking forward to your reply, thank you.
>> 
>> Cheers.
>> 
> 
> 
> -- 
> 
> Andrija Panić

Re: unable to test Network Throttling.

[Jayapal Reddy Uradi]

Hi Rajashekar,

>  i'm unable to test the network bandwidth rate.
Can you please explain what is the issue you are facing while testing.
Is it not working as the value configured ?

Network throttling is for egress traffic. In configuration it is Mbits/s
but in hypervisor it is configured as MBytes/s. 1024 Mb/s is 128MB.

Thanks,
Jayapal



On 10-Dec-2014, at 2:15 PM, Andrija Panic 
 wrote:

> I also examinded KVM thortling, and got 1/4 of the settings cloudstack
> always starts VM with same parameters, no matter what you configure
> manually on KVM/Xen..
> 
> On 10 December 2014 at 08:27, raja sekhar  wrote:
> 
>> hi prasanth,
>> 
>> In cloudstack i have given network rate as 1024Mb/s but in xencenter qos
>> properties it is showing 25Mb/s for that VM.
>> 
>> Andrija Panic/Prashant if i change the interface property(bandwidth)
>> through xencenter or commandline process in
>> http://xmodulo.com/how-to-rate-limit-xenserver-vms-network-interfaces.html
>> ,
>> if i shutdown the VM from cloudstack that VM wil be disabled from
>> xencenter, when ever i start the VM, the qos value will be same or it will
>> changed to 25Mb/s.
>> 
>> waiting for your reply.
>> 
>> Regards,
>> Rajasekhar.
>> 
>> 
>> On Tue, Dec 9, 2014 at 12:05 AM, Prashant Kumar Mishra <
>> prashantkumar.mis...@citrix.com> wrote:
>>> 
>>> From the  xencenter you can check interface property (look for QoS
>>> settings) for that particular vm .
>>> 
>>> -Original Message-
>>> From: Andrija Panic [mailto:andrija.pa...@gmail.com]
>>> Sent: Tuesday, December 09, 2014 1:30 PM
>>> To: d...@cloudstack.apache.org
>>> Cc: users@cloudstack.apache.org
>>> Subject: Re: 答复: unable to test Network Throttling.
>>> 
>>> Recent reply from Vadim:
>>> 
>> http://xmodulo.com/how-to-rate-limit-xenserver-vms-network-interfaces.html
>>> 
>>> On 9 December 2014 at 08:40, raja sekhar 
>> wrote:
>>> 
 Hi Star,
 
 Thanks for your reply. I'm using XenServer 6.2 and cloudstack 4.3.1.
 how can i check the band width rate of the VM, is there any command
 for xenserver host?
 
 waiting for your reply.
 
 Regards,
 Rajasekhar.
 
 On Mon, Dec 8, 2014 at 10:56 PM, Star Guo  wrote:
> 
> Hi,
> 
> There is a priority: the network rate of compute offering > the
> network rate of global configuration.
> If you deploy on kvm host, you can use virsh command to dumpxml of
> the VM and focus on   ... .
> 
> Best Regards,
> Star Guo
> 
> -邮件原件-
> 发件人: raja sekhar [mailto:rajsekhar@gmail.com]
> 发送时间: 2014年12月9日 14:28
> 收件人: d...@cloudstack.apache.org; users@cloudstack.apache.org
> 主题: unable to test Network Throttling.
> 
> Hi all,
> 
> i have created one compute offering(2 CPU , 4 GB) and given the
> Network Rate as 1024 Mb/s, a VM is deployed from that compute
> offering and in global settings i didn't changed any Network
> Throttling Rate(default 200
> Mb/s) and i'm unable to test the network bandwidth rate.
> 
> please suggest me how to test the bandwidth rate of the VM.
> 
> 
> 
> Regards,
> Rajasekhar.
> 
> 
 
>>> 
>>> 
>>> 
>>> --
>>> 
>>> Andrija Panić
>>> 
>> 
> 
> 
> 
> -- 
> 
> Andrija Panić

Re: ACS 4.4.1 XenServer 6.2 - VMs lost connection in "Isolated" network

[Jayapal Reddy Uradi]

HI Motty,

First make sure there are no issue in the VM like ip addr, route, firewall etc.

Second When you send traffic from the VM, capture the it in each place to 
figure where exactly the traffic is blocking.
Is it reached to hypervisor, router etc ? This way you can find who is culprit.

Thanks,
Jayapal


On 10-Dec-2014, at 3:10 AM, Somesh Naidu  wrote:

> Check routes on the guests that are having trouble. You should verify if the 
> public traffic from these guests is reaching the router.
> 
> -Original Message-
> From: Motty Cruz [mailto:motty.c...@gmail.com] 
> Sent: Tuesday, 9 December 2014 11:46 AM
> To: users@cloudstack.apache.org
> Subject: ACS 4.4.1 XenServer 6.2 - VMs lost connection in "Isolated" network
> 
> Hi All,
> 
> I have total of about 5 VMs on "Isolated" network, but they lost connection 
> to outside world. I am able to ping the VR but can't ping to outside world. 
> If I log in to VR, am able to ping anywhere outside or inside network.
> 
> out of the 5 VMs, 3 machines never loose connection, the two VMs that do 
> loose connection are windows machines. To get the connection again, I have to 
> restart VR. Any ideas?
> 
> I want to mentioned that, I have three other "Isolated" networks in the same 
> zone. I do not have problems with other "Isolated" networks.
> 
> I do need help!
> 
> Thanks,
> Motty
> 

Re: ok, so I followed the instructions (noob question)

[Jayapal Reddy Uradi]

Hi Andrew,

>From your email I understand that you are using basic zone.
If you want to access the vm you need to configure the ingress rules in 
security groups.


Thanks,
Jayapal

On 10-Dec-2014, at 9:49 AM, Abhinandan Prateek 
 wrote:

> There are iptables and ebtables running on the host providing isolation for 
> basic zone networking.
> It will be better to allow traffic for required services using cloudstack 
> instead of manually disabling iptables on guest.
> More on security groups here 
> https://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Installation_Guide/security-groups.html
> 
> 
> Abhinandan Prateek
> 
> M +919701199011
> abhinandan.prat...@shapeblue.com
> 
> 
> 
> 
>> On 10-Dec-2014, at 9:31 am, Andrew Kirch  wrote:
>> 
>> I've got cloudstack running, I've imported my instance, I have the console 
>> running but I can't connect to the instance.  I'm configured as a flat 
>> layer2 network, and the firewall on the instance is disabled for testing.  
>> does cloudstack have a firewall somewhere?
>> the entire thing is set up on 192.168.100.0/24 with 30-99 reserved for 
>> cloudstack, and 100+ reserved to DHCP.  I can console to the host (thanks 
>> for the help earlier on that) and can ping, and can ping machines on the 
>> local lan, but they cannot connect.
>> 
>> Andrew
> 
> Find out more about ShapeBlue and our range of CloudStack related services
> 
> IaaS Cloud Design & Build
> CSForge – rapid IaaS deployment framework
> CloudStack Consulting
> CloudStack Software 
> Engineering
> CloudStack Infrastructure 
> Support
> CloudStack Bootcamp Training 
> Courses
> 
> This email and any attachments to it may be confidential and are intended 
> solely for the use of the individual to whom it is addressed. Any views or 
> opinions expressed are solely those of the author and do not necessarily 
> represent those of Shape Blue Ltd or related companies. If you are not the 
> intended recipient of this email, you must neither take any action based upon 
> its contents, nor copy or show it to anyone. Please contact the sender if you 
> believe you have received this email in error. Shape Blue Ltd is a company 
> incorporated in England & Wales. ShapeBlue Services India LLP is a company 
> incorporated in India and is operated under license from Shape Blue Ltd. 
> Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is 
> operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company 
> registered by The Republic of South Africa and is traded under license from 
> Shape Blue Ltd. ShapeBlue is a registered trademark.

Re: Load Balancing in cloudstack

[Jayapal Reddy Uradi]

Hi Vadim,

What you are saying is Internal LB, it is there only in the VPC.

Thanks,
Jayapal
On 08-Dec-2014, at 12:52 PM, Vadim Kimlaychuk 
 wrote:

> As far as I know -- network offer with LB is only available for VPC and you 
> must expicitly select it for specific subnet.  For shared network it is not 
> available.
> 
> Vadim.
> 
> -Original Message-
> From: Erik Weber [mailto:terbol...@gmail.com] 
> Sent: Monday, December 08, 2014 12:34 AM
> To: users@cloudstack.apache.org
> Subject: Re: Load Balancing in cloudstack
> 
> On Sun, Dec 7, 2014 at 11:28 PM, Tilak Raj Singh  wrote:
> 
>> Hello all,
>> 
>> I followed the quick install guide of installing cloudstack and setup 
>> a private cloud within my college..Now I created a VM in it and it was 
>> assigned an IP address of 172.31.101.250. I created another VM which 
>> has an ip address 172.31.101.248...now when I click NIC tabs of both 
>> the machines it shows the Network Name as "defaultGuestNetwork"...I 
>> wish to add load balancing to these two machine to share the load of a 
>> webservice I would be creating on these.
>> 
>> But the problem is when I click on View IP Address inside 
>> defaultguestNetwork it shows no IP addressesWhat wrong am I doing 
>> here..Can somebody please guide me???
>> 
>> 
> Are you using Basic networking?
> 
> --
> Erik

Re: Load Balancing in cloudstack

[Jayapal Reddy Uradi]

Hi Tilak,

Create advanced zone network. 
Create network offering with LB service, In deployvm wizard select this 
offering for the network section.
In this network you can find public ip addresses and you can configure LB rules.

Thanks,
Jayapal


On 08-Dec-2014, at 4:03 AM, Erik Weber  wrote:

> On Sun, Dec 7, 2014 at 11:28 PM, Tilak Raj Singh  wrote:
> 
>> Hello all,
>> 
>> I followed the quick install guide of installing cloudstack and setup a
>> private cloud within my college..Now I created a VM in it and it was
>> assigned an IP address of 172.31.101.250. I created another VM which has an
>> ip address 172.31.101.248...now when I click NIC tabs of both the machines
>> it shows the Network Name as "defaultGuestNetwork"...I wish to add load
>> balancing to these two machine to share the load of a webservice I would be
>> creating on these.
>> 
>> But the problem is when I click on View IP Address inside
>> defaultguestNetwork it shows no IP addressesWhat wrong am I doing
>> here..Can somebody please guide me???
>> 
>> 
> Are you using Basic networking?
> 
> -- 
> Erik

Re: Port forwarding on nic2

[Jayapal Reddy Uradi]

Hi,

I have tried configuring the static for nic2 from the UI.
UI is not showing the VM nic2 ip addresses, it is showing primary/default nic2.

API is working fine. So I will file UI bug.

Thanks,
Jayapal

On 03-Dec-2014, at 10:41 AM, Vadim Kimlaychuk  wrote:

> Hi Alessandro,
> 
> I think default NIC is tightly coupled with default route and default 
> GW. You may have several NICs at your system but only once is used for 
> communication to outside world. If you have several shared networks choose 
> one that is connected to Internet as default. If both connected -- choose any 
> of them. 
> 
> Regards,
> 
> Vadim.
> 
> From: Alessandro Caviglione [c.alessan...@gmail.com]
> Sent: Wednesday, December 03, 2014 2:19
> To: users@cloudstack.apache.org
> Subject: Re: Port forwarding on nic2
> 
> Hellooo,
> I see another "strange" thing...
> I'm also a newbie of CS and I'm understanding just now some concepts but...
> what mean "default" nic?
> Why in an instance I have a default nic that I can change (if I've more
> than one nic)?
> And why, also if I change the default nic, I still can only configure port
> forwarding on the first nic I configured for my instance?
> When I configure a port forwarding and I select the instance, a dropdown
> menu should show the IP address of the instance, but I see only primary?
> Maybe I'm experiencing a bug?
> 
> On Sun, Nov 30, 2014 at 10:21 PM, Alessandro Caviglione <
> c.alessan...@gmail.com> wrote:
> 
>> Hi guys,
>> I'm experiencing an issue about port forwarding.
>> I've deployed an instance with 2 NICs, both isolated network.
>> Now I've configured some services in the instance, some listening on NIC 1
>> IP and some listening on NIC 2 IP.
>> IP are in two different subnet, both assigned by CS DHCP.
>> Now, I click the second network in the network menu > View IP Address >
>> Public IP > Configuration tab > Port forwarding  then I create a new port
>> forwarding rule specifying the port, protocol and clicking the "Add" button
>> to specify the instance IP.
>> The instance appear in the popup but when I select the instance I just can
>> choose the "Primary" IP that is corresponding to the NIC 1.
>> 
>> Something I wrong?
>> 

Re: Cannot create a Scoped Guest Network

[Jayapal Reddy Uradi]

Hi Lee,

When you create network with scope did you see API call in the log. If not then 
it is UI issue.
Can you try the same thing with API or cloud monkey.

Thanks,
Jayapal


On 05-Dec-2014, at 5:59 PM, Lee Webb 
 wrote:

> Hi List!
> 
> I've got a 4.4.1 CS system up & running however I'm having issues creating a 
> Guest Network which is scoped to a particular domain or account.
> 
> The overall intent is to create a Network for an Account which will allow it 
> to connect to physical devices within a certain VLAN - in my case a hosted 
> NAS.
> 
> Within the Networks tab I can create my Guest Network specifying the VLAN, 
> IP, Range etc. without a problem provided that I leave the scoping to ALL.
> 
> If I try to do the same withe scoping set to anything lower the UI just sends 
> me back to the network tab without saying that anything was incorrect.
> 
> There's also no evidence of stack traces in the management logging either, it 
> just silently fails.
> 
> The documentation seems to suggest that scoping the Network is possible - or 
> should I be trying to do the same with an Isolated Network?
> 
> Regards, Lee

Re: CS SystemVM with with running apache web server

[Jayapal Reddy Uradi]

For VR web server (port 80) is used when user data service is enabled.
For ssvm it used for required for template/iso download.

Thanks,
Jayapal

On 03-Dec-2014, at 6:00 PM, Rafael Weingartner  
wrote:

> I was looking at the VR and SSVM.
> 
> On Wed, Dec 3, 2014 at 10:27 AM, Andrija Panic 
> wrote:
> 
>> Console proxy VM use web server I beleive...both 80 and 443
>> Not sure about SSVM though...
>> 
>> On 3 December 2014 at 13:23, Rafael Weingartner <
>> rafaelweingart...@gmail.com
>>> wrote:
>> 
>>> Hi folks,
>>> 
>>> I noticed today that CS system VMs have a running apache webserver
>>> listening ports 80 and 443. I looked at its configs, and it seems to do
>>> nothing. At least, I could not find anything interesting there. Thus,
>> there
>>> was just a default listening on port 80 and 443, with nothing else.
>>> 
>>> Is it really needed? Can I shut down those webservers?
>>> 
>>> --
>>> Rafael Weingärtner
>>> 
>> 
>> 
>> 
>> --
>> 
>> Andrija Panić
>> 
> 
> 
> 
> -- 
> Rafael Weingärtner

Re: Port forwarding on nic2

[Jayapal Reddy Uradi]

Hi Alessandro,

Can you please try configuring PF on the nic2 using the API ?

The drop down supposed to show the VM NIC2 ip address because you are on the 
network2.
The drop down first show the primary ip of the nic then nic secondary ip 
addresses. 

Thanks,
Jayapal

On 03-Dec-2014, at 5:49 AM, Alessandro Caviglione  
wrote:

> Hellooo,
> I see another "strange" thing...
> I'm also a newbie of CS and I'm understanding just now some concepts but...
> what mean "default" nic?
> Why in an instance I have a default nic that I can change (if I've more
> than one nic)?
> And why, also if I change the default nic, I still can only configure port
> forwarding on the first nic I configured for my instance?
> When I configure a port forwarding and I select the instance, a dropdown
> menu should show the IP address of the instance, but I see only primary?
> Maybe I'm experiencing a bug?
> 
> On Sun, Nov 30, 2014 at 10:21 PM, Alessandro Caviglione <
> c.alessan...@gmail.com> wrote:
> 
>> Hi guys,
>> I'm experiencing an issue about port forwarding.
>> I've deployed an instance with 2 NICs, both isolated network.
>> Now I've configured some services in the instance, some listening on NIC 1
>> IP and some listening on NIC 2 IP.
>> IP are in two different subnet, both assigned by CS DHCP.
>> Now, I click the second network in the network menu > View IP Address >
>> Public IP > Configuration tab > Port forwarding  then I create a new port
>> forwarding rule specifying the port, protocol and clicking the "Add" button
>> to specify the instance IP.
>> The instance appear in the popup but when I select the instance I just can
>> choose the "Primary" IP that is corresponding to the NIC 1.
>> 
>> Something I wrong?
>> 

Re: Unable to download CentOS 5.5 nogui (KVM)

[Jayapal Reddy Uradi]

Hi,

Please check the routing table on the SSVM.
Check the reachability of the storage network from the SSVM.


Thanks,
Jayapal
On 02-Dec-2014, at 10:55 AM, Satya Narayana 
 wrote:

> I am not getting Download Complete status after clicking on CentOS5.5(64
> bit) no GUI (KVM) link in Templates page.
> 
> My routing table on Management Server node is as follows.
> 
> Destination  Gateway   GenmaskIface
> 192.168.1.0   0.0.0.0 255.255.255.0  eth0
> 192.168.122.00.0.0.0255.255.255.0   virbr0
> 10.244.10.00.0.0.0255.255.254.0  wlan0
> 169.254.0.0.  0.0.0.0 255.255.0.0 eth0
> 0.0.0.0  192.168.1.2  0.0.0.0eth0
> 
> ifconfig result on MS node is as follows
> 
> eth0   192.168.1.2
> virbr0  192.168.122.1
> wlan0  10.244.11.109
> 
> -- 
> Regds,
> Satya

Re: Template/ISO register issue: SSVM java error

[Jayapal Reddy Uradi]

Hi Tejas,

Please run the following command in the ssvm.
/usr/local/cloud/systemvm/ssvm-check.sh

For more troubleshooting of ssvm follow the below link.
https://cwiki.apache.org/confluence/display/CLOUDSTACK/SSVM,+templates,+Secondary+storage+troubleshooting

Thanks,
Jayapal
On 27-Nov-2014, at 9:00 PM, Tejas Sheth 
mailto:tshet...@gmail.com>> wrote:

Hello guyz,

  We have deployed advanced zone with xenserver 6.2 sucessfully but we are
not able to register ISO or template.

 The Ready parameter is showing NO and Status parameter is BLANK.

When i went to secondary storage VM and if we run ./run.sh it shows
following error.


ERROR AgentShell:464 - Unable to start agent: Java process is being started
twice.  If this is not true, remove /var/run/agent.SecStorage.pid
Unable to start agent: Java process is being started twice.  If this is not
true, remove /var/run/agent.SecStorage.pid


Thanks and regards,
Tejas

Re: security group and xenserver query

[Jayapal Reddy Uradi]

Hi Tejas,

If you run the /opt/cloud/bin/copy_vhd_from_secondarystorage.sh script in 
xenserver by uncommenting 'set -x' will give the reasons for failure.
#/opt/cloud/bin/copy_vhd_from_secondarystorage.sh 
'10.3.4.40:/ibm/CloudSecondary/template/tmpl/1/1/' 
'4436b39f-2d6b-d0ab-9074-f56daefd2f70' 
'cloud-b25f990a-a1fc-459b-87d5-faedf0335031'



  1.
Nov 27 16:18:16 cloud-host1 SM: [4394] ['bash', 
'/opt/cloud/bin/copy_vhd_from_secondarystorage.sh', 
'10.3.4.40:/ibm/CloudSecondary/template/tmpl/1/1/', 
'4436b39f-2d6b-d0ab-9074-f56daefd2f70', 
'cloud-b25f990a-a1fc-459b-87d5-faedf0335031']
  2.
Nov 27 16:18:16 cloud-host1 SM: [4394]   pread SUCCESS
  3.
Nov 27 16:18:17 cloud-host1 SM: [4457] ['bash', 
'/opt/cloud/bin/kill_copy_process.sh', '']

Thanks,
Jayapl
On 27-Nov-2014, at 5:20 PM, Jayapal Reddy Uradi 
mailto:jayapalreddy.ur...@citrix.com>>
 wrote:

Hi Tejas,

Set executable permission to vhd-util
#chmod +x /opt/cloud/bin/vhd-util

After this hopefully next spin of ssvm will come up.

Thanks,
Jayapal
On 27-Nov-2014, at 5:10 PM, Tejas Sheth 
mailto:tshet...@gmail.com>>
wrote:

Hi Jayapal,

kindly find the output from above mention command. both location i have
copied vhd-util manually
#ls -l /opt/cloud/bin/vhd-util
-rw-r--r-- 1 root root 318977 Sep 19  2012 /opt/cloud/bin/vhd-util

# find /opt/ -iname vhd-util
/opt/cloud/bin/vhd-util
/opt/xensource/bin/vhd-util

Following is the link for SMlog.log in pastebin.com<http://pastebin.com>

http://pastebin.com/rzcmSbGJ


Thanks and regards,
Tejas

On Thu, Nov 27, 2014 at 4:31 PM, Jayapal Reddy Uradi <
jayapalreddy.ur...@citrix.com> wrote:

Hi Tejas,

Can also please send the corresponding xenserver logs /var/log/SMLog.
When this error is seen in the MS, at the same time take xenserver logs.
For this error xenserver logs will help.

What is the cloudstack version are you using ?

For your reference:
#find /opt/ -iname vhd-util
/opt/cloud/bin/vhd-util
#ls -l /opt/cloud/bin/vhd-util
-rwxr-xr-x 1 root root 318977 Sep 19  2012 /opt/cloud/bin/vhd-util


Thanks,
Jayapal

On 27-Nov-2014, at 4:18 PM, Tejas Sheth 
wrote:

Hello Jayapal,


kindly find  cloudstack-management log link for pastebin.com

http://pastebin.com/VAgcfN05

Thanks.
Tejas

On Thu, Nov 27, 2014 at 12:24 PM, Jayapal Reddy Uradi <
jayapalreddy.ur...@citrix.com> wrote:

Please share full length of logs in pastebin.com to get the reason for
failure of the systemvm.
Along with the MS logs also check the host logs (/var/log/SMLog).

Check systemvm.iso is present in the host.

Thanks,
Jayapal


On 27-Nov-2014, at 11:49 AM, Tejas Sheth 
wrote:

Hello Guyz,

We are facing issue starting system VM. deployment is in production so
really need your help. following is the log entry for the error and
detail
of the issue is defiend in my previous mail trail.

2014-11-26 21:45:31,516 ERROR [c.c.v.VirtualMachineManagerImpl]
(secstorage-1:ctx-6761d068) Failed to start instance
VM[SecondaryStorageVm|s-10-VM]
2014-11-26 21:46:01,499 ERROR [c.c.v.VirtualMachineManagerImpl]
(secstorage-1:ctx-1085a3ab) Failed to start instance
VM[SecondaryStorageVm|s-11-VM]

Catch Exception com.cloud.utils.exception.CloudRuntimeException for
template +  due to com.cloud.utils.exception.CloudRuntimeException: can
not
create vdi in sr 3e1f2113-438a-05e7-1b46-4c9b14d56144
com.cloud.utils.exception.CloudRuntimeException: can not create vdi in
sr
3e1f2113-438a-05e7-1b46-4c9b14d56144
2014-11-27 00:00:25,075 INFO  [o.a.c.s.v.VolumeServiceImpl]
(secstorage-1:ctx-b64088a4) Unable to acquire lock on
VMTemplateStoragePool
684


Exception while trying to start secondary storage vm
com.cloud.exception.AgentUnavailableException: Resource [Host:2] is
unreachable: Host 2: Unable to start instance due to null
2014-11-26 21:43:31,828 INFO  [c.c.s.s.SecondaryStorageManagerImpl]
(secstorage-1:ctx-be9596e4) Unable to start secondary storage vm for
standby capacity, secStorageVm vm Id : 6, will recycle it and start a
new
one

Appriciate an immidiate help for above issue.


Thanks,
Tejas

On Nov 27, 2014 1:51 AM, "Geoff Higginbottom" <
geoff.higginbot...@shapeblue.com> wrote:

Sorry Nux, but YES there are Customer Specific VLANs in a Security
Group
enabled Advanced Zone.

When you create an Advanced Zone with Security Groups you initially
create
a 'default guest network' and you allocate a VLAN and IP range to this
network.  This is then used by System VMs and can also be used by all
Accounts.

However you can then, as a Root Admin, create additional Guest
Networks
using the 'Offering for shared security group enabled networks' and
dedicate this to a Domain or an Account. When doing so you allocate a
different VLAN for each additional Guest Network.

The IP range allocated to each network can be either a true Public IP
range OR a Private IP range fronted by a Router/Firewall/Load 

Re: security group and xenserver query

[Jayapal Reddy Uradi]

Hi Tejas,

Set executable permission to vhd-util
#chmod +x /opt/cloud/bin/vhd-util

After this hopefully next spin of ssvm will come up.

Thanks,
Jayapal
On 27-Nov-2014, at 5:10 PM, Tejas Sheth 
 wrote:

> Hi Jayapal,
> 
>  kindly find the output from above mention command. both location i have
> copied vhd-util manually
> #ls -l /opt/cloud/bin/vhd-util
> -rw-r--r-- 1 root root 318977 Sep 19  2012 /opt/cloud/bin/vhd-util
> 
> # find /opt/ -iname vhd-util
> /opt/cloud/bin/vhd-util
> /opt/xensource/bin/vhd-util
> 
> Following is the link for SMlog.log in pastebin.com
> 
> http://pastebin.com/rzcmSbGJ
> 
> 
> Thanks and regards,
> Tejas
> 
> On Thu, Nov 27, 2014 at 4:31 PM, Jayapal Reddy Uradi <
> jayapalreddy.ur...@citrix.com> wrote:
> 
>> Hi Tejas,
>> 
>> Can also please send the corresponding xenserver logs /var/log/SMLog.
>> When this error is seen in the MS, at the same time take xenserver logs.
>> For this error xenserver logs will help.
>> 
>> What is the cloudstack version are you using ?
>> 
>> For your reference:
>> #find /opt/ -iname vhd-util
>> /opt/cloud/bin/vhd-util
>> #ls -l /opt/cloud/bin/vhd-util
>> -rwxr-xr-x 1 root root 318977 Sep 19  2012 /opt/cloud/bin/vhd-util
>> 
>> 
>> Thanks,
>> Jayapal
>> 
>> On 27-Nov-2014, at 4:18 PM, Tejas Sheth 
>> wrote:
>> 
>>> Hello Jayapal,
>>> 
>>> 
>>>  kindly find  cloudstack-management log link for pastebin.com
>>> 
>>> http://pastebin.com/VAgcfN05
>>> 
>>> Thanks.
>>> Tejas
>>> 
>>> On Thu, Nov 27, 2014 at 12:24 PM, Jayapal Reddy Uradi <
>>> jayapalreddy.ur...@citrix.com> wrote:
>>> 
>>>> Please share full length of logs in pastebin.com to get the reason for
>>>> failure of the systemvm.
>>>> Along with the MS logs also check the host logs (/var/log/SMLog).
>>>> 
>>>> Check systemvm.iso is present in the host.
>>>> 
>>>> Thanks,
>>>> Jayapal
>>>> 
>>>> 
>>>> On 27-Nov-2014, at 11:49 AM, Tejas Sheth 
>>>> wrote:
>>>> 
>>>>> Hello Guyz,
>>>>> 
>>>>> We are facing issue starting system VM. deployment is in production so
>>>>> really need your help. following is the log entry for the error and
>>>> detail
>>>>> of the issue is defiend in my previous mail trail.
>>>>> 
>>>>> 2014-11-26 21:45:31,516 ERROR [c.c.v.VirtualMachineManagerImpl]
>>>>> (secstorage-1:ctx-6761d068) Failed to start instance
>>>>> VM[SecondaryStorageVm|s-10-VM]
>>>>> 2014-11-26 21:46:01,499 ERROR [c.c.v.VirtualMachineManagerImpl]
>>>>> (secstorage-1:ctx-1085a3ab) Failed to start instance
>>>>> VM[SecondaryStorageVm|s-11-VM]
>>>>> 
>>>>> Catch Exception com.cloud.utils.exception.CloudRuntimeException for
>>>>> template +  due to com.cloud.utils.exception.CloudRuntimeException: can
>>>> not
>>>>> create vdi in sr 3e1f2113-438a-05e7-1b46-4c9b14d56144
>>>>> com.cloud.utils.exception.CloudRuntimeException: can not create vdi in
>> sr
>>>>> 3e1f2113-438a-05e7-1b46-4c9b14d56144
>>>>> 2014-11-27 00:00:25,075 INFO  [o.a.c.s.v.VolumeServiceImpl]
>>>>> (secstorage-1:ctx-b64088a4) Unable to acquire lock on
>>>> VMTemplateStoragePool
>>>>> 684
>>>>> 
>>>>> 
>>>>> Exception while trying to start secondary storage vm
>>>>> com.cloud.exception.AgentUnavailableException: Resource [Host:2] is
>>>>> unreachable: Host 2: Unable to start instance due to null
>>>>> 2014-11-26 21:43:31,828 INFO  [c.c.s.s.SecondaryStorageManagerImpl]
>>>>> (secstorage-1:ctx-be9596e4) Unable to start secondary storage vm for
>>>>> standby capacity, secStorageVm vm Id : 6, will recycle it and start a
>> new
>>>>> one
>>>>> 
>>>>> Appriciate an immidiate help for above issue.
>>>>> 
>>>>> 
>>>>> Thanks,
>>>>> Tejas
>>>>> 
>>>>> On Nov 27, 2014 1:51 AM, "Geoff Higginbottom" <
>>>>> geoff.higginbot...@shapeblue.com> wrote:
>>>>> 
>>>>>> Sorry Nux, but YES there are Customer Specific VLANs in a Security
>> Group
>>>>>> enabled Advanced Zone.
>>>

Re: security group and xenserver query

[Jayapal Reddy Uradi]

Hi Tejas,

Can also please send the corresponding xenserver logs /var/log/SMLog.
When this error is seen in the MS, at the same time take xenserver logs.
For this error xenserver logs will help.

What is the cloudstack version are you using ?

For your reference:
#find /opt/ -iname vhd-util
/opt/cloud/bin/vhd-util
#ls -l /opt/cloud/bin/vhd-util
-rwxr-xr-x 1 root root 318977 Sep 19  2012 /opt/cloud/bin/vhd-util


Thanks,
Jayapal

On 27-Nov-2014, at 4:18 PM, Tejas Sheth 
 wrote:

> Hello Jayapal,
> 
> 
>   kindly find  cloudstack-management log link for pastebin.com
> 
> http://pastebin.com/VAgcfN05
> 
> Thanks.
> Tejas
> 
> On Thu, Nov 27, 2014 at 12:24 PM, Jayapal Reddy Uradi <
> jayapalreddy.ur...@citrix.com> wrote:
> 
>> Please share full length of logs in pastebin.com to get the reason for
>> failure of the systemvm.
>> Along with the MS logs also check the host logs (/var/log/SMLog).
>> 
>> Check systemvm.iso is present in the host.
>> 
>> Thanks,
>> Jayapal
>> 
>> 
>> On 27-Nov-2014, at 11:49 AM, Tejas Sheth 
>> wrote:
>> 
>>> Hello Guyz,
>>> 
>>>  We are facing issue starting system VM. deployment is in production so
>>> really need your help. following is the log entry for the error and
>> detail
>>> of the issue is defiend in my previous mail trail.
>>> 
>>> 2014-11-26 21:45:31,516 ERROR [c.c.v.VirtualMachineManagerImpl]
>>> (secstorage-1:ctx-6761d068) Failed to start instance
>>> VM[SecondaryStorageVm|s-10-VM]
>>> 2014-11-26 21:46:01,499 ERROR [c.c.v.VirtualMachineManagerImpl]
>>> (secstorage-1:ctx-1085a3ab) Failed to start instance
>>> VM[SecondaryStorageVm|s-11-VM]
>>> 
>>> Catch Exception com.cloud.utils.exception.CloudRuntimeException for
>>> template +  due to com.cloud.utils.exception.CloudRuntimeException: can
>> not
>>> create vdi in sr 3e1f2113-438a-05e7-1b46-4c9b14d56144
>>> com.cloud.utils.exception.CloudRuntimeException: can not create vdi in sr
>>> 3e1f2113-438a-05e7-1b46-4c9b14d56144
>>> 2014-11-27 00:00:25,075 INFO  [o.a.c.s.v.VolumeServiceImpl]
>>> (secstorage-1:ctx-b64088a4) Unable to acquire lock on
>> VMTemplateStoragePool
>>> 684
>>> 
>>> 
>>> Exception while trying to start secondary storage vm
>>> com.cloud.exception.AgentUnavailableException: Resource [Host:2] is
>>> unreachable: Host 2: Unable to start instance due to null
>>> 2014-11-26 21:43:31,828 INFO  [c.c.s.s.SecondaryStorageManagerImpl]
>>> (secstorage-1:ctx-be9596e4) Unable to start secondary storage vm for
>>> standby capacity, secStorageVm vm Id : 6, will recycle it and start a new
>>> one
>>> 
>>> Appriciate an immidiate help for above issue.
>>> 
>>> 
>>> Thanks,
>>> Tejas
>>> 
>>> On Nov 27, 2014 1:51 AM, "Geoff Higginbottom" <
>>> geoff.higginbot...@shapeblue.com> wrote:
>>> 
>>>> Sorry Nux, but YES there are Customer Specific VLANs in a Security Group
>>>> enabled Advanced Zone.
>>>> 
>>>> When you create an Advanced Zone with Security Groups you initially
>> create
>>>> a 'default guest network' and you allocate a VLAN and IP range to this
>>>> network.  This is then used by System VMs and can also be used by all
>>>> Accounts.
>>>> 
>>>> However you can then, as a Root Admin, create additional Guest Networks
>>>> using the 'Offering for shared security group enabled networks' and
>>>> dedicate this to a Domain or an Account. When doing so you allocate a
>>>> different VLAN for each additional Guest Network.
>>>> 
>>>> The IP range allocated to each network can be either a true Public IP
>>>> range OR a Private IP range fronted by a Router/Firewall/Load Balancer
>> etc
>>>> but this will be outside of CloudStack control.
>>>> 
>>>> So to answer the original question it is possible to allocate a separate
>>>> VLAN to each Guest Network and if required to front this network with a
>>>> Load Balancer and Firewall to provide additional services, but you need
>> to
>>>> manage these devices separately so is not a typical configuration for a
>>>> Public Cloud, but could be used in a Private Cloud.
>>>> 
>>>> Kind Regards
>>>> 
>>>> Geoff Higginbottom
>>>> CTO / Cloud Architect
>>>> 
>>>> D: +44 20 3603 0542 | S: +44 20 360

Re: security group and xenserver query

[Jayapal Reddy Uradi]

;> if architecture is above mentioned way configured then how can we achieve
>>> NAT and loadbalancing?
>>> 
>>> Thanks
>>> Tejas
>>> 
>>> 
>>> On Wed, Nov 26, 2014 at 3:28 PM, Geoff Higginbottom <
>>> geoff.higginbot...@shapeblue.com> wrote:
>>> 
>>>> I like to think of Advanced Network with SG as simply multiple Basic
>>>> Networks, each on its own VLAN. You have the same features (or rather
>> lack
>>>> of) as you would with a Basic Zone, but you have multiple Guest
>> Networks.
>>>> 
>>>> Regards
>>>> 
>>>> Geoff Higginbottom
>>>> 
>>>> D: +44 20 3603 0542 | S: +44 20 3603 0540 | M: +447968161581
>>>> 
>>>> geoff.higginbot...@shapeblue.com
>>>> 
>>>> -Original Message-
>>>> From: Tejas Sheth [mailto:tshet...@gmail.com]
>>>> Sent: 26 November 2014 09:53
>>>> To: users@cloudstack.apache.org
>>>> Subject: Re: security group and xenserver query
>>>> 
>>>> so NAT and loadbalancers are not possible if we use security group?
>>>> 
>>>> so it meanse there will be no internal and external IPs for VMs. is it
>>>> correct?
>>>> 
>>>> On Wed, Nov 26, 2014 at 3:14 PM, Jayapal Reddy Uradi <
>>>> jayapalreddy.ur...@citrix.com> wrote:
>>>> 
>>>>> For SG networks there is no public network.
>>>>> We configure public ips for the guest network.
>>>>> 
>>>>> -Jayapal
>>>>> 
>>>>> On 26-Nov-2014, at 12:00 PM, Tejas Sheth 
>>>>> wrote:
>>>>> 
>>>>>> Hello,
>>>>>> 
>>>>>> I have made the bridge configuration, but when i am selecting
>>>>>> advance zone. it is not showing public network configuration. only
>>>>>> guest and management is availabel. also internal CIDR ip
>>>>>> configuration is also not available.
>>>>>> i think it is cinverting to basic zone if we select security group
>>>>>> and xenserver as hypervisor.
>>>>>> 
>>>>>> Thanks
>>>>>> Tejas
>>>>>> 
>>>>>> On Tue, Nov 25, 2014 at 9:16 PM, Jayapal Reddy Uradi <
>>>>>> jayapalreddy.ur...@citrix.com> wrote:
>>>>>> 
>>>>>>> 
>>>>>>> For 6.2 you no need to install CSP. My typo mistake in last mail.
>>>>>>> sysctl.conf is fine.
>>>>>>> 
>>>>>>> 
>>>>>>> Thanks,
>>>>>>> Jayapal
>>>>>>> 
>>>>>>> On 25-Nov-2014, at 8:45 PM, Tejas Sheth 
>>>>>>> wrote:
>>>>>>> 
>>>>>>>> Thanks,
>>>>>>>> 
>>>>>>>> So can i take it as confirmation and proceed with only following
>>>>>>>> bridge configuration in xenserver 6.2?
>>>>>>>> 
>>>>>>>> # xe-switch-network-backend bridge
>>>>>>>> 
>>>>>>>> # vi /etc/sysctl.conf
>>>>>>>>  net.bridge.bridge-nf-call-iptables = 1
>>>>>>>>   net.bridge.bridge-nf-call-ip6tables = 0
>>>>>>>>net.bridge.bridge-nf-call-arptables = 1
>>>>>>>> 
>>>>>>>> # sysctl -p /etc/sysctl.conf
>>>>>>>> 
>>>>>>>> Require confirmation for sysctl.cnf configuration part.
>>>>>>>> 
>>>>>>>> Thanks and regards,
>>>>>>>> Tejas
>>>>>>>> 
>>>>>>>> On Tue, Nov 25, 2014 at 8:31 PM, Vadim Kimlaychuk <
>>>>>>> vadim.kimlayc...@elion.ee
>>>>>>>>> wrote:
>>>>>>>> 
>>>>>>>>> XenServer does not need any package to be expicitly installed.
>>>>>>>>> When
>>>>> you
>>>>>>>>> add host to CS it copies some files to the host itself and you
>>>>>>>>> don't
>>>>>>> need
>>>>>>>>> to bother about them usually.
>>>>>>>>> 
>>>>>>>>> Vadim.
>>>>>>>>> 
>>>>>>>&

Re: security group and xenserver query

[Jayapal Reddy Uradi]

Is the first added primary storage removed from the host ?
If it is not removed and trying to added again it will fail.
You can delete it using the xencenter or xsconsole.

Thanks,
Jayapal


On 26-Nov-2014, at 11:04 PM, Tejas Sheth 
 wrote:

> Hi Jayapal,
> 
>  initially storage gave error while creating zone after we added vhd-util
> so after it got attached. then we tried to reconfigure new zone with
> another pool after changing network bridge to openvswitch but still the
> same issue.
> 
>  follwoing is the error for SMlog
> 
> Nov 26 22:11:15 cloud-host1 SM: [4051] ['/usr/sbin/vgs', '--noheadings',
> '--nosuffix', '--units', 'b',
> 'VG_XenStorage-4436b39f-2d6b-d0ab-9074-f56daefd2f70']
> Nov 26 22:11:15 cloud-host1 SM: [4051]   pread SUCCESS
> Nov 26 22:11:15 cloud-host1 SM: [4051] ['/usr/sbin/vgs', '--noheadings',
> '--nosuffix', '--units', 'b',
> 'VG_XenStorage-4436b39f-2d6b-d0ab-9074-f56daefd2f70']
> Nov 26 22:11:15 cloud-host1 SM: [4051]   pread SUCCESS
> Nov 26 22:11:15 cloud-host1 SMGC: [4051] No work, exiting
> Nov 26 22:11:15 cloud-host1 SMGC: [4051] SR 4436 ('CloudStore-1') (2 VDIs
> in 2 VHD trees): no changes
> Nov 26 22:11:24 cloud-host1 SM: [4154] ['bash',
> '/opt/cloud/bin/copy_vhd_from_secondarystorage.sh',
> '10.3.4.40:/ibm/share1/template/tmpl/1/1/',
> '4436b39f-2d6b-d0ab-9074-f56daefd2f70',
> 'cloud-63ae2d9b-23ce-49cc-8b25-b534a3cf0451']
> Nov 26 22:11:24 cloud-host1 SM: [4154]   pread SUCCESS
> Nov 26 22:11:25 cloud-host1 SM: [4186] ['bash',
> '/opt/cloud/bin/kill_copy_process.sh', '']
> Nov 26 22:11:25 cloud-host1 SM: [4186]   pread SUCCESS
> 
> thanks
> Tejas
> 
> On Wed, Nov 26, 2014 at 10:30 PM, Jayapal Reddy Uradi <
> jayapalreddy.ur...@citrix.com> wrote:
> 
>> Hi Tejas,
>> 
>> Please check that your xenserver host copied with 'vhd-util' binary.
>> Also check the /var/log/SMLog in the host for more detailed logs for this
>> error.
>> 
>> Thanks,
>> Jayapal
>> 
>> On 26-Nov-2014, at 9:51 PM, Tejas Sheth  wrote:
>> 
>>> Hello,
>>> 
>>> ISSUE!!!
>>> we are not using security groups but still bridge is configured. Zone is
>>> created sucessfully but System VMs are not able to start. follwoing error
>>> we are getting.
>>> 
>>> 2014-11-26 21:43:26,763 WARN  [c.c.h.x.r.XenServerStorageProcessor]
>>> (DirectAgent-97:ctx-861d1d2e) can not create vdi in sr
>>> 4436b39f-2d6b-d0ab-9074-f56daefd2f70
>>> 2014-11-26 21:43:26,763 WARN  [c.c.h.x.r.XenServerStorageProcessor]
>>> (DirectAgent-97:ctx-861d1d2e) Catch Exception
>>> com.cloud.utils.exception.CloudRuntimeException for template +  due to
>>> com.cloud.utils.exception.CloudRuntimeException: can not create vdi in sr
>>> 4436b39f-2d6b-d0ab-9074-f56daefd2f70
>>> 2014-11-26 21:43:29,612 WARN  [c.c.h.x.r.XenServerStorageProcessor]
>>> (DirectAgent-154:ctx-26ef19d8) destoryVDIbyNameLabel failed due to there
>>> are 0 VDIs with name cloud-f4f8ad12-b315-4768-9e71-278041d6bb80
>>> 2014-11-26 21:43:29,612 WARN  [c.c.h.x.r.XenServerStorageProcessor]
>>> (DirectAgent-154:ctx-26ef19d8) can not create vdi in sr
>>> 4436b39f-2d6b-d0ab-9074-f56daefd2f70
>>> 2014-11-26 21:43:29,612 WARN  [c.c.h.x.r.XenServerStorageProcessor]
>>> (DirectAgent-154:ctx-26ef19d8) Catch Exception
>>> com.cloud.utils.exception.CloudRuntimeException for template +  due to
>>> com.cloud.utils.exception.CloudRuntimeException: can not create vdi in sr
>>> 4436b39f-2d6b-d0ab-9074-f56daefd2f70
>>> 2014-11-26 21:43:31,564 INFO  [o.a.c.s.v.VolumeServiceImpl]
>>> (secstorage-1:ctx-be9596e4) Unable to acquire lock on
>> VMTemplateStoragePool
>>> 24
>>> 2014-11-26 21:43:31,567 ERROR [c.c.v.VirtualMachineManagerImpl]
>>> (secstorage-1:ctx-be9596e4) Failed to start instance
>>> VM[SecondaryStorageVm|s-6-VM]
>>> 2014-11-26 21:43:31,802 DEBUG [c.c.c.CapacityManagerImpl]
>>> (secstorage-1:ctx-be9596e4) VM state transitted from :Starting to Stopped
>>> with event: OperationFailedvm's original host id: null new host id: null
>>> host id before state transition: 2
>>> 2014-11-26 21:43:31,825 WARN  [c.c.s.s.SecondaryStorageManagerImpl]
>>> (secstorage-1:ctx-be9596e4) Exception while trying to start secondary
>>> storage vm
>>> com.cloud.exception.AgentUnavailableException: Resource [Host:2] is
>>> unreachable: Host 2: 

Re: The specified pod is in avoid set, returning

[Jayapal Reddy Uradi]

Hi Veera,

If you observe the management server logs above the below message will give 
reason for the failure.
 "Unable to start a VM due to insufficient capacity"

Thanks,
Jayapal

On 26-Nov-2014, at 10:25 PM, Tejas Sheth  wrote:

> Try configuration following parameter in global config.
> 
> -> mem.overprovisioning.factor=2
> 
> ->cpu.overprovisioning.factor=2
> 
> Thanks,
> 
> Tejas
> 
> 
> On Wed, Nov 26, 2014 at 9:54 PM, Andrija Panic 
> wrote:
> 
>> Check your network connectivity, if all hosts are UP etc.
>> 
>> 2014-11-26 16:14:47,835 INFO  [c.c.v.VirtualMachineManagerImpl]
>> (Job-Executor-1:ctx-300e8909 ctx-c12a818e) Unable to contact resource.
>> com.cloud.exception.ResourceUnavailableException: Resource [Pod:1] is
>> unreachable: Unable to apply dhcp entry on router
>> 
>> On 26 November 2014 at 17:16, veera  wrote:
>> 
>>> Hi,
>>> 
>>> I have working cloudstack setup with 1 zone - 1 pod - 2 clusters.
>>> Now I am getting the error "Unable to start a VM due to insufficient
>>> capacity" when i try to start a VM.
>>> 
>>> the log says "The specified pod is in avoid set, returning".
>>> Any hints?
>>> 
>>> thanks.
>> 
>> 
>> 
>> 
>> --
>> 
>> Andrija Panić
>> 

Re: security group and xenserver query

[Jayapal Reddy Uradi]

1-26 21:43:31,567 ERROR [c.c.v.VirtualMachineManagerImpl]
>> (secstorage-1:ctx-be9596e4) Failed to start instance
>> VM[SecondaryStorageVm|s-6-VM]
>> 2014-11-26 21:43:31,802 DEBUG [c.c.c.CapacityManagerImpl]
>> (secstorage-1:ctx-be9596e4) VM state transitted from :Starting to Stopped
>> with event: OperationFailedvm's original host id: null new host id: null
>> host id before state transition: 2
>> 2014-11-26 21:43:31,825 WARN  [c.c.s.s.SecondaryStorageManagerImpl]
>> (secstorage-1:ctx-be9596e4) Exception while trying to start secondary
>> storage vm
>> com.cloud.exception.AgentUnavailableException: Resource [Host:2] is
>> unreachable: Host 2: Unable to start instance due to null
>> 2014-11-26 21:43:31,828 INFO  [c.c.s.s.SecondaryStorageManagerImpl]
>> (secstorage-1:ctx-be9596e4) Unable to start secondary storage vm for
>> standby capacity, secStorageVm vm Id : 6, will recycle it and start a new
>> one
>> 
>> 
>> is it related to bridge configuration
>> 
>> On Wed, Nov 26, 2014 at 4:16 PM, Nux!  wrote:
>> 
>>> No, in Advanced Zone with SG - just like in Basic zone - there is no per
>>> customer VLAN; there are no firewall, load balancer or additional NICs;
>>> there is also no IPv6.
>>> 
>>> A VM will just get a public IP via DHCP and that's it, the customers are
>>> isolated via "security groups" which is a fancy name for iptables rules.
>>> 
>>> Hope this clears it up.
>>> 
>>> --
>>> Sent from the Delta quadrant using Borg technology!
>>> 
>>> Nux!
>>> www.nux.ro
>>> 
>>> - Original Message -
>>>> From: "Tejas Sheth" 
>>>> To: users@cloudstack.apache.org
>>>> Sent: Wednesday, 26 November, 2014 10:14:11
>>>> Subject: Re: security group and xenserver query
>>> 
>>>> Thanks for simplification,
>>>> so it means that each account will have seprate VLAN with its own
>>> subnet
>>>> and those VLANs will be created and configured in physical switch?
>>>> 
>>>> if architecture is above mentioned way configured then how can we
>>> achieve
>>>> NAT and loadbalancing?
>>>> 
>>>> Thanks
>>>> Tejas
>>>> 
>>>> 
>>>> On Wed, Nov 26, 2014 at 3:28 PM, Geoff Higginbottom <
>>>> geoff.higginbot...@shapeblue.com> wrote:
>>>> 
>>>>> I like to think of Advanced Network with SG as simply multiple Basic
>>>>> Networks, each on its own VLAN. You have the same features (or rather
>>> lack
>>>>> of) as you would with a Basic Zone, but you have multiple Guest
>>> Networks.
>>>>> 
>>>>> Regards
>>>>> 
>>>>> Geoff Higginbottom
>>>>> 
>>>>> D: +44 20 3603 0542 | S: +44 20 3603 0540 | M: +447968161581
>>>>> 
>>>>> geoff.higginbot...@shapeblue.com
>>>>> 
>>>>> -Original Message-
>>>>> From: Tejas Sheth [mailto:tshet...@gmail.com]
>>>>> Sent: 26 November 2014 09:53
>>>>> To: users@cloudstack.apache.org
>>>>> Subject: Re: security group and xenserver query
>>>>> 
>>>>> so NAT and loadbalancers are not possible if we use security group?
>>>>> 
>>>>> so it meanse there will be no internal and external IPs for VMs. is it
>>>>> correct?
>>>>> 
>>>>> On Wed, Nov 26, 2014 at 3:14 PM, Jayapal Reddy Uradi <
>>>>> jayapalreddy.ur...@citrix.com> wrote:
>>>>> 
>>>>>> For SG networks there is no public network.
>>>>>> We configure public ips for the guest network.
>>>>>> 
>>>>>> -Jayapal
>>>>>> 
>>>>>> On 26-Nov-2014, at 12:00 PM, Tejas Sheth 
>>>>>> wrote:
>>>>>> 
>>>>>>> Hello,
>>>>>>> 
>>>>>>> I have made the bridge configuration, but when i am selecting
>>>>>>> advance zone. it is not showing public network configuration. only
>>>>>>> guest and management is availabel. also internal CIDR ip
>>>>>>> configuration is also not available.
>>>>>>> i think it is cinverting to basic zone if we select security group
>>>>>>> and xenserver as hypervisor.
>>>>>>> 
>&g

Re: security group and xenserver query

[Jayapal Reddy Uradi]

For SG networks there is no public network.
We configure public ips for the guest network.

-Jayapal

On 26-Nov-2014, at 12:00 PM, Tejas Sheth 
 wrote:

> Hello,
> 
>  I have made the bridge configuration, but when i am selecting advance
> zone. it is not showing public network configuration. only guest and
> management is availabel. also internal CIDR ip configuration is also not
> available.
> i think it is cinverting to basic zone if we select security group and
> xenserver as hypervisor.
> 
> Thanks
> Tejas
> 
> On Tue, Nov 25, 2014 at 9:16 PM, Jayapal Reddy Uradi <
> jayapalreddy.ur...@citrix.com> wrote:
> 
>> 
>> For 6.2 you no need to install CSP. My typo mistake in last mail.
>> sysctl.conf is fine.
>> 
>> 
>> Thanks,
>> Jayapal
>> 
>> On 25-Nov-2014, at 8:45 PM, Tejas Sheth 
>> wrote:
>> 
>>> Thanks,
>>> 
>>> So can i take it as confirmation and proceed with only following bridge
>>> configuration in xenserver 6.2?
>>> 
>>> # xe-switch-network-backend bridge
>>> 
>>> # vi /etc/sysctl.conf
>>>   net.bridge.bridge-nf-call-iptables = 1
>>>net.bridge.bridge-nf-call-ip6tables = 0
>>> net.bridge.bridge-nf-call-arptables = 1
>>> 
>>>  # sysctl -p /etc/sysctl.conf
>>> 
>>> Require confirmation for sysctl.cnf configuration part.
>>> 
>>> Thanks and regards,
>>> Tejas
>>> 
>>> On Tue, Nov 25, 2014 at 8:31 PM, Vadim Kimlaychuk <
>> vadim.kimlayc...@elion.ee
>>>> wrote:
>>> 
>>>> XenServer does not need any package to be expicitly installed. When you
>>>> add host to CS it copies some files to the host itself and you don't
>> need
>>>> to bother about them usually.
>>>> 
>>>> Vadim.
>>>> 
>>>> -Original Message-
>>>> From: Tejas Sheth [mailto:tshet...@gmail.com]
>>>> Sent: Tuesday, November 25, 2014 4:52 PM
>>>> To: users@cloudstack.apache.org
>>>> Subject: security group and xenserver query
>>>> 
>>>> Hello Jayapal,
>>>> 
>>>> Thanks for reply, I have understood the bridge configuration part but
>>>> can you clarify CSP package part.
>>>> 
>>>> if CSP package comes with xenserver 6.2 then do we need to install it
>>>> explicitly?
>>>> 
>>>> It would be really helpful if you can send link to install CSP in
>>>> xenserver 6.2 because CS 4.3 document do not have description for
>> xenserver
>>>> 6.2 CSP installation.
>>>> 
>>>> Hi Tejas,
>>>> 
>>>> The network mode set to 'bridge' mode.
>>>> #xe-switch-network-backend  bridge
>>>> 
>>>> I think Xenserver 6.2 comes with the CSP package, so you need to install
>>>> it explicitly.
>>>> 
>>>> 
>>>> Thanks,
>>>> Jayapal
>>>> 
>>>> 
>>>> On 25-Nov-2014, at 4:47 PM, Tejas Sheth 
>>>> wrote:
>>>> 
>>>>> Hello,
>>>>> 
>>>>> We are configuring advanced zone in cloudstack 4.3 in xenserver 6.2.
>>>>> we want to configure security group in advance zone. do we have to do
>>>>> any special configuration in xenserver 6.2.
>>>>> 
>>>>> xenserver has default networking configuration.
>>>>> 
>>>>> Thanks and regards,
>>>>> Tejas
>>>> 
>> 
>> 

Re: security group and xenserver query

[Jayapal Reddy Uradi]

For 6.2 you no need to install CSP. My typo mistake in last mail.
sysctl.conf is fine.


Thanks,
Jayapal

On 25-Nov-2014, at 8:45 PM, Tejas Sheth 
 wrote:

> Thanks,
> 
>  So can i take it as confirmation and proceed with only following bridge
> configuration in xenserver 6.2?
> 
>  # xe-switch-network-backend bridge
> 
>  # vi /etc/sysctl.conf
>net.bridge.bridge-nf-call-iptables = 1
> net.bridge.bridge-nf-call-ip6tables = 0
>  net.bridge.bridge-nf-call-arptables = 1
> 
>   # sysctl -p /etc/sysctl.conf
> 
> Require confirmation for sysctl.cnf configuration part.
> 
> Thanks and regards,
> Tejas
> 
> On Tue, Nov 25, 2014 at 8:31 PM, Vadim Kimlaychuk > wrote:
> 
>> XenServer does not need any package to be expicitly installed. When you
>> add host to CS it copies some files to the host itself and you don't need
>> to bother about them usually.
>> 
>> Vadim.
>> 
>> -Original Message-
>> From: Tejas Sheth [mailto:tshet...@gmail.com]
>> Sent: Tuesday, November 25, 2014 4:52 PM
>> To: users@cloudstack.apache.org
>> Subject: security group and xenserver query
>> 
>> Hello Jayapal,
>> 
>>  Thanks for reply, I have understood the bridge configuration part but
>> can you clarify CSP package part.
>> 
>>  if CSP package comes with xenserver 6.2 then do we need to install it
>> explicitly?
>> 
>>  It would be really helpful if you can send link to install CSP in
>> xenserver 6.2 because CS 4.3 document do not have description for xenserver
>> 6.2 CSP installation.
>> 
>> Hi Tejas,
>> 
>> The network mode set to 'bridge' mode.
>> #xe-switch-network-backend  bridge
>> 
>> I think Xenserver 6.2 comes with the CSP package, so you need to install
>> it explicitly.
>> 
>> 
>> Thanks,
>> Jayapal
>> 
>> 
>> On 25-Nov-2014, at 4:47 PM, Tejas Sheth 
>> wrote:
>> 
>>> Hello,
>>> 
>>>  We are configuring advanced zone in cloudstack 4.3 in xenserver 6.2.
>>> we want to configure security group in advance zone. do we have to do
>>> any special configuration in xenserver 6.2.
>>> 
>>> xenserver has default networking configuration.
>>> 
>>> Thanks and regards,
>>> Tejas
>> 

Re: security group and xenserver query

[Jayapal Reddy Uradi]

Hi Tejas,

The network mode set to 'bridge' mode.
#xe-switch-network-backend  bridge

I think Xenserver 6.2 comes with the CSP package, so you need to install it 
explicitly.


Thanks,
Jayapal


On 25-Nov-2014, at 4:47 PM, Tejas Sheth 
 wrote:

> Hello,
> 
>   We are configuring advanced zone in cloudstack 4.3 in xenserver 6.2. we
> want to configure security group in advance zone. do we have to do any
> special configuration in xenserver 6.2.
> 
>  xenserver has default networking configuration.
> 
> Thanks and regards,
> Tejas

Re: What happens when you remove a disconnected host?

[Jayapal Reddy Uradi]

Hi,

If there is more than one host please check the vms host id. The vms might have 
migrated.
If not removing the host, VMs in the host will not come back. primary storage 
for the host also needs to be added again.

Thanks,
Jayapal

On 03-Nov-2014, at 12:03 AM, Brent Clark  wrote:

> Hello everyone!
> 
> I have a question that I am finding hard to answer googling.
> 
> I have a host that has had some issues. The cloudstack-agent it was
> re-installed.
> 
> It currently is in a "Disconnected" state when looking at it in the
> CloudManger WebUI. It still has VMs running on it just fine. I want to
> remove the host, but am unsure what will happen to the VMs running on it.
> 
> In my mind, since the manager labeled the host disconnected, I should be
> able to remove the host and the VMs stay running and happy. Is that correct?
> 
> My end goal is to remove the host then add it back and everything will be
> happy again.
> 
> Your help is appreciated.
> 
> -- 
> Brent S. Clark
> Senior Cloud & Infrastructure Systems Engineer
> 
> 2580 55th St.  |  Boulder, Colorado 80301
> www.tendrilinc.com  |  blog 
> 
> 
> 
> This email and any files transmitted with it are confidential and intended 
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify the sender.
> Please note that any views or opinions presented in this email are solely 
> those of the author and do not necessarily represent those of the company.
> Finally, the recipient should check this email and any attachments for the 
> presence of viruses.
> The company accepts no liability for any damage caused by any virus 
> transmitted by this email.

Re: running pre and/or post scripts after instance creation/destroy

[Jayapal Reddy Uradi]

Hi Yiping,

Can you please elaborate more about your requirement.
Where you want to run the script ? ... Inside the VM ?

Thanks,
Jayapal
On 29-Oct-2014, at 12:31 AM, Yiping Zhang  wrote:

> Hi, all:
> 
> Does anyone know if CloudStack provide any mechanism to run a pre/post 
> scripts after an instance is created or destroyed ?
> 
> Thanks,
> 
> Yiping

Re: cannot ping to cloudstack instance

[Jayapal Reddy Uradi]

Did you open ports 22-22 ?
Earlier mail you mentioned port 80-80 only.

Please see the ports are opened and service is running in the vm/server.

Thanks,
Jayapal
On 25-Sep-2014, at 2:12 PM, Asanka sanjaya Herath 
 wrote:

> Sorry this is the error:
> # ssh root@192.168.56.135
> # ssh: connect to host 192.168.56.135 port 22: Connection timed out
> 
> On Thu, Sep 25, 2014 at 2:05 PM, Asanka sanjaya Herath 
> wrote:
> 
>> Now I'm trying to ssh to that server. But it I got this error.
>> 
>> # ssh root@192.168.56.180
>> # ssh: connect to host 192.168.56.135 port 22: Connection timed out
>> 
>> I used default template(cent-os) provided by cloudstak.
>> So where is the fault?
>> 
>> 
>> On Thu, Sep 25, 2014 at 1:59 PM, Asanka sanjaya Herath >> wrote:
>> 
>>> Hi Gopalakrishnan,
>>> 
>>> That works. Thank you for your help. And thank you Jayapal for detailed
>>> information.
>>> 
>>> On Thu, Sep 25, 2014 at 1:55 PM, Jayapal Reddy Uradi <
>>> jayapalreddy.ur...@citrix.com> wrote:
>>> 
>>>> For ping icmp is type 8 and code 0.
>>>> Add icmp type, code -1,-1 to allow all icmp types and codes.
>>>> 
>>>> -Jayapal
>>>> 
>>>> On 25-Sep-2014, at 1:31 PM, Asanka sanjaya Herath 
>>>> wrote:
>>>> 
>>>>> Hi GopalaKrishnan,
>>>>> 
>>>>> Thank you for help. I added Egress and Ingress rules as follows.
>>>>> 
>>>>> TCP: start port-80 endport-80 CIDR-0.0.0.0/0
>>>>> ICMP: type-0 code-0 CIDR-0.0.0.0./0
>>>>> 
>>>>> But still I cannot ping to the instance from the host machine. But I
>>>> can
>>>>> ping to the host machine from the instance.
>>>>> 
>>>>> 
>>>>> On Thu, Sep 25, 2014 at 12:35 PM, GopalaKrishnan 
>>>>> wrote:
>>>>> 
>>>>>> Hi Sanjaya,
>>>>>> 
>>>>>> You should check Security Groups and Egress, Ingress rules for your
>>>>>> instance user. Enable ICMP in Egress to ping your server.
>>>>>> 
>>>>>> Thank You.
>>>>>> GopalaKrishnan.S
>>>>>> Cloud Architect at Fogpanel.
>>>>>> 
>>>>>> 
>>>>>> - Original Message - From: "Asanka sanjaya Herath" <
>>>>>> angal...@gmail.com>
>>>>>> To: 
>>>>>> Sent: Thursday, September 25, 2014 11:51 AM
>>>>>> Subject: cannot ping to cloudstack instance
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> I installed cloudstack in my local computer and added an instance
>>>>>> successfully. Then I tried to ping to the instance created in
>>>> cloudstack.
>>>>>> But I cannot ping to instance.  But I can ping to the gateway.
>>>>>> 
>>>>>> These are my network configurations(used basic networking):
>>>>>> 
>>>>>> dns1: 8.8.8.8
>>>>>> dns2: 8.8.4.4
>>>>>> 
>>>>>> POD:
>>>>>> startip: 192.168.56.200
>>>>>> endip:192.168.56.220
>>>>>> 
>>>>>> Guest IP Ranges:
>>>>>> startip: 192.168.56.100
>>>>>> endip: 192.168.56.199
>>>>>> netmask: 255.255.255.0
>>>>>> gateway: 192.168.56.5
>>>>>> 
>>>>>> Instance IP: 192.168.56.135
>>>>>> 
>>>>>> Any ideas?
>>>>>> 
>>>>>> 
>>>>>> --
>>>>>> Thanks,
>>>>>> Regards,
>>>>>> A
>>>>>> ​sanka
>>>>>> 
>>>>>> ---
>>>>>> This email is free from viruses and malware because avast! Antivirus
>>>>>> protection is active.
>>>>>> http://www.avast.com
>>>>>> 
>>>>>> 
>>>>> 
>>>>> 
>>>>> --
>>>>> Thanks,
>>>>> Regards,
>>>>> ASH
>>>> 
>>>> 
>>> 
>>> 
>>> --
>>> Thanks,
>>> Regards,
>>> ASH
>>> 
>> 
>> 
>> 
>> --
>> Thanks,
>> Regards,
>> ASH
>> 
> 
> 
> 
> -- 
> Thanks,
> Regards,
> ASH

Re: cannot ping to cloudstack instance

[Jayapal Reddy Uradi]

For ping icmp is type 8 and code 0.
Add icmp type, code -1,-1 to allow all icmp types and codes.

-Jayapal

On 25-Sep-2014, at 1:31 PM, Asanka sanjaya Herath  wrote:

> Hi GopalaKrishnan,
> 
> Thank you for help. I added Egress and Ingress rules as follows.
> 
> TCP: start port-80 endport-80 CIDR-0.0.0.0/0
> ICMP: type-0 code-0 CIDR-0.0.0.0./0
> 
> But still I cannot ping to the instance from the host machine. But I can
> ping to the host machine from the instance.
> 
> 
> On Thu, Sep 25, 2014 at 12:35 PM, GopalaKrishnan 
> wrote:
> 
>> Hi Sanjaya,
>> 
>> You should check Security Groups and Egress, Ingress rules for your
>> instance user. Enable ICMP in Egress to ping your server.
>> 
>> Thank You.
>> GopalaKrishnan.S
>> Cloud Architect at Fogpanel.
>> 
>> 
>> - Original Message - From: "Asanka sanjaya Herath" <
>> angal...@gmail.com>
>> To: 
>> Sent: Thursday, September 25, 2014 11:51 AM
>> Subject: cannot ping to cloudstack instance
>> 
>> 
>> 
>> I installed cloudstack in my local computer and added an instance
>> successfully. Then I tried to ping to the instance created in cloudstack.
>> But I cannot ping to instance.  But I can ping to the gateway.
>> 
>> These are my network configurations(used basic networking):
>> 
>> dns1: 8.8.8.8
>> dns2: 8.8.4.4
>> 
>> POD:
>> startip: 192.168.56.200
>> endip:192.168.56.220
>> 
>> Guest IP Ranges:
>> startip: 192.168.56.100
>> endip: 192.168.56.199
>> netmask: 255.255.255.0
>> gateway: 192.168.56.5
>> 
>> Instance IP: 192.168.56.135
>> 
>> Any ideas?
>> 
>> 
>> --
>> Thanks,
>> Regards,
>> A
>> ​sanka
>> 
>> ---
>> This email is free from viruses and malware because avast! Antivirus
>> protection is active.
>> http://www.avast.com
>> 
>> 
> 
> 
> -- 
> Thanks,
> Regards,
> ASH

Re: Cloudstack dont create instances

[Jayapal Reddy Uradi]

Hi,

Please observe the logs starting from the deployvm api is called in logs.
Also check wether the template is downloaded or not in UI see template details 
for status.
If follow the below link for troubleshooting. 

https://cwiki.apache.org/confluence/display/CLOUDSTACK/SSVM,+templates,+Secondary+storage+troubleshooting


Thanks,
Jayapal

On 19-Sep-2014, at 12:45 AM, Otávio parreiras  
wrote:

> Good afternoon!
> I'm having problem for creating instances in CloudStack.
> I did my first installation of CloudStack, but can not create a VM host
> both the UI as in cloudmonkey.
> The configuration I'm using is the cloudstack-management 4.3.0,with Ubuntu
> 14:04 and KVM .
> All the infrastructure is ok, including Console Proxy and Secondary
> Storage with status Running.
> I can mount the NFS share on all nodes in the application.
> When I run command
> /usr/share/cloudstack-common/scripts/storage/secondary/cloud-install-sys-tmplt
> -m /srv/images/secondary -u
> http://download.cloud.com/templates/4.3/systemvm64template-2014-01-14-master-kvm.qcow2.bz2
> -h kvm -F is create the files d2ba3ff9-17bb-41d8-bdf4-76ca0bf9dfc0.qcow2
> and template.properties in directory
> /srv/images/secondary/template/tmpl/1/3 and does not send any error
> message.
> When I insert the ISO and Ready NO and without Status.
> I insert my ip and my subnet in secstorage.allowed.internal.sites but
> neither worked.
> The error code is 431 in cloudmonkey:
>> Deploy virtualmachine TemplateID = f7cc1108-3eb4-11e4-a4bf-6c5b858717dc
> zoneid = cb2ca0af-3a3c-4abb-bd64-7aa666ee3029 serviceofferingid =
> 91f4892e-7aec-43EE-9e70-927237c4f8c6
> 431: Unable to use system to deploy the template 3 user vm
> Was unable enchergar no error in the management-server.log logs.
> In the UI don´t display the options in stage the select a template.
> 
> I saw some e-mail with similar problem asked to run the run.sh script, but
> I have it on my server.
> root@lab1:/var/log/cloudstack/management# ls -latr
> /usr/share/cloudstack-common/scripts/vm/systemvm
> total 16
> -rwxr-xr-x 1 root root 3402 Mar 25 02:30 injectkeys.sh
> -rw-r--r-- 1 root root 1675 Mar 25 02:30 id_rsa.cloud
> 
> Can help me?

Re: Network change

[Jayapal Reddy Uradi]

Hi,

You can use updateNetworkOffering API to change the offering of the network.
By using this all the VMs in the network should be stopped. 
Also the router get recreated.

Thanks,
Jayapal

On 16-Sep-2014, at 5:42 AM, Ivan Rodriguez  wrote:

> Hi Cloudstack users,
> 
> Do you guys know if its possible to change a shared network to isolated ?
> or
> Is it possible to change the service offering in a shared network ?
> or Is it possible to disable services on a shared guest network ?
> 
> 
> Thanks in advance

Re: Problems with firewall

[Jayapal Reddy Uradi]

Hi,

iptables rules are configured on the host that means CSP is there.

The setup is basic shared network with out security groups but there are
SG rules configured for the VM in the host and there is no ingress/egress rules 
config option.
Not sure about with out SG configuring rules for VM is a bug.

Thanks,
Jayapal


On 11-Sep-2014, at 10:27 AM, Kirk Kosinski 
 wrote:

> Hi, Carlos.  Did you install the CSP on your XS hosts?  Also is Open
> vSwitch enabled or disabled?
> 
> Best regards,
> Kirk
> 
> On 09/10/2014 02:55 PM, Carlos Reategui wrote:
>> Hi All,
>> This is a problem I have had for a while and worked around but would like
>> to get a proper solution for.   I have configured a basic shared network
>> without security groups.  The hosts are Xen 6.0.2.  I am currently on 4.3
>> but had this problem previously on 4.1.x and 4.2.x also.
>> 
>> The problem is that the iptables firewall is not getting configured
>> properly on the hosts and therefore I am unable to connect to any of the
>> VM's on that particular host.  My current solution is to have a crontab
>> every 5 minutes issue an "/etc/init.d/iptables stop".  The reason I have to
>> have it on a cron is that every time I create a new instance, the
>> cloudstack management server also sends a command to configure the firewall
>> which also turns it back on  (I guess I could also put an exit near the top
>> of the iptables script but that is still a workaround).  My network
>> offering does not have security groups so, as expected, I don't have a
>> means to edit ingress/egress rules.
>> 
>> Has anyone else run into this?  Is this a bug or something that I have not
>> properly configured?
>> 
>> Here is the output of the firewall on one of the hosts after creating a new
>> instance:
>> # iptables -L -n
>> Chain INPUT (policy ACCEPT)
>> target prot opt source   destination
>> 
>> Chain FORWARD (policy ACCEPT)
>> target prot opt source   destination
>> BRIDGE-FIREWALL  all  --  0.0.0.0/00.0.0.0/0   PHYSDEV
>> match --physdev-is-bridged
>> ACCEPT all  --  0.0.0.0/00.0.0.0/0   PHYSDEV match
>> --physdev-out eth2+ --physdev-is-bridged
>> ACCEPT all  --  0.0.0.0/00.0.0.0/0   PHYSDEV match
>> --physdev-out eth6+ --physdev-is-bridged
>> ACCEPT all  --  0.0.0.0/00.0.0.0/0   PHYSDEV match
>> --physdev-out eth5+ --physdev-is-bridged
>> ACCEPT all  --  0.0.0.0/00.0.0.0/0   PHYSDEV match
>> --physdev-out eth7+ --physdev-is-bridged
>> ACCEPT all  --  0.0.0.0/00.0.0.0/0   PHYSDEV match
>> --physdev-out eth3+ --physdev-is-bridged
>> ACCEPT all  --  0.0.0.0/00.0.0.0/0   PHYSDEV match
>> --physdev-out eth1+ --physdev-is-bridged
>> ACCEPT all  --  0.0.0.0/00.0.0.0/0   PHYSDEV match
>> --physdev-out eth4+ --physdev-is-bridged
>> ACCEPT all  --  0.0.0.0/00.0.0.0/0   PHYSDEV match
>> --physdev-out bond0+ --physdev-is-bridged
>> ACCEPT all  --  0.0.0.0/00.0.0.0/0   PHYSDEV match
>> --physdev-out eth0+ --physdev-is-bridged
>> ACCEPT all  --  0.0.0.0/00.0.0.0/0   PHYSDEV match
>> --physdev-out bond1+ --physdev-is-bridged
>> DROP   all  --  0.0.0.0/00.0.0.0/0
>> 
>> Chain OUTPUT (policy ACCEPT)
>> target prot opt source   destination
>> 
>> Chain BRIDGE-DEFAULT-FIREWALL (1 references)
>> target prot opt source   destination
>> ACCEPT all  --  0.0.0.0/00.0.0.0/0   state
>> RELATED,ESTABLISHED
>> ACCEPT udp  --  0.0.0.0/00.0.0.0/0   PHYSDEV match
>> --physdev-is-bridged udp spt:68 dpt:67
>> ACCEPT udp  --  0.0.0.0/00.0.0.0/0   PHYSDEV match
>> --physdev-is-bridged udp spt:67 dpt:68
>> 
>> Chain BRIDGE-FIREWALL (1 references)
>> target prot opt source   destination
>> BRIDGE-DEFAULT-FIREWALL  all  --  0.0.0.0/00.0.0.0/0
>> i-3-93-def  all  --  0.0.0.0/00.0.0.0/0   PHYSDEV match
>> --physdev-in vif20.0 --physdev-is-bridged
>> i-3-93-def  all  --  0.0.0.0/00.0.0.0/0   PHYSDEV match
>> --physdev-out vif20.0 --physdev-is-bridged
>> 
>> Chain i-3-93-VM (1 references)
>> target prot opt source   destination
>> 
>> Chain i-3-93-VM-eg (1 references)
>> target prot opt source   destination
>> 
>> Chain i-3-93-def (2 references)
>> target prot opt source   destination
>> RETURN udp  --  0.0.0.0/00.0.0.0/0   PHYSDEV match
>> --physdev-in vif20.0 --physdev-is-bridged set i-3-93-VM src udp dpt:53
>> DROP   all  --  0.0.0.0/00.0.0.0/0   PHYSDEV match
>> --physdev-in vif20.0 --physdev-is-bridged !set i-3-93-VM src
>> DROP   all  --  0.0.0.0/00.0.0.0/0   PHYSDEV match
>> --physdev-out vif20.0 --physd

Re: New error iptables

[Jayapal Reddy Uradi]

Hi Sandeep,

upset  for the vm i-2-3-VM is not found.
Try ipset -L command on the host to check the ipset names.
For help search ipset in 
http://jayapalu.blogspot.in/2013/09/security-groups-in-cloudstack.html

Why do you want to restart the iptables on the host?
When you reboot the host all the rules from the MS get reconfigured.


Thanks,
Jayapal

On 18-Aug-2014, at 3:06 PM, sandeep khandekar 
 wrote:

> Dear Cloudstackers,
> 
> [root@hypervisor ~]# service iptables restart
> iptables: Setting chains to policy ACCEPT: filter mangle na[  OK  ]
> iptables: Flushing firewall rules: [  OK  ]
> iptables: Unloading modules:   [  OK  ]
> iptables: Applying firewall rules: iptables-restore v1.4.7: Set i-2-3-VM
> doesn't exist.
> 
> Error occurred at line: 83
> Try `iptables-restore -h' or 'iptables-restore --help' for more information.
>   [FAILED]
> vi /etc/sysconfig/iptables
> 80 -A i-2-3-def -m state --state RELATED,ESTABLISHED -j ACCEPT
> 81 -A i-2-3-def -p udp -m physdev --physdev-in vnet9
> --physdev-is-bridged -m udp --sport 68 --dport 67 -j ACCEPT
> 82 -A i-2-3-def -p udp -m physdev --physdev-out vnet9
> --physdev-is-bridged -m udp --sport 67 --dport 68 -j ACCEPT
> 83 -A i-2-3-def -p udp -m physdev --physdev-in vnet9
> --physdev-is-bridged -m set --match-set i-2-3-VM src -m udp --dport 53 -j
> RETURN
> 84 -A i-2-3-def -m physdev --physdev-in vnet9 --physdev-is-bridged -m
> set --match-set i-2-3-VM src -j i-2-3-VM-eg
> 85 -A i-2-3-def -m physdev --physdev-out vnet9 --physdev-is-bridged -j
> i-2-3-VM
> 86 -A r-4-VM -m physdev --physdev-in vnet7 --physdev-is-bridged -j
> RETURN
> 87 -A r-4-VM -j ACCEPT
> 88 COMMIT
> 
> How to solve these error
> -- 
> SANDEEP KHANDEKAR
> Assistant Professor
> Department of Computer science and engineering
> Sreenidhi Institute of science and Technology
> Hyderabad

Re: CS VR on VMware

[Jayapal Reddy Uradi]

Hi Eric,

Did you created network with default network offering or customer network 
offering ?
What is egress default policy value (true) in the network offering ?

Can you please send iptables rules on VR, MS server log after VR start and 
network_offerings, network table output in pastebin.com

Thanks,
Jayapal
On 16-Jul-2014, at 3:48 PM, Eric Neumann - AOD 
 wrote:

> Hi All,
> 
> I’ve encountered a strange issue whereby egress firewall rules don’t seem to 
> apply to any CS VRs that are running on our VMware cluster, whereas any CS 
> VRs running on our XenServer cluster work as expected (these are in the same 
> and only zone). Even more strangely, port forwarding and ingress firewall 
> rules do apply correctly in either scenario.
> 
> Has anyone encountered anything similar or has any troubleshooting tips for 
> this? I have confirmed WAN connectivity, etc. from the VRs console and can 
> see that there’s no matching entry in the iptables.
> 
> We are running Citrix CloudPlatform 4.3.0.1.
> 
> Any pointers would be greatly appreciated!
> Thanks,
> Eric
> 

Re: InsufficientServerCapacityException - Unsure Why

[Jayapal Reddy Uradi]

Hi Elliot,

Reboot the router and see the management server for router startcommand.
These values are passed in startcommand.

If it has . at the end then check the database nics table for entry with guest 
ip.
If nic table has entry with . then correct and restart the MS and restart VR.

Thanks,
Jayapal

On 16-Jul-2014, at 3:39 PM, Elliot Berg 
 wrote:

> Hi,
> 
> I've got
> 
> template=domP name=r-27-VM eth0ip=10.4.2.6 eth0mask=255.0.0.0. 
> gateway=10.0.0.1 domain=cs1cloud.internal dhcprange=10.0.0.1 
> eth1ip=169.254.1.246 eth1mask=255.255.0.0 type=dhcpsrvr 
> disable_rp_filter=true dns1=10.0.0.12 dns2= ip6dns1= ip6dns2=
> 
> In that file, which includes the incorrect netmask.
> 
> Elliot
> 
> Jayapal Reddy Uradi wrote:
>> Hi,
>> 
>> Check the /var/cache/cloud/cmdline for eth0ip=10.1.1.1 eth0mask=255.255.255.0
>> If it is correct, then interfaces file is written wrongly.
>> The /etc/network/interfaces updated from the cloud-early-config on router 
>> boot.
>> 
>> What you can do is put set -x in cloud-early-config and run 
>> /etc/init.d/cloud-early-config from the router.
>> And observe the setup_interface for how /etc/network/interfaces is written.
>> 
>> Thanks,
>> Jayapal
>> 
>> On 16-Jul-2014, at 3:07 PM, Elliot Berg  wrote:
>> 
>>> Hi,
>>> 
>>> So that fails with the error
>>> 
>>> Error: an inet prefix is expected rather than "10.4.2.6/255.0.0.0.".
>>> Failed to bring up eth0.
>>> 
>>> I went and looked at the router's /etc/network/interfaces file and spotted 
>>> that the netmask has a "." on the end, as below. Removing that and then 
>>> running ifup eth0 works, however when I reboot the router that file appears 
>>> to be regenerated, as my change was undone. Does anyone know where the 
>>> information to generate that file comes from?
>>> 
>>> iface  eth0 inet static
>>>  address 10.4.2.6
>>>  netmask 255.0.0.0.
>>> 
>>> Thanks,
>>> 
>>> Elliot
>>> 
>>> Jayapal Reddy Uradi wrote:
>>>> Hi Elliot,
>>>> 
>>>> Can you please try 'ifup eth0' on the router.
>>>> It seems there is delay in bringing up the eth0 interface.
>>>> 
>>>> Thanks,
>>>> Jayapal
>>>> On 16-Jul-2014, at 12:40 PM, Elliot Berg   
>>>> wrote:
>>>> 
>>>>> I've already had to flatten and start again so I'd rather avoid it - but 
>>>>> my suspicion is that all of this is related to the kvm host's networking 
>>>>> somehow. I followed the instructions on the cloudstack install guide, and 
>>>>> ended up with the below - does it look right to you guys?
>>>>> 
>>>>> 
>>>>> auto lo
>>>>> iface lo inet loopback
>>>>> 
>>>>> auto eth0
>>>>> iface eth0 inet manual
>>>>> 
>>>>> auto cloudbr0
>>>>> iface cloudbr0 inet static
>>>>>bridge_ports eth0
>>>>>bridge_fd 5
>>>>>bridge_stp off
>>>>>bridge_maxwait 1
>>>>>address 10.4.0.2
>>>>>netmask 255.0.0.0
>>>>>network 10.0.0.0
>>>>>broadcast 10.255.255.255
>>>>>gateway 10.0.0.1
>>>>># dns-* options are implemented by the resolvconf package, if 
>>>>> installed
>>>>>dns-nameservers 10.0.0.12
>>>>>dns-search avco
>>>>> 
>>>>> auto cloudbr1
>>>>> iface cloudbr1 inet manual
>>>>>bridge_ports eth0
>>>>>bridge_fd 5
>>>>>bridge_stp off
>>>>>bridge_maxwait 1
>>>>> 
>>>>> Many Thanks,
>>>>> 
>>>>> Elliot
>>>>> 
>>>>> Elliot Berg wrote:
>>>>>> Hi,
>>>>>> 
>>>>>> Cloud.log contains the following just after the machine's rebooted;
>>>>>> 
>>>>>> Mon Jul 14 16:01:06 UTC 2014 checking that eth0 has IP
>>>>>> Mon Jul 14 16:01:07 UTC 2014 waiting for eth0 interface setup with ip 
>>>>>> timer=0
>>>>>> Mon Jul 14 16:01:08 UTC 2014 waiting for eth0 interface setup with ip 
>>>>>> timer=1
>>>>>> Mon Jul 14 16:01:09 UT

Re: InsufficientServerCapacityException - Unsure Why

[Jayapal Reddy Uradi]

Hi,

Check the /var/cache/cloud/cmdline for eth0ip=10.1.1.1 eth0mask=255.255.255.0
If it is correct, then interfaces file is written wrongly.
The /etc/network/interfaces updated from the cloud-early-config on router boot.

What you can do is put set -x in cloud-early-config and run 
/etc/init.d/cloud-early-config from the router.
And observe the setup_interface for how /etc/network/interfaces is written.

Thanks,
Jayapal

On 16-Jul-2014, at 3:07 PM, Elliot Berg  wrote:

> Hi,
> 
> So that fails with the error
> 
> Error: an inet prefix is expected rather than "10.4.2.6/255.0.0.0.".
> Failed to bring up eth0.
> 
> I went and looked at the router's /etc/network/interfaces file and spotted 
> that the netmask has a "." on the end, as below. Removing that and then 
> running ifup eth0 works, however when I reboot the router that file appears 
> to be regenerated, as my change was undone. Does anyone know where the 
> information to generate that file comes from?
> 
> iface  eth0 inet static
>  address 10.4.2.6
>  netmask 255.0.0.0.
> 
> Thanks,
> 
> Elliot
> 
> Jayapal Reddy Uradi wrote:
>> Hi Elliot,
>> 
>> Can you please try 'ifup eth0' on the router.
>> It seems there is delay in bringing up the eth0 interface.
>> 
>> Thanks,
>> Jayapal
>> On 16-Jul-2014, at 12:40 PM, Elliot Berg  wrote:
>> 
>>> I've already had to flatten and start again so I'd rather avoid it - but my 
>>> suspicion is that all of this is related to the kvm host's networking 
>>> somehow. I followed the instructions on the cloudstack install guide, and 
>>> ended up with the below - does it look right to you guys?
>>> 
>>> 
>>> auto lo
>>> iface lo inet loopback
>>> 
>>> auto eth0
>>> iface eth0 inet manual
>>> 
>>> auto cloudbr0
>>> iface cloudbr0 inet static
>>>bridge_ports eth0
>>>bridge_fd 5
>>>bridge_stp off
>>>bridge_maxwait 1
>>>address 10.4.0.2
>>>netmask 255.0.0.0
>>>network 10.0.0.0
>>>broadcast 10.255.255.255
>>>gateway 10.0.0.1
>>># dns-* options are implemented by the resolvconf package, if 
>>> installed
>>>dns-nameservers 10.0.0.12
>>>dns-search avco
>>> 
>>> auto cloudbr1
>>> iface cloudbr1 inet manual
>>>bridge_ports eth0
>>>bridge_fd 5
>>>bridge_stp off
>>>bridge_maxwait 1
>>> 
>>> Many Thanks,
>>> 
>>> Elliot
>>> 
>>> Elliot Berg wrote:
>>>> Hi,
>>>> 
>>>> Cloud.log contains the following just after the machine's rebooted;
>>>> 
>>>> Mon Jul 14 16:01:06 UTC 2014 checking that eth0 has IP
>>>> Mon Jul 14 16:01:07 UTC 2014 waiting for eth0 interface setup with ip 
>>>> timer=0
>>>> Mon Jul 14 16:01:08 UTC 2014 waiting for eth0 interface setup with ip 
>>>> timer=1
>>>> Mon Jul 14 16:01:09 UTC 2014 waiting for eth0 interface setup with ip 
>>>> timer=2
>>>> Mon Jul 14 16:01:10 UTC 2014 waiting for eth0 interface setup with ip 
>>>> timer=3
>>>> Mon Jul 14 16:01:11 UTC 2014 waiting for eth0 interface setup with ip 
>>>> timer=4
>>>> Mon Jul 14 16:01:12 UTC 2014 waiting for eth0 interface setup with ip 
>>>> timer=5
>>>> Mon Jul 14 16:01:13 UTC 2014 waiting for eth0 interface setup with ip 
>>>> timer=6
>>>> Mon Jul 14 16:01:14 UTC 2014 waiting for eth0 interface setup with ip 
>>>> timer=7
>>>> Mon Jul 14 16:01:15 UTC 2014 waiting for eth0 interface setup with ip 
>>>> timer=8
>>>> Mon Jul 14 16:01:16 UTC 2014 waiting for eth0 interface setup with ip 
>>>> timer=9
>>>> Mon Jul 14 16:01:17 UTC 2014 waiting for eth0 interface setup with ip 
>>>> timer=10
>>>> Mon Jul 14 16:01:18 UTC 2014 waiting for eth0 interface setup with ip 
>>>> timer=11
>>>> Mon Jul 14 16:01:19 UTC 2014 waiting for eth0 interface setup with ip 
>>>> timer=12
>>>> Mon Jul 14 16:01:20 UTC 2014 waiting for eth0 interface setup with ip 
>>>> timer=13
>>>> Mon Jul 14 16:01:21 UTC 2014 waiting for eth0 interface setup with ip 
>>>> timer=14
>>>> Mon Jul 14 16:01:22 UTC 2014 waiting for eth0 interface setup with ip 
>>>> timer=15
>>>> Mon Jul 14 16:01:23 UT

Re: InsufficientServerCapacityException - Unsure Why

[Jayapal Reddy Uradi]

Hi Elliot,

Can you please try 'ifup eth0' on the router.
It seems there is delay in bringing up the eth0 interface.

Thanks,
Jayapal
On 16-Jul-2014, at 12:40 PM, Elliot Berg  wrote:

> I've already had to flatten and start again so I'd rather avoid it - but my 
> suspicion is that all of this is related to the kvm host's networking 
> somehow. I followed the instructions on the cloudstack install guide, and 
> ended up with the below - does it look right to you guys?
> 
> 
> auto lo
> iface lo inet loopback
> 
> auto eth0
> iface eth0 inet manual
> 
> auto cloudbr0
> iface cloudbr0 inet static
>bridge_ports eth0
>bridge_fd 5
>bridge_stp off
>bridge_maxwait 1
>address 10.4.0.2
>netmask 255.0.0.0
>network 10.0.0.0
>broadcast 10.255.255.255
>gateway 10.0.0.1
># dns-* options are implemented by the resolvconf package, if installed
>dns-nameservers 10.0.0.12
>dns-search avco
> 
> auto cloudbr1
> iface cloudbr1 inet manual
>bridge_ports eth0
>bridge_fd 5
>bridge_stp off
>bridge_maxwait 1
> 
> Many Thanks,
> 
> Elliot
> 
> Elliot Berg wrote:
>> Hi,
>> 
>> Cloud.log contains the following just after the machine's rebooted;
>> 
>> Mon Jul 14 16:01:06 UTC 2014 checking that eth0 has IP
>> Mon Jul 14 16:01:07 UTC 2014 waiting for eth0 interface setup with ip timer=0
>> Mon Jul 14 16:01:08 UTC 2014 waiting for eth0 interface setup with ip timer=1
>> Mon Jul 14 16:01:09 UTC 2014 waiting for eth0 interface setup with ip timer=2
>> Mon Jul 14 16:01:10 UTC 2014 waiting for eth0 interface setup with ip timer=3
>> Mon Jul 14 16:01:11 UTC 2014 waiting for eth0 interface setup with ip timer=4
>> Mon Jul 14 16:01:12 UTC 2014 waiting for eth0 interface setup with ip timer=5
>> Mon Jul 14 16:01:13 UTC 2014 waiting for eth0 interface setup with ip timer=6
>> Mon Jul 14 16:01:14 UTC 2014 waiting for eth0 interface setup with ip timer=7
>> Mon Jul 14 16:01:15 UTC 2014 waiting for eth0 interface setup with ip timer=8
>> Mon Jul 14 16:01:16 UTC 2014 waiting for eth0 interface setup with ip timer=9
>> Mon Jul 14 16:01:17 UTC 2014 waiting for eth0 interface setup with ip 
>> timer=10
>> Mon Jul 14 16:01:18 UTC 2014 waiting for eth0 interface setup with ip 
>> timer=11
>> Mon Jul 14 16:01:19 UTC 2014 waiting for eth0 interface setup with ip 
>> timer=12
>> Mon Jul 14 16:01:20 UTC 2014 waiting for eth0 interface setup with ip 
>> timer=13
>> Mon Jul 14 16:01:21 UTC 2014 waiting for eth0 interface setup with ip 
>> timer=14
>> Mon Jul 14 16:01:22 UTC 2014 waiting for eth0 interface setup with ip 
>> timer=15
>> Mon Jul 14 16:01:23 UTC 2014 waiting for eth0 interface setup with ip 
>> timer=16
>> Mon Jul 14 16:01:23 UTC 2014 interface eth0 is not set up with ip... exiting
>> 
>> As I say, I'm wondering whether this indicates a more general networking 
>> issue on the host, as I'd have expected the virtual router to sort its own 
>> networking assuming the host's is fine?
>> 
>> Thanks,
>> 
>> Elliot
>> 
>> Jayapal Reddy Uradi wrote:
>>> Hi,
>>> 
>>> Check the logs while the router is booting. Also check /var/log/cloud.log
>>> 
>>> Thanks,
>>> Jayapal
>>> On 14-Jul-2014, at 2:39 PM, Elliot Berg
>>>  wrote:
>>> 
>>>> Hi,
>>>> 
>>>> I did that earlier as part of the troubleshooting when it was stuck - so 
>>>> I've just looked at the logs instead of recreating it again as that was 
>>>> only just done. When you say the router logs, do you mean general logs on 
>>>> the virtual router machine? If so, syslog/messages/kern.log/daemon.log are 
>>>> all empty?
>>>> 
>>>> Elliot
>>>> 
>>>> Jayapal Reddy Uradi wrote:
>>>>> Hi Elliot,
>>>>> 
>>>>> Try recreating router (destroy the router and deploy new vm, router get 
>>>>> recreated).
>>>>> After recreation if the problem still exists, check the router logs to 
>>>>> see why the interfaces are brought up.
>>>>> 
>>>>> 
>>>>> Thanks,
>>>>> jayapal
>>>>> 
>>>>> On 11-Jul-2014, at 1:38 PM, Elliot Berg   
>>>>> wrote:
>>>>> 
>>>>>> So, I'm wondering whether the guest not having the interfaces configured 
>>>&g

Re: InsufficientServerCapacityException - Unsure Why

[Jayapal Reddy Uradi]

Hi,

Check the logs while the router is booting. Also check /var/log/cloud.log

Thanks,
Jayapal
On 14-Jul-2014, at 2:39 PM, Elliot Berg 
 wrote:

> Hi,
> 
> I did that earlier as part of the troubleshooting when it was stuck - so I've 
> just looked at the logs instead of recreating it again as that was only just 
> done. When you say the router logs, do you mean general logs on the virtual 
> router machine? If so, syslog/messages/kern.log/daemon.log are all empty?
> 
> Elliot
> 
> Jayapal Reddy Uradi wrote:
>> Hi Elliot,
>> 
>> Try recreating router (destroy the router and deploy new vm, router get 
>> recreated).
>> After recreation if the problem still exists, check the router logs to see 
>> why the interfaces are brought up.
>> 
>> 
>> Thanks,
>> jayapal
>> 
>> On 11-Jul-2014, at 1:38 PM, Elliot Berg  wrote:
>> 
>>> So, I'm wondering whether the guest not having the interfaces configured 
>>> correctly (i.e. not having an IP) is just a symptom of more generally 
>>> broken networking - my interfaces file for the KVM host is below, does 
>>> anyone spot any issues?
>>> 
>>> auto lo
>>> iface lo inet loopback
>>> 
>>> auto eth0
>>> iface eth0 inet manual
>>> 
>>> auto cloudbr0
>>> iface cloudbr0 inet static
>>>bridge_ports eth0
>>>bridge_fd 5
>>>bridge_stp off
>>>bridge_maxwait 1
>>>address 10.4.0.2
>>>netmask 255.0.0.0
>>>network 10.0.0.0
>>>broadcast 10.255.255.255
>>>gateway 10.0.0.1
>>># dns-* options are implemented by the resolvconf package, if 
>>> installed
>>>dns-nameservers 10.0.0.12
>>>dns-search avco
>>> 
>>> auto cloudbr1
>>> iface cloudbr1 inet manual
>>>bridge_ports eth0
>>>bridge_fd 5
>>>bridge_stp off
>>>bridge_maxwait 1
>>> 
>>> Thanks,
>>> 
>>> Elliot
>>> 
>>> Elliot Berg wrote:
>>>> Doh! I did, but forgot about it being on a funny port. Now that I'm into 
>>>> the VM I can see that it's not running, and fails to start when it tries 
>>>> to bind to the address that it should have on the guest range. I notice 
>>>> that "ifconfig -a" shows two NICs, only one of which is up (the one with 
>>>> the link local IP).  I'm guessing that indicates a more general networking 
>>>> issue?
>>>> 
>>>> I think how it's laid out is 10.4.0.0-255 for physical machines (1 is the 
>>>> management server, 2 is the first host), 10.4.1.0-255 is the management 
>>>> network and 10.4.2.0-255 is the guest network...but it's possible I've 
>>>> misunderstood the networking config during setup? What I really wanted was 
>>>> hosts on 10.4.0.0-255 and guests on 10.4.1.0-255 (and beyond), as in the 
>>>> future I'd like it to co-exist with our existing infrastructure while we 
>>>> migrate things - but I kept being told about conflicts etc when I tried to 
>>>> set up cloudstack like that during the initial set up process?
>>>> 
>>>> Thanks,
>>>> 
>>>> Elliot
>>>> 
>>>> Jayapal Reddy Uradi wrote:
>>>>> Hi Elliot,
>>>>> 
>>>>> Did you ssh to VR using the ssh key ?
>>>>> Ex: ssh -i /root/.ssh/id_rsa.cloud -p 3922root@169.254.3.196
>>>>> 
>>>>> If it is failed to ssh, then there is issue with the ssh keys.
>>>>> 
>>>>> Thanks,
>>>>> Jayapal
>>>>> 
>>>>> 
>>>>> On 09-Jul-2014, at 4:43 PM, Harikrishna 
>>>>> Patnala   wrote:
>>>>> 
>>>>>> 1) Log into your KVM host.
>>>>>> 2) Use command “virsh list”. This gives the list of VMs on the host.
>>>>>> 3) Use command “virsh console” to log into the VR.
>>>>>> 
>>>>>> 
>>>>>> -Harikrishna
>>>>>> 
>>>>>> On 09-Jul-2014, at 3:52 pm, Elliot Berg   
>>>>>> wrote:
>>>>>> 
>>>>>>> I don't know - I can't seem to ssh to the link local IP. It pings, but 
>>>>>>> ssh times out. If I try and use the "connect to console" button in the 
>>>>>>

Re: InsufficientServerCapacityException - Unsure Why

[Jayapal Reddy Uradi]

Hi Elliot,

Try recreating router (destroy the router and deploy new vm, router get 
recreated).
After recreation if the problem still exists, check the router logs to see why 
the interfaces are brought up.


Thanks,
jayapal

On 11-Jul-2014, at 1:38 PM, Elliot Berg  wrote:

> So, I'm wondering whether the guest not having the interfaces configured 
> correctly (i.e. not having an IP) is just a symptom of more generally broken 
> networking - my interfaces file for the KVM host is below, does anyone spot 
> any issues?
> 
> auto lo
> iface lo inet loopback
> 
> auto eth0
> iface eth0 inet manual
> 
> auto cloudbr0
> iface cloudbr0 inet static
>bridge_ports eth0
>bridge_fd 5
>bridge_stp off
>bridge_maxwait 1
>address 10.4.0.2
>netmask 255.0.0.0
>network 10.0.0.0
>broadcast 10.255.255.255
>gateway 10.0.0.1
># dns-* options are implemented by the resolvconf package, if installed
>dns-nameservers 10.0.0.12
>dns-search avco
> 
> auto cloudbr1
> iface cloudbr1 inet manual
>bridge_ports eth0
>bridge_fd 5
>bridge_stp off
>bridge_maxwait 1
> 
> Thanks,
> 
> Elliot
> 
> Elliot Berg wrote:
>> Doh! I did, but forgot about it being on a funny port. Now that I'm into the 
>> VM I can see that it's not running, and fails to start when it tries to bind 
>> to the address that it should have on the guest range. I notice that 
>> "ifconfig -a" shows two NICs, only one of which is up (the one with the link 
>> local IP).  I'm guessing that indicates a more general networking issue?
>> 
>> I think how it's laid out is 10.4.0.0-255 for physical machines (1 is the 
>> management server, 2 is the first host), 10.4.1.0-255 is the management 
>> network and 10.4.2.0-255 is the guest network...but it's possible I've 
>> misunderstood the networking config during setup? What I really wanted was 
>> hosts on 10.4.0.0-255 and guests on 10.4.1.0-255 (and beyond), as in the 
>> future I'd like it to co-exist with our existing infrastructure while we 
>> migrate things - but I kept being told about conflicts etc when I tried to 
>> set up cloudstack like that during the initial set up process?
>> 
>> Thanks,
>> 
>> Elliot
>> 
>> Jayapal Reddy Uradi wrote:
>>> Hi Elliot,
>>> 
>>> Did you ssh to VR using the ssh key ?
>>> Ex: ssh -i /root/.ssh/id_rsa.cloud -p 3922root@169.254.3.196
>>> 
>>> If it is failed to ssh, then there is issue with the ssh keys.
>>> 
>>> Thanks,
>>> Jayapal
>>> 
>>> 
>>> On 09-Jul-2014, at 4:43 PM, Harikrishna 
>>> Patnala  wrote:
>>> 
>>>> 1) Log into your KVM host.
>>>> 2) Use command “virsh list”. This gives the list of VMs on the host.
>>>> 3) Use command “virsh console” to log into the VR.
>>>> 
>>>> 
>>>> -Harikrishna
>>>> 
>>>> On 09-Jul-2014, at 3:52 pm, Elliot Berg  
>>>> wrote:
>>>> 
>>>>> I don't know - I can't seem to ssh to the link local IP. It pings, but 
>>>>> ssh times out. If I try and use the "connect to console" button in the 
>>>>> gui, that too times out :(
>>>>> 
>>>>> Elliot
>>>>> 
>>>>> Harikrishna Patnala wrote:
>>>>>>> From the logs
>>>>>> 2014-07-08 12:08:56,218 DEBUG [agent.transport.Request] 
>>>>>> (AgentManager-Handler-1:null) Seq 1-277348416: Processing:  { Ans: , 
>>>>>> MgmtId: 159320647860937, via: 1, Ver: v1, Flags: 110, 
>>>>>> [{"com.cloud.agent.api.Answer":{"result":false,"details":"grep: 
>>>>>> /var/lib/misc/dnsmasq.leases: No such file or directory","wait":0}}] }
>>>>>> 
>>>>>> Can you check whether dnsmasq service is running in the Virtual Router ? 
>>>>>> if not, start the service and check for “/var/lib/misc/dnsmasq.leases”
>>>>>> 
>>>>>> -Harikrishna
>>>>>> 
>>>>>> On 08-Jul-2014, at 3:47 pm, Elliot Berg   
>>>>>> wrote:
>>>>>> 
>>>>>>> Hi,
>>>>>>> 
>>>>>>> I've done that, and now there's a new virtual router which says it's 
>>>>>>> running, however a deploym

Re: Assign Static IP to a guest VM

[Jayapal Reddy Uradi]

Hi Suneel,

While deploying VM you can specify the ip address for the VM in API.
If the vm is already deployed then you can acquire secondary ip to the nic and 
configure the 
ip in the VM using ip addr command.

Thanks,
Jayapal


On 10-Jul-2014, at 12:00 PM, Venkata Suneel Babu Mallela 

 wrote:

> Hi All,
> 
> How can I assign my own static IP address to a guest VM from CloudStack UI 
> when DHCP is enabled in the Virtual Router?
> 
> Thank you,
> Suneel Mallela
> 

Re: InsufficientServerCapacityException - Unsure Why

[Jayapal Reddy Uradi]

Hi Elliot,

Did you ssh to VR using the ssh key ?
Ex: ssh -i /root/.ssh/id_rsa.cloud -p 3922 root@169.254.3.196

If it is failed to ssh, then there is issue with the ssh keys.

Thanks,
Jayapal


On 09-Jul-2014, at 4:43 PM, Harikrishna Patnala 
 wrote:

> 1) Log into your KVM host.
> 2) Use command “virsh list”. This gives the list of VMs on the host.
> 3) Use command “virsh console ” to log into the VR.
> 
> 
> -Harikrishna
> 
> On 09-Jul-2014, at 3:52 pm, Elliot Berg  wrote:
> 
>> I don't know - I can't seem to ssh to the link local IP. It pings, but ssh 
>> times out. If I try and use the "connect to console" button in the gui, that 
>> too times out :(
>> 
>> Elliot
>> 
>> Harikrishna Patnala wrote:
 From the logs
>>> 2014-07-08 12:08:56,218 DEBUG [agent.transport.Request] 
>>> (AgentManager-Handler-1:null) Seq 1-277348416: Processing:  { Ans: , 
>>> MgmtId: 159320647860937, via: 1, Ver: v1, Flags: 110, 
>>> [{"com.cloud.agent.api.Answer":{"result":false,"details":"grep: 
>>> /var/lib/misc/dnsmasq.leases: No such file or directory","wait":0}}] }
>>> 
>>> Can you check whether dnsmasq service is running in the Virtual Router ? if 
>>> not, start the service and check for “/var/lib/misc/dnsmasq.leases”
>>> 
>>> -Harikrishna
>>> 
>>> On 08-Jul-2014, at 3:47 pm, Elliot Berg  wrote:
>>> 
 Hi,
 
 I've done that, and now there's a new virtual router which says it's 
 running, however a deployment still fails. My latest lot of logs are 
 available at 
 https://dl.dropboxusercontent.com/u/47728104/management-server.log.gz, and 
 there's now one thing in the op_it_work table with a step != 'Done', which 
 is a ConsoleProxy.
 
 Interestingly if I look at the console proxy vm in the cloudstack 
 management gui it says it's running, though.
 
 Thanks,
 
 Elliot
 
 Harikrishna Patnala wrote:
> Yes mark the VR to stopped, destroy VR, mark the VR entry in op_it_work 
> to “Done” and try deploying VM.
> 
> -Harikrishna
> 
> On 08-Jul-2014, at 12:44 pm, Elliot Berg   
> wrote:
> 
>> Hi,
>> 
>> It appears to be stuck in the "starting" state - so I don't get the 
>> option to reboot it or anything. If I change the state to stopped in the 
>> database directly will the management server attempt to start it again 
>> or do I need to do something more?
>> 
>> Thanks!
>> 
>> Elliot
>> 
>> Harikrishna Patnala wrote:
>>> Is your Virtual Router up and running ? If is in running state you can 
>>> mark it Done and deploy a VM.
>>> If it is in stopped state try restarting it. You can try updating the 
>>> field as well.
>>> 
>>> -Harikrishna
>>> 
>>> On 07-Jul-2014, at 7:10 pm, Elliot Berg
>>> wrote:
>>> 
 I can see two entries that have the "step" field set to something 
 other than "Done", one of them is
 
 ConsoleProxy | Starting
 
 and the other is
 
 DomainRouter | Prepare
 
 Am I safe to just delete the rows, or should I just update the field?
 
 Thanks,
 
 Elliot
 
 Harikrishna Patnala wrote:
> Do you see any work item pending for Virtual Router r-4-VM in 
> “op_it_work” table ?
> If there are any, remove those entries and try VM deployment again.
> 
> I see in the logs that VR has a task pending
> 2014-07-07 10:28:15,934 WARN  [cloud.vm.VirtualMachineManagerImpl] 
> (Job-Executor-5:job-48 = [ 22369802-b5aa-4b5a-a26d-1fab11241551 ]) 
> The task item for vm VM[DomainRouter|r-4-VM] has been inactive for 
> 418531
> 
> 
> -Harikrishna
> 
> 
> On 07-Jul-2014, at 2:18 pm, Elliot 
> Bergmailto:elliot.b...@avcosystems.com>> 
> wrote:
> 
> I'm still not really spotting anything indicating why it's not using 
> the host, but I suspect that's just because I don't really know what 
> I'm looking for - so I've zipped the whole log for today and stuffed 
> it on dropbox at 
> https://dl.dropboxusercontent.com/u/47728104/management-server.log.gz.
> 
> Hopefully someone who's used cloudstack a lot more will have more 
> success!
> 
> Thanks,
> 
> Elliot
> 
> 
> Elliot Berg wrote:
> I'm going back over everything and I've noticed something else - 
> everywhere I've looked for how to use local storage says I should 
> change two global settings;
> 
> 
>  *   system.vm.use.local.storage = true
>  *   use.local.storage = true
> 
> However I'm looking at my global settings and only the first exists 
> (which I have set to true).
> 
> Elliot
> 
> Elliot B

Re: Host in Alert state after upgrade

[Jayapal Reddy Uradi]

Hi Carlos,

For the xen 5.6, 6.0 and 6.0.2 CSP packages are available.
http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.2.0/html/Installation_Guide/citrix-xenserver-installation.html#xenserver-support-pkg-installation
For xenserver 6.2, I think CSP comes by default.

After installing CSP, If you insert ipset modules manually, Is it not working ?
After installing CSP, did you try restarting host ?

Thanks,
Jayapal
 

On 03-Jul-2014, at 6:41 AM, Carlos Reategui  wrote:

> anybody?  I restarted my XS hosts with the fallback kernel and I was able
> to proceed with the upgrade.  Servers are now out of alert state.
> 
> This seems like an issue that needs to be addressed in the docs.  How does
> one go about getting the ipset-modules for the updated XenServer kernels?
> 
> 
> On Tue, Jul 1, 2014 at 10:50 AM, Carlos Reategui 
> wrote:
> 
>> So upset is part of the CSP.  I tried re-installing it but the kernel
>> modules are not there for my current kernel version.
>> 
>> Here are the contents of the CSP:
>> 
>> mount -o loop xenserver-cloud-supp.iso /mnt/tmp
>> # ll /mnt/tmp/
>> total 1437
>> -r--r--r-- 1 root root  31340 Jan 24  2012 arptables-0.0.3-4.i686.rpm
>> -r--r--r-- 1 root root   3506 Jan 24  2012 csp-pack-6.0.2-53069p.noarch.rpm
>> -r--r--r-- 1 root root  98961 Jan 24  2012
>> ebtables-2.0.9-1.el5.1.xs.i386.rpm
>> -r-xr-xr-x 1 root root   7163 Jan 24  2012 install.sh
>> -r--r--r-- 1 root root  46791 Jan 24  2012 ipset-4.5-1.xs32.i686.rpm
>> *-r--r--r-- 1 root root  47895 Jan 24  2012
>> ipset-modules-kdump-2.6.32.12-0.7.1.xs6.0.2.542.170665-4.5-1.xs32.i686.rpm*
>> *-r--r--r-- 1 root root  48020 Jan 24  2012
>> ipset-modules-xen-2.6.32.12-0.7.1.xs6.0.2.542.170665-4.5-1.xs32.i686.rpm*
>> -r--r--r-- 1 root root 247133 Jan 24  2012
>> iptables-1.3.5-5.3.el5_4.1.1.xs32.i386.rpm
>> -r--r--r-- 1 root root 719799 Jan 24  2012
>> iptables-debuginfo-1.3.5-5.3.el5_4.1.1.xs32.i386.rpm
>> -r--r--r-- 1 root root  49657 Jan 24  2012
>> iptables-devel-1.3.5-5.3.el5_4.1.1.xs32.i386.rpm
>> -r--r--r-- 1 root root 166044 Jan 24  2012
>> iptables-ipv6-1.3.5-5.3.el5_4.1.1.xs32.i386.rpm
>> -r--r--r-- 1 root root   1600 Jan 24  2012 XS-PACKAGES
>> -r--r--r-- 1 root root262 Jan 24  2012 XS-REPOSITORY
>> 
>> How do I go about getting the required kernel modules for:
>> # uname -a
>> Linux srvengxen02 2.6.32.12-0.7.1.xs6.0.2.611.170703xen #1 SMP Mon Oct 21
>> 11:21:50 EDT 2013 i686 i686 i386 GNU/Linux
>> 
>> How is this supposed to be handled in general when one applies XenServer
>> kernel patches?
>> 
>> thanks,
>> Carlos
>> 
>> 
>> 
>> On Tue, Jul 1, 2014 at 10:12 AM, Carlos Reategui 
>> wrote:
>> 
>>> Looking around for the ipset kernel module, I found it in an older
>>> version of the kernel:
>>> 
>>> # uname -a
>>> Linux srvengxen02 2.6.32.12-0.7.1.xs6.0.2.611.170703xen #1 SMP Mon Oct 21
>>> 11:21:50 EDT 2013 i686 i686 i386 GNU/Linux
>>> # find /lib/modules/ -name ip_set.ko
>>> /lib/modules/2.6.32.12-0.7.1.xs6.0.2.542.170665xen/extra/ipset/ip_set.ko
>>> /lib/modules/2.6.32.12-0.7.1.xs6.0.2.542.170665kdump/extra/ipset/ip_set.ko
>>> 
>>> So where does ip_set come from?  Is that part of the CSP should I
>>> re-install it?
>>> 
>>> thanks,
>>> Carlos
>>> 
>>> 
>>> 
>>> On Tue, Jul 1, 2014 at 9:25 AM, Carlos Reategui 
>>> wrote:
>>> 
 Starting a new thread...
 
 Environment: Ubuntu 12.04 + XenServer 6.0.2, Upgrading Cloudstack 4.1.1
 ---> 4.4 (deb packages built from source).
 
 If I attempt a "force reconnect" from UI it errors out.
 
 I found the following on one of the hosts in the SMLog:
 
 [760] 2014-07-01 09:18:40.980234['/bin/bash',
 '/opt/cloud/bin/setupxenserver.sh']
 [760] 2014-07-01 09:18:41.023377SUCCESS
 [785] 2014-07-01 09:18:41.251005['ebtables', '-V']
 [785] 2014-07-01 09:18:41.268054SUCCESS
 [785] 2014-07-01 09:18:41.268250['ipset', '-V']
 [785] 2014-07-01 09:18:41.311253FAILED: (rc 1) stdout: 'ipset
 v4.5, protocol version 4.
 ', stderr: 'FATAL: Module ip_set not found.
 ipset v4.5: Couldn't verify kernel module version!
 '
 
 Any ideas how to fix this?
 
 thanks,
 Carlos
 
 
 
>>> 
>> 

Re: VPC's VR missing public NIC eth1

[Jayapal Reddy Uradi]

Hi,
Can you please share management server and router logs in pastebin.com to 
understand the issue ?

Thanks,
Jayapal

On 27-May-2014, at 6:21 PM, Andrija Panic 
 wrote:

> Hi,
> 
> after the upgrade to ACS 4.3 (from 4.2.1) existing VRs for VPC lost their
> eth1 which is public NIC. VR got eth0(control nic) and eth2 and eth3 (bith
> belonging to Tiers). From CS GUI, it is reported that the VR has eth1 with
> Public network attached, but from inside (ssh to VR) there is no eth1 with
> public IP...
> 
> Even after destroying those VR, they are recreated again, but without eth1.
> 
> Anybody experienced same situtation ?
> 
> Thanks,
> 
> -- 
> 
> Andrija Panić
> --

Re: XenServer 6.2 blocks vm outgoing traffic

[Jayapal Reddy Uradi]

For user vms outgoing traffic to allow you need to add egress rules on network.


Thanks,
Jayapal

On 20-May-2014, at 8:38 PM, Andrei Mikhailovsky  wrote:

> Hello guys, 
> 
> Having a bit of an issue with clean installs of ACS 4.2.1. The same issue is 
> present on ACS 4.3. Both of the system vms are created and shown as Running. 
> When I login either to ssvm or cpvm I am able to ping internal and external 
> dns servers, as well as I can ping public hosts like 8.8.8.8, etc. I am able 
> to access public IPs on ports 80 or 443 and that's pretty much it.I am unable 
> to resolve anything or access any other ports. This applies to the management 
> and public networks. 
> 
> I had a quick investigation and it seems that the XenServer iptables rules 
> are not properly setup. The default iptables policy that I have is: 
> 
> # iptables -L -nv 
> Chain INPUT (policy ACCEPT 0 packets, 0 bytes) 
> pkts bytes target prot opt in out source destination 
> 6880K 9595M RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0 
> 
> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) 
> pkts bytes target prot opt in out source destination 
> 40776 25M RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0 
> 
> Chain OUTPUT (policy ACCEPT 6152K packets, 15G bytes) 
> pkts bytes target prot opt in out source destination 
> 
> Chain RH-Firewall-1-INPUT (2 references) 
> pkts bytes target prot opt in out source destination 
> 2355K 5758M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 
> 349K 21M ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 255 
> 0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0 
> 0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0 
> 3 261 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.251 udp dpt:5353 
> 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:631 
> 3 180 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:631 
> 0 0 ACCEPT udp -- xenapi * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 
> 4164K 3815M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 
> 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:694 
> 19 1092 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 
> 13 732 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 
> 10542 632K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443 
> 42147 26M REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with 
> icmp-host-prohibited 
> 
> 
> In order for my system vms to resolve anything I have to manually add the 
> following lines on the hypervisor: 
> 
> iptables -I RH-Firewall-1-INPUT -p udp --dport 53 -j ACCEPT 
> iptables -I RH-Firewall-1-INPUT -p tcp --dport 53 -j ACCEPT 
> 
> Has anyone seen this behaviour from a clean install? Did I miss an important 
> step during the hypervisor install? 
> 
> My networking is Advanced + XenServer 6.2 with latest updates. I have the 
> following network setup: 
> 
> NIC0 - Network Name in XenCenter - Management. ACS traffic label for the 
> Management network is Management 
> 
> NIC1 - Network name in XenCenter - CloudStack - ACS traffic labels for Public 
> and Guest networks is CloudStack 
> 
> Cheers 
> 
> Andrei 
> 
> 

Re: Public networking VR fails to start

[Jayapal Reddy Uradi]

Hi,

Logs given below after resource allocation logs, we need to look at the more 
previous logs.
Can you please put the logs in pastebin.com

Thanks,
Jayapal
On 19-May-2014, at 4:13 AM, Jonathan Gowar  wrote:

> On Sat, 2014-05-17 at 04:03 +0000, Jayapal Reddy Uradi wrote:
>> For com.cloud.exception.InsufficientServerCapacityException you need to 
>> observe the logs above this exception to
>> get an idea about what is exactly failing.
> 
> I find this hard to decyper:-
> 
> 2014-05-18 23:34:53,894 DEBUG [o.a.c.e.o.NetworkOrchestrator]
> (Job-Executor-30:ctx-de5169f4 ctx-b1b86e70) Cleaning up because we're
> unable to implement the network Ntwk[208|Guest|8]
> 2014-05-18 23:34:53,982 DEBUG [o.a.c.e.o.NetworkOrchestrator]
> (Job-Executor-30:ctx-de5169f4 ctx-b1b86e70) Lock is acquired for network
> Ntwk[208|Guest|8] as a part of network shutdown
> 2014-05-18 23:34:54,023 DEBUG [o.a.c.e.o.NetworkOrchestrator]
> (Job-Executor-30:ctx-de5169f4 ctx-b1b86e70) Releasing 0 port forwarding
> rules for network id=208 as a part of shutdownNetworkRules
> 2014-05-18 23:34:54,023 DEBUG [c.c.n.f.FirewallManagerImpl]
> (Job-Executor-30:ctx-de5169f4 ctx-b1b86e70) There are no rules to
> forward to the network elements
> 2014-05-18 23:34:54,024 DEBUG [o.a.c.e.o.NetworkOrchestrator]
> (Job-Executor-30:ctx-de5169f4 ctx-b1b86e70) Releasing 0 static nat rules
> for network id=208 as a part of shutdownNetworkRules
> 2014-05-18 23:34:54,024 DEBUG [c.c.n.f.FirewallManagerImpl]
> (Job-Executor-30:ctx-de5169f4 ctx-b1b86e70) There are no rules to
> forward to the network elements
> 2014-05-18 23:34:54,026 DEBUG [c.c.n.l.LoadBalancingRulesManagerImpl]
> (Job-Executor-30:ctx-de5169f4 ctx-b1b86e70) Revoking 0 Public load
> balancing rules for network id=208
> 2014-05-18 23:34:54,026 DEBUG [c.c.n.l.LoadBalancingRulesManagerImpl]
> (Job-Executor-30:ctx-de5169f4 ctx-b1b86e70) There are no Load Balancing
> Rules to forward to the network elements
> 2014-05-18 23:34:54,029 DEBUG [c.c.n.l.LoadBalancingRulesManagerImpl]
> (Job-Executor-30:ctx-de5169f4 ctx-b1b86e70) Revoking 0 Internal load
> balancing rules for network id=208
> 2014-05-18 23:34:54,029 DEBUG [c.c.n.l.LoadBalancingRulesManagerImpl]
> (Job-Executor-30:ctx-de5169f4 ctx-b1b86e70) There are no Load Balancing
> Rules to forward to the network elements
> 2014-05-18 23:34:54,030 DEBUG [o.a.c.e.o.NetworkOrchestrator]
> (Job-Executor-30:ctx-de5169f4 ctx-b1b86e70) Releasing 0 firewall ingress
> rules for network id=208 as a part of shutdownNetworkRules
> 2014-05-18 23:34:54,030 DEBUG [c.c.n.f.FirewallManagerImpl]
> (Job-Executor-30:ctx-de5169f4 ctx-b1b86e70) There are no rules to
> forward to the network elements
> 2014-05-18 23:34:54,032 DEBUG [o.a.c.e.o.NetworkOrchestrator]
> (Job-Executor-30:ctx-de5169f4 ctx-b1b86e70) Releasing 0 firewall egress
> rules for network id=208 as a part of shutdownNetworkRules
> 2014-05-18 23:34:54,035 DEBUG [c.c.n.f.FirewallManagerImpl]
> (Job-Executor-30:ctx-de5169f4 ctx-b1b86e70) applying default firewall
> egress rules 
> 2014-05-18 23:34:54,047 DEBUG [c.c.n.f.FirewallManagerImpl]
> (Job-Executor-30:ctx-de5169f4 ctx-b1b86e70) There are no rules to
> forward to the network elements
> 2014-05-18 23:34:54,048 DEBUG [c.c.n.r.RulesManagerImpl]
> (Job-Executor-30:ctx-de5169f4 ctx-b1b86e70) Found 0 static nat rules to
> apply for network id 208
> 2014-05-18 23:34:54,061 DEBUG
> [c.c.n.r.VirtualNetworkApplianceManagerImpl]
> (Job-Executor-30:ctx-de5169f4 ctx-b1b86e70) Router r-15-VM is in
> Stopped, so not sending apply ip association commands to the backend
> 2014-05-18 23:34:54,064 DEBUG [o.a.c.e.o.NetworkOrchestrator]
> (Job-Executor-30:ctx-de5169f4 ctx-b1b86e70) Sending network shutdown to
> VirtualRouter
> 2014-05-18 23:34:54,066 DEBUG
> [c.c.n.r.VirtualNetworkApplianceManagerImpl]
> (Job-Executor-30:ctx-de5169f4 ctx-b1b86e70) Stopping router
> VM[DomainRouter|r-15-VM]
> 2014-05-18 23:34:54,068 DEBUG [c.c.v.VirtualMachineManagerImpl]
> (Job-Executor-30:ctx-de5169f4 ctx-b1b86e70) VM is already stopped:
> VM[DomainRouter|r-15-VM]
> 2014-05-18 23:34:54,071 DEBUG [o.a.c.e.o.NetworkOrchestrator]
> (Job-Executor-30:ctx-de5169f4 ctx-b1b86e70) Network id=208 is shutdown
> successfully, cleaning up corresponding resources now.
> 2014-05-18 23:34:54,073 DEBUG [c.c.n.g.GuestNetworkGuru]
> (Job-Executor-30:ctx-de5169f4 ctx-b1b86e70) Releasing vnet for the
> network id=208
> 2014-05-18 23:34:54,162 DEBUG [o.a.c.e.o.NetworkOrchestrator]
> (Job-Executor-30:ctx-de5169f4 ctx-b1b86e70) Lock is released for network
> Ntwk[208|Guest|8] as a part of network shutdown
> 2014-05-18 23:34:54,163 DEBUG [o.a.c.e.o.NetworkOrchestrator]
> (Job-Executor-30:ctx-de5169f4 ctx-b1b86e70) Lock is re

Re: Public networking VR fails to start

[Jayapal Reddy Uradi]

Hi,

For com.cloud.exception.InsufficientServerCapacityException you need to observe 
the logs above this exception to
get an idea about what is exactly failing.

Also check the dashboard for resources.

Thanks,
Jayapal

On 17-May-2014, at 7:06 AM, Jonathan Gowar  wrote:

> On Thu, 2014-05-15 at 00:35 +0100, Jonathan Gowar wrote:
>> On Wed, 2014-05-14 at 13:03 -0400, dean.kam...@gmail.com wrote:
>>> Jonathan, you can always start over, but that's not logical way of 
>>> troubleshooting, you might have specified wrong IP settings when you first 
>>> created the zone, and RV is failing because it's not able to ping outside 
>>> world. 
>> 
>> Oh, I agree, starting over is never the way to learn, but the logging is
>> so sparse, and troubleshooting isn't getting me any closer.
>> 
>>> I asked you to check if you see able to ping ssvm public IP address, if not 
>>> then that's could be it. Otherwise it could be something else. 
>> 
>> Sorry, I missed that question.  Yes, I can ping the SSVM public IP
>> address.
> 
> I'm making no progress.  The log files are hard to interperate, and what
> errors are provided don't seem to translate to anything meaningful.
> 
> 
> 
> com.cloud.exception.InsufficientServerCapacityException: Unable to
> create a deployment for VM[DomainRouter|r-15-VM]Scope=interface
> com.cloud.dc.DataCenter; id=1
> 
> 
> 
> I seem to be the only person experiencing this, but I've combed through
> the install manual, and everything appears in order.
> 
> The advanced networking actually seems relatively staight forward, and I
> can see public traffic on the trunked hv ports; using iftop.
> 
> Can I enable extra verbose logging?  ...or can someone give me a
> step-by-step practical example of how to create an advance network and
> successfully launch an instance... at the moment it may as well be by
> magic :(
> 

Re: Thanks everyone who helped me for installing cloudstack

[Jayapal Reddy Uradi]

Hi Sandeep,

Great to hear.
I think you used ubuntu, please write blog with steps to save new users time.


Thanks,
Jayapal

On 05-May-2014, at 11:40 AM, Rajesh Battala 
 wrote:

> Great to hear about your deployment is successful.
> 
> -Original Message-
> From: sandeep khandekar [mailto:cloudstack.sand...@gmail.com] 
> Sent: Monday, May 5, 2014 11:13 AM
> To: users@cloudstack.apache.org
> Subject: Thanks everyone who helped me for installing cloudstack
> 
> Dear Cloudstackers,
> 
> Today I have successfully created a virtual Machine on my Cloudstack Machine. 
> I would like to share my happiness with you. It took more time to install and 
> lots more to learn from you. Thankyou all for helping me in all the ways you 
> can.
> 
> Find the screenshot of my machine which is running properly
> 
> http://imgur.com/a/IXOz9#16
> 
> 
> Thank you cloudstackers.
> 
> --
> SANDEEP KHANDEKAR
> Assistant Professor
> Department of Computer science and engineering Sreenidhi Institute of science 
> and Technology Hyderabad

Re: Failed to mount error in Agent log file - Fresh installation

[Jayapal Reddy Uradi]

> | 0 |   0 | 1365314069 | 279278805451285 | NULL |
> 2014-04-21 10:10:07 | NULL|7 | Enabled| NULL  |
> NULL| Disabled |
> +++--++++-+-++-+-+--+---+---++---+-+++++--+---+---+-+-+++--+-+++--+---+---+---+-++-+--+-+-+--++---+-+--+
> 3 rows in set (0.00 sec)
> 
> mysql>
> 
> If you need any specific fields I can send you the output again.
> 
> And here is the Good news Jaypal when I came today morning, My centos
> template shows 18% downloaded and bad news is - secondary storage shows
> full, my primary storage is taking all the drive space(416GB) and secondary
> storage is shows only 217MB.
> some of the screen shots of my dash board do get better Idea
> 
> http://imgur.com/a/cEHKP#10
> 
> http://imgur.com/a/cEHKP#11
> 
> 
> 
> On Mon, Apr 21, 2014 at 5:34 PM, Jayapal Reddy Uradi <
> jayapalreddy.ur...@citrix.com> wrote:
> 
>> Hi Sandeep,
>> 
>> send your host table content.
>> SELECT * FROM cloud.host;
>> 
>> I want to check the URL which you have given for nfs secondary storage.
>> 
>> -Jayapal
>> 
>> On 21-Apr-2014, at 5:14 PM, sandeep khandekar <
>> cloudstack.sand...@gmail.com>
>> wrote:
>> 
>>> Hi Jaypal,
>>> 
>>> How to resolve from management server secondary?
>>> 
>>> mount command shows the following information
>>> 
>>> root@cloudstack:/var/log/cloudstack/management# mount
>>> /dev/sda5 on / type ext4 (rw,errors=remount-ro)
>>> proc on /proc type proc (rw,noexec,nosuid,nodev)
>>> sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
>>> none on /sys/fs/fuse/connections type fusectl (rw)
>>> none on /sys/kernel/debug type debugfs (rw)
>>> none on /sys/kernel/security type securityfs (rw)
>>> udev on /dev type devtmpfs (rw,mode=0755)
>>> devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
>>> tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755)
>>> none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880)
>>> none on /run/shm type tmpfs (rw,nosuid,nodev)
>>> cgroup on /sys/fs/cgroup type tmpfs (rw,relatime,mode=755)
>>> cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,relatime,cpuset)
>>> cgroup on /sys/fs/cgroup/cpu type cgroup (rw,relatime,cpu)
>>> cgroup on /sys/fs/cgroup/cpuacct type cgroup (rw,relatime,cpuacct)
>>> cgroup on /sys/fs/cgroup/memory type cgroup (rw,relatime,memory)
>>> cgroup on /sys/fs/cgroup/devices type cgroup (rw,relatime,devices)
>>> cgroup on /sys/fs/cgroup/freezer type cgroup (rw,relatime,freezer)
>>> cgroup on /sys/fs/cgroup/blkio type cgroup (rw,relatime,blkio)
>>> cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,relatime,perf_event)
>>> cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,relatime,hugetlb)
>>> rpc_pipefs on /run/rpc_pipefs type rpc_pipefs (rw)
>>> nfsd on /proc/fs/nfsd type nfsd (rw)
>>> gvfs-fuse-daemon on /home/cloudstack/.gvfs type fuse.gvfs-fuse-daemon
>>> (rw,nosuid,nodev,user=cloudstack)
>>> 10.4.6.17:/export/secondary on /mnt/secondary type nfs
>>> (rw,tcp,intr,vers=4,addr=10.4.6.17,clientaddr=10.4.6.17)
>>> 10.4.6.17:/export/primary on /mnt/primary type nfs
>>> (rw,tcp,intr,vers=4,addr=10.4.6.17,clientaddr=10.4.6.17)
>>> 10.4.6.17:/export/primary on /mnt/25838d34-9a6f-3266-912e-db84d3f365d6
>> type
>>> nfs (rw,vers=4,addr=10.4.6.17,clientaddr=10.4.6.17)
>>> 
>>> The last line looks unusual, It got created automatically -
>>> cloudstack-management-server.
>>> 
>>> I revoked the mount which I have done it manually previously.
>>> with the below command
>>> sudo mount -t nfs 10.4.6.17:/export/secondary/template/tmpl/1/3/
>>> /mnt/53d355b8-a8c7-33a2-b9fd-e6d68ff7eec0/
>>> 
>>> Any guidance, how to solve?.
>>> 
>>> 
>>> On Mon, Apr 21, 2014 at 4:25 PM, Jayapal Reddy Uradi <
>>> jayapalreddy.u

Re: Insufficient capacity exception

[Jayapal Reddy Uradi]

Hi,

>From the below logs the hosts are in avoid set.
VM created failed because of no suitable host found.

Can you please check the MS logs for errors/exception while starting vm 
deployment ?
 

(Job-Executor-51:ctx-4325fdf4 ctx-86395c69 FirstFitRoutingAllocator) Host
name: host2, hostId: 4 is in avoid set, skipping this and trying other
available hosts
2014-04-22 10:58:50,616 DEBUG [c.c.a.m.a.i.FirstFitAllocator]
(Job-Executor-51:ctx-4325fdf4 ctx-86395c69 FirstFitRoutingAllocator) Host
name: host1, hostId: 1 is in avoid set, skipping this and trying other
available hosts
2014-04-22 10:58:50,616 DEBUG [c.c.a.m.a.i.FirstFitAllocator]
(Job-Executor-51:ctx-4325fdf4 ctx-86395c69 FirstFitRoutingAllocator) Host
Allocator returning 0 suitable hosts


Thanks,
Jayapal
On 22-Apr-2014, at 1:32 PM, gokhan kocaman  wrote:

> Hi,
> 
> I have enough resources on my hosts (ram,cpu ...)
> 
> But I got error while try to create vm.
> 
> Log is:
> 
> 2014-04-22 10:58:50,555 DEBUG [c.c.v.VirtualMachineManagerImpl]
> (Job-Executor-51:ctx-4325fdf4 ctx-86395c69) Successfully transitioned to
> start state for VM[User|yuyu] reservation id =
> c93b30c1-3cfa-4bbe-86cc-bd21eee7d62e
> 2014-04-22 10:58:50,603 DEBUG [c.c.v.VirtualMachineManagerImpl]
> (Job-Executor-51:ctx-4325fdf4 ctx-86395c69) Trying to deploy VM, vm has
> dcId: 1 and podId: 1
> 2014-04-22 10:58:50,603 DEBUG [c.c.v.VirtualMachineManagerImpl]
> (Job-Executor-51:ctx-4325fdf4 ctx-86395c69) Deploy avoids pods: [],
> clusters: [], hosts: [1, 4]
> 2014-04-22 10:58:50,607 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
> (Job-Executor-51:ctx-4325fdf4 ctx-86395c69) Deploy avoids pods: [],
> clusters: [], hosts: [1, 4]
> 2014-04-22 10:58:50,608 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
> (Job-Executor-51:ctx-4325fdf4 ctx-86395c69) DeploymentPlanner allocation
> algorithm: com.cloud.deploy.FirstFitPlanner@21a24ed3
> 2014-04-22 10:58:50,608 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
> (Job-Executor-51:ctx-4325fdf4 ctx-86395c69) Trying to allocate a host and
> storage pools from dc:1, pod:1,cluster:null, requested cpu: 500, requested
> ram: 536870912
> 2014-04-22 10:58:50,608 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
> (Job-Executor-51:ctx-4325fdf4 ctx-86395c69) Is ROOT volume READY (pool
> already allocated)?: No
> 2014-04-22 10:58:50,608 DEBUG [c.c.d.FirstFitPlanner]
> (Job-Executor-51:ctx-4325fdf4 ctx-86395c69) Searching resources only under
> specified Pod: 1
> 2014-04-22 10:58:50,608 DEBUG [c.c.d.FirstFitPlanner]
> (Job-Executor-51:ctx-4325fdf4 ctx-86395c69) Listing clusters in order of
> aggregate capacity, that have (atleast one host with) enough CPU and RAM
> capacity under this Pod: 1
> 2014-04-22 10:58:50,610 DEBUG [c.c.d.FirstFitPlanner]
> (Job-Executor-51:ctx-4325fdf4 ctx-86395c69) Removing from the clusterId
> list these clusters from avoid set: []
> 2014-04-22 10:58:50,613 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
> (Job-Executor-51:ctx-4325fdf4 ctx-86395c69) Checking resources in Cluster:
> 1 under Pod: 1
> 2014-04-22 10:58:50,613 DEBUG [c.c.a.m.a.i.FirstFitAllocator]
> (Job-Executor-51:ctx-4325fdf4 ctx-86395c69 FirstFitRoutingAllocator)
> Looking for hosts in dc: 1  pod:1  cluster:1
> 2014-04-22 10:58:50,614 DEBUG [c.c.a.m.a.i.FirstFitAllocator]
> (Job-Executor-51:ctx-4325fdf4 ctx-86395c69 FirstFitRoutingAllocator)
> FirstFitAllocator has 2 hosts to check for allocation: [Host[-4-Routing],
> Host[-1-Routing]]
> 2014-04-22 10:58:50,616 DEBUG [c.c.a.m.a.i.FirstFitAllocator]
> (Job-Executor-51:ctx-4325fdf4 ctx-86395c69 FirstFitRoutingAllocator) Found
> 2 hosts for allocation after prioritization: [Host[-4-Routing],
> Host[-1-Routing]]
> 2014-04-22 10:58:50,616 DEBUG [c.c.a.m.a.i.FirstFitAllocator]
> (Job-Executor-51:ctx-4325fdf4 ctx-86395c69 FirstFitRoutingAllocator)
> Looking for speed=500Mhz, Ram=512
> 2014-04-22 10:58:50,616 DEBUG [c.c.a.m.a.i.FirstFitAllocator]
> (Job-Executor-51:ctx-4325fdf4 ctx-86395c69 FirstFitRoutingAllocator) Host
> name: host2, hostId: 4 is in avoid set, skipping this and trying other
> available hosts
> 2014-04-22 10:58:50,616 DEBUG [c.c.a.m.a.i.FirstFitAllocator]
> (Job-Executor-51:ctx-4325fdf4 ctx-86395c69 FirstFitRoutingAllocator) Host
> name: host1, hostId: 1 is in avoid set, skipping this and trying other
> available hosts
> 2014-04-22 10:58:50,616 DEBUG [c.c.a.m.a.i.FirstFitAllocator]
> (Job-Executor-51:ctx-4325fdf4 ctx-86395c69 FirstFitRoutingAllocator) Host
> Allocator returning 0 suitable hosts
> 2014-04-22 10:58:50,616 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
> (Job-Executor-51:ctx-4325fdf4 ctx-86395c69) No suitable hosts found
> 2014-04-22 10:58:50,616 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
> (Job-Executor-51:ctx-4325fdf4 ctx-86395c69) No suitable hosts found under
> this Cluster: 1
> 2014-04-22 10:58:50,617 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
> (Job-Executor-51:ctx-4325fdf4 ctx-86395c69) Could not find suitable
> Deployment Destination for this VM under any clusters, returning.
> 2014-04-22 10:58:50,617 DEBU

Re: Failed to mount error in Agent log file - Fresh installation

[Jayapal Reddy Uradi]

Hi Sandeep,

send your host table content.
SELECT * FROM cloud.host;

I want to check the URL which you have given for nfs secondary storage.

-Jayapal

On 21-Apr-2014, at 5:14 PM, sandeep khandekar 
 wrote:

> Hi Jaypal,
> 
> How to resolve from management server secondary?
> 
> mount command shows the following information
> 
> root@cloudstack:/var/log/cloudstack/management# mount
> /dev/sda5 on / type ext4 (rw,errors=remount-ro)
> proc on /proc type proc (rw,noexec,nosuid,nodev)
> sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
> none on /sys/fs/fuse/connections type fusectl (rw)
> none on /sys/kernel/debug type debugfs (rw)
> none on /sys/kernel/security type securityfs (rw)
> udev on /dev type devtmpfs (rw,mode=0755)
> devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
> tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755)
> none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880)
> none on /run/shm type tmpfs (rw,nosuid,nodev)
> cgroup on /sys/fs/cgroup type tmpfs (rw,relatime,mode=755)
> cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,relatime,cpuset)
> cgroup on /sys/fs/cgroup/cpu type cgroup (rw,relatime,cpu)
> cgroup on /sys/fs/cgroup/cpuacct type cgroup (rw,relatime,cpuacct)
> cgroup on /sys/fs/cgroup/memory type cgroup (rw,relatime,memory)
> cgroup on /sys/fs/cgroup/devices type cgroup (rw,relatime,devices)
> cgroup on /sys/fs/cgroup/freezer type cgroup (rw,relatime,freezer)
> cgroup on /sys/fs/cgroup/blkio type cgroup (rw,relatime,blkio)
> cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,relatime,perf_event)
> cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,relatime,hugetlb)
> rpc_pipefs on /run/rpc_pipefs type rpc_pipefs (rw)
> nfsd on /proc/fs/nfsd type nfsd (rw)
> gvfs-fuse-daemon on /home/cloudstack/.gvfs type fuse.gvfs-fuse-daemon
> (rw,nosuid,nodev,user=cloudstack)
> 10.4.6.17:/export/secondary on /mnt/secondary type nfs
> (rw,tcp,intr,vers=4,addr=10.4.6.17,clientaddr=10.4.6.17)
> 10.4.6.17:/export/primary on /mnt/primary type nfs
> (rw,tcp,intr,vers=4,addr=10.4.6.17,clientaddr=10.4.6.17)
> 10.4.6.17:/export/primary on /mnt/25838d34-9a6f-3266-912e-db84d3f365d6 type
> nfs (rw,vers=4,addr=10.4.6.17,clientaddr=10.4.6.17)
> 
> The last line looks unusual, It got created automatically -
> cloudstack-management-server.
> 
> I revoked the mount which I have done it manually previously.
> with the below command
> sudo mount -t nfs 10.4.6.17:/export/secondary/template/tmpl/1/3/
> /mnt/53d355b8-a8c7-33a2-b9fd-e6d68ff7eec0/
> 
> Any guidance, how to solve?.
> 
> 
> On Mon, Apr 21, 2014 at 4:25 PM, Jayapal Reddy Uradi <
> jayapalreddy.ur...@citrix.com> wrote:
> 
>> Hi Snadeep,
>> 
>> In the log message it is showing secondary in the path.
>> 
>> secondary:/export/secondary/template/tmpl/1/3
>> /mnt/53d355b8-a8c7-33a2-b9fd-e6d68ff7eec0
>> 
>> From the management server, Is secondary is resolved ?
>> In secondary storage configuration, did you mention secondary or 10.4.6.17
>> ?
>> 
>> -Jayapal
>> 
>> On 21-Apr-2014, at 4:04 PM, sandeep khandekar <
>> cloudstack.sand...@gmail.com>
>> wrote:
>> 
>>> Dear All,
>>> 
>>> I am unable to mount my secondary storage, I am trying really hard to
>>> install cloudstack.
>>> 
>>> Need help to finish these work friends.
>>> 
>>> Please see the error which has appeared in my agent log
>>> tail -f agent.log
>>> 2014-04-21 15:04:27,405 INFO  [cloud.agent.Agent]
>>> (agentRequest-Handler-1:null) Set agent id 1
>>> 2014-04-21 15:04:27,405 INFO  [cloud.agent.Agent]
>>> (agentRequest-Handler-1:null) Ready command is processed: agent id = 1
>>> 2014-04-21 15:11:29,554 ERROR [kvm.storage.LibvirtStorageAdaptor]
>>> (agentRequest-Handler-4:null) org.libvirt.LibvirtException: internal
>> error
>>> Child process (/bin/mount secondary:/export/secondary/template/tmpl/1/3
>>> /mnt/53d355b8-a8c7-33a2-b9fd-e6d68ff7eec0) status unexpected: exit
>> status 32
>>> 2014-04-21 15:11:29,554 ERROR [kvm.storage.LibvirtStorageAdaptor]
>>> (agentRequest-Handler-4:null) Internal error occurred when attempting to
>>> mount: specified path may be invalid
>>> 2014-04-21 15:11:29,554 ERROR [kvm.storage.LibvirtStorageAdaptor]
>>> (agentRequest-Handler-4:null) Failed to create mount
>>> 2014-04-21 15:11:29,555 ERROR [kvm.storage.LibvirtStorageAdaptor]
>>> (agentRequest-Handler-4:null) [Ljava.lang.StackTraceElement;@28d51032
>>> 2014-04-21 15:17:53,938 ERROR [kvm.storage.LibvirtStorageAdaptor]
>>> (agentRequest-Handler-3:null) org.libvirt.LibvirtEx

Re: Failed to mount error in Agent log file - Fresh installation

[Jayapal Reddy Uradi]

Hi Snadeep,

In the log message it is showing secondary in the path. 

secondary:/export/secondary/template/tmpl/1/3
/mnt/53d355b8-a8c7-33a2-b9fd-e6d68ff7eec0

>From the management server, Is secondary is resolved ?
In secondary storage configuration, did you mention secondary or 10.4.6.17 ?

-Jayapal

On 21-Apr-2014, at 4:04 PM, sandeep khandekar 
 wrote:

> Dear All,
> 
> I am unable to mount my secondary storage, I am trying really hard to
> install cloudstack.
> 
> Need help to finish these work friends.
> 
> Please see the error which has appeared in my agent log
> tail -f agent.log
> 2014-04-21 15:04:27,405 INFO  [cloud.agent.Agent]
> (agentRequest-Handler-1:null) Set agent id 1
> 2014-04-21 15:04:27,405 INFO  [cloud.agent.Agent]
> (agentRequest-Handler-1:null) Ready command is processed: agent id = 1
> 2014-04-21 15:11:29,554 ERROR [kvm.storage.LibvirtStorageAdaptor]
> (agentRequest-Handler-4:null) org.libvirt.LibvirtException: internal error
> Child process (/bin/mount secondary:/export/secondary/template/tmpl/1/3
> /mnt/53d355b8-a8c7-33a2-b9fd-e6d68ff7eec0) status unexpected: exit status 32
> 2014-04-21 15:11:29,554 ERROR [kvm.storage.LibvirtStorageAdaptor]
> (agentRequest-Handler-4:null) Internal error occurred when attempting to
> mount: specified path may be invalid
> 2014-04-21 15:11:29,554 ERROR [kvm.storage.LibvirtStorageAdaptor]
> (agentRequest-Handler-4:null) Failed to create mount
> 2014-04-21 15:11:29,555 ERROR [kvm.storage.LibvirtStorageAdaptor]
> (agentRequest-Handler-4:null) [Ljava.lang.StackTraceElement;@28d51032
> 2014-04-21 15:17:53,938 ERROR [kvm.storage.LibvirtStorageAdaptor]
> (agentRequest-Handler-3:null) org.libvirt.LibvirtException: internal error
> Child process (/bin/mount secondary:/export/secondary/template/tmpl/1/3
> /mnt/53d355b8-a8c7-33a2-b9fd-e6d68ff7eec0) status unexpected: exit status 32
> 2014-04-21 15:17:53,938 ERROR [kvm.storage.LibvirtStorageAdaptor]
> (agentRequest-Handler-3:null) Internal error occurred when attempting to
> mount: specified path may be invalid
> 2014-04-21 15:17:53,938 ERROR [kvm.storage.LibvirtStorageAdaptor]
> (agentRequest-Handler-3:null) Failed to create mount
> 2014-04-21 15:17:53,938 ERROR [kvm.storage.LibvirtStorageAdaptor]
> (agentRequest-Handler-3:null) [Ljava.lang.StackTraceElement;@12afa082
> 2014-04-21 15:24:19,346 ERROR [kvm.storage.LibvirtStorageAdaptor]
> (agentRequest-Handler-2:null) org.libvirt.LibvirtException: internal error
> Child process (/bin/mount secondary:/export/secondary/template/tmpl/1/3
> /mnt/53d355b8-a8c7-33a2-b9fd-e6d68ff7eec0) status unexpected: exit status 32
> 2014-04-21 15:24:19,346 ERROR [kvm.storage.LibvirtStorageAdaptor]
> (agentRequest-Handler-2:null) Internal error occurred when attempting to
> mount: specified path may be invalid
> 2014-04-21 15:24:19,346 ERROR [kvm.storage.LibvirtStorageAdaptor]
> (agentRequest-Handler-2:null) Failed to create mount
> 2014-04-21 15:24:19,346 ERROR [kvm.storage.LibvirtStorageAdaptor]
> (agentRequest-Handler-2:null) [Ljava.lang.StackTraceElement;@65a714ff
> 2014-04-21 15:30:48,594 ERROR [kvm.storage.LibvirtStorageAdaptor]
> (agentRequest-Handler-5:null) org.libvirt.LibvirtException: internal error
> Child process (/bin/mount secondary:/export/secondary/template/tmpl/1/3
> /mnt/53d355b8-a8c7-33a2-b9fd-e6d68ff7eec0) status unexpected: exit status 32
> 2014-04-21 15:30:48,594 ERROR [kvm.storage.LibvirtStorageAdaptor]
> (agentRequest-Handler-5:null) Internal error occurred when attempting to
> mount: specified path may be invalid
> 2014-04-21 15:30:48,594 ERROR [kvm.storage.LibvirtStorageAdaptor]
> (agentRequest-Handler-5:null) Failed to create mount
> 2014-04-21 15:30:48,594 ERROR [kvm.storage.LibvirtStorageAdaptor]
> (agentRequest-Handler-5:null) [Ljava.lang.StackTraceElement;@5dd06de
> 2014-04-21 15:37:14,513 ERROR [kvm.storage.LibvirtStorageAdaptor]
> (agentRequest-Handler-1:null) org.libvirt.LibvirtException: internal error
> Child process (/bin/mount secondary:/export/secondary/template/tmpl/1/3
> /mnt/53d355b8-a8c7-33a2-b9fd-e6d68ff7eec0) status unexpected: exit status 32
> 2014-04-21 15:37:14,514 ERROR [kvm.storage.LibvirtStorageAdaptor]
> (agentRequest-Handler-1:null) Internal error occurred when attempting to
> mount: specified path may be invalid
> 2014-04-21 15:37:14,514 ERROR [kvm.storage.LibvirtStorageAdaptor]
> (agentRequest-Handler-1:null) Failed to create mount
> 2014-04-21 15:37:14,514 ERROR [kvm.storage.LibvirtStorageAdaptor]
> (agentRequest-Handler-1:null) [Ljava.lang.StackTraceElement;@4e30cbae
> 
> 
> as cloudstack was unable to mount, I mounted it in the secondary storage in
> specified path Manually
> 
> $sudo mount -t nfs 10.4.6.17:/export/secondary/template/tmpl/1/3/
> /mnt/53d355b8-a8c7-33a2-b9fd-e6d68ff7eec0/
> 
> Then I got the message cloudstack installed successfully.
> 
> When I see my centos template it is not downloaded - The same error which I
> got in my previous installations.
> 
> Any guesses are hints to solve these friends,
> the set

Re: change VM IP address basic zone setup

[Jayapal Reddy Uradi]

Hi,

vm_instance and nics tables and updating in router /etc/dhcphosts.txt is enough.

Thanks,
Jayapal

On 12-Apr-2014, at 8:18 PM, Rafael Weingartner  
wrote:

> Hi all,
> I have a VM that I would like to change its IP addresses, however there is
> no way to do that using neither the UI nor the CS API.
> I have taken a look at the database, and I think that if I change the VM ip
> address in table vm_instance and nics will do the job, I would also need to
> update the virtual router file that matches VM's mac addresses and ip
> addresses. Would there be any other table to be changed on the database?
> 
> -- 
> Rafael Weingärtner

Re: security_group.py closed unexpectedly

[Jayapal Reddy Uradi]

The error is specific to running with sudo. 
But this error is not related to security_group.py failure.

Thanks,
Jayapal
On 07-Apr-2014, at 4:06 PM, Giri Prasad 
 wrote:

> Hi,
> 
> Thanks for your reply.
> 
> /usr/bin/python 
> /usr/share/cloudstack-common/scripts/vm/network/security_group.py 
> default_network_rules_systemvm --vmname s-5-VM --localbrname cloud
> > runs fine, without any problem.
> 
>  However, I notice the following errors, in the management log, when I stop 
> and start the management server and the cloudstack agent.
> 
>  Please let know of any clues towards this.
> 
> Thanks in advance.
> 
> Regards,
> Giri
> 
> 2014-04-07 15:43:25,145 DEBUG [c.c.u.s.Script] (main:null) Executing: sudo 
> keytool -genkey -keystore 
> /etc/cloudstack/management/cloudmanagementserver.keystore -storepass 
> vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn="Cloudstack 
> User",ou="giriubuntu.cruzesoft.com",o="giriubuntu.cruzesoft.com",c="Unknown" 
> 2014-04-07 15:43:25,181 DEBUG [c.c.u.s.Script] (main:null) Exit value is 1
> 2014-04-07 15:43:25,181 DEBUG [c.c.u.s.Script] (main:null) sudo: no tty 
> present and no askpass program specifiedSorry, try again.sudo: no tty present 
> and no askpass program specifiedSorry, try again.sudo: no tty present and no 
> askpass program specifiedSorry, try again.sudo: 3 incorrect password attempts
> 2014-04-07 15:43:25,182 WARN  [c.c.s.ConfigurationServerImpl] (main:null) 
> Would use fail-safe keystore to continue.
> java.io.IOException: Fail to generate certificate!: sudo: no tty present and 
> no askpass program specifiedSorry, try again.sudo: no tty present and no 
> askpass program specifiedSorry, try again.sudo: no tty present and no askpass 
> program specifiedSorry, try again.sudo: 3 incorrect password attempts
>   at 
> com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(ConfigurationServerImpl.java:576)
>  
> 
> 
> 014-04-07 15:43:25,222 INFO  [c.c.s.ConfigurationServerImpl] (main:null) 
> Going to update systemvm iso with generated keypairs if needed
> 2014-04-07 15:43:25,223 DEBUG [c.c.u.s.Script] (main:null) Looking for 
> scripts/vm/systemvm/injectkeys.sh in the classpath
> 2014-04-07 15:43:25,223 DEBUG [c.c.u.s.Script] (main:null) System resource: 
> null
> 2014-04-07 15:43:25,224 DEBUG [c.c.u.s.Script] (main:null) Classpath 
> resource: 
> file:/usr/share/cloudstack-management/webapps/client/WEB-INF/classes/scripts/vm/systemvm/injectkeys.sh
> 2014-04-07 15:43:25,224 DEBUG [c.c.u.s.Script] (main:null) Absolute path =  
> /usr/share/cloudstack-management/webapps/client/WEB-INF/classes/scripts/vm/systemvm/injectkeys.sh
> 2014-04-07 15:43:25,224 DEBUG [c.c.u.s.Script] (main:null) Looking for 
> vms/systemvm.iso in the classpath
> 2014-04-07 15:43:25,224 DEBUG [c.c.u.s.Script] (main:null) System resource: 
> null
> 2014-04-07 15:43:25,994 DEBUG [c.c.u.s.Script] (main:null) Classpath 
> resource: 
> file:/usr/share/cloudstack-management/webapps/client/WEB-INF/classes/vms/systemvm.iso
> 2014-04-07 15:43:25,994 DEBUG [c.c.u.s.Script] (main:null) Absolute path =  
> /usr/share/cloudstack-management/webapps/client/WEB-INF/classes/vms/systemvm.iso
> 
> 
> 2014-04-07 15:43:26,199 INFO  [c.c.c.ClusterManagerImpl] (main:null) Start 
> configuring cluster manager : ClusterManagerImpl
> 2014-04-07 15:43:26,200 INFO  [c.c.c.ClusterManagerImpl] (main:null) Cluster 
> node IP : 192.168.1.5
> 2014-04-07 15:43:26,218 INFO  [c.c.c.ClusterManagerImpl] (main:null) Trying 
> to connect to 192.168.1.5
> 2014-04-07 15:43:26,221 ERROR [c.c.c.ClusterManagerImpl] (main:null) Unable 
> to ping management server at 192.168.1.5:9090 due to ConnectException
> java.net.ConnectException: Connection refused
>   at sun.nio.ch.Net.connect(Native Method)
>   at sun.nio.ch.SocketChannelImpl.connect(SocketChannelImpl.java:534)
>   at 
> com.cloud.cluster.ClusterManagerImpl.pingManagementNode(ClusterManagerImpl.java:1122)
>  
> 
> 
> 
> 2014-04-07 15:43:37,511 INFO  [o.a.c.s.d.p.DefaultHostListener] 
> (AgentConnectTaskPool-1:ctx-d531d35b) Connection established between 
> org.apache.cloudstack.storage.datastore.PrimaryDataStoreImpl@1fd79af9 host + 1
> 2014-04-07 15:43:37,520 DEBUG [c.c.s.StorageManagerImpl] 
> (AgentConnectTaskPool-1:ctx-d531d35b) Successfully set Capacity - 
> 447226052608 for capacity type - 3 , DataCenterId - 1, HostOrPoolId - 1, 
> PodId 1
> 2014-04-07 15:43:37,520 DEBUG [c.c.a.m.AgentManagerImpl] 
> (AgentConnectTaskPool-1:ctx-d531d35b) Sending Connect to listener: 
> SecondaryStorageListener
> 2014-04-07 15:43:37,520 DEBUG [c.c.a.m.AgentManagerImpl] 
> (AgentConnectTaskPool-1:ctx-d531d35b) Sending Connect to listener: 
> DeploymentPlanningManagerImpl
> 2014-04-07 15:43:37,522 DEBUG [c.c.a.m.AgentManagerImpl] 
> (AgentConnectTaskPool-1:ctx-d531d35b) Sending Connect to listener: 
> ClusteredVirtualMachineManagerImpl
> 2014-04-07 15:43:37,522 DEBUG [c.c.v.VirtualMachineManagerImpl] 
> (AgentConnectTaskPool-1:ctx-d

Re: security_group.py closed unexpectedly

[Jayapal Reddy Uradi]

Hi,

Can you please run the below script on the host and check for errors.
> /usr/bin/pyton 
> /usr/share/cloudstack-common/scripts/vm/network/security_group.py 
> default_network_rules_systemvm --vmname s-5-VM --localbrname cloud

iptables chain create should not cause issues.

Thanks,
Jayapal

On 07-Apr-2014, at 3:22 PM, Giri Prasad 
 wrote:

> Hello All,
> 
>  I installed Ubuntu 12.04 LTS on a i3, 8gb ram machine. And installed 
> cloudstack 4.3. Upon starting the the management server and agent of 
> cloudstack, the following errors are reported by the system. Any insights? 
> Thanks in advance.
> 
> Regards,
> Giri
> 
> security_group.py has closed unexpectedly
> 
> Executable Path
> /usr/share/cloudstack-common/scripts/vm/network/security_group.py
> 
> Package
>   cloudstack-common-4.3.0 [origin cloudstack.org]
> 
> Problem Type
>Crash
> 
> Title:
> security_group.py crashed with CalledProcessError in __call__(): Command 
> '['/bin/bash', '-c', u'iptables -N BF-cloudbr9']' returned non-zero exit 
> status 1
> 
> ProcCmdLine
> /usr/bin/pyton 
> /usr/share/cloudstack-common/scripts/vm/network/security_group.py 
> default_network_rules_systemvm --vmname s-5-VM --localbrname cloud
> 
> PytonArgs
> ['/usr/share/cloudstack-common/scripts/vm/network/security_group.py','default_network_rules_systemvm','--vmname','s-5-VM','--localbrname','cloud0']
> 
> Source Package
>   cloudstack
> 
> Uname
>   Linux 3.11.0-19-generic
> 
> management-server.log 
> *
> 2014-04-07 14:09:31,246 DEBUG [c.c.n.r.VirtualNetworkApplianceManagerImpl] 
> (RouterStatusMonitor-1:ctx-132e0e49) Found 0 routers to update status. 
> 2014-04-07 14:09:31,248 DEBUG [c.c.n.r.VirtualNetworkApplianceManagerImpl] 
> (RouterStatusMonitor-1:ctx-132e0e49) Found 0 networks to update RvR status. 
> 2014-04-07 14:09:46,714 DEBUG [c.c.a.m.AgentManagerImpl] 
> (AgentManager-Handler-3:null) Ping from 1
> 2014-04-07 14:10:01,247 DEBUG [c.c.n.r.VirtualNetworkApplianceManagerImpl] 
> (RouterStatusMonitor-1:ctx-6b66bd10) Found 0 routers to update status. 
> 2014-04-07 14:10:01,249 DEBUG [c.c.n.r.VirtualNetworkApplianceManagerImpl] 
> (RouterStatusMonitor-1:ctx-6b66bd10) Found 0 networks to update RvR status. 
> 2014-04-07 14:10:06,141 DEBUG [c.c.h.d.HostDaoImpl] (ClusteredAgentManager 
> Timer:ctx-2f093bdb) Resetting hosts suitable for reconnect
> 2014-04-07 14:10:06,143 DEBUG [c.c.h.d.HostDaoImpl] (ClusteredAgentManager 
> Timer:ctx-2f093bdb) Completed resetting hosts suitable for reconnect
> 2014-04-07 14:10:06,143 DEBUG [c.c.h.d.HostDaoImpl] (ClusteredAgentManager 
> Timer:ctx-2f093bdb) Acquiring hosts for clusters already owned by this 
> management server
> 2014-04-07 14:10:06,144 DEBUG [c.c.h.d.HostDaoImpl] (ClusteredAgentManager 
> Timer:ctx-2f093bdb) Completed acquiring hosts for clusters already owned by 
> this management server
> 2014-04-07 14:10:06,144 DEBUG [c.c.h.d.HostDaoImpl] (ClusteredAgentManager 
> Timer:ctx-2f093bdb) Acquiring hosts for clusters not owned by any management 
> server
> 2014-04-07 14:10:06,145 DEBUG [c.c.h.d.HostDaoImpl] (ClusteredAgentManager 
> Timer:ctx-2f093bdb) Completed acquiring hosts for clusters not owned by any 
> management server
> 2014-04-07 14:10:16,204 DEBUG [c.c.s.StatsCollector] 
> (StatsCollector-3:ctx-566129ef) VmStatsCollector is running...
> 2014-04-07 14:10:16,321 DEBUG [c.c.s.StatsCollector] 
> (StatsCollector-1:ctx-6a332b1b) StorageCollector is running...
> 2014-04-07 14:10:16,328 DEBUG [c.c.s.StatsCollector] 
> (StatsCollector-1:ctx-6a332b1b) There is no secondary storage VM for 
> secondary storage host nfs://192.168.1.5/export/secondary
> 2014-04-07 14:10:16,397 DEBUG [c.c.a.t.Request] 
> (StatsCollector-1:ctx-6a332b1b) Seq 1-1822556174: Received:  { Ans: , MgmtId: 
> 108689543298440, via: 1, Ver: v1, Flags: 10, { GetStorageStatsAnswer } }
> 2014-04-07 14:10:17,509 DEBUG [c.c.s.StatsCollector] 
> (StatsCollector-3:ctx-054ac5cc) HostStatsCollector is running...
> 2014-04-07 14:10:18,133 DEBUG [c.c.a.t.Request] 
> (StatsCollector-3:ctx-054ac5cc) Seq 1-1822556175: Received:  { Ans: , MgmtId: 
> 108689543298440, via: 1, Ver: v1, Flags: 10, { GetHostStatsAnswer } }
> 2014-04-07 14:10:31,246 DEBUG [c.c.n.r.VirtualNetworkApplianceManagerImpl] 
> (RouterStatusMonitor-1:ctx-bf9adfc5) Found 0 routers to update status. 
> 2014-04-07 14:10:31,248 DEBUG [c.c.n.r.VirtualNetworkApplianceManagerImpl] 
> (RouterStatusMonitor-1:ctx-bf9adfc5) Found 0 networks to update RvR status. 
> 2014-04-07 14:10:46,715 DEBUG [c.c.a.m.AgentManagerImpl] 
> (AgentManager-Handler-6:null) Ping from 1
> 2014-04-07 14:11:01,245 DEBUG [c.c.n.r.VirtualNetworkApplianceManagerImpl] 
> (RouterStatusMonitor-1:ctx-6b62a466) Found 0 routers to update status. 
> 2014-04-07 14:11:01,247 DEBUG [c.c.n.r.VirtualNetworkApplianceManagerImpl] 
> (RouterStatusMonitor-1:ctx-6b62a466) Found 0 networks to update RvR status. 

Re: firewall accept all

[Jayapal Reddy Uradi]

You can file bugs cloudstack at below url
https://issues.apache.org/jira/secure/Dashboard.jspa

Thanks,
Jayapal

On 04-Apr-2014, at 11:55 AM, Michael Phillips  wrote:

> Never having done it, where do I file the bug report?
> 
>> From: jayapalreddy.ur...@citrix.com
>> To: users@cloudstack.apache.org
>> Subject: Re: firewall accept all
>> Date: Fri, 4 Apr 2014 06:13:59 +
>> 
>> This will be UI bug then. If API says the source cidr is optional, then same 
>> should be in UI as well.
>> Michael can you please file UI bug this.
>> 
>> Thanks,
>> Jayapal
>> On 04-Apr-2014, at 2:49 AM, Michael Phillips  wrote:
>> 
>>> That did itthanks for the info!
>>> 
 From: xbu...@lpsintegration.com
 To: users@cloudstack.apache.org
 Subject: Re: firewall accept all
 Date: Thu, 3 Apr 2014 21:04:39 +
 
 Enter 0.0.0.0/0
 
 On 4/3/14, 3:51 PM, "Michael Phillips"  wrote:
 
> According to the docs it says you can leave the source cidr blank to
> accept all. However when I attempt to leave the source CIDR field blank
> it says it's required.
> How do you accept all incoming CIDR's?
> 
 
 
 
 
 This document is PROPRIETARY and CONFIDENTIAL and may not be duplicated, 
 redistributed, or displayed to any other party without the expressed 
 written permission of LPS Integration, Inc. If you are not the intended 
 recipient and have received this email in error, please destroy the email 
 and contact the LPS Integration Security Officer at 866-577-2902 (Phone), 
 615-349-9009 (Fax) or 230 Great Circle Rd. Suite 218 Nashville, TN 37228 
 (US Mail)
 
>>>   
>> 
> 

Re: firewall accept all

[Jayapal Reddy Uradi]

This will be UI bug then. If API says the source cidr is optional, then same 
should be in UI as well.
Michael can you please file UI bug this.

Thanks,
Jayapal
On 04-Apr-2014, at 2:49 AM, Michael Phillips  wrote:

> That did itthanks for the info!
> 
>> From: xbu...@lpsintegration.com
>> To: users@cloudstack.apache.org
>> Subject: Re: firewall accept all
>> Date: Thu, 3 Apr 2014 21:04:39 +
>> 
>> Enter 0.0.0.0/0
>> 
>> On 4/3/14, 3:51 PM, "Michael Phillips"  wrote:
>> 
>>> According to the docs it says you can leave the source cidr blank to
>>> accept all. However when I attempt to leave the source CIDR field blank
>>> it says it's required.
>>> How do you accept all incoming CIDR's?
>>> 
>> 
>> 
>> 
>> 
>> This document is PROPRIETARY and CONFIDENTIAL and may not be duplicated, 
>> redistributed, or displayed to any other party without the expressed written 
>> permission of LPS Integration, Inc. If you are not the intended recipient 
>> and have received this email in error, please destroy the email and contact 
>> the LPS Integration Security Officer at 866-577-2902 (Phone), 615-349-9009 
>> (Fax) or 230 Great Circle Rd. Suite 218 Nashville, TN 37228 (US Mail)
>> 
> 

Re: DHCP IP not getting assigned to the instances

[Jayapal Reddy Uradi]

Hi,

Please find my comments inline.

Thanks,
Jayapal
On 21-Mar-2014, at 9:09 PM, iliyas shirol  wrote:

> Greetings!
> 
> We have a zone with 5 shared guest networks. We are facing the following
> network issues post launching an instance in these networks. It behaves in
> one of the below defined ways,
> 
> 1. An IP gets assigned to the VM but its not reachable (over ICMP) from
> outside network. But once we login into the VM using the console and ping
> any public IP (ex: 8.8.8.8) or the gateway of the shared network then ICMP
> from outside starts responding.
This can be because the switch is not updated with vm vif mac address.
Ping initiate from the vm might caused the switch to learn vm mac and traffic 
from outside is success.

Trace the packets and see where exactly the packets got dropped.

Any chance the below bug behaviour caused the issue and the fix is not there in 
your code.
https://issues.apache.org/jira/browse/CLOUDSTACK-5986

> 
> 2. IP doesn't get assigned to the instance. VR's /etc/hosts file is updated
> with the VM name and its respective IP.
Please check the guest vm interface for dhcp mode.
If it is set correctly please observe the vm boot logs to see why dhclient is 
failed to obtain the 
ip address for interface from the router.
> 
> 3. The VM gets the IP assigned and is reachable from outside network.
> 
> We are using ACS-4.2.1 & XenServer 6.2. The guest interfaces (eth2+eth3)
> are bonded using LACP.
> 
> Following troubleshooting has been done,
> 
> 1. Restarted the VR
> 2. Restarted the instance.
> 3. Restarted the guest network
> 
> Has anyone else faced similar kind of issue ?
> 
> Thanks.
> 
> -- 
> -
> Md. Iliyas Shirol
> Mobile : +91 9902 977 800
> Google : iliyas.shirol@ gmail.com

Re: custom DNS entry for secondary IP address

[Jayapal Reddy Uradi]

Hi Ingo,

You can make entry into /etc/hosts in VR for your secondary ip with your 
desired name.

Thanks,
Jayapal

On 24-Mar-2014, at 8:57 PM, "Jochim, Ingo"  wrote:

> Hi all,
> 
> is it possible to get a custom DNS entry for a secondary IP address of an 
> instance?
> 
> I added a second IP address to my instance but like to use a different name 
> for resolution (not the hostname).
> 
> Thanks,
> Ingo
> 
> -- 
> This email was Virus checked by Astaro Security Gateway. http://www.astaro.com

Re: help with VPC and public IPs change

[Jayapal Reddy Uradi]

Hi,

check the nics table also. Also grep for old ups in db dumb.
Try adding new firewall rule and see all the rules are restored.

If the rules are not configured then check the management server logs.

Thanks,
Jayapal
On 24-Mar-2014, at 7:53 PM, Andrei Mikhailovsky 
 wrote:

> Hello guys, 
> 
> I am changing my public IP range and I was having some issues with VPCs. I've 
> managed to do it without any issues for the normal networks by changing the 
> values in the database, however, The same procedure did not work for the 
> VPCs. Here is what I've done: 
> 
> Changed the relevant values from the old range to the new range in the 
> user_ip_address and firewall_rules tables. After that I've restarted the VPC, 
> which has picked up the new ips and the firewall rules. However, the VR only 
> had a single source NAT ip address and not the rest of ips it should have 
> had. Also, the load balancing and port forwarding rules were not showing up. 
> 
> I did look at the load_balancing_rules table, but couldn't find the values 
> that link back to the old IPs. 
> 
> Could some one please suggest to me what tables I should be changing for the 
> VPCs to switch the public IP range. 
> 
> Many thanks 
> 
> Andrei 

Re: How to allow others systems on my network to access vms

[Jayapal Reddy Uradi]

Hi Sugandh,

create ingress rules in security group to access the vms.

Thanks,
Jayapal

On 24-Mar-2014, at 10:49 AM, Sugandh S 
 wrote:

> Hi
> 
> I have set up CS 4.2 and I have done a basic install. I can create vm 
> instances and they can communicate with other systems on my network but other 
> systems on my network can't ping or access the vms. Is there any way I can 
> achieve this.
> 
> Thanks ahead
> Sugandh

Re: Windows Guest vm takes diff. IP

[Jayapal Reddy Uradi]

Hi Tejas,

Is there any dhcp server running in your setup other than VR ?
Is the  ip really served by VR ?

Thanks,
Jayapal
On 06-Mar-2014, at 9:35 AM, Tejas Gadaria  wrote:

> Hi,
> 
> I have configured CS 4.0.2 with vmware in advance networking mode.
> I am facing this problem with only Windows guest vm. Linux gueust as
> working fine.
> 
> While deploying Windows 7 guest vm cloudstsck assigning ip from guest ip
> range.but guest vm actually takes different ip than what is shown under
> 'NICs' tab.
> 
> need your help on this.
> 
> Regards,
> Tejas

Re: Not able to ping to outside network from system VMs

[Jayapal Reddy Uradi]

Which zone are you setting basic or advanced ?
My suggestion for you is first make a setup with simple config to get it work.

If you are trying for Advanced zone isolated network,
Try the separate ip range for management and public.
1. Management subnet: ex: 10.147.28.100-120 , gw 10.147.28.1 vlan:28 
2. Public subnet subnet: ex: 10.147.52.100-120, gw 10.147.52.1 vlan:52
3. Dns: use your corporate DNS server, do not use MS.

Thanks,
Jayapal

On 28-Feb-2014, at 1:21 PM, Jitendra Shelar  
wrote:

> 
> Hi Jaypal,
> We have configured for a single node setup.
> 
> Host/Management Server :  10.44.65.143
> IP range :   10.44.64.21 - 10.44.64.30
> 10.44.64.31 - 10.44.64.40
> Gateway : 10.44.64.1
> 
> During configuration of zone and pod, have taken the Management server IP as 
> DNS and gateway IP.
> 
> We are not able to ping from system VMs to 
> a) Gateway
> b) Google DNS
> c) Corporate DNS
> d) Management or Host Server
> 
> Following logs are repeating.
> 
> 2014-02-28 13:16:57,887 DEBUG [agent.manager.AgentManagerImpl] 
> (StatsCollector-1:null) Details from executing class 
> com.cloud.agent.api.GetHostStatsCommand: empty String
> 2014-02-28 13:16:57,887 WARN  [cloud.resource.ResourceManagerImpl] 
> (StatsCollector-1:null) Unable to obtain host 10 statistics.
> 2014-02-28 13:16:57,888 WARN  [cloud.server.StatsCollector] 
> (StatsCollector-1:null) Received invalid host stats for host: 10
> 2014-02-28 13:16:59,095 DEBUG [cloud.server.StatsCollector] 
> (StatsCollector-3:null) StorageCollector is running...
> 2014-02-28 13:16:59,098 DEBUG [cloud.server.StatsCollector] 
> (StatsCollector-3:null) There is no secondary storage VM for secondary 
> storage host nfs://10.44.65.143/export/secondary
> 2014-02-28 13:16:59,125 DEBUG [agent.transport.Request] 
> (StatsCollector-3:null) Seq 10-96469044: Received:  { Ans: , MgmtId: 
> 279278805451128, via: 10, Ver: v1, Flags: 10, { GetStorageStatsAnswer } }
> 2014-02-28 13:17:02,067 DEBUG [cloud.api.ApiServlet] (catalina-exec-22:null) 
> ===START===  10.43.3.110 -- GET  
> command=listTemplates&response=json&sessionkey=Q%2FWjHAwdSQdR8O771SQ4koi5PFA%3D&templatefilter=all&_=1393573622806
> 2014-02-28 13:17:02,157 DEBUG [cloud.api.ApiServlet] (catalina-exec-22:null) 
> ===END===  10.43.3.110 -- GET  
> command=listTemplates&response=json&sessionkey=Q%2FWjHAwdSQdR8O771SQ4koi5PFA%3D&templatefilter=all&_=1393573622806
> 2014-02-28 13:17:16,065 DEBUG [storage.secondary.SecondaryStorageManagerImpl] 
> (secstorage-1:null) Zone 5 is ready to launch secondary storage VM
> 2014-02-28 13:17:16,187 DEBUG [cloud.consoleproxy.ConsoleProxyManagerImpl] 
> (consoleproxy-1:null) Zone 5 is ready to launch console proxy
> 2014-02-28 13:17:16,634 DEBUG 
> [cloud.network.ExternalLoadBalancerUsageManagerImpl] 
> (ExternalNetworkMonitor-1:null) External load balancer devices stats 
> collector is running...
> 2014-02-28 13:17:16,643 DEBUG [storage.snapshot.SnapshotSchedulerImpl] 
> (SnapshotPollTask:null) Snapshot scheduler.poll is being called at 2014-02-28 
> 07:47:16 GMT
> 2014-02-28 13:17:16,644 DEBUG [storage.snapshot.SnapshotSchedulerImpl] 
> (SnapshotPollTask:null) Got 0 snapshots to be executed at 2014-02-28 07:47:16 
> GMT
> 2014-02-28 13:17:16,655 DEBUG 
> [network.router.VirtualNetworkApplianceManagerImpl] (RouterMonitor-1:null) 
> Found 0 running routers.
> 2014-02-28 13:17:16,657 DEBUG 
> [network.router.VirtualNetworkApplianceManagerImpl] 
> (RouterStatusMonitor-1:null) Found 0 routers.
> 2014-02-28 13:17:17,063 DEBUG [cloud.api.ApiServlet] (catalina-exec-20:null) 
> ===START===  10.43.3.110 -- GET  
> command=listTemplates&response=json&sessionkey=Q%2FWjHAwdSQdR8O771SQ
> 
> Still, we are facing same issue.
> 
> Regards,
> Jitendra
> 
> 
> 
> 
> -Original Message-
> From: Jayapal Reddy Uradi [mailto:jayapalreddy.ur...@citrix.com] 
> Sent: Friday, February 28, 2014 11:49 AM
> To: 
> Cc: users@cloudstack.apache.org; Ajay Singh
> Subject: Re: Not able to ping to outside network from system VMs
> 
> Hi,
> 
> Change the name server to your internal DNS server in systemvm 
> (/etc/resolve.conf).
> I also observed that the google DNS server is pinging but not serving the dns 
> requests.
> 
> Thanks,
> Jayapal
> 
> 
> On 28-Feb-2014, at 11:02 AM, Jitendra Shelar 
> 
> wrote:
> 
>> Hi Tejas,
>> 
>> Thanks for your response.
>> 
>> We tried with Google DNS for the "Internal DNS"  of Zone. 
>> We are not able to resolve Google DNS  from the system VMs. 
>> We are able to ping to Google DNS from management server and host server.
>> 
>> We tried with single node setup.
>> We are faci

Re: Not able to ping to outside network from system VMs

[Jayapal Reddy Uradi]

Hi,

Change the name server to your internal DNS server in systemvm 
(/etc/resolve.conf).
I also observed that the google DNS server is pinging but not serving the dns 
requests.

Thanks,
Jayapal


On 28-Feb-2014, at 11:02 AM, Jitendra Shelar 
 wrote:

> Hi Tejas,
> 
> Thanks for your response.
> 
> We tried with Google DNS for the "Internal DNS"  of Zone. 
> We are not able to resolve Google DNS  from the system VMs. 
> We are able to ping to Google DNS from management server and host server.
> 
> We tried with single node setup.
> We are facing same issue. Not able to ping gateway from system VMs.
> 
> Regards,
> Jitendra
> 
> 
> 
> -Original Message-
> From: Tejas Gadaria [mailto:refond.g...@gmail.com] 
> Sent: Friday, February 28, 2014 9:20 AM
> To: users@cloudstack.apache.org
> Cc: d...@cloudstack.apache.org
> Subject: Re: Not able to ping to outside network from system VMs
> 
> Is your "Internal DNS 1" of Zone able to resolve Google DNS?
> 
> Regards,
> Tejas
> 
> 
> On Thu, Feb 27, 2014 at 12:48 PM, Jitendra Shelar < 
> jitendra_she...@persistent.co.in> wrote:
> 
>> Hi All,
>> 
>> I am setting up a 2-node cloudstack environment.
>> 
>> Management Server :10.44.189.125
>> Host Server :  10.44.65.143
>> 
>> I am able to see the system VMs in running state.
>> But not able ping to outside network from system VMs.
>> 
>> I am not able to ping to corporate DNS or Google DNS from system VMs.
>> Also not able to ping gateway from system VMs.
>> 
>> Health Check :
>> root@s-20-VM:/usr/local/cloud/systemvm# ./ssvm-check.sh 
>> 
>> First DNS server is  8.8.8.8
>> PING 8.8.8.8 (8.8.8.8): 56 data bytes
>> 64 bytes from 10.44.188.14: Destination Host Unreachable
>> Vr HL TOS  Len   ID Flg  off TTL Pro  cks  Src  Dst Data
>> 4  5  00 5400    0 0040  40  01 5f64 10.44.188.14  8.8.8.8
>> 64 bytes from 10.44.188.14: Destination Host Unreachable
>> Vr HL TOS  Len   ID Flg  off TTL Pro  cks  Src  Dst Data
>> 4  5  00 5400    0 0040  40  01 5f64 10.44.188.14  8.8.8.8
>> --- 8.8.8.8 ping statistics ---
>> 2 packets transmitted, 0 packets received, 100% packet loss
>> WARNING: cannot ping DNS server
>> route follows
>> Kernel IP routing table
>> Destination Gateway Genmask Flags Metric RefUse
>> Iface
>> 8.8.8.8 10.44.188.3 255.255.255.255 UGH   0  00
>> eth1
>> 10.44.188.0 0.0.0.0 255.255.254.0   U 0  00
>> eth1
>> 10.44.188.0 0.0.0.0 255.255.254.0   U 0  00
>> eth2
>> 10.44.188.0 0.0.0.0 255.255.254.0   U 0  00
>> eth3
>> 169.254.0.0 0.0.0.0 255.255.0.0 U 0  00
>> eth0
>> 0.0.0.0 10.44.188.3 0.0.0.0 UG0  00
>> eth2
>> 
>> ERROR: DNS not resolving download.cloud.com resolv.conf follows 
>> nameserver 8.8.8.8 nameserver 8.8.8.8 
>> root@s-20-VM:/usr/local/cloud/systemvm#
>> 
>> 
>> Route information on system VM :
>> 
>> root@s-20-VM:/usr/local/cloud/systemvm# route -n Kernel IP routing 
>> table
>> Destination Gateway Genmask Flags Metric RefUse
>> Iface
>> 8.8.8.8 10.44.188.3 255.255.255.255 UGH   0  00
>> eth1
>> 10.44.188.0 0.0.0.0 255.255.254.0   U 0  00
>> eth1
>> 10.44.188.0 0.0.0.0 255.255.254.0   U 0  00
>> eth2
>> 10.44.188.0 0.0.0.0 255.255.254.0   U 0  00
>> eth3
>> 169.254.0.0 0.0.0.0 255.255.0.0 U 0  00
>> eth0
>> 0.0.0.0 10.44.188.3 0.0.0.0 UG0  00
>> eth2
>> root@s-20-VM:/usr/local/cloud/systemvm#
>> 
>> 
>> Please help me in getting out of this issue.
>> 
>> Thanks,
>> Jitendra
>> 
>> 
>> 
>> 
>> 
>> 
>> DISCLAIMER
>> ==
>> This e-mail may contain privileged and confidential information which 
>> is the property of Persistent Systems Ltd. It is intended only for the 
>> use of the individual or entity to which it is addressed. If you are 
>> not the intended recipient, you are not authorized to read, retain, 
>> copy, print, distribute or use this message. If you have received this 
>> communication in error, please notify the sender and delete all copies of 
>> this message.
>> Persistent Systems Ltd. does not accept any liability for virus 
>> infected mails.
>> 
>> 
> 
> DISCLAIMER
> ==
> This e-mail may contain privileged and confidential information which is the 
> property of Persistent Systems Ltd. It is intended only for the use of the 
> individual or entity to which it is addressed. If you are not the intended 
> recipient, you are not authorized to read, retain, copy, print, distribute or 
> use this message. If you have received this communication in error, please 
> notify the sender and delete all copies of this message. Persistent Systems 
> Ltd. d

Re: [Doc] [4.3] Service Monitoring Tool for Virtual Router for Review [CLOUDSTACK-5292]

[Jayapal Reddy Uradi]

Hi Radhika,

The configuration is from the global settings.

Thanks,
Jayapal
On 29-Jan-2014, at 9:56 AM, Radhika Puthiyetath 
 wrote:

> We have the UI item coming up for this feature: 
> https://issues.apache.org/jira/browse/CLOUDSTACK-5966
> 
> 
> 
> -Original Message-
> From: Sanjeev Neelarapu [mailto:sanjeev.neelar...@citrix.com] 
> Sent: Tuesday, January 14, 2014 11:05 AM
> To: d...@cloudstack.apache.org; users@cloudstack.apache.org
> Subject: RE: [Doc] [4.3] Service Monitoring Tool for Virtual Router for 
> Review [CLOUDSTACK-5292]
> 
> Hi David,
> 
> As you said the tool runs in the background and is not exposed to the 
> administrator at-least in 4.3.
> 
> -Sanjeev
> 
> -Original Message-
> From: David Nalley [mailto:da...@gnsa.us] 
> Sent: Monday, January 13, 2014 7:59 PM
> To: users@cloudstack.apache.org
> Cc: d...@cloudstack.apache.org
> Subject: Re: [Doc] [4.3] Service Monitoring Tool for Virtual Router for 
> Review [CLOUDSTACK-5292]
> 
> Hi Radhika:
> 
> So I read this section and while the documentation is clear on what it does; 
> it's not clear on how I use it. If it isn't intended to be exposed to the 
> administrator and just runs in the background like so many things in 
> CloudStack does already, why document it at all in the admin guide? Why I 
> read that there is a monitoring tool it instantly makes me want to go check 
> status, so that I know that I can verify status if something goes awry.
> 
> --David
> 
> On Mon, Jan 13, 2014 at 1:02 AM, Radhika Puthiyetath 
>  wrote:
>> Hi,
>> 
>> 4.3 Documentation is getting ready to be reviewed. I have prepared the first 
>> draft for the feature, Enhanced Upgrade for Virtual Router.
>> 
>> Please see section 16.5.4. Service Monitoring Tool for Virtual Router, and 
>> let me know your feedback.
>> 
>> 1.The documentation is uploaded at 
>> https://issues.apache.org/jira/browse/ 
>> CLOUDSTACK-5292
>> 2.
>> 
>> Regards
>> -Radhika

Re: Need help with advanced zone/2 nics

[Jayapal Reddy Uradi]

Check your VM IP, default gateway, Is gateway set to router ip ?
If router is really blocking traffic, check the router iptables rules.

Thanks,
Jayapal

On 25-Jan-2014, at 1:59 AM, Derek Cole  wrote:

> To update anyone following:
> 
> I have verified that my switch ports are correct and that both nics are
> plugged into the the 203 vlan. When I was checking this out, I actually
> changed the vlan of the storage network to be 203 (from 200) because I
> think 200 was incorrect.
> 
> Everything else was the same. I can still ping and connect out from the VR,
> SSVM and that other system VM, but I cannot get out from the guest VMs.
> When I do a traceroute to an external interface, the last hop is the VR.
> When I try to do a ping or something I get Destination Host unreachable.
> 
> Still at a loss here as to what is going wrong.
> 
> 
> On Fri, Jan 24, 2014 at 8:47 AM, Derek Cole  wrote:
> 
>> I saw those egress rules and I set it to allow all. If I try to ping
>> out, I can see the request going through all of my system vms and the
>> VR. Does this imply that this setup is correct and maybe I have some
>> vlan problem on my switch?
>> 
>> Sent from my Windows Phone From: Sanjeev Neelarapu
>> Sent: 1/23/2014 11:59 PM
>> To: users@cloudstack.apache.org
>> Subject: RE: Need help with advanced zone/2 nics
>> Hi,
>> 
>> If you have used the default network offering
>> (DefaultIsolatedNetworkOfferingWithSourceNatService) to create the
>> guest network then by default egress traffic is blocked because the
>> egress default policy is set to denied in the default offering.
>> You may need to allow the required traffic using egress rules.
>> 
>> Thanks,
>> Sanjeev
>> 
>> -Original Message-
>> From: Derek Cole [mailto:derek.c...@gmail.com]
>> Sent: Friday, January 24, 2014 5:13 AM
>> To: users@cloudstack.apache.org
>> Subject: Need help with advanced zone/2 nics
>> 
>> Hello,
>> 
>> I have attempted to set up an advanced zone, using xenserver, and
>> giving my guest vm's their own CIDR of 192.168.0.0/24
>> 
>> I have two physical networks, and one of them i called "management"
>> and one i called "traffic"
>> 
>> I put public and guest traffic on "traffic" and storage and management
>> on "management"
>> 
>> My guest VM's get one network, which gives them an address from that
>> 192.168.0.0 network, and they can ping each other. My virtual router
>> has an internet connection and can ping out to the internet. What is
>> failing is gaining internet access from my guest VM's.
>> The VR gets 3 connections, a cloud_link_local_network, and an IP from
>> my public CIDR, and an IP from my guest CIDR.
>> 
>> It almost seems as if the VR isnt routing/NATing traffic to the
>> outside world from the guest VM's. Can anyone tell me what may be
>> wrong with my scenario?
>> 
>> Pertinent info:
>> 
>> storage range; 10.20.0.20-30 gw 10.20.0.1 vlan 200 Management range:
>> 10.20.4.15-24 gw 10.20.4.1 public range: 10.20.4.25-254 vlan 203 gw
>> 10.20.4.1 guest VLAN range 203-203
>> 
>> networks 10.20.0/24 and 10.20.4/24 are my enterprise networks that
>> provide connectivity out to the world.
>> 
>> Any insight is appreciated. THis is my first attempt at an advanced
>> network after getting a simpler basic network up and going
>> 

Re:[SOLVED] Weird IP address allocation in 4.3

[Jayapal Reddy Uradi]

+users

On 24-Jan-2014, at 2:38 AM, Ahmad Emneina  wrote:

> blasted vlans and the trunks they rhode in on! :) glad all is well.
> 
> 
> On Thu, Jan 23, 2014 at 10:45 AM, Mike Tutkowski <
> mike.tutkow...@solidfire.com> wrote:
> 
>> I asked one of our IT guys to look into this. He determined a port was in
>> the wrong VLAN and that's how my VM got an IP address from a different DHCP
>> server.
>> 
>> No CloudStack issue here. :)
>> 
>> Thanks
>> 
>> 
>> On Wed, Jan 22, 2014 at 11:05 PM, Mike Tutkowski <
>> mike.tutkow...@solidfire.com> wrote:
>> 
>>> That is an interesting possibility. Thanks, guys
>>> 
>>> 
>>> On Wed, Jan 22, 2014 at 10:59 PM, Ahmad Emneina wrote:
>>> 
>>>> Mike, you might have another machine serving up DHCP on that network. If
>>>> thats the case get it to ignore cloudstack assigned mac addresses (06
>>>> prefix).
>>>> 
>>>> 
>>>> On Wed, Jan 22, 2014 at 9:53 PM, Mike Tutkowski <
>>>> mike.tutkow...@solidfire.com> wrote:
>>>> 
>>>>> Hi Jayapal,
>>>>> 
>>>>> That table has 8 rows and includes IP addresses from 192.168.128.23 to
>>>>> 192.168.128.30 (which should be correct).
>>>>> 
>>>>> Thanks
>>>>> 
>>>>> 
>>>>> On Wed, Jan 22, 2014 at 10:49 PM, Jayapal Reddy Uradi <
>>>>> jayapalreddy.ur...@citrix.com> wrote:
>>>>> 
>>>>>> Hi Mike,
>>>>>> 
>>>>>> Can you please check the db table user_ip_address to see what are
>>>> the ips
>>>>>> addresses are there.
>>>>>> IP will be picked from this table.
>>>>>> 
>>>>>> Thanks,
>>>>>> Jayapal
>>>>>> 
>>>>>> On 23-Jan-2014, at 10:35 AM, Mike Tutkowski <
>>>>> mike.tutkow...@solidfire.com>
>>>>>> wrote:
>>>>>> 
>>>>>>> Slight correction (this may have been obvious from one of my screen
>>>>>> shots):
>>>>>>> The VM with the address outside of the range I gave to CloudStack
>>>> is
>>>>> in a
>>>>>>> XenServer cluster.
>>>>>>> 
>>>>>>> 
>>>>>>> On Wed, Jan 22, 2014 at 10:03 PM, Mike Tutkowski <
>>>>>>> mike.tutkow...@solidfire.com> wrote:
>>>>>>> 
>>>>>>>> The IP address that CloudStack says is assigned to VM i-2-11-VM
>>>>>>>> (192.168.128.28) does not appear to be assigned to any VM in the
>>>>> system
>>>>>>>> (user or system VM).
>>>>>>>> 
>>>>>>>> 
>>>>>>>> On Wed, Jan 22, 2014 at 9:59 PM, Mike Tutkowski <
>>>>>>>> mike.tutkow...@solidfire.com> wrote:
>>>>>>>> 
>>>>>>>>> Hi,
>>>>>>>>> 
>>>>>>>>> I was wondering if someone who deals with networking in
>>>> CloudStack
>>>>>> might
>>>>>>>>> know something about this.
>>>>>>>>> 
>>>>>>>>> I have a development setup with one zone, one pod, and three
>>>> clusters
>>>>>>>>> (one VMware, one XenServer, and one KVM).
>>>>>>>>> 
>>>>>>>>> The IP addresses I've given to CloudStack span from
>>>> 192.168.128.20 to
>>>>>>>>> 192.168.128.30 (just 11 addresses).
>>>>>>>>> 
>>>>>>>>> http://i.imgur.com/3SAn98W.png
>>>>>>>>> 
>>>>>>>>> http://i.imgur.com/cZ1pLun.png
>>>>>>>>> Somehow one of my VMs was assigned the IP address 192.168.128.118
>>>>>>>>> (outside of the range above).
>>>>>>>>> 
>>>>>>>>> http://imgur.com/TeRMEf9
>>>>>>>>> The zone is using basic networking.
>>>>>>>>> 
>>>>>>>>> The issue is in my VMware cluster (two hosts in this cluster).
>>>>>>>>> 
>>>>>>>>> Thanks!
>>>>>>>>> 
>>>>>>>>> --
>>>>>>>>> *Mike Tutkowski*
>>>>>>>>> *Senior CloudStack Developer, SolidFire Inc.*
>>>>>>>>> e: mike.tutkow...@solidfire.com
>>>>>>>>> o: 303.746.7302
>>>>>>>>> Advancing the way the world uses the cloud<
>>>>>> http://solidfire.com/solution/overview/?video=play>
>>>>>>>>> *™*
>>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> --
>>>>>>>> *Mike Tutkowski*
>>>>>>>> *Senior CloudStack Developer, SolidFire Inc.*
>>>>>>>> e: mike.tutkow...@solidfire.com
>>>>>>>> o: 303.746.7302
>>>>>>>> Advancing the way the world uses the cloud<
>>>>>> http://solidfire.com/solution/overview/?video=play>
>>>>>>>> *™*
>>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> --
>>>>>>> *Mike Tutkowski*
>>>>>>> *Senior CloudStack Developer, SolidFire Inc.*
>>>>>>> e: mike.tutkow...@solidfire.com
>>>>>>> o: 303.746.7302
>>>>>>> Advancing the way the world uses the
>>>>>>> cloud<http://solidfire.com/solution/overview/?video=play>
>>>>>>> *™*
>>>>>> 
>>>>>> 
>>>>> 
>>>>> 
>>>>> --
>>>>> *Mike Tutkowski*
>>>>> *Senior CloudStack Developer, SolidFire Inc.*
>>>>> e: mike.tutkow...@solidfire.com
>>>>> o: 303.746.7302
>>>>> Advancing the way the world uses the
>>>>> cloud<http://solidfire.com/solution/overview/?video=play>
>>>>> *™*
>>>>> 
>>>> 
>>> 
>>> 
>>> 
>>> --
>>> *Mike Tutkowski*
>>> *Senior CloudStack Developer, SolidFire Inc.*
>>> e: mike.tutkow...@solidfire.com
>>> o: 303.746.7302
>>> Advancing the way the world uses the 
>>> cloud<http://solidfire.com/solution/overview/?video=play>
>>> *™*
>>> 
>> 
>> 
>> 
>> --
>> *Mike Tutkowski*
>> *Senior CloudStack Developer, SolidFire Inc.*
>> e: mike.tutkow...@solidfire.com
>> o: 303.746.7302
>> Advancing the way the world uses the 
>> cloud<http://solidfire.com/solution/overview/?video=play>
>> *™*
>> 

Re: DHCP entry fails to apply on the latest master

[Jayapal Reddy Uradi]

+users

When ever we see the error 'Unable to contact resource', I suggest to check the 
host agent logs (for xen /var/log/SMlog).
It will give you idea of what is going wrong from the router. Most of times 
there could be script execution failures.

Adding command to clean up tags on xenserver
xe host-param-clear param-name=tags uuid=[uuid]

-Jayapal

On 22-Jan-2014, at 12:49 AM, Alena Prokharchyk  
wrote:

> To fix it, you should cleanup the tags on your xen host, so the MS will
> copy the newest ISO there.
> 
> Sheng, thank you for helping to debug it.
> 
> -Alena.
> 
> On 1/21/14, 11:09 AM, "Nitin Mehta"  wrote:
> 
>> I also face this issue. Here is the snippet of logs. Please let me know if
>> you need any other info.
>> 
>> 2014-01-21 10:52:46,909 INFO  [c.c.v.VirtualMachineManagerImpl]
>> (Job-Executor-1:ctx-57a7ba8c ctx-933fbba1) Unable to contact resource.
>> com.cloud.exception.ResourceUnavailableException: Resource [DataCenter:1]
>> is unreachable: Unable to apply dhcp entry on router
>>   at 
>> com.cloud.network.router.VirtualNetworkApplianceManagerImpl.applyRules(Vir
>> t
>> ualNetworkApplianceManagerImpl.java:3826)
>>   at 
>> com.cloud.network.router.VirtualNetworkApplianceManagerImpl.applyDhcpEntry
>> (
>> VirtualNetworkApplianceManagerImpl.java:2956)
>>   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>   at 
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
>> 3
>> 9)
>>   at 
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorIm
>> p
>> l.java:25)
>>   at java.lang.reflect.Method.invoke(Method.java:597)
>> 
>> 
>> 
>> 
>> 
>> 
>> On 21/01/14 11:01 AM, "Alena Prokharchyk" 
>> wrote:
>> 
>>> I¹ve deployed the latest master code, re-deployed the DB and uploaded new
>>> system templates with 4.3 version. After that, UserVm fails to start
>>> because DHCP entry fails to apply on the VR.
>>> Its a xen host deployment, and I¹ve tested that ssh to the VR works just
>>> fine. Sheng, can you please take a look? It happened on a couple of
>>> setups.
>>> 
>>> -Alena.
>> 
> 

Re: Change of guest IP address

[Jayapal Reddy Uradi]

Hi,

There is no other way to change the ip.
If you want specific IP for the VM, you can get secondary ip  in vm NICs page 
and configure it on the VM.

Thanks,
Jayapal


On 19-Dec-2013, at 3:58 PM, Andrei Mikhailovsky  wrote:

> Do you know if there is an easier way? Like via the api calls or the 
> cloudmonkey command? Or is it currently the only way?
> 
> 
> - Original Message -
> From: "Jayapal Reddy Uradi" 
> To: "" 
> Sent: Thursday, 19 December, 2013 9:25:05 AM
> Subject: Re: Change of guest IP address
> 
> Hi,
> 
> If your VM is in isolated network please do the following
> 
> 1. edit the nics table ip4_address column for your instance_id to new ip.
> 2. login to the router corresponds to the network and replace old ip with new 
> ip in below files.
>  a.  /var/lib/misc/dnsmasq.leases
>  b.  /etc/dhcphosts.txt
> 3. restart the dnsmasq in router (service dnsmasq restart)
> 4. Reboot the VM or restart the network service in Vm so that VM gets the new 
> ip from the dhcp.  
> 
> Thanks,
> Jayapal
> 
> On 19-Dec-2013, at 2:27 PM, Andrei Mikhailovsky 
> wrote:
> 
>> Hello guys,
>> 
>> Could some one tell me how to change the IP address of a guest vm? It has 
>> been assigned by default by dhcp router and I would like to change it. I 
>> know how to create a new vm with a specified IP address using cloudmonkey, 
>> but I couldn't find a way of changing the IP for the existing vm.
>> 
>> Cheers
>> 
>> Andrei
>