Re: Roles permission

[Nux]

For completion:

https://cloudstack.apache.org/blog/security-release-advisory-4.19.1.1-4.18.2.3/
https://www.cve.org/CVERecord?id=CVE-2024-4

On 2024-10-02 09:48, Wei ZHOU wrote:

Hi,

Can you upgrade to 4.19.1.1 ?


-Wei


On Wed, Oct 2, 2024 at 10:11 AM Alessandro Caviglione <
c.alessan...@gmail.com> wrote:


Hi,
I'm running ACS 4.19.1 and I see something strange with roles.
In the doc I read this for domain admin role:
Domain administrators can perform administrative operations for Users 
who
belong to that domain. Domain administrators do not have visibility 
into

physical servers or other domains.

I've created some domains and one Domain Admin accounts for each 
domain,
BUT users under domain admin account CAN SEE all other domains 
networks and

instances, why??

Re: PCI Slot changes for hot plugged devices after reboot/restart of VM

[Nux]

What OS are you on?
How does your network config look like?

On 2024-10-01 23:23, sai wrote:

Hi @Nux,
Thanks for responding.
If I have static ip assigned to nic, then the connection is lost, can 
you

please help me on how to lock in udev.

On Tue, Oct 1, 2024 at 4:57 PM Nux  wrote:


I think this is pretty "normal", the NICs are never set in stone which
is why it's always good to lock them down in udev etc if it's 
important.

How is this affecting you?

On 2024-10-01 19:21, sai wrote:
> Hi All,
>
> Any pointer on this Please.
>
> FIRST NIC
> 
> 
> 
> 
> 
> 
> 
>  function='0x0'/>
> 
>
> HOTADD NIC
> 
> 
> 
> 
> 
> 
> 
>  function='0x0'/>
> 
>
>
>
> NIC After Reboot
> FIRST NIC
> 
> 
> 
> 
> 
> 
> 
>  function='0x0'/>
> 
>
> HOTADD NIC1
> 
> 
> 
> 
> 
> 
> 
>  function='0x0'/>
> 
>
>
> can anyone please help what might be the issue here.
>
>
> Regards,
>
> sai
>
> On Wed, Jul 31, 2024 at 2:00 PM sai  wrote:
>
>>
>> Hi All,
>>
>> I am using cloudstack 4.15 +KVM and I noticed that after reboot of vm
>> the
>> PCI slot of hot plugged nic or disk changes for windows and linux
>> systems.
>> Is there any change need to be done to overcome this issue?
>>
>> Thanks,
>> sai
>>

Re: PCI Slot changes for hot plugged devices after reboot/restart of VM

[Nux]

I think this is pretty "normal", the NICs are never set in stone which 
is why it's always good to lock them down in udev etc if it's important.

How is this affecting you?

On 2024-10-01 19:21, sai wrote:

Hi All,

Any pointer on this Please.

FIRST NIC







function='0x0'/>



HOTADD NIC







function='0x0'/>





NIC After Reboot
FIRST NIC







function='0x0'/>



HOTADD NIC1







function='0x0'/>




can anyone please help what might be the issue here.


Regards,

sai

On Wed, Jul 31, 2024 at 2:00 PM sai  wrote:



Hi All,

I am using cloudstack 4.15 +KVM and I noticed that after reboot of vm 
the
PCI slot of hot plugged nic or disk changes for windows and linux 
systems.

Is there any change need to be done to overcome this issue?

Thanks,
sai

Re: Public IP on instances

[Nux]

I thought the traffic usage is taken from the hypervisor, for the VM's 
NIC.
Btw, you can also use L2 networks, may be more flexible and economic 
(with IPv4 usage).


On 2024-10-01 10:24, Alexandru Stan wrote:

Hi everyone,

I have a specific scenario with ACS that I'm not sure how to approach, 
maybe someone here can share a solution/workaround. As far as I know, 
the only way to have a public ip directly assigned to a vm (I mean on 
the vm's network adapter) is to use a shared network. But in this case 
all users would share one router and I wouldn't be able to track 
network usage individually, correct? Is there any other way to do this 
AND have traffic usage at vm/user level? Creating multiple shared 
networks is not an option, it would require constant monitoring of the 
routers to keep track of ip usage and so on.


Thank you!

Re: Public IP on instances

[Nux]

Forgot to link the pr:
https://github.com/apache/cloudstack/pull/9415/

On 2024-10-01 14:59, Nux wrote:
That's a good approach, one can also use Prometheus with the libvirt 
exporter and can get per-vm & per-NIC stats that way.


Worth mentioning that 4.20 will bring Security Groups in Shared 
Networks (in regular Advanced Zones!), thus simplifying somewhat 
people's lives in similar situations, as far as IPv4 usage is 
concerned, you can more easily share a subnet with many customers, not 
having to worry they'll spoof addresses etc.


On 2024-10-01 13:39, Stephan Bienek wrote:
We are using L2 networks with for example a /29 public subnet for the 
customer network as well, as Lucian mentioned it.


This approach and quite a few other use cases i will share during my 
talk at CCC 2024 in Madrid.


As an alternative to the L2 /29 approach, which is not the most 
efficient approach if you only need a single IP, you could use a 
Shared Network with specify VLAN, without VR and tell the customer 
which single IP to use.
In order to make sure no customer is using "wrong" IPs, be sure to use 
the approach Alex Mattioli mentioned once - creating fixed MAC-IP 
entries on your routers.


We combine the L2 network approach with what Swen mentioned, 
collecting netflow data from routers via open source "pmacct" for 
traffic accounting.
This could help to get per-customer (or per-IP) accounting data even 
when using one shared VR.


Best regards,
Stephan

Wei ZHOU  hat am 01.10.2024 14:11 CEST 
geschrieben:



+1 with what Lucian said.

Please update the value of global setting "vm.network.stats.interval" 
(by

default 0), and restart mgmt server.
then you can get network statistics of each nic on shared networks.

-Wei

On Tue, Oct 1, 2024 at 1:47 PM Nux  wrote:

> I thought the traffic usage is taken from the hypervisor, for the VM's
> NIC.
> Btw, you can also use L2 networks, may be more flexible and economic
> (with IPv4 usage).
>
> On 2024-10-01 10:24, Alexandru Stan wrote:
> > Hi everyone,
> >
> > I have a specific scenario with ACS that I'm not sure how to approach,
> > maybe someone here can share a solution/workaround. As far as I know,
> > the only way to have a public ip directly assigned to a vm (I mean on
> > the vm's network adapter) is to use a shared network. But in this case
> > all users would share one router and I wouldn't be able to track
> > network usage individually, correct? Is there any other way to do this
> > AND have traffic usage at vm/user level? Creating multiple shared
> > networks is not an option, it would require constant monitoring of the
> > routers to keep track of ip usage and so on.
> >
> > Thank you!
>

Re: CS in HA

[Nux]

All management servers (if that's what you mean by "node") must have 
access to all secondary storages.


On 2024-10-01 09:18, Francisco Arencibia Quesada wrote:

Good morning guys,

I have a CloudStack setup in HA with 3 nodes, and we have a load 
balancer

in front of them using HAProxy. Do all these nodes behave as masters? I
notice that only the first node has access to the storage. If that one 
goes
down and the others don't have access to the storage, I might face a 
big
problem. The other CloudStack nodes should have a network connection to 
the

storage to be able to mount it.

Thank you all in advance

Re: Public IP on instances

[Nux]

That's a good approach, one can also use Prometheus with the libvirt 
exporter and can get per-vm & per-NIC stats that way.


Worth mentioning that 4.20 will bring Security Groups in Shared Networks 
(in regular Advanced Zones!), thus simplifying somewhat people's lives 
in similar situations, as far as IPv4 usage is concerned, you can more 
easily share a subnet with many customers, not having to worry they'll 
spoof addresses etc.


On 2024-10-01 13:39, Stephan Bienek wrote:
We are using L2 networks with for example a /29 public subnet for the 
customer network as well, as Lucian mentioned it.


This approach and quite a few other use cases i will share during my 
talk at CCC 2024 in Madrid.


As an alternative to the L2 /29 approach, which is not the most 
efficient approach if you only need a single IP, you could use a Shared 
Network with specify VLAN, without VR and tell the customer which 
single IP to use.
In order to make sure no customer is using "wrong" IPs, be sure to use 
the approach Alex Mattioli mentioned once - creating fixed MAC-IP 
entries on your routers.


We combine the L2 network approach with what Swen mentioned, collecting 
netflow data from routers via open source "pmacct" for traffic 
accounting.
This could help to get per-customer (or per-IP) accounting data even 
when using one shared VR.


Best regards,
Stephan

Wei ZHOU  hat am 01.10.2024 14:11 CEST 
geschrieben:



+1 with what Lucian said.

Please update the value of global setting "vm.network.stats.interval" 
(by

default 0), and restart mgmt server.
then you can get network statistics of each nic on shared networks.

-Wei

On Tue, Oct 1, 2024 at 1:47 PM Nux  wrote:

> I thought the traffic usage is taken from the hypervisor, for the VM's
> NIC.
> Btw, you can also use L2 networks, may be more flexible and economic
> (with IPv4 usage).
>
> On 2024-10-01 10:24, Alexandru Stan wrote:
> > Hi everyone,
> >
> > I have a specific scenario with ACS that I'm not sure how to approach,
> > maybe someone here can share a solution/workaround. As far as I know,
> > the only way to have a public ip directly assigned to a vm (I mean on
> > the vm's network adapter) is to use a shared network. But in this case
> > all users would share one router and I wouldn't be able to track
> > network usage individually, correct? Is there any other way to do this
> > AND have traffic usage at vm/user level? Creating multiple shared
> > networks is not an option, it would require constant monitoring of the
> > routers to keep track of ip usage and so on.
> >
> > Thank you!
>

Re: How we can use multiple secondary storage?

[Nux]

Is that server also your primary storage? Otherwise it does not makes 
sense, once a hypervisor launches a VM from a template, then subsequent 
deployments from that same template will not touch the secondary storage 
at all since it is there already.

What primary storage are you using?

Anyway, a regular linux filesystem will not slow down when it reaches 
80%. Are you using ZFS or something?


On 2024-09-30 10:55, Sanjay Kumar wrote:

Hi Nux,

Due to secondary storage utilization is 80% the vm create taking more
than expect time to create the vm.

On Mon, Sep 30, 2024 at 3:19 PM Nux  wrote:


It should be possible to increase the space on the current secondary

storage, if your hardware/circumstances allow that, possibly least
hassle solution.
You can also add another one and Cloudstack will prefer the one that
is
most "free", but I do not think there are hard guarantees, so do
test.
If the old sec storage gets too full, you could try to disable it,
this
should prevent Cloudstack from saving any more new stuff on it.

On 2024-09-30 10:38, Sanjay Kumar wrote:

Hi Nux,

Thanks for the quick response.

I did not try in my infra, one secondary storage is running with

80%

utilization and I want to add another in the same infra. Is it

possible

to
add a second secondary storage or increase the existing one?

Thank you


On Mon, Sep 30, 2024 at 2:47 PM Nux  wrote:


Yes, of course. Did you try and it didn't work?

What are you trying to achieve?

On 2024-09-30 09:24, Sanjay Kumar wrote:

Hell0!,

Is there any option to use multiple secondary storage in infra?

Any help would be really appreciated. Thank you!

Thank you!

Regards,
SK

Re: How we can use multiple secondary storage?

[Nux]

It should be possible to increase the space on the current secondary 
storage, if your hardware/circumstances allow that, possibly least 
hassle solution.
You can also add another one and Cloudstack will prefer the one that is 
most "free", but I do not think there are hard guarantees, so do test.
If the old sec storage gets too full, you could try to disable it, this 
should prevent Cloudstack from saving any more new stuff on it.




On 2024-09-30 10:38, Sanjay Kumar wrote:

Hi Nux,

Thanks for the quick response.

I did not try in my infra, one secondary storage is running with 80%
utilization and I want to add another in the same infra. Is it possible 
to

add a second secondary storage or increase the existing one?

Thank you


On Mon, Sep 30, 2024 at 2:47 PM Nux  wrote:


Yes, of course. Did you try and it didn't work?

What are you trying to achieve?

On 2024-09-30 09:24, Sanjay Kumar wrote:
> Hell0!,
>
> Is there any option to use multiple secondary storage in infra?
>
> Any help would be really appreciated. Thank you!
>
> Thank you!
>
> Regards,
> SK

Re: How we can use multiple secondary storage?

[Nux]

Yes, of course. Did you try and it didn't work?

What are you trying to achieve?

On 2024-09-30 09:24, Sanjay Kumar wrote:

Hell0!,

Is there any option to use multiple secondary storage in infra?

Any help would be really appreciated. Thank you!

Thank you!

Regards,
SK

Re: KMV disable hotplug

[Nux]

It's a known Windows issue, if we can call it that.
Hotplug is a very valid and useful feature, but perhaps showing it so 
easily in the taskbar can confuse certain users.

It can be "fixed" with regedit.

Random search results (it's about the same issue on VMWare):
https://www.v-front.de/2014/02/various-ways-to-address-safely-remove.html 
- check point 4 (or 3)

https://helgeklein.com/blog/removing-eject-vmware-virtual-disk-scsi-disk-device/

On 2024-09-27 05:36, Rohit Yadav wrote:

Hi Mat,

This sounds like an OS issue, I think you can explore if there's 
something in your template you can configure to disable users from 
unplugging.


Since 4.17 is old now, there's perhaps something in the extraconfig you 
can pass but you'll need to investigate if libvirt/kvm has any 
confgiuration to disable hot-plugin feature  and then use extraconfig 
[1]. That said, I wouldn't advise you to explore this, just explore if 
you can the OS.


[1] 
https://www.shapeblue.com/cloudstack-feature-first-look-enable-sending-of-arbitrary-configuration-data-to-vms/



Regards.





From: Matthew Ritchie 
Sent: Tuesday, September 24, 2024 19:22
To: users@cloudstack.apache.org 
Subject: KMV disable hotplug

Hi all,

I am using KVM with Cloudstack 4.17.2.

When a windows vm is created the virtIO devices appear at the taskbar 
as

available to unplug.

Is there a way to disable hotplug functionality or another way to 
restrict

hot-unplugging?

regards
Mat

Re: Database HA in Cloudstack 4.15.2

[Nux]

AFAIK this functionality is currently broken.
You can work around it by using haproxy and/or keepalived/vip in front 
of the DB service.




On 2024-09-25 23:24, Sean Lair wrote:
Did you ever get this working Frederic?  This used to work for us, but 
during some update (not sure at the moment which one) the mysql-ha 
stopped failing over.


-Original Message-
From: Frederic Larcher 
Sent: Tuesday, May 30, 2023 6:07 AM
To: users@cloudstack.apache.org
Subject: RE: Database HA in Cloudstack 4.15.2


Hi Simon,

I have installed the cloudstack-mysql-ha package after converted it to 
a Debian package. I can see the jar file in the 
/usr/share/cloudstack-management/lib/ folder 
(cloud-plugin-database-mysqlha-4.15.2.0.jar), but I can't see any 
mention of it in the logs when restarting the cloudstack-management 
service. Is there another step that need to be done?



-Original Message-
From: Simon Weller 
Sent: Friday, May 26, 2023 3:36 PM
To: users@cloudstack.apache.org
Subject: Re: Database HA in Cloudstack 4.15.2

Hi Frederic,

First of all, have you installed the cloudstack-mysql-ha package? If 
so, can you look through the logs on cloudstack-management startup, and 
check to see whether the jar is being loaded?


-Si

On Fri, May 26, 2023 at 3:27 AM Frederic Larcher 
 wrote:



Hi,

I am trying to configure HA with 2 Mysql servers in Cloudstack 4.15.2.
Both DB servers are configured as master-master, and the db.properties
file has been updated:

--
# High Availability And Cluster Properties db.ha.enabled=true
db.ha.loadBalanceStrategy=com.cloud.utils.db.StaticStrategy
# cloud stack Database
db.cloud.slaves=10.10.10.20
db.cloud.autoReconnect=true
db.cloud.failOverReadOnly=false
db.cloud.reconnectAtTxEnd=true
db.cloud.autoReconnectForPools=true
db.cloud.secondsBeforeRetryMaster=3600
db.cloud.queriesBeforeRetryMaster=5000
db.cloud.initialTimeout=3600

#usage Database
db.usage.slaves=10.10.10.20
db.usage.autoReconnect=true
db.usage.failOverReadOnly=false
db.usage.reconnectAtTxEnd=true
db.usage.autoReconnectForPools=true
db.usage.secondsBeforeRetryMaster=3600
db.usage.queriesBeforeRetryMaster=5000
db.usage.initialTimeout=3600



When I stop the mysql service or disable the NIC to stop connectivity,
Cloudstack does not use the second mysql server. The UI keeps loading,
and the management service cannot be restarted. I am getting these
logs on the management server:

--
Unable to keep the db connection for LockMaster1
java[358521]: java.sql.SQLNonTransientConnectionException: Server
shutdown in progress
java[358521]: at
com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:110)
java[358521]: at
com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:97)
java[358521]: at
com.mysql.cj.jdbc.exceptions.SQLExceptionsMapping.translateException(SQLExceptionsMapping.java:122)
java[358521]: at
com.mysql.cj.jdbc.ClientPreparedStatement.executeInternal(ClientPreparedStatement.java:953)
java[358521]: at
com.mysql.cj.jdbc.ClientPreparedStatement.executeQuery(ClientPreparedStatement.java:1003)
java[358521]: at
jdk.internal.reflect.GeneratedMethodAccessor15.invoke(Unknown Source)
java[358521]: at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
java[358521]: at
java.base/java.lang.reflect.Method.invoke(Method.java:566)
java[358521]: at
com.mysql.cj.jdbc.ha.MultiHostConnectionProxy$JdbcInterfaceProxy.invoke(MultiHostConnectionProxy.java:108)
java[358521]: at
com.mysql.cj.jdbc.ha.FailoverConnectionProxy$FailoverJdbcInterfaceProxy.invoke(FailoverConnectionProxy.java:98)
java[358521]: at com.sun.proxy.$Proxy25.executeQuery(Unknown
Source)
java[358521]: at
org.apache.commons.dbcp2.DelegatingPreparedStatement.executeQuery(DelegatingPreparedStatement.java:122)
java[358521]: at
org.apache.commons.dbcp2.DelegatingPreparedStatement.executeQuery(DelegatingPreparedStatement.java:122)
java[358521]: at
com.cloud.utils.db.ConnectionConcierge$ConnectionConciergeManager.testValidity(ConnectionConcierge.java:148)
java[358521]: at
com.cloud.utils.db.ConnectionConcierge$ConnectionConciergeManager$1.runInContext(ConnectionConcierge.java:203)
java[358521]: at
org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:48)
java[358521]: at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:55)
java[358521]: at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:102)
java[358521]: at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:52)
java[358521]: at
org.apache.cloudsta

Re: [Proposal] Disable API (apikey/secret-key) for users, accounts and domains

[Nux]

Alright, thanks for clarifying.
It would have been nice to be able to disallow API access completely to 
certain users, but this would also kill UI access for them. :/



On 2024-09-25 10:46, Rohit Yadav wrote:
Potential use-cases could be when there are organisations who want to 
disable API-based access using external auth integrations like LDAP, 
SAML or OAuth2. In such setups, sometimes when a user leaves the org - 
admins would block the auth from the external system (LDAP/SAML etc.) 
but they may continue to use API/secret-key based access. Granular 
control would also allow admins to implement their org-specific control 
and needs.



Regards.





From: Abhisar Sinha 
Sent: Wednesday, September 25, 2024 14:17
To: users@cloudstack.apache.org ; 
d...@cloudstack.apache.org 
Subject: Re: [Proposal] Disable API (apikey/secret-key) for users, 
accounts and domains


That's right.
This will be useful for cases where 3rd Party authentication mechanisms 
are used instead of username-password based.


Thanks,
Abhisar




From: Nux 
Sent: Wednesday, September 25, 2024 5:02 AM
To: users@cloudstack.apache.org 
Cc: d...@cloudstack.apache.org 
Subject: Re: [Proposal] Disable API (apikey/secret-key) for users, 
accounts and domains


Hi,

Seems like a nice idea, but one can still access the API with the user
and password right? So what exactly are we achieving?

On 2024-09-24 09:03, Abhisar Sinha wrote:

Hi All,

I am working on this feature where Root Admin will get the option to
disable Api key/ Secret key based access for a User, Account, or a
Domain.
Api keys are primarily used for automation. It is the primary
authorization mechanism used by automation when password-based access
is not used.
This feature will be useful for Root Admins who may want to block
certain users/accounts from using them. Or the Admin may want to
disable Api key access for the whole domain and allow only for certain
users.

I've created a spec here :
https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=323488155
Your comments and suggestions are greatly appreciated.

Thanks,
Abhisar

Re: VNC console on multiple zones

[Nux]

The IP of the CPVM doesn't need to be the same, that's the "beauty" of 
using dynamic URLs, it will use whatever IP is available in the pool.
You can set up a dedicated range for system VMs, but not pin a 
particular IP to a CPVM because you must be able to freely destroy it at 
any time and also based on load Cloudstack will spawn NEW VMs to address 
it, so you can have multiple CPVMs, so it's best for them to each have 
their own automatic URL based on the IP.


Your dependencies for the above to work correctly are:
1 - wildcard certificate *.domain.tld
2 - dns resolution 185-163-105-x.domain.tld to 185.163.105.x (this needs 
to apply to the range of public IPs that you reserved for the system 
VMs)


HTH

On 2024-09-25 10:02, Alexandru Stan wrote:
Yes, it works that way. There are a couple of downsides to this, as the 
cp ip's must always be the same (no idea where to create a reservation 
for it) and the public ip is clearly visible in the url. But if this is 
the only way I guess I don't have a choice.


Thank you!

-Original Message-
From: Nux 
Sent: Tuesday, September 24, 2024 11:00 PM
To: users@cloudstack.apache.org
Subject: Re: VNC console on multiple zones

Cloudstack will generate a hostname of the following type:
185-163-105-5.domain.tld - assuming the IP the CPVM gets is 
185.163.105.5.


Does it make sense?

This implies that for the systemvm public IP range you will need to 
generate A records similar to the above.


On 2024-09-24 11:09, Alexandru Stan wrote:

Hi,

I think I tried that at some point, setting the url as wildcard in the
manager config, but I don't remember if this uses the console proxy
ip.domain.com or the individual vm ip.domain.com.


-Original Message-
From: Nux 
Sent: Tuesday, September 24, 2024 2:01 AM
To: users@cloudstack.apache.org
Cc: Alexandru Stan 
Subject: Re: VNC console on multiple zones

Hi,

You want to employ dynamic URLs, so that they look like
192-168-100-10.domain.tld rather than console.domain.tld.

Check
https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/
and look for "Dynamic URL".

HTH

On 2024-09-23 21:24, Alexandru Stan wrote:

Hi all,

How does ACS handle vnc console for different zones under the same
manager? In the global config we can only set one URL for the
console, that means something like console.domain.com mapped to an ip
address in the dns zone. But what about other zones with different
public ips
- so different console system vm ip? One solution would obviously be
to have one manager per zone, but I doubt that ACS lets you create
multiple zones within one manager have different public ip ranges and
doesn't offer a way to have a global vnc console.

Thanks!

Re: [Proposal] Disable API (apikey/secret-key) for users, accounts and domains

[Nux]

Hi,

Seems like a nice idea, but one can still access the API with the user 
and password right? So what exactly are we achieving?


On 2024-09-24 09:03, Abhisar Sinha wrote:

Hi All,

I am working on this feature where Root Admin will get the option to 
disable Api key/ Secret key based access for a User, Account, or a 
Domain.
Api keys are primarily used for automation. It is the primary 
authorization mechanism used by automation when password-based access 
is not used.
This feature will be useful for Root Admins who may want to block 
certain users/accounts from using them. Or the Admin may want to 
disable Api key access for the whole domain and allow only for certain 
users.


I've created a spec here : 
https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=323488155

Your comments and suggestions are greatly appreciated.

Thanks,
Abhisar

Re: New PMC member: Suresh Anaparti

[Nux]

Congratulations, well deserved! :)

On 2024-09-18 11:51, Rohit Yadav wrote:

The Project Management Committee (PMC) for Apache CloudStack
has invited Suresh Anaparti to become a PMC member and we are pleased
to announce that they have accepted.

Suresh has contributed in the past and has shown effort to make the
project run smoothly. He also has served as the release manager for
CloudStack releases 4.16.1.0 and 4.19.1.0.

Please join me in congratulating Suresh

Regards,
Rohit Yadav

Re: VNC console on multiple zones

[Nux]

Cloudstack will generate a hostname of the following type:
185-163-105-5.domain.tld - assuming the IP the CPVM gets is 
185.163.105.5.


Does it make sense?

This implies that for the systemvm public IP range you will need to 
generate A records similar to the above.


On 2024-09-24 11:09, Alexandru Stan wrote:

Hi,

I think I tried that at some point, setting the url as wildcard in the 
manager config, but I don't remember if this uses the console proxy 
ip.domain.com or the individual vm ip.domain.com.



-Original Message-
From: Nux 
Sent: Tuesday, September 24, 2024 2:01 AM
To: users@cloudstack.apache.org
Cc: Alexandru Stan 
Subject: Re: VNC console on multiple zones

Hi,

You want to employ dynamic URLs, so that they look like 
192-168-100-10.domain.tld rather than console.domain.tld.


Check 
https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/

and look for "Dynamic URL".

HTH

On 2024-09-23 21:24, Alexandru Stan wrote:

Hi all,

How does ACS handle vnc console for different zones under the same
manager? In the global config we can only set one URL for the console,
that means something like console.domain.com mapped to an ip address
in the dns zone. But what about other zones with different public ips
- so different console system vm ip? One solution would obviously be
to have one manager per zone, but I doubt that ACS lets you create
multiple zones within one manager have different public ip ranges and
doesn't offer a way to have a global vnc console.

Thanks!

Re: VNC console on multiple zones

[Nux]

Hi,

You want to employ dynamic URLs, so that they look like 
192-168-100-10.domain.tld rather than console.domain.tld.


Check https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/ 
and look for "Dynamic URL".


HTH

On 2024-09-23 21:24, Alexandru Stan wrote:

Hi all,

How does ACS handle vnc console for different zones under the same 
manager? In the global config we can only set one URL for the console, 
that means something like console.domain.com mapped to an ip address in 
the dns zone. But what about other zones with different public ips - so 
different console system vm ip? One solution would obviously be to have 
one manager per zone, but I doubt that ACS lets you create multiple 
zones within one manager have different public ip ranges and doesn't 
offer a way to have a global vnc console.


Thanks!

Re: KVM | Alma Linux 9.4

[Nux]

Add the following to /etc/libvirt/libvirt.conf :
remote_mode="legacy"

Then restart services.

On 2024-09-01 16:40, Joan g wrote:

Hi

Yes done but masking them did not help. Still connection refused for
sudo/root

Jon

On Sun, Sep 1, 2024 at 8:39 PM Fariborz Navidan 
wrote:


Hi.


Run the following command to mask the necessary services and let me 
know

the outcome.


systemctl mask virtqemud.socket virtqemud-ro.socket
> > virtqemud-admin.socket virtqemud virtnetworkd virtstoraged

Regards.

On Sun, 1 Sept 2024, 16:42 Joan g,  wrote:

> Hi Fariborz,
>
> Thank you, I was able to manage bridge configurations.
>
> Now I am not able to add the host to pool. Agent logs print below:
>
> 2024-09-01 14:03:17,273 ERROR [cloud.agent.AgentShell] (main:null)
(logid:)
> Unable to start agent:
> com.cloud.utils.exception.CloudRuntimeException: Failed to connect socket
> to '/var/run/libvirt/virtqemud-sock': Connection refused
> at
>
>
com.cloud.hypervisor.kvm.resource.LibvirtComputingResource.configure(LibvirtComputingResource.java:1153)
> at com.cloud.agent.Agent.(Agent.java:193)
> at com.cloud.agent.AgentShell.launchNewAgent(AgentShell.java:452)
> at
> com.cloud.agent.AgentShell.launchAgentFromClassInfo(AgentShell.java:431)
> at com.cloud.agent.AgentShell.launchAgent(AgentShell.java:415)
> at com.cloud.agent.AgentShell.start(AgentShell.java:511)
> at com.cloud.agent.AgentShell.main(AgentShell.java:541)
>
> Did I miss some configs?
>
> I noticed that I can't run `virsh` as the root user or with `sudo`:
>
> # virsh list --all
> error: failed to connect to the hypervisor
> error: Failed to connect socket to '/var/run/libvirt/virtqemud-sock':
> Connection refused
>
> But as a user in wheel group its successful
> $ virsh list --all
>  Id   Name   State
> 
>
>
> *Jon*
>
>
> On Tue, Aug 27, 2024 at 11:16 PM Fariborz Navidan 
> wrote:
>
> > Hello,
> >
> > I was able to configure Cloudstack 4.18 on AlmaLinux 9 last month.I
used
> > the following nmcli commands to create the bridge:
> >
> > nmcli con add ifname cloudbr0 type bridge con-name cloudbr0 autoconnect
> yes
> > nmcli con add type bridge-slave ifname eth0 master cloudbr0
> > nmcli con up cloudbr0
> >
> > After creating the bridge, remove any assigned IP from the slave
> interface
> > (e.g eth0) and assign it to the bridge.
> >
> > Regards.
> >
> > On Tue, Aug 27, 2024 at 3:59 PM Joan g  wrote:
> >
> > > Hello Community,
> > >
> > > Could someone provide guidance on setting up a bridge for the latest
> > > AlmaLinux 9.4? When I use `nmcli` to create a bridge, the ethernet
> > > interfaces keep going down, and I'm unable to bring them online. Any
> > > suggestions on working  `nmcli` commands would be greatly appreciated
> and
> > > helpful.
> > >
> > > Regards,
> > > Jon
> > >
> >
>

Re: Unable to add host to CS 4.18

[Nux]

Just hit this issue, you need to mask the libvirtd services as per the 
docs and in addition to that you need to instruct libvirt (the client 
bit) to use the legacy/monolithic approach.


Add the following to /etc/libvirt/libvirt.conf :
remote_mode="legacy"

HTH

On 2024-07-17 14:06, Fariborz Navidan wrote:

Hello everyone,

I'm in a situation where I need to migrate my infrastructure to new 
servers
as soon as possible. I have installed CS 4.18 management and agent on 
the

same node. I have gone through the installation guide and configured
libvirtd based on documentation.  However, I am unable to add a KVM 
host.
Below is the error I am getting in the agent.log file. Please note that 
I

have set all required parameters in libvirt config file.

2024-07-17 14:54:59,872 ERROR [cloud.agent.AgentShell] (main:null) 
(logid:)

Unable to start agent:
com.cloud.utils.exception.CloudRuntimeException: Failed to connect 
socket

to '/var/run/libvirt/virtqemud-sock': Connection refused
at
com.cloud.hypervisor.kvm.resource.LibvirtComputingResource.configure(LibvirtComputingResource.java:1097)
at com.cloud.agent.Agent.(Agent.java:191)
at 
com.cloud.agent.AgentShell.launchNewAgent(AgentShell.java:452)

at
com.cloud.agent.AgentShell.launchAgentFromClassInfo(AgentShell.java:431)
at com.cloud.agent.AgentShell.launchAgent(AgentShell.java:415)
at com.cloud.agent.AgentShell.start(AgentShell.java:511)
at com.cloud.agent.AgentShell.main(AgentShell.java:541)

It says that agent is unable to connect libvirt.

Please advise.

Thanks.

Re: Event Notifications Emailed

[Nux]

Hello,

You can use the amqp/rabbitmq interface to deal with events, I guess you 
can send them via email or slack from there somehow.


https://docs.cloudstack.apache.org/en/latest/adminguide/events.html

HTH

On 2024-08-06 14:42, Granwille Strauss wrote:

Good Day

For users like myself that does not use Cloudstack API in anyway and
mainly rely on UI, is it possible to get Events emailed from
Cloudstack? We have SMTP configured in the global settings, and we get
alerts via email fine but not events. Or is there a hook method I can
use to send to chat channels like on Slack for example?

--

 Regards / Groete

 [1]
 Granwille Strauss  //  Senior Systems Admin

e: granwi...@namhost.com
m: +264 81 323 1260 [2]
w: www.namhost.com [3]

 [4] [5] [6] [7] [8]

 [9]

 Namhost Internet Services (Pty) Ltd,

24 Black Eagle Rd, Hermanus, 7210, RSA

The content of this message is confidential. If you have 
received
it by mistake, please inform us by email reply and then delete the
message. It is forbidden to copy, forward, or in any way reveal the
contents of this message to anyone without our explicit consent. The
integrity and security of this email cannot be guaranteed over the
Internet. Therefore, the sender will not be held liable for any damage
caused by the message. For our full privacy policy and disclaimers,
please go to https://www.namhost.com/privacy-policy

[10]

Links:
--
[1] https://www.namhost.com
[2] tel:+264813231260
[3] https://www.namhost.com/
[4] https://www.facebook.com/namhost
[5] https://twitter.com/namhost
[6] https://www.instagram.com/namhostinternetservices/
[7] https://www.linkedin.com/company/namhos
[8] https://www.youtube.com/channel/UCTd5v-kVPaic_dguGur15AA
[9] 
https://www.adsigner.com/v1/l/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818/banner
[10] 
https://www.adsigner.com/v1/c/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818

Re: Configuring KVM network bridges on AlmaLinux 9

[Nux]

Redhat are really taking the Mickey with this NetworkManager.
Here's the sausage to make it work, do test please.

nmcli con add ifname cloudbr0 type bridge con-name cloudbr0 autoconnect 
yes
nmcli con add type bridge-slave ifname eth0 master cloudbr0 autoconnect 
yes con-name br-eth0

nmcli connection up cloudbr0

On 2024-07-15 10:27, Fariborz Navidan wrote:

Hello Guys,

As CentOS/AlmaLinux 9 has deprecated network-scripts, how do I 
configure

cloudbr network bridges for KVM using NetworkManager on AlmaLinux 9?

Please guide me ASAP?

Thank you

Re: [VOTE] Apache CloudStack 4.19.1.0 (RC1)

[Nux]

Rohit,

That's a very good point about the routines, thanks for sharing how to 
restore them.

Hope your marriage is intact after this little adventure. :)

I'll be doing some testing shortly.

On 2024-07-11 12:52, Rohit Yadav wrote:

+0 (binding)


  *
Tested fresh installation of EL8 packages, deployed VM from newly 
created template on a newly created network; tested VM, volume & 
network lifecycles using both mbx & health check tests passing 
w/Trillian/BO

  *
Tested upgrade from 4.19.0.2 EL8 to 4.19.1.0 RC1 EL8 pkgs using mbx; 
tested upgrading systemvms, VRs (with/without cleanup and live patch on 
an isolated network; deployed new VM & volumes and tested old ones)

  *
Felt dangerous and upgraded my CloudStack 4.19.0.2 homelab to 4.19.1.0 
RC1 using deb packages (hope there are no major blockers to piss off 
wife :))

 *
Upgrade went OK on the three Ubuntu 22.04 based 3xKVM hosts
 *
I hit an issue with idempotent routines missing on cloud_usage db 
(borrowed them from mbx env with: mysqldump --no-create-db 
--no-create-info --no-data --routines cloud_usage > 
cloud_usage-routines.sql ; and applied this in my homelab env; likely 
my fault while moving DB servers and forgot the -R option where I 
forgot to backup the routines)

 *
Tested homelab storage: nfs, local storage & ceph - OK; hosts upgraded 
OK;

 *
Post upgrade, after deleting systemvms I found the SSVM & CPVM starting 
to be stuck. I restarted the mgmt server and after a while the SSVM 
came up but the CPVM was stuck. I repeated the same, but again SSVM 
came up but CPVM struggle and after a few agent restarts it came up 
eventually.

 *
Post this, tested several VM, volume and network lifecycles worked OK

I've logged the issue here - 
https://github.com/apache/cloudstack/issues/9371 to triage further if 
it's an issue in RC1 or to help investigate if it was an env issue. I'm 
happy to change my vote to a +1 if it's just my env issue.



Regards.





From: Suresh Kumar Anaparti 
Sent: Wednesday, July 10, 2024 17:45
To: dev ; users 


Subject: [VOTE] Apache CloudStack 4.19.1.0 (RC1)

Hi All,

I have created a 4.19.1.0 release (RC1), with the following artifacts 
up

for testing and a vote:

Git Branch and Commit SHA:
https://github.com/apache/cloudstack/tree/4.19.1.0-RC20240710T1604
Commit: 2dbd80d692d6f5a207f90a07ac0b7583a41b71cd

Source release (checksums and signatures are available at the same
location):
https://dist.apache.org/repos/dist/dev/cloudstack/4.19.1.0/

PGP release keys (signed using 
D6E0581ECF8A2FBE3FF6B3C9D7CEAE3A9E71D0AA):

https://dist.apache.org/repos/dist/release/cloudstack/KEYS

The vote will be open until 16th July 2024.

For sanity in tallying the vote, can PMC members please be sure to 
indicate

"(binding)" with their vote?

[ ] +1  approve
[ ] +0  no opinion
[ ] -1  disapprove (and reason why)

For users convenience, the packages from this release candidate (RC1) 
and

4.19.1.0 systemvm templates are available here:
https://download.cloudstack.org/testing/4.19.1.0-RC1/
https://download.cloudstack.org/systemvm/4.19/

Regards,
Suresh

Re: CCC2024 Funding - Important

[Nux]

Very well said, Rohit.


On 2024-07-10 10:22, Rohit Yadav wrote:

Hi Ivet, all,

Thanks for starting this thread. While my work organisation, ShapeBlue, 
has been participating and sponsoring the CCC every year, I think it's 
important for all organisations who use CloudStack and benefit from 
CloudStack to make such conferences and events sustainable and funding 
and sponsoring is an obvious way to do that.


Having CCC not only allow all of us to meet in person, attend talks, 
learn and collaborate with each other, this also serves as a constant 
heartbeat for the community and a platform to discuss, build consensus 
and drive the future of the project and for anybody considering or 
using CloudStack to network, discover and learn about the project and 
its community.


Regards.

Regards.




From: Ivet Petrova 
Sent: Tuesday, July 9, 2024 12:53:56 PM
To: users@cloudstack.apache.org 
Cc: dev ; Apache CloudStack Marketing 


Subject: Re: CCC2024 Funding - Important

As a follow up - as the attachment is no visible, sponsorship packages 
can be seen here: 
https://www.cloudstackcollab.org/wp-content/uploads/2024/04/Sponsorship-Prospectus-CCC24-web.pdf



Best regards,




On 9 Jul 2024, at 10:09, Ivet Petrova  
wrote:


Hello all,

I would like to bring in a serious topic for the yearly CloudStack 
Collaboration Conference 2024.
I would like to remind everyone, that the event is organised by a group 
of volunteers and we rely entirely on sponsorship from the community, 
so that we can organise the event.
Organising such event is a costly thing - we need to pay for venue, for 
video recording, catering, ad materials, promoting the event. On a 
daily basis, I get a lot of questions for free tickets and people 
really excited to join the event. On the other hand, we have just a few 
inquiries for sponsorship.
Finding more sponsors is something really vital, so that we can have 
the event. For this reason, I would ask for some community help - could 
you all evangelise for the event internally in your companies and help 
me find more sponsors?


I am attaching here the event sponsorship prospectus.
I do not want to sound too harsh, but we need funding in order to have 
an event. Otherwise, it will not be possible.




Best regards,

Re: Download all templates

[Nux]

Which templates?

On 2024-07-10 11:07, Francisco Arencibia Quesada wrote:

Good morning guys,

I'm planning to download all templates and upload them to a nexus 
server,
in order to have them available when creating new cloudstack 
environments.

I'm trying to do it with a script in python, do you have any other
approaches tested or thought of?

Kind regards
thanks in advance

Re: [D] Static IP in cloudstack instance [cloudstack]

[Nux]

Hi,

That is not possible at the moment, you need DCHP to get an IP, 
configdrive doesn't yet support the network bit, AFAIK.




On 2024-07-05 10:36, j3cky wrote:
GitHub user j3cky created a discussion: Static IP in cloudstack 
instance


Hi,
i would like to know if cloudstack support configure static ip in 
instance.?

i cannot find how to configure static ip,only dhcp.
i would like to create network offering without dhcp service.how can 
cloudstack configure static ip inside the VM?


GitHub link: https://github.com/apache/cloudstack/discussions/9342


This is an automatically sent email for users@cloudstack.apache.org.
To unsubscribe, please send an email to: 
users-unsubscr...@cloudstack.apache.org

Re: [Proposal] Storage Filesystem as a First Class Feature

[Nux]

Rohit,

Your reply LGTM, a few more lines from me:
- initially the export is NFS, that's how users/VMs will consume it as, 
just clarifying, I know we want to keep this somewhat agnostic
- while there is no agent running there, as you noted, most of the stuff 
can be configured either via userdata, udev rules or a combination of 
both
- in terms of monitoring we could enable snmpd on the appliance and/or a 
prometheus system exporter




On 2024-07-05 08:01, Rohit Yadav wrote:

Proposed design doc largely LGTM.

 I've some additional suggestions and feedback to make requirements &  
the first phase implementation more clearer and simpler:



  *
+1 on implementing it in a hypervisor and storage agnostic manner.

  *
Let's have the FS VMs owned by the caller (account or project), not 
like a system-owned appliance. It would then be just like CKS in that 
sense. This is because there is nothing special about the feature as in 
users can't do it, it's really for (a) users who want the benefit of 
shared storage but don't want to setup themselves and (b) orchestrate 
such a feature via API/SDKs/automation. Advanced users may not prefer 
to use it who want too many customisation and complexities.


  *
To keep the first phase simple, let's drop adding support for 
metrics/usage of FS VM and any other lifecycle that would need an agent 
or need for the management servers to SSH/manage the FS VM at all. 
Then, the scope can be limited to:

 *
Orchestrate the initial FS VM setup that can be easily done via 
user-data (config drive or VR depending on the network, cloud-init can 
orchestrate NFS exports), the FS VM's nfs service can also listen on 
all nics/IPs. This would make adding the FS capability to work out of 
the box if somebody want to attach the FS to other networks later (than 
the one it was initially created on).

 *
Keep it simple: as there is no agent or mgmt server access needed or 
required; any change to the FS properties or lifecycle could be done by 
a FS VM reboot or recreation, as the FS VM is stateless and a separate 
data disk holds the file share storage. For such operations, the UI can 
clearly mention a warning or note that such an operation would cause 
downtime due to reboot/recreate lifecycle operation of the FS VM.

 *
Suggestions for the Lifecycle operations:
*
(*list & update API are given, should support pagination, listing by 
name/keyword, by network, account/domain/project etc)

*
Create FS: initial user-data base FS VM setup (during initial setup, 
disk can be check/formatted + mounted with fstab rules)

*
Recreate/restart FS: destroy & recreate FS VM, attach data disk before 
starting the VM (setup can check and initialise disk if needed; and 
grow/expand filesystem if underlying volume was resized).

*
Attach/detach FS (to/from network): simply CloudStack nic/network 
attach/detach (worth checking if cloud-init or something in the 
systemvm template automatically takes care of nic setup in the FS VM)

*
Expand FS size: this could be simply UI-based proxy to resizing data 
disk, but resizing would cause recreating (or rebooting) or the FS VM, 
for it to grow the FS (due to lack of agent or SSH access, this may be 
acceptable in the first phase)

*
Delete FS: deleting FS with/without expunging the data disk; and for 
users to recover a non-expunged FS (similar to VMs)

 *
FSM states: FS should have states that correspond to the FS VM running 
and state of the underlying data disk

 *
Misc: Ensure FS VM is HA enabled, worth also either assuming some 
default compute offering or allow caller to specify compute offering 
for the FS VM.

 *
Network support: support all networks except L2 or networks which don't 
have userdata & dhcp capabilities

 *
Hypervisor & Storage support: agnostic

*FS = File Shares (suggested name)


Regards.





From: Alex Mattioli 
Sent: Wednesday, June 19, 2024 15:13
To: d...@cloudstack.apache.org 
Cc: users@cloudstack.apache.org 
Subject: RE: [Proposal] Storage Filesystem as a First Class Feature

+1 on that,  keeping it hypervisor agnostic is key.




-Original Message-
From: Nux 
Sent: Wednesday, June 19, 2024 10:14 AM
To: d...@cloudstack.apache.org
Cc: users@cloudstack.apache.org
Subject: Re: [Proposal] Storage Filesystem as a First Class Feature

Thanks Piotr,

This is the second time virtio-fs has been mentioned and just 
researched it a bit, it looks like something really nice to have in 
Cloudstack, definitely something to look at in the future.


Nice as it is though, it has a big drawback, it's KVM-only, so for now 
we'll stick to "old school" tech that can be used in an agnostic 
matter.


You are more than welcome to share thoughts on the other details 
presented, perhaps pros/cons on filesystems and other gotchas you may 
have encountered yo

Re: All 4 hosts disconnected in Alert state due to ComputeCapacityListener NULL: how to fix?

[Nux]

Janis,

No clue, it's been a while since I used Xenserver and you are also on 
quite an old version as well, right? There have been many bugs fixed 
since 4.13.


Would it be possible to include a much larger fragment from the logs or 
the full logs?


Also, have you checked the Xcp logs, anything there, is XenCenter 
showing anything out of the ordinary?


HTH

On 2024-07-03 14:36, Janis Viklis | Files.fm wrote:
If I set valid management server id, it returns to NULL after next host 
check cycle.


I wonder could it bet somehow related to total or cluster resources. 
(but i tried to find and check/change all overprovisionig multipliers)


2024-07-03 16:30:16,036 DEBUG [c.c.c.CapacityManagerImpl] 
(CapacityChecker:ctx-af9f7c42) (logid:31d432e5) Found 32 VMs on host 
248
2024-07-03 16:30:16,039 DEBUG [c.c.c.CapacityManagerImpl] 
(CapacityChecker:ctx-af9f7c42) (logid:31d432e5) Found 0 VMs are 
Migrating from host 248
2024-07-03 16:30:16,138 ERROR [c.c.a.AlertManagerImpl] 
(CapacityChecker:ctx-af9f7c42) (logid:31d432e5) Caught exception in 
recalculating capacity

java.lang.NullPointerException
    at 
com.cloud.capacity.CapacityManagerImpl.updateCapacityForHost(CapacityManagerImpl.java:677)
    at 
com.cloud.alert.AlertManagerImpl.recalculateCapacity(AlertManagerImpl.java:279)
    at 
com.cloud.alert.AlertManagerImpl.checkForAlerts(AlertManagerImpl.java:432)
    at 
com.cloud.alert.AlertManagerImpl$CapacityChecker.runInContext(AlertManagerImpl.java:422)
    at 
org.apache.cloudstack.managed.context.ManagedContextTimerTask$1.runInContext(ManagedContextTimerTask.java:30)
    at 
org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:49)
    at 
org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:56)
    at 
org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:103)
    at 
org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:53)
    at 
org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:46)
    at 
org.apache.cloudstack.managed.context.ManagedContextTimerTask.run(ManagedContextTimerTask.java:32)

    at java.util.TimerThread.mainLoop(Timer.java:555)
    at java.util.TimerThread.run(Timer.java:505)

Janis

On 2024-07-03 16:27, Nux wrote:

Hello,

What happens if you update the 4 problematic hosts with a valid mgmt 
id?


On 2024-07-03 14:23, Janis Viklis | Files.fm wrote:

mgmt_server_id is NULL just for those 4 hosts, other hosts ar fine.
Looking at logs, cs1 management server starts to connect pools at
first:

2024-07-01 16:31:29,617 DEBUG [c.c.s.l.StoragePoolMonitor]
(AgentTaskPool-380:ctx-f411cc14) (logid:284129f8) Host 248 connected,
connecting host to shared pool id 152 and sending storage pool...




DB Tables: cloud.host and cloud.mshost:

SELECT id, status, Type, mgmt_server_id FROM cloud.host  where ID in
(74,77,170, 248, 254, 257, 260) :

 260
 Alert
 Routing

 257
 Alert
 Routing

 254
 Alert
 Routing

 248
 Alert
 Routing

 170
 Up
 Routing
 95534596974

 77
 Up
 Routing
 95534596974

 74
 Up
 Routing
 95534596974

 179
 95534596974
 1720012401793
 localhost
 b34f493a-42c0-47a8-ada4-04be4cdd8c49
 Up
 4.13.1.0
 10.10.10.11
 9090
 2024-07-03 13:13:47

 0

 178
 95536034244
 1718828790629
 cs2.failiem.lv
 70420423-b362-4335-b083-8ad1342ce485
 Down
 4.13.1.0
 10.10.10.12
 9090
 2024-06-19 20:39:19

 1

 176
 95530190206
 1719663483676
 localhost
 96a155b6-7041-48ff-9f20-268ea77c5098
 Down
 4.13.1.0
 10.10.10.13
 9090
 2024-06-29 12:24:28

 1

 175
 95536505104
 1719666507512
 localhost
 c8e6fefa-7464-4bb7-a379-5eafb55c666d
 Down
 4.13.1.0
 10.10.10.11
 9090
 2024-06-29 13:38:00

 0

 174
 95534962877
 1682516323955
 localhost
 45a057c6-6d50-41a9-bbad-cab370c01832
 Down
 4.13.1.0
 10.10.10.11
 9090
 2024-06-15 08:36:06

 1

 172
 95529749065
 1658756353180
 localhost
 535277d3-33df-4b2a-9f1d-07f05084d473
 Down
 4.13.1.0
 10.10.10.13
 9090
 2024-06-15 07:53:32

 1

 170
 95529797928
 1603725530943
 loca

Re: All 4 hosts disconnected in Alert state due to ComputeCapacityListener NULL: how to fix?

[Nux]

A shot in the dark, haven't checked the log files properly.
For these hosts in the disconnected state, if you check them in the DB 
cloud.host table (type="Routing" btw), which mgmt_server_id are they 
reporting?


Then check cloud.mshost table and see whether the management server with 
that id is in there and marked as UP etc.


HTH

On 2024-07-03 06:57, Janis Viklis | Files.fm wrote:

(sorry, some bad formatting in previous email)

Could anyone have any ideas why this error occurs and how to debug it? 
(248 is a host id)


Monitor ComputeCapacityListener says there is an error in the connect 
process for 248 due to null



Janis

On 2024-07-01 21:44, Janis Viklis | Files.fm wrote:

Hi,

looking for help after 2 weeks:  What could be the reason that 
suddenly after restarting the 4.13.1 Management server, all 4 XEN 
(xcp-ng 8.1) hosts of one Intel cluster disconnects and goes into 
"Alert state" with an error:


Monitor ComputeCapacityListener says there is an error in the connect 
process for 248 due to null


I can't find the reason for 2 weeks. The other AMD Xenserver 6.5 
cluster is working just fine.


Everything seems ok: network is working, I restarted: toolstack, both 
system vms (SSVM, consolev), one of the hosts, then removed and added 
back.


Previously there were 3 management servers via Haproxy and Galera 
Mariadb, I left only one. (tried upgrade to 3.14.1, didn't help). I 
can manage hosts via Xencenter. There ar 5 storage pools and 3 
secondary.


Thanks, hoping on some clues or directions, Janis.

Below is LOG output:

Re: Issue in Setup KVM host with agent 4.18.1

[Nux]

Hello,

That's essentially an Ampere Altra server. You will need to share a lot 
more details.


This may also come in handy:
https://rohityadav.cloud/blog/cloudstack-arm64-kvm/


On 2024-06-26 08:07, Sanjay Kumar wrote:

Hi All,

Does the ARM RL300 server Support Cloudstack? We are facing while
installing the Cloudstack agent 4.18.1.0.

Any help would be really appreciated. Thank you!


Thank you
Sanjay Kumar

Re: Copying global settings to new infrastructure

[Nux]

Hello,

It is possible in theory, the config options are stored in the DB in 
cloud.configuration table, but this table also contains things that are 
unique to each installation and are not shown in the UI, such as 
ca.plugin.root.ca.certificate and so on, simply importing this table 
could work, but also backfire and send you chasing weird problems and 
waste time.


HTH

On 2024-06-26 21:15, Fariborz Navidan wrote:

Hello Guys,

We are going tp migrate our servers to a different data center. We'll 
need

to install and configure cloudstack from the scratch. Is it possible to
copy all the global settings from one cloudstack installation to a new 
one?


All the best.

Re: [RESULT][VOTE] Apache CloudStack Kubernetes Provider 1.1.0 RC1

[Nux]

Indeed, good work, Vishesh!



On 2024-06-25 13:19, Rohit Yadav wrote:
Thanks and good work Vishesh and everyone involved in the maintenance 
release.



Regards.





From: Vishesh Jindal 
Sent: Tuesday, June 25, 2024 16:29
To: d...@cloudstack.apache.org 
Cc: users@cloudstack.apache.org 
Subject: [RESULT][VOTE] Apache CloudStack Kubernetes Provider 1.1.0 RC1

Hi all,

After 120 hours, the vote for Apache CloudStack Kubernetes Provider 
1.1.0 *passes* with

3 PMC + 1 non-PMC votes.

+1 (PMC / binding)
3 person (Rohit, Wei, Nux)

+1 (non binding)
1 person (Kiran)

0
none

-1
none

Thanks to everyone participating.

I will now prepare the release announcement to go out after 24-48 hours 
to give the mirrors time to catch up and publish images on dockerhub.






From: Rohit Yadav 
Sent: Tuesday, June 25, 2024 12:39 PM
To: d...@cloudstack.apache.org 
Cc: users@cloudstack.apache.org ; Vishesh 
Jindal 

Subject: Re: [VOTE] Apache CloudStack Kubernetes Provider 1.1.0 RC1

Looks like the vote has reached lazy consensus, @Vishesh 
Jindal<mailto:vishesh.jin...@shapeblue.com> could we wrap up?



Regards.

Rohit Yadav
VP Engineering
rohit.ya...@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>







________
From: Nux 
Sent: Thursday, June 20, 2024 17:18
To: d...@cloudstack.apache.org 
Cc: users@cloudstack.apache.org 
Subject: Re: [VOTE] Apache CloudStack Kubernetes Provider 1.1.0 RC1

+1 as well, based on similar test to Wei's.

Good job, Vishesh.

On 2024-06-20 12:34, Kiran Chavala wrote:

Hi Vishesh

+1

I tried the same steps as Wei did,  but deployed a cks cluster in a 
vpc

network tier with acl rule of default_allow

1. Create a CKS cluster with k8s 1.28.4 and Select a vpc network

2. Delete cloudstack-kubernetes-provider 1.0.0

kubectl delete -f
https://raw.githubusercontent.com/apache/cloudstack-kubernetes-provider/main/deployment.yaml

3.  Install 1.1.0-rc1

kubectl apply -f
https://github.com/apache/cloudstack-kubernetes-provider/releases/download/v1.1.0-rc1/deployment.yaml

4. Create nginx deployment and expose the service with
type=LoadBalancer.

kubectl  expose deploy/nginx-deployment3 --port=80 
--type=LoadBalancer.


The public ip is qcuired

kubectl  get svc
NAMETYPE   CLUSTER-IP  EXTERNAL-IP
PORT(S)AGE
kubernetes  ClusterIP  10.96.0.1   
443/TCP12m
nginx-deployment3   LoadBalancer   10.105.61.120   10.0.54.125
80:31053/TCP   7m37s



5.  Delete the nginx service.
Public IP is released

Regards
Kiran

From: Rohit Yadav 
Date: Thursday, 20 June 2024 at 12:04 PM
To: d...@cloudstack.apache.org ,
users@cloudstack.apache.org 
Subject: Re: [VOTE] Apache CloudStack Kubernetes Provider 1.1.0 RC1
Lucian,

The convenience binary in case of this sub-project is the
docker/container image, users can test RC1 builds from:
https://hub.docker.com/r/apache/cloudstack-kubernetes-provider/tags


Regards.







________
From: Nux 
Sent: Thursday, June 20, 2024 04:03
To: d...@cloudstack.apache.org 
Cc: users@cloudstack.apache.org 
Subject: Re: [VOTE] Apache CloudStack Kubernetes Provider 1.1.0 RC1

In community's interest, do we have binary packages anywhere, ie
deb/rpms?

Cheers

On 2024-06-19 07:12, Vishesh Jindal wrote:

Hi All,

I made a mistake and didn't create the release on dist.apache.org.
Please discard my previous email.

I've created a new CloudStack Kubernetes Provider 1.1.0 release 
(RC1),

with the following artifacts up for a vote:

Git Branch and Commit SHA:
https://github.com/apache/cloudstack-kubernetes-provider/tree/59c3e7b21c39eefb2306bb8504bcef901a9d
Commit: 59c3e7b21c39eefb2306bb8504bcef901a9d

Source release (checksums and signatures are available at the same
location):
https://dist.apache.org/repos/dist/dev/cloudstack/kubernetes-provider-1.1.0/

PGP release keys (signed using
5ED1E1122DC5E8A4A45112C2484248210EE3D884):
https://dist.apache.org/repos/dist/release/cloudstack/KEYS

For users convenience:
* docker hub -
https://hub.docker.com/r/apache/cloudstack-kubernetes-provider/tags

* Kubernetes manifest for the rc release:
https://github.com/apache/cloudstack-kubernetes-provider/releases/download/v1.1.0-rc1/deployment.yaml

Vote will be open for 120 hours.

For sanity in tallying the vote, can PMC members please be sure to
indicate "(binding)" with their vote?

[ ] +1  approve
[ ] +0  no opinion
[ ] -1  disapprove (and reason why)

Regards
Vishesh





From: Vishesh Jindal
Sent: Tuesday, June 18, 2024 6:36 PM
To: users@cloudstack.apache.org ;
d...@cloudstack.apache.org 
Subject: [VOTE] Apache CloudStack Kubernetes Provider 1.1.0 RC1

Hi All,

I've created a 1.1.0 release (RC1) for Apache CloudStack Kubernetes
Provider, with the following artifacts up for
a vote:

Git Branch and Commit SH:
https://github.com/apache/cloudst

Re: change Temp / tmp folder path

[Nux]

If you are sure it's Cloudstack's fault, then you can try to adjust 
JAVA_OPTS in /etc/default/cloudstack-management and define a tmp dir 
like this (untested..):

-Djava.io.tmpdir=/var/tmp

hth

On 2024-06-21 15:35, Andrei Mikhailovsky wrote:

Hi,

I am noticing that the /tmp folder on my host / management servers is 
filling up on a regular basis. I have a suspicion that some cloudstack 
management or agent processes might be running scripts and saving data 
in tmp. I would like to change the location of the temporary folder to 
be /var/tmp and not /tmp. I've looked in the /etc/cloudstack folder, 
but was not able to locate the setting option. Also, cloudstack 
documentation didn't find anything useful. Could someone suggest how to 
change the temp folder for cloudstack management, usage and agent 
services?


P.S. I've already changed the default /tmp location of the sql server, 
but it didn't help.



Thanks

Andrei

Re: [DISCUSS] Deprecate/remove support for EOL distros and hypervisors

[Nux]

By all means, remove CentOS7 and any EOL OS or component from the matrix 
and recommendations!


Regards

On 2024-06-20 11:45, Rohit Yadav wrote:

+ Users

Just to be clear, what this thread is about - Deprecating/removing 
documentation via the compatibility matrix for a component does not 
necessarily mean CloudStack will not work on it, in fact it might (with 
some additional pkg installation if required if we decide to transition 
to JRE17/21) and community's testing. The discussion is whether from a 
project point of view, what should users be advised that is considered 
supported via the compatibility matrix page in the release notes. The 
same applies for other distro/hosts, hypervisors, MySQL DB version.


Just a note for the community to be aware: EL7/CentOS7 active support 
has already ended in 2020, and we've already supported it since the 
last 3-4 years. It's only the security update/support ending by end 
June 2024. So, if there's any future/potential security issue around 
EL7, we will not be able to support that 18months moving forward (18 
months being typical ACS LTS release support period). That's risk, I 
think we logistically wouldn't be able to carry forward for the next 
major release (4.20) in Q3/Q4 '24.


Refer: https://endoflife.date/centos


Regards.




____
From: Nux 
Sent: Thursday, June 20, 2024 15:21
To: d...@cloudstack.apache.org 
Cc: Alex Mattioli 
Subject: Re: [DISCUSS] Deprecate/remove support for EOL distros and 
hypervisors


+1 what Alex said.
It's kind of wrong, but CentOS7 has such a large install base 
(generally

and for Cloudstack, too) that I feel deprecating it right away would be
a mistake.


On 2024-06-20 10:45, Alex Mattioli wrote:

I'd like if we keep EL7 for at least one more version, the transition
path out of that is clear now but many cloud operators haven't 
replaced

it yet.

On the rest +1




-Original Message-
From: Rohit Yadav 
Sent: Thursday, June 20, 2024 11:43 AM
To: d...@cloudstack.apache.org
Subject: [DISCUSS] Deprecate/remove support for EOL distros and
hypervisors

All,

Referencing
https://docs.cloudstack.apache.org/en/4.19.0.0/releasenotes/compat.html,
some of the distros and hypervisors we support have reached or 
reaching

EOL by end of this month.

Please review and advise how we should deprecating/remove the 
following

for the next 4.20 release (i.e. compatibility matrix for the future
4.20 release notes):

Distros:

  *
EL7 (CentOS 7, RHEL7, https://endoflife.date/centos)
  *
Ubuntu 18.04 (https://endoflife.date/ubuntu)


Software requirements:

  *
JRE 11 (Discuss - should we transition to support JRE/JDK 17 or 21, 
for

4.20? https://endoflife.date/oracle-jdk And are all supported distros
have a JRE17/21 package/dependency availalble)
  *
MySQL 5.6, 5.7 (https://endoflife.date/mysql)

Hypervisors:

  *
KVM: Ubuntu 18.04 (https://endoflife.date/ubuntu), EL7
(https://endoflife.date/centos)
  *
XenServer All versions except 8.x (retain note that it's not tested,
https://www.citrix.com/support/product-lifecycle/legacy-product-matrix.html)
  *
XCP-ng: All versions except 8.2/LTS (https://endoflife.date/xcp-ng)
  *
VMware: 6.5, 6.7 (https://endoflife.date/vcenter)


Regards.

Re: [VOTE] Apache CloudStack Kubernetes Provider 1.1.0 RC1

[Nux]

+1 as well, based on similar test to Wei's.

Good job, Vishesh.

On 2024-06-20 12:34, Kiran Chavala wrote:

Hi Vishesh

+1

I tried the same steps as Wei did,  but deployed a cks cluster in a vpc 
network tier with acl rule of default_allow


1. Create a CKS cluster with k8s 1.28.4 and Select a vpc network

2. Delete cloudstack-kubernetes-provider 1.0.0

kubectl delete -f
https://raw.githubusercontent.com/apache/cloudstack-kubernetes-provider/main/deployment.yaml

3.  Install 1.1.0-rc1

kubectl apply -f
https://github.com/apache/cloudstack-kubernetes-provider/releases/download/v1.1.0-rc1/deployment.yaml

4. Create nginx deployment and expose the service with 
type=LoadBalancer.


kubectl  expose deploy/nginx-deployment3 --port=80 --type=LoadBalancer.

The public ip is qcuired

kubectl  get svc
NAMETYPE   CLUSTER-IP  EXTERNAL-IP   
PORT(S)AGE
kubernetes  ClusterIP  10.96.0.1   
443/TCP12m
nginx-deployment3   LoadBalancer   10.105.61.120   10.0.54.125   
80:31053/TCP   7m37s




5.  Delete the nginx service.
Public IP is released

Regards
Kiran

From: Rohit Yadav 
Date: Thursday, 20 June 2024 at 12:04 PM
To: d...@cloudstack.apache.org , 
users@cloudstack.apache.org 

Subject: Re: [VOTE] Apache CloudStack Kubernetes Provider 1.1.0 RC1
Lucian,

The convenience binary in case of this sub-project is the 
docker/container image, users can test RC1 builds from: 
https://hub.docker.com/r/apache/cloudstack-kubernetes-provider/tags



Regards.








From: Nux 
Sent: Thursday, June 20, 2024 04:03
To: d...@cloudstack.apache.org 
Cc: users@cloudstack.apache.org 
Subject: Re: [VOTE] Apache CloudStack Kubernetes Provider 1.1.0 RC1

In community's interest, do we have binary packages anywhere, ie
deb/rpms?

Cheers

On 2024-06-19 07:12, Vishesh Jindal wrote:

Hi All,

I made a mistake and didn't create the release on dist.apache.org.
Please discard my previous email.

I've created a new CloudStack Kubernetes Provider 1.1.0 release (RC1),
with the following artifacts up for a vote:

Git Branch and Commit SHA:
https://github.com/apache/cloudstack-kubernetes-provider/tree/59c3e7b21c39eefb2306bb8504bcef901a9d
Commit: 59c3e7b21c39eefb2306bb8504bcef901a9d

Source release (checksums and signatures are available at the same
location):
https://dist.apache.org/repos/dist/dev/cloudstack/kubernetes-provider-1.1.0/

PGP release keys (signed using
5ED1E1122DC5E8A4A45112C2484248210EE3D884):
https://dist.apache.org/repos/dist/release/cloudstack/KEYS

For users convenience:
* docker hub -
https://hub.docker.com/r/apache/cloudstack-kubernetes-provider/tags

* Kubernetes manifest for the rc release:
https://github.com/apache/cloudstack-kubernetes-provider/releases/download/v1.1.0-rc1/deployment.yaml

Vote will be open for 120 hours.

For sanity in tallying the vote, can PMC members please be sure to
indicate "(binding)" with their vote?

[ ] +1  approve
[ ] +0  no opinion
[ ] -1  disapprove (and reason why)

Regards
Vishesh





From: Vishesh Jindal
Sent: Tuesday, June 18, 2024 6:36 PM
To: users@cloudstack.apache.org ;
d...@cloudstack.apache.org 
Subject: [VOTE] Apache CloudStack Kubernetes Provider 1.1.0 RC1

Hi All,

I've created a 1.1.0 release (RC1) for Apache CloudStack Kubernetes
Provider, with the following artifacts up for
a vote:

Git Branch and Commit SH:
https://github.com/apache/cloudstack-kubernetes-provider/tree/v1.1.0-rc1

Commit: 774a144876d2c875c61becab00e0487692130302

Deployment manifest:
https://github.com/apache/cloudstack-kubernetes-provider/releases/download/v1.1.0-rc1/deployment.yaml

Docker image:
apache/cloudstack-kubernetes-provider:v1.1.0-rc1

Docker image manifest digest:
sha256:38dc0a4413657b9c88cdcb28ef330e49aee6fb972a4cbc4055a0608b9f8bf7b8

You can check the changelog for the release
here:https://github.com/apache/cloudstack-kubernetes-provider/releases/tag/v1.1.0-rc1

Vote will be open for 120 hours.

For sanity in tallying the vote, can PMC members please be sure to
indicate
"(binding)" with their vote?

[ ] +1  approve
[ ] +0  no opinion
[ ] -1  disapprove (and reason why)

Regards
Vishesh

Re: [VOTE] Apache CloudStack Kubernetes Provider 1.1.0 RC1

[Nux]

In community's interest, do we have binary packages anywhere, ie 
deb/rpms?


Cheers

On 2024-06-19 07:12, Vishesh Jindal wrote:

Hi All,

I made a mistake and didn't create the release on dist.apache.org. 
Please discard my previous email.


I've created a new CloudStack Kubernetes Provider 1.1.0 release (RC1), 
with the following artifacts up for a vote:


Git Branch and Commit SHA:
https://github.com/apache/cloudstack-kubernetes-provider/tree/59c3e7b21c39eefb2306bb8504bcef901a9d
Commit: 59c3e7b21c39eefb2306bb8504bcef901a9d

Source release (checksums and signatures are available at the same 
location):

https://dist.apache.org/repos/dist/dev/cloudstack/kubernetes-provider-1.1.0/

PGP release keys (signed using 
5ED1E1122DC5E8A4A45112C2484248210EE3D884):

https://dist.apache.org/repos/dist/release/cloudstack/KEYS

For users convenience:
* docker hub - 
https://hub.docker.com/r/apache/cloudstack-kubernetes-provider/tags


* Kubernetes manifest for the rc release: 
https://github.com/apache/cloudstack-kubernetes-provider/releases/download/v1.1.0-rc1/deployment.yaml


Vote will be open for 120 hours.

For sanity in tallying the vote, can PMC members please be sure to 
indicate "(binding)" with their vote?


[ ] +1  approve
[ ] +0  no opinion
[ ] -1  disapprove (and reason why)

Regards
Vishesh





From: Vishesh Jindal
Sent: Tuesday, June 18, 2024 6:36 PM
To: users@cloudstack.apache.org ; 
d...@cloudstack.apache.org 

Subject: [VOTE] Apache CloudStack Kubernetes Provider 1.1.0 RC1

Hi All,

I've created a 1.1.0 release (RC1) for Apache CloudStack Kubernetes 
Provider, with the following artifacts up for

a vote:

Git Branch and Commit SH:
https://github.com/apache/cloudstack-kubernetes-provider/tree/v1.1.0-rc1

Commit: 774a144876d2c875c61becab00e0487692130302

Deployment manifest:
https://github.com/apache/cloudstack-kubernetes-provider/releases/download/v1.1.0-rc1/deployment.yaml

Docker image:
apache/cloudstack-kubernetes-provider:v1.1.0-rc1

Docker image manifest digest:
sha256:38dc0a4413657b9c88cdcb28ef330e49aee6fb972a4cbc4055a0608b9f8bf7b8

You can check the changelog for the release 
here:https://github.com/apache/cloudstack-kubernetes-provider/releases/tag/v1.1.0-rc1


Vote will be open for 120 hours.

For sanity in tallying the vote, can PMC members please be sure to 
indicate

"(binding)" with their vote?

[ ] +1  approve
[ ] +0  no opinion
[ ] -1  disapprove (and reason why)

Regards
Vishesh

Re: [Proposal] Storage Filesystem as a First Class Feature

[Nux]

Thanks Piotr,

This is the second time virtio-fs has been mentioned and just researched 
it a bit, it looks like something really nice to have in Cloudstack, 
definitely something to look at in the future.


Nice as it is though, it has a big drawback, it's KVM-only, so for now 
we'll stick to "old school" tech that can be used in an agnostic matter.


You are more than welcome to share thoughts on the other details 
presented, perhaps pros/cons on filesystems and other gotchas you may 
have encountered yourself.


On 2024-06-19 07:04, Piotr Pisz wrote:

Hi,
We considered a similar problem in our company.
Shared storage is needed between VMs running on different networks.
NFS/CephFS is ok as long as the VM can see the source.
The best solution would be to use https://virtio-fs.gitlab.io/
Any FS would be used on the host side (e.g. NFS or CephFS) and exported 
to

the VM natively (the network problem disappears).
But you should start by introducing an appropriate mechanism on the CS 
side

(similar in operation to Manila Share from Openstack).
 So, the initiative itself is very good.

Overall, CloudStack has been heading in the right direction lately :-)

Best regards,
Piotr


-Original Message-
From: Nux 
Sent: Wednesday, June 19, 2024 12:59 AM
To: d...@cloudstack.apache.org; Users 
Subject: Re: [Proposal] Storage Filesystem as a First Class Feature

Hi, I'd like to draw the attention to some of the more operational 
aspects

of this feature, mainly the storage appliance internals and UI.

So long story short, I've discussed with Abhisar and others and we'll 
be
deploying a VM based on the Cloudstack Debian systemvm template which 
will

export NFS v3/4 for user VMs to consume.

Below are some of the more finer details, please have a read if you are
interested in this feature and feel free to comment and make 
suggestions.


1 - The appliance will only have a single export, that export will be a
single disk (data volume). Keep it simple.
2 - GPT partition table and a single partition, filesystem probably XFS
and/or customisable - something stock Debian supports, simple and 
boring

stuff.
3 - NFS export should be simple, we can standardise on a path name eg 
/nfs

or /fileshare and it will be identical on all appliances.
4 - Starting specs: 2 cores, 4 GB RAM - should be OK for a small NFS 
server,

the appliance can be upgraded to bigger offerings.
5 - Disk offering should be flagged accordingly, the disk offering will 
have

a flag/checkbox for "storage appliance" use.
6 - This appliance will not be a system VM, it will be a "blackbox", 
but the

approach will be similar here to CKS.
7 - Security model: by default we export to * (all hosts) into a single
network - for isolated networks - in SG zones we need to play with 
security
groups & a global setting for dumb shared networks (without SG) because 
of

security implications - requires further discussion.
8 - We export with default, best practices NFS options - anything 
against

no_root_squash?
9 - Explore exporting the file share via multiple protocols - sftp, 
tftp,
smb, nfs, http(s)? - The issue here is authentication becomes a 
problem,

also user permissions will get messy and possibly conflict with
no_root_squash, in fact might require an all_squash and everything 
mapped to
a single user that will be then also used for all those other services. 
Also

logging will become necessary. Thoughts?
10 - UI details, but this will probably show up in the Storage section
somehow.
11 - Display free/used space, create alerts for full disk etc for this
appliance.
12 - Formatting and setting up to be done by an internal agent, 
specifics

are sent via the kernel cmd line of the VM, similar to how we configure
system VMs.

What do you folks think of these points and have I missed anything 
crucial?




On 2024-06-04 05:04, Abhisar Sinha wrote:

Hi,

I would like to propose supporting storage filesystem as a first-class
feature in Cloudstack.
The File Share can be associated with one or more guest networks or 
vpc

tiers and can be used by any VM on the network in a shared manner. It
is designed to be resizable and highly available. This feature can
later be used as integration endpoints with the CSI driver, go-sdk,
Terraform, Ansible and others.

The draft functional spec is here :


https://cwiki.apache.org/confluence/display/CLOUDSTACK/Storage+Filesystem+as
+a+First+Class+Feature


Looking forward to your comments and suggestions.

Thanks,
Abhisar

Re: [Proposal] Storage Filesystem as a First Class Feature

[Nux]

Hi, I'd like to draw the attention to some of the more operational 
aspects of this feature, mainly the storage appliance internals and UI.


So long story short, I've discussed with Abhisar and others and we'll be 
deploying a VM based on the Cloudstack Debian systemvm template which 
will export NFS v3/4 for user VMs to consume.


Below are some of the more finer details, please have a read if you are 
interested in this feature and feel free to comment and make 
suggestions.


1 - The appliance will only have a single export, that export will be a 
single disk (data volume). Keep it simple.
2 - GPT partition table and a single partition, filesystem probably XFS 
and/or customisable - something stock Debian supports, simple and boring 
stuff.
3 - NFS export should be simple, we can standardise on a path name eg 
/nfs or /fileshare and it will be identical on all appliances.
4 - Starting specs: 2 cores, 4 GB RAM - should be OK for a small NFS 
server, the appliance can be upgraded to bigger offerings.
5 - Disk offering should be flagged accordingly, the disk offering will 
have a flag/checkbox for "storage appliance" use.
6 - This appliance will not be a system VM, it will be a "blackbox", but 
the approach will be similar here to CKS.
7 - Security model: by default we export to * (all hosts) into a single 
network - for isolated networks - in SG zones we need to play with 
security groups & a global setting for dumb shared networks (without SG) 
because of security implications - requires further discussion.
8 - We export with default, best practices NFS options - anything 
against no_root_squash?
9 - Explore exporting the file share via multiple protocols - sftp, 
tftp, smb, nfs, http(s)? - The issue here is authentication becomes a 
problem, also user permissions will get messy and possibly conflict with 
no_root_squash, in fact might require an all_squash and everything 
mapped to a single user that will be then also used for all those other 
services. Also logging will become necessary. Thoughts?
10 - UI details, but this will probably show up in the Storage section 
somehow.
11 - Display free/used space, create alerts for full disk etc for this 
appliance.
12 - Formatting and setting up to be done by an internal agent, 
specifics are sent via the kernel cmd line of the VM, similar to how we 
configure system VMs.


What do you folks think of these points and have I missed anything 
crucial?




On 2024-06-04 05:04, Abhisar Sinha wrote:

Hi,

I would like to propose supporting storage filesystem as a first-class 
feature in Cloudstack.
The File Share can be associated with one or more guest networks or vpc 
tiers and can be used by any VM on the network in a shared manner. It 
is designed to be resizable and highly available. This feature can 
later be used as integration endpoints with the CSI driver, go-sdk, 
Terraform, Ansible and others.


The draft functional spec is here : 
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Storage+Filesystem+as+a+First+Class+Feature


Looking forward to your comments and suggestions.

Thanks,
Abhisar

Re: cloudstack on debian 10/11

[Nux]

Found some notes on Debian here, there could be others..
https://gist.github.com/rohityadavcloud/fc401a0fe8e8ea16b4b3a4e3d149ce0c

On 2024-04-15 09:54, Nux wrote:

Not as yet, no formal support for Debian.
That said, this could change in the future..
If you're a keen Debianista then it might be worth having a go 
nevertheless, it might just work or with minimum changes.



On 2024-04-13 10:49, Embedded wrote:
the install guide states Preferred: CentOS/RHEL 7.2+ or Ubuntu 
16.04(.2) or higher



would this include say debian 10/11 as a manager / and host/kvm 
hypervisor ???

Re: cloudstack on debian 10/11

[Nux]

Not as yet, no formal support for Debian.
That said, this could change in the future..
If you're a keen Debianista then it might be worth having a go 
nevertheless, it might just work or with minimum changes.



On 2024-04-13 10:49, Embedded wrote:
the install guide states Preferred: CentOS/RHEL 7.2+ or Ubuntu 
16.04(.2) or higher



would this include say debian 10/11 as a manager / and host/kvm 
hypervisor ???

Re: [VOTE] Apache CloudStack 4.18.2.0 RC2

[Nux]

+1 (binding) on basic VM/storage/network lifecycle ops.

Thanks Joao

On 2024-04-12 19:56, Bryan Lima wrote:

+1

I manually tested some basic functionalities with the KVM hypervisor 
and Ubuntu 20.04 LTS:


 * VM deploy;
 * Cold and live migration with and without storage migration, NFS to
   iSCSI (SharedMountPoint) and vice-versa;
 * Network management, firewall, egress/ingress rules, and operations
   with public IP addresses;
 * Checked connectivity and (lack of) between VMs considering the
   network rules applied;
 * Creating and reverting VM and volume snapshots.

Best regards,
Bryan

On 12/04/2024 08:52, Daan Hoogland wrote:

+1 binding
I checked the hashes alright and the log of commit/tag (Note this last
check is based on the recent TZ issues to make sure nothing slipped
through). Other than that trusting on the testing I was involved in
over the last month or so.

On Fri, Apr 12, 2024 at 1:37 PM João Jandre  wrote:

Hi All,

I've created a 4.18.2.0 release (RC2), with the following artifacts 
up

for a vote:

Git Branch and Commit SH:
https://github.com/apache/cloudstack/tree/4.18.2.0-RC20240412T0825
Commit: 154566f914c778d448d4ab07b47b2db874bbf982

Source release (checksums and signatures are available at the same
location):
https://dist.apache.org/repos/dist/dev/cloudstack/4.18.2.0/

PGP release keys (signed using 
488D90DA107445E3243D162606F3CEC65B335790):

https://dist.apache.org/repos/dist/release/cloudstack/KEYS

Vote will be open for 120 hours (due to the weekend).

For sanity in tallying the vote, can PMC members please be sure to
indicate "(binding)" with their vote?

[ ] +1  approve
[ ] +0  no opinion
[ ] -1  disapprove (and reason why)

Re: Build own debs

[Nux]

The dependencies would have changed, try to follow the build process, 
see what errors you are getting.



On 2024-03-28 10:25, Jimmy Huybrechts wrote:

Hi,

Is there maybe a more up to date version of the build your own debs? I 
see the one in the docs goes up to ubuntu 18 and java 8, while we are 
now at java 11. So I don’t know if the dependencies have changed and 
all.


--
Jimmy

Re: [VOTE] Release Apache CloudStack CloudMonkey 6.4.0 - RC1

[Nux]

+1 (binding) based on the usual operations.

On 2024-03-27 09:39, Harikrishna Patnala wrote:

+1 Binding

Verified the checksums of the binaries and tried my usual operations of 
adding host, templates, deploying instances and few more and those 
seems fine.


Thank you everyone involved here.

Regards,
Harikrishna

From: Boris Stoyanov 
Date: Wednesday, 27 March 2024 at 1:55 PM
To: d...@cloudstack.apache.org , users 


Subject: Re: [VOTE] Release Apache CloudStack CloudMonkey 6.4.0 - RC1
+1 Binding,

I’ve installed the client locally and did some ops around, listing 
creating and updating resources. I could not find any issues.


Bobby.

From: Rohit Yadav 
Date: Thursday, 21 March 2024 at 12:39
To: dev , users 


Subject: [VOTE] Release Apache CloudStack CloudMonkey 6.4.0 - RC1
Hi All,

I've created a v6.4.0 release of CloudMonkey, with the following
artifacts up for a vote:

Git Branch and commit SHA:
https://github.com/apache/cloudstack-cloudmonkey/commit/df65df7cfe331c5af5d39743717e3d58df921a48

Commit:
df65df7cfe331c5af5d39743717e3d58df921a48

GitHub pre-release (contains changelog,
artifacts/binaries to test, checksums/usage details):
https://github.com/apache/cloudstack-cloudmonkey/releases/tag/6.4.0

Source release (checksums and signatures are available at the same
location):
https://dist.apache.org/repos/dist/dev/cloudstack/cloudmonkey-6.4.0/

PGP release keys (signed using 
5ED1E1122DC5E8A4A45112C2484248210EE3D884)

https://dist.apache.org/repos/dist/release/cloudstack/KEYS

The vote will be open until 27th March, 2024.

For sanity in tallying the vote, can PMC members please be sure to
indicate "(binding)" with their vote?
[ ] +1 approve
[ ] +0 no opinion
[ ] -1 disapprove (and the reason why)

Convenience binaries are available from here:
https://github.com/apache/cloudstack-cloudmonkey/releases/tag/6.4.0

Regards.

Re: KVM Temple with multiple disk files

[Nux]

Hello Christian,

Unfortunately not, you'll have to automate your way around that somehow.

Regards

On 2024-03-25 07:07, Christian Reichert wrote:

Hello Community,

is it possible to upload an KVM Temple with multiple disk files to
CloudStack Version 4.18?

Thnaks

Best regards,

Christian

Re: [ANNOUNCE] New PMC Chair & VP Apache CloudStack Project - Daniel Salvador

[Nux]

Thanks Rohit for you work this year and congratulations, Daniel!!!


On 2024-03-21 13:41, Rohit Yadav wrote:

All,

It gives me great pleasure to announce that the ASF board has
accepted CloudStack PMC resolution of Daniel Augusto Veronezi Salvador 
as

the next PMC Chair / VP of the Apache CloudStack project.

I would like to thank everyone for the support I've received over the 
past

year.

Please join me in congratulating Daniel, the new CloudStack PMC Chair / 
VP.


Best Regards,
Rohit Yadav

Re: GPU discovery in the hypervisor

[Nux]

Thanks Pierre-Luc

On 2024-03-19 15:01, Pierre-Luc Dion wrote:

yes,



On Fri, Mar 15, 2024 at 5:34 AM Nux  wrote:


Pierre-Luc,

Thanks for that. So for my own clarification, you are saying that for
you, on XenServer Enterprise + drivers + licensing the vGPU feature
"just works" out of the box using the standard Cloudstack feature (the
same that supported NVidia Grid k1/k2 all those years ago) which we 
can

find in the UI/API when definning compute offerings, correct?

Regards

On 2024-03-11 20:06, Pierre-Luc Dion wrote:
> The way we've been delivering GPU offering with Cloudstack is by using
> host
> tags.
> So each host with a specific GPU has the host tags, example: a16,
> and the compute offering with the GPU definition also use the hosttag
> a16.
>
> We've been using this with XenServer Enterprise and so far , no issue
> for
> GPU and vGPU support.
>
>
> Nux: vGPU and GPU are more attractive than ever with AI inferencing
> workload, GPU for AI and desktop, vGPU for desktop mostly.
>
>
> On Tue, Feb 27, 2024 at 7:00 AM Nux  wrote:
>
>> This sounds foreign to me, afaik GPU support is limited to certain
>> (old)
>> NVIDIA Grid cards on Xenserver Enterprise.
>> Modern GPUs are not supported out of the box, although of course many
>> here do use them by means of custom xml/groovy scripts.
>>
>> How you detect them, no idea, let's see how other users do it, if they
>> care to share.
>>
>> On 2024-02-26 18:00, Douglas Oliveira wrote:
>> > Hello,
>> > How does the GPU discovery process work on the hypervisor with SC,
>> > something similar to what Opennebula does? (through lspci)
>> > I currently have a service offering created via API for an Nvidia A16
>> > GPU,
>> > which does not work because it is informed that there are no hosts
>> > available to serve the resource. So I'm unsure whether what doesn't
>> > work is
>> > the service offering or the non-detection of the GPU on the host.
>> >
>> > Regards
>>

Re: Still struggling for steps to build pls help

[Nux]

Pearl has replied to you, have you not seen her reply?

https://lists.apache.org/thread/r2onjk6xvoddw20fkrjm29bhn3xzozym

On 2024-03-20 20:26, Wingrunt Platform wrote:

Any help with this please ? Documentation could be much better I think.
Please let me know how to go about this. OR a source compile is 
currently

not supported ? Thank you Regards, RSK

On Tue, Mar 19, 2024 at 3:19 PM Wingrunt Platform 
wrote:


Hi Team,
I am tasked with evaluation of cloudstack and others such as 
openstack. I
was able to get through with openstack but not cloudstack. I tried all 
that

is in README . My versions
a. cloudstack 4.19
b. Java (tried 1.8 as per readme and also Java 11 and 17)
c. It breaks at gmaven in package cloud-engine-schma
d. Changed it to gmavenplus as there is no support for gmaven as of 
now.

e. Groovy included in the pom
f. Maven version 3.6.3

I was able to install mysql appropriate version specified in README 
and in

the online apache cloudstack docs. DBs are in good condition.
It wouldn't build successfully with
maven -P deps (This as per online somebody has said you have moved 
away

from this since 4.11 ?
also tried that in README including -DskipTests

Any latest documents that can help me build. Any help appreciated.

Thank you,
Regards,
RSK

Re: GPU discovery in the hypervisor

[Nux]

Pierre-Luc,

Thanks for that. So for my own clarification, you are saying that for 
you, on XenServer Enterprise + drivers + licensing the vGPU feature 
"just works" out of the box using the standard Cloudstack feature (the 
same that supported NVidia Grid k1/k2 all those years ago) which we can 
find in the UI/API when definning compute offerings, correct?


Regards

On 2024-03-11 20:06, Pierre-Luc Dion wrote:
The way we've been delivering GPU offering with Cloudstack is by using 
host

tags.
So each host with a specific GPU has the host tags, example: a16,
and the compute offering with the GPU definition also use the hosttag 
a16.


We've been using this with XenServer Enterprise and so far , no issue 
for

GPU and vGPU support.


Nux: vGPU and GPU are more attractive than ever with AI inferencing
workload, GPU for AI and desktop, vGPU for desktop mostly.


On Tue, Feb 27, 2024 at 7:00 AM Nux  wrote:

This sounds foreign to me, afaik GPU support is limited to certain 
(old)

NVIDIA Grid cards on Xenserver Enterprise.
Modern GPUs are not supported out of the box, although of course many
here do use them by means of custom xml/groovy scripts.

How you detect them, no idea, let's see how other users do it, if they
care to share.

On 2024-02-26 18:00, Douglas Oliveira wrote:
> Hello,
> How does the GPU discovery process work on the hypervisor with SC,
> something similar to what Opennebula does? (through lspci)
> I currently have a service offering created via API for an Nvidia A16
> GPU,
> which does not work because it is informed that there are no hosts
> available to serve the resource. So I'm unsure whether what doesn't
> work is
> the service offering or the non-detection of the GPU on the host.
>
> Regards

Re: DDOS Attacks from my virtual Router

[Nux]

I have seen this in the past where port 53 was open on these public IPs 
on the VR and was indeed leading to amplification attack.


It's super easy to verify, from some 3rd party IP that you know is not 
whitelisted anywhere in your firewall or cloudstack, run a host or dig 
command that unallocated IP. If it replies, there is a problem.


dig @IP apache.org a
host apache.org IP



On 2024-03-11 07:43, Granwille Strauss wrote:

Hi Guys

I ended updating to 4.19 and updated all SystemVMs and routers
accordingly. DC has just informed me again that there is amplified
DDOS attacks originating from my virtual router and from an IP address
that's assigned to no instance or systemvm but shows via UI its
assigned.

Any ideas what I can try to stop this?
On 2/12/24 21:30, Wei ZHOU wrote:


cloudstack 4.19.0.0 has been released recently, which contains a new
systemvm template. You can upgrade.

-Wei

在 2024年2月12日星期一，Granwille Strauss
 写道：


Update:

So since I ran updates for dnsmasq in all system vms, the issue
seems to
be solved. Our DC hasn't complained again. So it seems the vm
templates
need an update?
On 2/9/24 10:29, Jayanth Reddy wrote:

Please capture on 53/UDP as most of the DNS stack uses UDP by
default.

I looked the screenshot, No NAME means that the IP hasn't
undergone STATIC NAT to a VM, which is okay wherein perhaps there
could be port forwards or Load Balancer instead. The VR should
assign the IP on its interface if it is acquired in the network.
If I may ask, how are you concluding that IPs are unassigned
elsewhere, have you performed basic reachability tests? Your case
could be one of the below

1. That IP could be SNAT for that network.
2. Or there was an assignment to one of the VMs previously as
STATIC NAT and later released. Please check your events.

Get Outlook for Android [1]
 [1]


From: Granwille Strauss 

Sent: Friday, February 9, 2024 1:40:05 pm
To: users@cloudstack.apache.org 

Cc: Jayanth Reddy 
; Wei ZHOU 

Subject: Re: DDOS Attacks from my virtual Router

I run version 4.18.1.0  currently, oddly there was an update for
dnsmasq so I applied them to all systemvms. I clean restarted the
guest networks and so far everything seems to be running fine. If
I pick up issues, I will destroy the routers so that cloudstack
can recreate them again.

In the meantime, I am running the tcpdump as recommended in the
vritual router and will keep an eye on it, as mentioned there
seems to be no movement on port 53 so far and I also asked the DC
to provide an update on this after the changes I have applied.

In any case, attached is a screenshot of the IP address that are
allocated but zero VM associated, I checked all of them and these
IPs show up no where. I have no loadbalancers, proxies nothing.
Just simple setup, with two virtual routers, one SSVM and one
Consolevm. The rest are VM instances. I am going to check the git
url you provided and query the DB to see what these are.

On 2/9/24 09:53, Jayanth Reddy wrote:

Hi,
Allocated means that it is assigned somewhere. You'll need to
check the Public IP Address tab. Use the shared GH issue for
exceptional case.

The VR does bind only on the internal network. No, manually
updating packages on VRs and System VMs might produce strange
results. Please provision them again.

Thanks

Get Outlook for Android [1]
 [1] [1]
 [1]


From: Granwille Strauss 


Sent: Friday, February 9, 2024 1:10:32 pm
To:
users@cloudstack.apache.org
 


Cc: Wei ZHOU 

;
jayanthreddy5...@gmail.com
 


Subject: Re: DDOS Attacks from my virtual Router

Hi

Yes, I have Advanced network set up. I am going to check for the
allocated IPs that have zero VMs associated via the DB and see
what I can find. I see more than one that is "allocated" in
different guest networks. However, I would appreciate any clues or
tips, as I have barely touched CS database in my life.

Then, the rvm does not seem to listen on a DNS server via port 53
only dnsmaq, could this not be the issue too? As explained in the
blog I linked earlier? I am currently running a tcpdump for the
day to see what happens so far the dump is not providing any hits,
but keep in mind I did run apt-get update dnsmaq prior and
rebooted the systemvms including router vms.

On 2/9/24 09:23, Wei ZHOU wrote:

+1
it looks like one of the VMs in the isolated network is
compromised.
try to capture the packets of port 53 (tcp/udp) by tcpdump in the
virtual
router, and see what is the source IP of the packets.

-Wei

On Fri, 9 Feb 2024 at 08:18, Jayanth Reddy

Re: Enable uefi on Ubuntu 22.04 KVM

[Nux]

Sorry Jimmy,

I'm not up to date with the subject and need more context.
Can you link to this documentation, to the bit that is incorrect? And 
what is the "4ms piece"?



On 2024-03-08 13:12, Jimmy Huybrechts wrote:

Hi,

It misses a lot of things and the documentation doesn’t mention the 4ms 
piece.


I meant guest or VM instance indeed, all hosts already are in uefi 
mode. 😊


--
Jimmy

Van: Nux 
Datum: vrijdag, 8 maart 2024 om 13:57
Aan: users@cloudstack.apache.org 
CC: Jimmy Huybrechts 
Onderwerp: Re: Enable uefi on Ubuntu 22.04 KVM
Hello,

Can you point to which documentation is wrong?

Also, enabling UEFI on the _host_ means switching to it in the "BIOS".
This will probably require a reinstall of the host, btw.

Or do you mean "guest" or "VM instance"?



On 2024-03-07 11:16, Jimmy Huybrechts wrote:

Hi,

So I also want to enable UEFI on my current KVM hosts but the
documentation is pretty sparse and at some points incorrect.

I there someone here who has the correct steps for enabling it on 
hosts

already being in Cloudstack with Ubuntu 22?

--
Jimmy

Re: Enable uefi on Ubuntu 22.04 KVM

[Nux]

Hello,

Can you point to which documentation is wrong?

Also, enabling UEFI on the _host_ means switching to it in the "BIOS". 
This will probably require a reinstall of the host, btw.


Or do you mean "guest" or "VM instance"?



On 2024-03-07 11:16, Jimmy Huybrechts wrote:

Hi,

So I also want to enable UEFI on my current KVM hosts but the 
documentation is pretty sparse and at some points incorrect.


I there someone here who has the correct steps for enabling it on hosts 
already being in Cloudstack with Ubuntu 22?


--
Jimmy

Re: Cloudstack management login

[Nux]

DEBUG logs from management server?
Is the api working (eg can you use cmk/cloudmonkey), is the DB reachable 
and working, not tables crashed etc?




On 2024-02-29 19:06, Jimmy Huybrechts wrote:
So we had an issue at the datacenter where our management was cut out 
without clean reboot.
Now it’s back online but when trying to login to our management panel, 
after I fill in the correct login it keeps spinning but does not login.


Any way I can debug this?

--
Jimmy

Re: GPU discovery in the hypervisor

[Nux]

This sounds foreign to me, afaik GPU support is limited to certain (old) 
NVIDIA Grid cards on Xenserver Enterprise.
Modern GPUs are not supported out of the box, although of course many 
here do use them by means of custom xml/groovy scripts.


How you detect them, no idea, let's see how other users do it, if they 
care to share.


On 2024-02-26 18:00, Douglas Oliveira wrote:

Hello,
How does the GPU discovery process work on the hypervisor with SC,
something similar to what Opennebula does? (through lspci)
I currently have a service offering created via API for an Nvidia A16 
GPU,

which does not work because it is informed that there are no hosts
available to serve the resource. So I'm unsure whether what doesn't 
work is

the service offering or the non-detection of the GPU on the host.

Regards

Re: new committer: Vishesh Jindal (vishesh)

[Nux]

Congrats & well deserved!

On 2024-02-26 14:05, Daan Hoogland wrote:

users and devs,

The Project Management Committee (PMC) for Apache CloudStack
has invited Vishesh Jindal to become a committer and we are pleased
to announce that they have accepted.

Being a committer enables easier contribution to the
project since there is no need to go via the patch
submission process. This should enable better productivity.

Please join me in congratulating Vishesh.

Re: VMware Import Timeout

[Nux]

I think the setting you tried to change is 
convert.vmware.instance.to.kvm.timeout, but that has to do with the 
conversion process itself.
If you try with telnet or curl from the shell of the Cloudstack 
management server, can you reach the VCenter?


On 2024-02-22 15:35, Kevin Seales wrote:
We are trying to use the "Import-Export Instances" tool in ACS to test 
migration from VMware to ACS.  After selecting "List VMware Instances", 
it hangs for 10 minutes, then ACS gives a very detailed error saying 
"Request Failed."  The management logs show ACS is still receiving data 
from vCenter for another 2 or 3 minutes after the failure message.  I'm 
assuming we are hitting a time out somewhere.  I tried adjusting what I 
could find under global settings that may be related but the error 
still occurs.Does anyone know how we can resolve this issue?

Re: [VOTE] next version 20 instead of 4.20

[Nux]

+1

On 2024-02-19 15:09, Andrija Panic wrote:

+1

On Mon, 19 Feb 2024 at 13:50, Daan Hoogland  
wrote:



LS,

This is a vote on dev@c.a.o with cc to users@c.a.o. If you want to be
counted please reply to dev@.

As discussed in [1] we are deciding to drop the 4 from our versioning
scheme. The result would be that the next major version will be 20
instead of 4.20, as it would be in a traditional upgrade. As 20 > 4
and the versions are processed numerically there are no technical
impediments.

+1 agree (next major version as 20
0 (no opinion)
-1 disagree (keep 4.20 as the next version, give a reason)

As this is a lazy consensus vote any -1 should be accompanied with a
reason.

[1] https://lists.apache.org/thread/lh45w55c3jmhm7w2w0xgdvlw78pd4p87

--
Daan

Re: Site-to-Site VPN to Opnsense

[Nux]

Thanks for solving this and sharing the solution!

BTW, the pictures were not sent, perhaps try to "paste" them in rather 
than "attach" them to the email.



On 2024-02-19 20:42, Wally B wrote:

Got this resolved!

The issue is the way StrongSwan (OPNSense IPSec Provider) manages
Phase 2 selectors. For the future if anyone runs into this. Just add
your networks into CloudStack like the documentation says to do. Then
in your OPNSense config add additional networks to Manual SPD entries
under Advanced options on the Phase 2 Settings.

CloudStack VPN Customer Gateway

OPNSense Phase 2:

Thanks!
Wally

On Mon, Feb 19, 2024 at 1:27 PM Wally B 
wrote:


Tried to change the phase 2 selector at 172.16.192.0/16 [5] to a
network on the firewall directly (not just a route the firewall
knows). Getting the same error.

 cat /var/log/daemon.log | grep 10.2.200.0/23 [6]
===

Feb 19 03:45:10 r-407-VM ipsec[174957]: 07[CFG] unable to install
policy 10.2.200.0/23 [6] === 10.241.0.0/16 [4] in for reqid 4, the
same policy for reqid 3 exists
Feb 19 03:45:10 r-407-VM ipsec[174957]: 07[CFG] unable to install
policy 10.2.200.0/23 [6] === 10.241.0.0/16 [4] fwd for reqid 4, the
same policy for reqid 3 exists
Feb 19 03:45:10 r-407-VM ipsec[174957]: 07[CFG] unable to install
policy 10.241.0.0/16 [4] === 10.2.200.0/23 [6] out for reqid 4, the
same policy for reqid 3 exists

=== ipsec statusall =

vpn-xxx.xxx.xxx.171:  xxx.xxx.xxx.154...xxx.xxx.xxx.171  IKEv1,
dpddelay=30s
vpn-xxx.xxx.xxx.171:   local:  [xxx.xxx.xxx.154] uses pre-shared key
authentication
vpn-xxx.xxx.xxx.171:   remote: [xxx.xxx.xxx.171] uses pre-shared key
authentication
vpn-xxx.xxx.xxx.171:   child:  10.241.0.0/16 [4] ===
192.168.251.0/26 [2] 10.2.200.0/23 [6] TUNNEL, dpdaction=restart
L2TP-PSK:  172.26.0.151...%any  IKEv1/2
L2TP-PSK:   local:  [172.26.0.151] uses pre-shared key
authentication
L2TP-PSK:   remote: uses pre-shared key authentication
L2TP-PSK:   child:  dynamic[udp/l2f] === 0.0.0.0/0[udp] [7]
TRANSPORT
Routed Connections:
L2TP-PSK{517}:  ROUTED, TRANSPORT, reqid 4
L2TP-PSK{517}:   0.0.0.0/0[udp/l2f] [8] === 0.0.0.0/0[udp] [7]
vpn-xxx.xxx.xxx.171{516}:  ROUTED, TUNNEL, reqid 3
vpn-xxx.xxx.xxx.171{516}:   10.241.0.0/16 [4] === 10.2.200.0/23 [6]
192.168.251.0/26 [2]

Any help would be appreciated, currently stuck.

Thanks Again
-Wally

On Sun, Feb 18, 2024 at 12:17 AM Wally B 
wrote:


I'm working on a site to site connection from my VPC to my on prem
OPNsense VPN.

Cloudstack Version 4.19.0
OPNSense Version 23.4.2

I have two P2 selectors setup in OPNsense and i've got a VPN
customer gateway setup with two subnets (
192.168.251.0/26,172.16.192.0/20 [1] ) in Cloudstack.

The issue im running into is, only the first address in my  VPN
customer gateway gets added to the SAD. So, In the above example,
since 192.168.251.0/26 [2] is first I can pass traffic to and from
the VPC to that subnet on prem. However, 172.16.192.0/20 [3] is
not added.

I checked the logs on my VPC VR and found the following.

Feb 18 06:11:56 r-407-VM charon: 07[CFG] unable to install policy
172.16.192.0/20 [3] === 10.241.0.0/16 [4] in for reqid 3, the same
policy for reqid 5 exists
Feb 18 06:11:56 r-407-VM charon: 07[CFG] unable to install policy
172.16.192.0/20 [3] === 10.241.0.0/16 [4] fwd for reqid 3, the
same policy for reqid 5 exists
Feb 18 06:11:56 r-407-VM charon: 07[CFG] unable to install policy
10.241.0.0/16 [4] === 172.16.192.0/20 [3] out for reqid 3, the
same policy for reqid 5 exists

Wondering if i'm just formatting my  VPN customer gateway CIDRs
wrong?

Thanks!
Wally



Links:
--
[1] http://192.168.251.0/26,172.16.192.0/20
[2] http://192.168.251.0/26
[3] http://172.16.192.0/20
[4] http://10.241.0.0/16
[5] http://172.16.192.0/16
[6] http://10.2.200.0/23
[7] http://0.0.0.0/0%5Budp%5D
[8] http://0.0.0.0/0%5Budp/l2f%5D

Re: restrict Instance console access

[Nux]

Hi,

I do not think there is one in that version - or later ones, although 
certain things do change, you'll have to do it outside Cloudstack 
somehow.


On 2024-02-19 15:52, Gary Dixon wrote:

HI

ACS 4.15.2

Ubuntu 20.04

We have a requirement to restrict access to the VM console for certain
tenants within our ACS implementation - however I cannot see a way to
accomplish this via Role permissions.

Is there a way to restrict VM Console access for specific users ?

BR

Gary

Gary Dixon

Quadris Cloud Manager

0161 537 4980 [1]

 +44 7989717661 [2]

gary.di...@quadris.co.uk

www.quadris.com

Innovation House, 12‑13 Bredbury Business Park
Bredbury Park Way, Bredbury, Stockport, SK6 2SN



Links:
--
[1] tel:0161%20537%204980
[2] tel:+44%207989717661

Re: Unable to find the virtio-win package

[Nux]

Hello,

Sorry to see virtio-win is not available in your Ubuntu distro. I tested 
a while back and the package was available, although I forget the 
version I used.

Anyway, it's no big deal, can easily be worked around.
So these are the files the RPM installs (as of 08-02-2024), they are 
basically drivers for Windows: https://pastebin.com/raw/WDH51ZYJ


I believe virt-v2v expects them in the same location, namely 
/usr/share/virtio-win. There are multiple ways to do this. Examples:


1 - convert the RPM into a deb package and install it:
# download the rpm
wget 
https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.noarch.rpm

# install "alien" which can convert rpms to debs
apt -y install alien
# the conversion, can take a while
alien -d virtio-win.noarch.rpm
# install the resulting deb
dpkg -i virtio-win*.deb

2 - download and extract the RPM contents
# download the rpm
wget 
https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.noarch.rpm

# install the required software to inspect rpm packages
sudo apt -y install rpm2cpio cpio
# create a working directory and cd into it
mkdir virtio-rpm
cd virtio-rpm
# extract
rpm2cpio ../virtio-win*.noarch.rpm | cpio -i --make-directories
# copy the files in the right place
sudo cp -av usr/share/* /usr/share/

You need to do this on every hypervisor you expect to be running 
virt-v2v.


HTH


On 2024-02-08 13:23, Cloudstack Users wrote:
OK, for those of us that are not that familiar with linux, can you 
please let me know how to get that from the ISO to an installer on the 
KVM host? Thank you.


From: Wei ZHOU 
Date: Thursday, February 8, 2024 at 8:14 AM
To: users@cloudstack.apache.org 
Subject: Re: Unable to find the virtio-win package
Hi,

you can download the ISO from
https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/

-Wei

On Thu, 8 Feb 2024 at 14:10, Cloudstack Users
 wrote:


Hello,

We are trying to install the virtio-win drivers on our Ubuntu 22.04
installation for our KVM hosts. When we run the command as specified 
in the

documentation, we get an error.


https://docs.cloudstack.apache.org/en/latest/adminguide/virtual_machines.html#requirements-on-the-kvm-hosts

For Debian-based distributions:

apt install virtio-win

# apt install virtio-win
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package virtio-win

Does anyone know if it uses a different package name that we need to
install?


,

[Answers in Genesis] [Creation Museum] 
<
https://creationmuseum.org/>  [Ark 
Encounter] 

Re: new website is life

[Nux]

Kudos to all involved!
Really nice and fancy.

On 2024-02-07 08:22, Daan Hoogland wrote:

People,
we brought the new website. Please all have a look at
https://cloudstack.apache.org

thanks for any feedback

Re: Snapshot download

[Nux]

KVM VM snapshots are stored inside the qcow2 file of the VM, AFAIK. You 
can't separate it from the VM itself.

You'll have to give the authorities this file unadultered.

On 2024-02-01 05:18, Jithin Raju wrote:

Hi Jimmy,

This feature is not available yet (others may confirm), could you open 
a feature request?


-Jithin

From: Jimmy Huybrechts 
Date: Wednesday, 31 January 2024 at 9:38 PM
To: users@cloudstack.apache.org 
Subject: Snapshot download
Hi,

While doing some last tests before production I noticed there is no 
option to download a vm snapshot (including memory if saved), now for 
some law enforcement cases they will request such a snapshot with 
memory (after proper warrants of course). How to download these in this 
case? Even if it needs to be done manually from shell. Not being able 
to do it is not really an option here unfortunately.


--
Jimmy

Re: [VOTE] Apache CloudStack 4.19.0.0 RC4

[Nux]

+1 (binding) based on a series of tests I've done with Advanced Zones 
and VMWare.



On 2024-01-31 17:10, Nicolas Vazquez wrote:

+1 (binding)

Repeated tests performed on previous RCs around Vmware to KVM migration 
and KVM import/export


Regards,
Nicolas Vazquez


From: Rohit Yadav 
Date: Tuesday, 30 January 2024 at 09:37
To: users , d...@cloudstack.apache.org 


Subject: Re: [VOTE] Apache CloudStack 4.19.0.0 RC4
+1 (binding)

Tested 4.19.0.0 RC4 packages with EL8 (Alma Linux) + KVM using mbx.

Tested the following:

Registered new template
Registered ssh public key
Created isolated network in VM deploy form
Deployed VM as root admin
Allow egress rules for isolated network
Created PF and FW rules, was able to ssh to instance and wget/ping 
Internet IPs


Created normal user account
Register ssh public key
Created isolated network in VM deploy form
Deployed VM as normal user with ssh key
Allow egress rules for isolated network
Acquire new public IP and SNAT that to the VM
Created FW rules, was able to ssh to instance and wget/ping Internet 
IPs


Found some UI quirks, issues, but none of them are blockers. Reported 
them here: https://github.com/apache/cloudstack/issues/8576



Regards.








From: Abhishek Kumar 
Sent: Monday, January 29, 2024 12:28
To: users ; d...@cloudstack.apache.org 


Cc: PMC 
Subject: [VOTE] Apache CloudStack 4.19.0.0 RC4

Hi All,

I've created a 4.19.0.0 release (RC4), with the following artifacts up 
for

a vote:

Git Branch and Commit SH:
https://github.com/apache/cloudstack/tree/4.19.0.0-RC20240129T1021
Commit: 2746225b999612f156e421199e34ef8de98a3664

Source release (checksums and signatures are available at the same
location):
https://dist.apache.org/repos/dist/dev/cloudstack/4.19.0.0/

PGP release keys (signed using 
65518106473A09D7AF26B384A70BD2EAA74E2866):

https://dist.apache.org/repos/dist/release/cloudstack/KEYS

For testing purposes, I have uploaded the different distro packages to:
http://download.cloudstack.org/testing/4.19.0.0-RC4/

Since 4.16 the system VM template registration is no longer mandatory
before upgrading, however, it can be downloaded from here if needed:
https://download.cloudstack.org/systemvm/4.19/

The vote will be open for 72 hours.

For sanity in tallying the vote, can PMC members please be sure to 
indicate

"(binding)" with their vote?

[ ] +1  approve
[ ] +0  no opinion
[ ] -1  disapprove (and reason why)

Regards,
Abhishek

Re: xcp templates to kvm

[Nux]

What Kiran said, and in addition to that make sure you have the right 
drivers in the VM templates (ie virtio_blk, virtio_net etc).

Virt-v2v might help here:
https://access.redhat.com/articles/1353783

On 2024-01-31 12:17, Kiran Chavala wrote:

Hi Francisco

The xcp zone templates will in vhd format. In order for them to work 
with KVM zone they have to be in qcow2 format


You can try to use the qemu-img tool to convert them to qcow2 format

Regards
Kiran

From: Francisco Arencibia Quesada 
Date: Wednesday, 31 January 2024 at 5:28 PM
To: users@cloudstack.apache.org 
Subject: xcp templates to kvm
Good morning guys,

I have a doubt regarding a matter. If I copy all templates, such as 
Ubuntu
and Windows, from an XCP zone to a KVM zone, is it possible to make 
them

work? Or do I need to create new templates for the KVM zone?
Thank you in advance
Regards
--
*Francisco Arencibia Quesada.*
*DevOps Engineer*

Re: Cloudstack takes 5 Minutes to Realise Hypervisor is down.

[Nux]

When dealing with these timeouts, try not to be too stingy with the 
values.
2 minutes may not be enough for other timeouts in your infra to complete 
so that the whole process happens gracefully.
Whoever thought of 5 minutes as default must have had serious 
considerations.


On 2024-01-24 09:02, Wei ZHOU wrote:

Hi,

You can change the global setting "ping.interval" to 10 (seconds), 
restart

the management service, and retest.

-Wei

On Wed, 24 Jan 2024 at 09:41, Bryan Tiang  
wrote:



Hi Community,

We are performing failover test to see how quickly a VM will failover 
to

another compute node in the event of a compute node hardware failure.

We forcefully power off the compute node where the VM is residing and
monitor how long it takes to failover, and after a few tests the 
result is
averagely around 5 mins for the compute node to be declared down and 
for

the VM to failover to another node.

Referring to
https://cwiki.apache.org/confluence/display/cloudstack/host+ha, we've
made a few changes in global settings hoping we can shorten the total 
time

needed to failover but it doesn’t seem to work.

We're wondering which settings that will effectively achieve our
objective, we're looking at around 2 mins total for failover to 
complete.


We are using Cloudstack 4.18.1 + Linstor + KVM Ubuntu

Regards,
Bryan

Re: new website design

[Nux]

+1 - do it.

On 2024-01-19 14:50, Daan Hoogland wrote:

As we get no major issues on it and we already voted to have this
design applied, is it alright to deploy this in the coming weeks?

On Wed, Jan 17, 2024 at 8:31 PM Daan Hoogland  
wrote:


devs and users,

back in august we had a small discussion about a new website design,
led by Ivet [1]. In the meanwhile Rohit had investigated using
docusaurus as a publishing mechanism for the site. After the last few
weeks I have been working on integrating the two. The result so far
can be viewed on the staging site [2]

Please all have a look and give me any feedback you may have, so we
can move this forward.

[1] https://lists.apache.org/thread/fopjc3r4hjkp9nbkj9xzoxv406rowkso
[2] https://cloudstack.staged.apache.org/

--
Daan

Re: new PMC member Harikrishna Patnala

[Nux]

Congrats Harikrishna, well deserved!



On 2024-01-15 09:25, Daan Hoogland wrote:

users and dev,

The PMC have invited Harikrishna to join their ranks and he has
gracefully accepted. Please join me in congratulating Hari.

New committer: Alexandre Mattioli

[Nux]

All,

The Project Management Committee (PMC) for Apache CloudStack
has invited Alexandre Mattioli to become a committer and we are pleased
to announce that they have accepted.

Alex has been instrumental in many features present today in Cloudstack, 
with a focus on networking and VMWare:

- IPv6 static routing
- Edge Zones
- Autoscaling with VR
- VNF appliances
- VMWare NSX support
- Tungsten Fabric / OpenSDN
- Backup & recovery framework
- VLAN trunking and security policies in ESX
and so on.


Please join me in congratulating Alex!

Re: Management GUI Session Time Out

[Nux]

Hello Bryan,

I think on recent releases you need to adjust session.timeout in 
/etc/cloudstack/management/server.properties and then restart the 
service.


HTH

On 2024-01-05 17:00, Brian Fossmeyer wrote:

Hello,

I know there is a GitHub idea to add a session timeout to the GUI, but 
I would like to go ahead and change it before that idea becomes a 
reality. I found an old article


https://cwiki.apache.org/confluence/display/CLOUDSTACK/Increase+the+Timeout+of+the+CloudStack+Management+GUI

And the path that is mentioned in there is different for 4.18.1. The 
path that I found for the web.xml is:



/usr/share/cloudstack-management/webapp/WEB-INF

Is this the correct place to put the timeout settings of


 60


And is this the proper method to make this change to extend the default 
timer?


Thanks,

Brian

Brian Fossmeyer
Senior Enterprise Systems Engineer, Technology

[Answers in Genesis] [Creation Museum] 
  [Ark Encounter] 

Re: [VOTE] Apache CloudStack 4.19.0.0 RC1

[Nux]

That's a nice Christmas gift, Abhishek, thanks!

I'll be testing after the new year.



On 2023-12-22 13:48, Abhishek Kumar wrote:

Hi All,

I've created a 4.19.0.0 release (RC1), with the following artifacts up 
for

a vote:

Git Branch and Commit SH:
https://github.com/apache/cloudstack/tree/4.19.0.0-RC20231222T1711
Commit: 92c0fc8fc25c916a7f3c7875d924b2d14d437501

Source release (checksums and signatures are available at the same
location):
https://dist.apache.org/repos/dist/dev/cloudstack/4.19.0.0/

PGP release keys (signed using 
65518106473A09D7AF26B384A70BD2EAA74E2866):

https://dist.apache.org/repos/dist/release/cloudstack/KEYS

For testing purposes, I have uploaded the different distro packages to:
http://download.cloudstack.org/testing/4.19.0.0-RC1/

Since 4.16 the system VM template registration is no longer mandatory
before upgrading, however, it can be downloaded from here if needed:
https://download.cloudstack.org/systemvm/4.19/

Vote will be open for 120 hours.

For sanity in tallying the vote, can PMC members please be sure to 
indicate

"(binding)" with their vote?

[ ] +1  approve
[ ] +0  no opinion
[ ] -1  disapprove (and reason why)

Happy Christmas everyone!

@Devs - sorry the previous email wasn't copied to the user mailing list
correctly.

Regards,
Abhishek

Re: Happy Holidays!

[Nux]

Happy holidays, Ivet and all!

On 2023-12-21 13:28, Ivet Petrova wrote:

Dear community members and fellow CloudStack friends,

I want to wish you all a great holiday season, lots of great times
with your beloved ones, lots of presents and great time.
Thank you all, who are contributing to the community, who participated
at events, who supported all the community marketing initiatives!
We are a great community, and I am sure next year will be even more
successful for us as a community.

Happy Holidays,
Ivet

Re: new committer: João Jandre Paraquetti

[Nux]

Welcome aboard, João! :-)


On 2023-12-18 12:46, Daan Hoogland wrote:

community,
The PMC have invited João Jandre Paraquetti to join the project as a
committer and the invitation was gratefully accepted.
Please join me in welcoming João.
Congratulations João,

Re: VM/Disk Metrics Prometheus Export

[Nux]

If on KVM I recommend the Prometheus libvirt exporter.

On 2023-12-07 10:31, Joan g wrote:

Hi Team,

I could see that we have prometheus exporter plugin available with
cloudstack.

Do we have any plans to export VM,VR and disk metrices ?

Regards,
Jon

Re: running Windows VM on Ubuntu 22 KVM

[Nux]

This is already possible. Stop the VM, go to Settings, change the 
rootDiskController and/or dataDiskController as you please.


https://i.imgur.com/ns7Cdzm.jpg

On 2023-12-13 06:16, Pratik Chandrakar wrote:

Hi Wei,
I think lots of users are unaware of PV OS Type to improve the 
performance,

I was also facing the same problem with Windows Machine and thanks to
this thread I also got better disk performance. So instead of changing 
the

OS type can ACS provide an option within the UI to change the
virtualization/driver (e.g. scsi/ide) mode in a stopped VM?

On Mon, Dec 11, 2023 at 4:14 PM Wei ZHOU  wrote:

If the OS type is "Windows Server ", the VM will be started with 
an

E1000 nic device and IDE disk.

You need to change to "Windows PV", vm will have virtio NIC and disk.
If you want better disk performance, you can try with "Other PV 
Virtio-SCSI

(64-bit)", which might require some changes on your windows templates.

-Wei


On Mon, 11 Dec 2023 at 11:34,  wrote:

> Thx, Wei, I used OS Type Windows Server 2022 (64-bit). Is this not
working?
>
> -Ursprüngliche Nachricht-
> Von: Wei ZHOU 
> Gesendet: Montag, 11. Dezember 2023 11:29
> An: users@cloudstack.apache.org
> Betreff: Re: running Windows VM on Ubuntu 22 KVM
>
> You can stop the vm, change the OS type to "Windows PV" and then start
the
> vm.
>
> -Wei
>
> On Mon, 11 Dec 2023 at 11:17,  wrote:
>
> > Hi all,
> >
> >
> >
> > I am kind of new to use KVM for Windows VMs and run into some problems.
> >
> > I used an English template for Windows Server 2022 and installed a VM
> > successfully via Cloudstack. Everything looks good and the NIC is
> > working Intel PRO 1000 emulation.
> >
> > As far as I understand you need to install the VirtIO driver to get a
> > better performance from your VM. I downloaded the ISO from:
> >
> > https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stabl
> > e-virt
> > io/virtio-win.iso
> >  > le-virtio/virtio-win.iso>
> >
> > And installed them inside the Windows Sever VM successfully. But even
> > after a reboot of the VM it looks like it is still using the emulated
> > Intel PRO
> > 1000 NIC and also QEMU ATA drivers for disk access.
> >
> >
> >
> > Did I miss something? Do I need to install anything on the KVM host,
too?
> > Performance is very poor inside the Wind VM.
> >
> >
> >
> > Thx for any help!
> >
> >
> >
> > Regards,
> >
> > Swen
> >
> >
>
>
>

Re: new committer Vladimir Petrov

[Nux]

Well done, Vladi! :)

On 2023-12-12 09:52, Daan Hoogland wrote:

community,

The PMC has decided Vladi to become a committer and he has gracefully
accepted. Please join me in welcoming Vladi to the project as
committer.
Congratulations Vladi

Re: OS Upgrade Rocky 8.5 to 8.9

[Nux]

Thanks Wei, yes, that is my understanding as well.



On 2023-12-11 22:44, Wei ZHOU wrote:

Right. The value might  be updated each time when cloudstack-agent is
restarted.

-Wei


在 2023年12月11日星期一，Nux  写道：


Great,

When you are done upgrading all hosts then you can revert the original
/etc/redhat-release. If it's identical on all hosts it should be fine, 
if

it still complains you can have a look in the DB.



On 2023-12-11 14:14, Christian Reichert wrote:


Hi Nux,

thanks for your replay, I did a first test in changing the OS and I 
was

able to add the host again.

Many thanks,

Christian



-Ursprüngliche Nachricht-
Von: Nux [mailto:n...@li.nux.ro]
Gesendet: Montag, 11. Dezember 2023 12:07
An: users@cloudstack.apache.org
Cc: Christian Reichert 
Betreff: Re: OS Upgrade Rocky 8.5 to 8.9

Hi,

Cloudstack matches the Rocky OS by means of 2 things:
- the contents of /etc/redhat-release and
- the contents of cloud.host_details (where existing entries are)

The script who does this is
/usr/share/cloudstack-common/scripts/vm/hypervisor/versions.sh

I am not 100% this will work, but try to adjust /etc/redhat-release 
on
the new server to be like the old ones, see if that yields any 
improvements

to your problem.
You should definitely NOT fiddle like this in production, if you have 
a

test environment, that'd be great.

HTH

On 2023-12-10 11:11, Christian Reichert wrote:


Hello Community,

I have a Cluster with Rocky 8.5 hosts, libvirt 6 and CloudStack 
Agent

4.18.0. I upgrade the first host to Rock 8.9 with libvirt 8, now the
agent is not starting on the host.

In the log I found "ERROR [kvm.resource.LibvirtConnection]
(Agent-Handler-1:null) (logid:) Connection with libvirtd is broken:
invalid connection pointer in virConnectGetVersion"

I know that I cannot mix OS versions in a cluster but I thought this
is only valid for major versions like Rock 8 / 9.

When I add the host to a new create cluster the host is successfully
added.

Any idea how to upgrade my existing cluster without interrupting the
instances to Rock 8.9?

Any help would be appreciated, thanks

BR, Christian

Re: AW: OS Upgrade Rocky 8.5 to 8.9

[Nux]

Great,

When you are done upgrading all hosts then you can revert the original 
/etc/redhat-release. If it's identical on all hosts it should be fine, 
if it still complains you can have a look in the DB.




On 2023-12-11 14:14, Christian Reichert wrote:

Hi Nux,

thanks for your replay, I did a first test in changing the OS and I was 
able to add the host again.


Many thanks,

Christian



-Ursprüngliche Nachricht-
Von: Nux [mailto:n...@li.nux.ro]
Gesendet: Montag, 11. Dezember 2023 12:07
An: users@cloudstack.apache.org
Cc: Christian Reichert 
Betreff: Re: OS Upgrade Rocky 8.5 to 8.9

Hi,

Cloudstack matches the Rocky OS by means of 2 things:
- the contents of /etc/redhat-release and
- the contents of cloud.host_details (where existing entries are)

The script who does this is
/usr/share/cloudstack-common/scripts/vm/hypervisor/versions.sh

I am not 100% this will work, but try to adjust /etc/redhat-release on 
the new server to be like the old ones, see if that yields any 
improvements to your problem.
You should definitely NOT fiddle like this in production, if you have a 
test environment, that'd be great.


HTH

On 2023-12-10 11:11, Christian Reichert wrote:

Hello Community,

I have a Cluster with Rocky 8.5 hosts, libvirt 6 and CloudStack Agent
4.18.0. I upgrade the first host to Rock 8.9 with libvirt 8, now the
agent is not starting on the host.

In the log I found "ERROR [kvm.resource.LibvirtConnection]
(Agent-Handler-1:null) (logid:) Connection with libvirtd is broken:
invalid connection pointer in virConnectGetVersion"

I know that I cannot mix OS versions in a cluster but I thought this
is only valid for major versions like Rock 8 / 9.

When I add the host to a new create cluster the host is successfully
added.

Any idea how to upgrade my existing cluster without interrupting the
instances to Rock 8.9?

Any help would be appreciated, thanks

BR, Christian

Re: AW: AW: running Windows VM on Ubuntu 22 KVM

[Nux]

If it is then it will certainly require the virtio drivers.
That said I always avoided doing this operation, often prone to crashes 
in my experience.


On 2023-12-11 11:53, m...@swen.io wrote:

Hi Nux,

thx, virtio-win-gt-x64.msi was the missing link. Now VM-snapshot do 
work!
What is not working at the moment is dynamically scaling cpu of a 
running VM. Is this even possible with Windows?


Regards,
Swen

-Ursprüngliche Nachricht-
Von: Nux 
Gesendet: Montag, 11. Dezember 2023 12:41
An: users@cloudstack.apache.org
Cc: m...@swen.io
Betreff: Re: AW: running Windows VM on Ubuntu 22 KVM

You can VM snapshot Windows, no issues, doesn't need any special tools.
That said, I usually bundle virtio drivers and QEMU guest agent in 
Windows VMs.

Basically install something like this:
https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/virtio-win-0.1.240-1/virtio-win-gt-x64.msi

On 2023-12-11 11:26, m...@swen.io wrote:

Is it possible to create VM-snapshots of Windows VMs? Do I need to
install other guest tools?

-Ursprüngliche Nachricht-
Von: Wei ZHOU 
Gesendet: Montag, 11. Dezember 2023 11:43
An: users@cloudstack.apache.org
Betreff: Re: running Windows VM on Ubuntu 22 KVM

If the OS type is "Windows Server ", the VM will be started with
an
E1000 nic device and IDE disk.

You need to change to "Windows PV", vm will have virtio NIC and disk.
If you want better disk performance, you can try with "Other PV
Virtio-SCSI (64-bit)", which might require some changes on your
windows templates.

-Wei


On Mon, 11 Dec 2023 at 11:34,  wrote:


Thx, Wei, I used OS Type Windows Server 2022 (64-bit). Is this not
working?

-Ursprüngliche Nachricht-
Von: Wei ZHOU 
Gesendet: Montag, 11. Dezember 2023 11:29
An: users@cloudstack.apache.org
Betreff: Re: running Windows VM on Ubuntu 22 KVM

You can stop the vm, change the OS type to "Windows PV" and then
start the vm.

-Wei

On Mon, 11 Dec 2023 at 11:17,  wrote:

> Hi all,
>
>
>
> I am kind of new to use KVM for Windows VMs and run into some problems.
>
> I used an English template for Windows Server 2022 and installed a
> VM successfully via Cloudstack. Everything looks good and the NIC
> is working Intel PRO 1000 emulation.
>
> As far as I understand you need to install the VirtIO driver to get
> a better performance from your VM. I downloaded the ISO from:
>
> https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/st
> a
> bl
> e-virt
> io/virtio-win.iso
> <https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/s
> t
> ab
> le-virtio/virtio-win.iso>
>
> And installed them inside the Windows Sever VM successfully. But
> even after a reboot of the VM it looks like it is still using the
> emulated Intel PRO
> 1000 NIC and also QEMU ATA drivers for disk access.
>
>
>
> Did I miss something? Do I need to install anything on the KVM host, too?
> Performance is very poor inside the Wind VM.
>
>
>
> Thx for any help!
>
>
>
> Regards,
>
> Swen
>
>

Re: [D] Test Discussion [cloudstack]

[Nux]

test reply

On 2023-12-11 11:52, NuxRo wrote:

GitHub user NuxRo added a comment to the discussion: Test Discussion

yo

GitHub link: 
https://github.com/apache/cloudstack/discussions/8344#discussioncomment-7818945



This is an automatically sent email for users@cloudstack.apache.org.
To unsubscribe, please send an email to: 
users-unsubscr...@cloudstack.apache.org

Re: AW: running Windows VM on Ubuntu 22 KVM

[Nux]

You can VM snapshot Windows, no issues, doesn't need any special tools.
That said, I usually bundle virtio drivers and QEMU guest agent in 
Windows VMs.

Basically install something like this:
https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/virtio-win-0.1.240-1/virtio-win-gt-x64.msi

On 2023-12-11 11:26, m...@swen.io wrote:
Is it possible to create VM-snapshots of Windows VMs? Do I need to 
install other guest tools?


-Ursprüngliche Nachricht-
Von: Wei ZHOU 
Gesendet: Montag, 11. Dezember 2023 11:43
An: users@cloudstack.apache.org
Betreff: Re: running Windows VM on Ubuntu 22 KVM

If the OS type is "Windows Server ", the VM will be started with an
E1000 nic device and IDE disk.

You need to change to "Windows PV", vm will have virtio NIC and disk.
If you want better disk performance, you can try with "Other PV 
Virtio-SCSI (64-bit)", which might require some changes on your windows 
templates.


-Wei


On Mon, 11 Dec 2023 at 11:34,  wrote:

Thx, Wei, I used OS Type Windows Server 2022 (64-bit). Is this not 
working?


-Ursprüngliche Nachricht-
Von: Wei ZHOU 
Gesendet: Montag, 11. Dezember 2023 11:29
An: users@cloudstack.apache.org
Betreff: Re: running Windows VM on Ubuntu 22 KVM

You can stop the vm, change the OS type to "Windows PV" and then start
the vm.

-Wei

On Mon, 11 Dec 2023 at 11:17,  wrote:

> Hi all,
>
>
>
> I am kind of new to use KVM for Windows VMs and run into some problems.
>
> I used an English template for Windows Server 2022 and installed a
> VM successfully via Cloudstack. Everything looks good and the NIC is
> working Intel PRO 1000 emulation.
>
> As far as I understand you need to install the VirtIO driver to get
> a better performance from your VM. I downloaded the ISO from:
>
> https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/sta
> bl
> e-virt
> io/virtio-win.iso
>  ab
> le-virtio/virtio-win.iso>
>
> And installed them inside the Windows Sever VM successfully. But
> even after a reboot of the VM it looks like it is still using the
> emulated Intel PRO
> 1000 NIC and also QEMU ATA drivers for disk access.
>
>
>
> Did I miss something? Do I need to install anything on the KVM host, too?
> Performance is very poor inside the Wind VM.
>
>
>
> Thx for any help!
>
>
>
> Regards,
>
> Swen
>
>

Re: OS Upgrade Rocky 8.5 to 8.9

[Nux]

Hi,

Cloudstack matches the Rocky OS by means of 2 things:
- the contents of /etc/redhat-release and
- the contents of cloud.host_details (where existing entries are)

The script who does this is 
/usr/share/cloudstack-common/scripts/vm/hypervisor/versions.sh


I am not 100% this will work, but try to adjust /etc/redhat-release on 
the new server to be like the old ones, see if that yields any 
improvements to your problem.
You should definitely NOT fiddle like this in production, if you have a 
test environment, that'd be great.


HTH

On 2023-12-10 11:11, Christian Reichert wrote:

Hello Community,

I have a Cluster with Rocky 8.5 hosts, libvirt 6 and CloudStack Agent
4.18.0. I upgrade the first host to Rock 8.9 with libvirt 8, now the
agent is not starting on the host.

In the log I found "ERROR [kvm.resource.LibvirtConnection]
(Agent-Handler-1:null) (logid:) Connection with libvirtd is broken:
invalid connection pointer in virConnectGetVersion"

I know that I cannot mix OS versions in a cluster but I thought this
is only valid for major versions like Rock 8 / 9.

When I add the host to a new create cluster the host is successfully
added.

Any idea how to upgrade my existing cluster without interrupting the
instances to Rock 8.9?

Any help would be appreciated, thanks

BR, Christian

Re: [VOTE] Adopt Github Discusssions as Users Forum

[Nux]

-0 - I have voiced my concerns already.


On 2023-12-04 08:01, Rohit Yadav wrote:

All,

Following the discussion thread on adopting Github Discussions as users 
forum [1], I put the following proposal for a vote:



  1.  Adopt and use Github Discussions as user forums.
  2.  The Github Discussions feature is tied with the 
users@cloudstack.apache.org mailing list (PR: 
https://github.com/apache/cloudstack/pull/8274).
  3.  Any project governance and decision-making thread such as voting, 
releases etc. should continue to use the project mailing lists.


Vote will be open for 120 hours (by Friday, 8th Dec).

For sanity in tallying the vote, can PMC members please be sure to 
indicate "(binding)" with their vote?


[ ] +1  approve
[ ] +0  no opinion
[ ] -1  disapprove (and reason why)

[1] https://lists.apache.org/thread/hs0295hw9rnmhoh9l2qo5hc4b62hhvk8


Regards.

Re: Host tags

[Nux]

Sounds good, thanks for clarifying.


On 2023-12-04 20:40, Marty Godsey wrote:

Nux,

They do. I have no other issues and the tags “magically appeared” so, 
idk.. But it didn’t seem to have any issues. Since there were no issues 
observed, I am not worried about troubleshooting.


Marty

From: Nux 
Date: Friday, December 1, 2023 at 1:56 PM
To: users@cloudstack.apache.org 
Subject: Re: Host tags
Hi,

That could be XO's doing. I was hoping XO and cloudstack can co-exist 
peacefully, but this doesn't fill me with confidence.




On 1 December 2023 08:42:35 GMT, Boris Stoyanov 
 wrote:

Marty,
We haven’t really observed a situation of tags being missing all of 
the sudden, I don’t recall such issue. Feel free to add them once more 
at the host.


Bobby.

From: Marty Godsey 
Date: Wednesday, 29 November 2023 at 22:26
To: users@cloudstack.apache.org 
Subject: Host tags
Hello guys,

I am using XCP-NG for my hosts and use XOA to “manage” them. When I 
say manage, I mean just use it for visibility into the cluster. 
Cloudstack does all the work.


I noticed today that my tags on the hosts are missing. It’s on one of 
the hosts but not the other two. Is this a concern? How would I get 
them back if needed?


Marty

Re: VM Snapshot failing

[Nux]

Can you include more of the log before and after? 

On 1 December 2023 17:53:44 GMT, Granwille Strauss 
 wrote:
>Hi Guys
>
>I am trying to make a snapshot of a specific VM via cloudstack UI. But it 
>keeps failing with the following error:
>
>> 2023-12-01 19:49:18,585 DEBUG [c.c.a.t.Request] 
>> (Work-Job-Executor-2:ctx-1209a35a job-4622/job-4623 ctx-de841c3f) 
>> (logid:74a50c5f) Seq 36-391324554706966: Received:  { Ans: , MgmtId: 
>> 66988330791812, via: 36(HOSTNAME), Ver: v1, Flags: 10, { CreateObjectAnswer 
>> } }
>> 2023-12-01 19:49:18,585 DEBUG [o.a.c.s.s.SnapshotServiceImpl] 
>> (Work-Job-Executor-2:ctx-1209a35a job-4622/job-4623 ctx-de841c3f) 
>> (logid:74a50c5f) create snapshot backup-donaf failed: Failed take snapshot 
>> for volume 
>> [volumeTO[uuid=24a9c1eb-007b-4bff-b935-1bb86b522633|path=734d26ae-dccb-41df-993a-dbea866cd2be|datastore=PrimaryDataStoreTO[uuid=85e49c98-0988-4627-984c-8f4719c401e3|name=HOSTNAME-local-85e49c98|id=24|pooltype=Filesystem]]],
>>  in VM [i-2-159-VM], due to [VM [i-2-159-VM] has no disk with path 
>> [/var/lib/libvirt/images/734d26ae-dccb-41df-993a-dbea866cd2be]. VM's XML 
>> [
>Do you guys know what this could mean and possible ways to address this, 
>please?
>
>-- 
>Regards / Groete
>
>  Granwille Strauss  // Senior Systems Admin
>
>*e:* granwi...@namhost.com
>*m:* +264 81 323 1260 
>*w:* www.namhost.com 
>
>
>
>
>
>Namhost Internet Services (Pty) Ltd,
>
>24 Black Eagle Rd, Hermanus, 7210, RSA
>
>
>
>The content of this message is confidential. If you have received it by 
>mistake, please inform us by email reply and then delete the message. It is 
>forbidden to copy, forward, or in any way reveal the contents of this message 
>to anyone without our explicit consent. The integrity and security of this 
>email cannot be guaranteed over the Internet. Therefore, the sender will not 
>be held liable for any damage caused by the message. For our full privacy 
>policy and disclaimers, please go to https://www.namhost.com/privacy-policy
>
>Powered by AdSigner 
>

Re: Host tags

[Nux]

Hi,

That could be XO's doing. I was hoping XO and cloudstack can co-exist 
peacefully, but this doesn't fill me with confidence.



On 1 December 2023 08:42:35 GMT, Boris Stoyanov  
wrote:
>Marty,
>We haven’t really observed a situation of tags being missing all of the 
>sudden, I don’t recall such issue. Feel free to add them once more at the host.
>
>Bobby.
>
>From: Marty Godsey 
>Date: Wednesday, 29 November 2023 at 22:26
>To: users@cloudstack.apache.org 
>Subject: Host tags
>Hello guys,
>
>I am using XCP-NG for my hosts and use XOA to “manage” them. When I say 
>manage, I mean just use it for visibility into the cluster. Cloudstack does 
>all the work.
>
>I noticed today that my tags on the hosts are missing. It’s on one of the 
>hosts but not the other two. Is this a concern? How would I get them back if 
>needed?
>
>Marty
>
> 
>

Re: new committer Bryan Lima

[Nux]

Congratulations, Bryan!


On 2023-11-30 09:07, Daan Hoogland wrote:

All,

The Project Management Committee (PMC) for Apache CloudStack
has invited Bryan Lima to become a PMC member and we are pleased
to announce that they have accepted.

Bryan has contributed himself and assisted in reviewing and testing
the work of others. He has shown to be responsive, constructive and
pleasant to work with.

please join me in congratulating Bryan

Re: new PMC member: Abhishek Kumar

[Nux]

Congrats and well deserved! 

On 23 November 2023 09:40:58 CET, Daan Hoogland  wrote:
>The Project Management Committee (PMC) for Apache CloudStack
>has invited Abhishek Kumar to become a PMC member and we are pleased
>to announce that they have accepted.
>
>Abhishek has contributed in the past and has shown effort to make the
>project run smoothly. He is also the Release Manager for the upcoming
>4.19 release.
>
>please join me in congratulating Abhishek
>
>-- 
>Daan
>

Re: Firewall rules based on IP lists

[Nux]

This could be easily done with a security group, but I take it you're not using 
a security groups zone..

The alternative is like Ruben said to use ipsets inside the guest.



On 22 November 2023 17:39:15 CET, Ruben Bosch  wrote:
>I'm not aware of this existing in CloudStack, but you could very easily use 
>"ipset" to achieve this within your Linux VM.
>
>Met vriendelijke groet / Kind regards,
>
>Ruben Bosch
>CLDIN
>
>> On 22 Nov 2023, at 17:36, Murilo Moura  wrote:
>> 
>> Is there any future feature planned to allow creating firewall rules based
>> on "lists" with multiple source IPs together?
>> 
>> it would be useful with cloudflare, for example, which has several IPs that
>> are geographically distributed and need to be released on the client's
>> firewall.
>

Re: SMBIOS UUID sticky

[Nux]

Hi,

It seems like a serious enough problem , I'd open a guthyb issue explaining it 
and hopefully something can be done about it.



On 22 November 2023 17:46:04 CET, Francisco Arencibia Quesada 
 wrote:
>Hello everyone!
>
>I'm really hoping to find an answer here, since I can't find anything on
>the internet regarding my problem. So, here's the deal:
>
>I'm using cloudstack as an orchestrator for XenServer. I noticed that each
>time a Windows VM shuts down, when it starts up again it has a different
>SMBIOS UUID. This causes problems for a specific application, Veeam Agent
>for Windows. Veeam Agent recognises the machine from its SMBIOS UUID only,
>so each time an SMBIOS UUID is reset, Veeam Agents think its a different
>machine and delete the entire backup chain, then creating a new one. Is
>there any way I can make my VMs SMBIOS UUID persistent/permanent/sticky?
>Any help would be appreciated.
>
>Thanks :)
>
>-- 
>*Francisco Arencibia Quesada.*
>*DevOps Engineer*

Re: VM Templates - ROOT DISK link

[Nux]

Yes there is, when you create a Compute Offering you can choose between 
thin provisioning, sparse provisioning and fat provisioning (full clone 
afaik).
That said I do not recommend full clones generally, they generate a lot 
of I/O and "waste" of space.




On 2023-11-21 14:18, Murilo Moura wrote:
Guys, when we create a new VM from a template, it seems to me that a 
new
disk is created as if it were a snapshot, linked to the original 
template

file (qcow2 backing file link).

Is there any way to avoid this link, creating a complete clone of the
template disk and attaching it exclusively to the new VM?

Re: XCP-NG 8.2 and Linux Bridging

[Nux]

I never was able to use XS with OVS in a Security Groups zone, you need 
a bridge so iptables/ebtables work well on it.



On 2023-11-22 07:30, Wei ZHOU wrote:

Hi,

OVS/XS should be supported. doc may be out of date.

-Wei


On Tue, 21 Nov 2023 at 21:15, Marty Godsey  wrote:


In the documentation, I see that Linux bridging is still mentioned for
XenServer 6.1 installs. I understand we are past that, but is Linux
bridging still required when using Advanced networking with security
groups? Is CS not compatible with the OVS?

Regards,
Marty

Re: KVM clustering with Cloudstack

[Nux]

You either do it with Cloudstack or you don't. Using corosync etc is not 
supported.



On 2023-11-20 10:12, Francisco Arencibia Quesada wrote:

Good morning guys,

What is recommended from your point of view?
Create a KVM cluster with corosync and pacemaker, or directly handle 
the

cluster
with CloudStack. Is it fully supported?


Kind regards.

Re: Inquiry about Enabling Security Groups and Network Type "Advanced"

[Nux]

Hello,

Alas you can't just enable security groups on an existing regular 
advanced zone, one needs to be created from scratch.
In an adv zone with SG basically you have all your VMs connected in one 
big network that is protected and isolated by the so called security 
grups which are basically sets of iptables and ebtables rules.


You lose the ability of having a virtual router in front of your VMs, so 
say goodbye to NAT, load balancer, firewall (although you have security 
groups which have a similar role), vpn etc.


What you gain is not insignificant either, because sg zones are simpler 
from a networking pov and this is always a good thing.
I find SG zones are usually perfect for VPS/cloud providers. Typically 
all the VPS would be connected in a flat network, eg a public /24, each 
would get a public IP and they'd be locked into that IP by the security 
groups (they won't be able to "steal" IPs).


HTH

On 2023-11-14 01:51, Palash Biswas wrote:

Hi Community Team Member,

I hope you're having a good day.
I would like to inquire about enabling Security Groups without the need 
to
recreate Zones. Additionally, I'm interested in understanding the 
potential

impacts or risks associated with enabling Security Groups with the
"Advanced" Network Type.

Your guidance and advice on this matter would be greatly appreciated.

Regards,
Palash Biswas

Re: Redundant router - Isolated Network

[Nux]

What is the issue with vrrp exactly?

On 2023-11-09 18:59, Alex Mattioli wrote:

Does this PR fix the issues with VRRP?




-Original Message-
From: gabriel.fernan...@scclouds.com.br 


Sent: Wednesday, November 8, 2023 3:32 PM
To: users@cloudstack.apache.org
Subject: RE: Redundant router - Isolated Network

Hello Cristian,

This feature was removed from the UI due to complaints made by some 
operators. However, we have an ongoing discussion in this Pull Request:
(https://github.com/apache/cloudstack/pull/7405) where we are 
considering ways to reimplement this feature without the aforementioned 
issues.


Kind regards.

Re: VM Backups

[Nux]

Hi,

When you use KVM with local storage you are using qcow2 files which 
allow for both VM and volume snapshots.

Make sure in the global settings the KVM snapshots are enabled.

On 2023-11-07 11:07, Granwille Strauss wrote:

Hi Nux

We run KVM using local storage for all VM instances. Its to my
understanding you cannot run live/running VM snapshots of VMs if you
use the KVM local storage.

On 11/7/23 13:03, Nux wrote:


You certainly can. What is your hypervisor?

On 2023-11-07 10:28, Granwille Strauss wrote:
Hi Guys

I want to add on to this question, what is the industry standard of
making backups/snapshots of the VMs when using or working only with
local storage? You cannot make running/live VM snapshots if you use
local storage. So what do most guys implement in such cases?
On 11/7/23 05:25, Murilo Moura wrote:

Hi everyone!

What other solutions, besides Veeam, can be used (in production) to
backup
virtual machines integrated with CloudStack?

--

Regards / Groete

[1]
Granwille Strauss  //  Senior Systems Admin

e: granwi...@namhost.com
m: +264 81 323 1260 [2]
w: www.namhost.com [1] [3]

[4] [5] [6] [7] [8]

[9]

Namhost Internet Services (Pty) Ltd,

24 Black Eagle Rd, Hermanus, 7210, RSA

The content of this message is confidential. If you have
received
it by mistake, please inform us by email reply and then delete the
message. It is forbidden to copy, forward, or in any way reveal the
contents of this message to anyone without our explicit consent. The

integrity and security of this email cannot be guaranteed over the
Internet. Therefore, the sender will not be held liable for any
damage
caused by the message. For our full privacy policy and disclaimers,
please go to https://www.namhost.com/privacy-policy

[10]

Links:
--
[1] https://www.namhost.com
[2] tel:+264813231260
[3] https://www.namhost.com/
[4] https://www.facebook.com/namhost
[5] https://twitter.com/namhost
[6] https://www.instagram.com/namhostinternetservices/
[7] https://www.linkedin.com/company/namhos
[8] https://www.youtube.com/channel/UCTd5v-kVPaic_dguGur15AA
[9]


https://www.adsigner.com/v1/l/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818/banner

[10]


https://www.adsigner.com/v1/c/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818

--

 Regards / Groete

 [2]
 Granwille Strauss  //  Senior Systems Admin

e: granwi...@namhost.com
m: +264 81 323 1260 [3]
w: www.namhost.com [4]

 [5] [6] [7] [8] [9]

 [10]

 Namhost Internet Services (Pty) Ltd,

24 Black Eagle Rd, Hermanus, 7210, RSA

The content of this message is confidential. If you have 
received
it by mistake, please inform us by email reply and then delete the
message. It is forbidden to copy, forward, or in any way reveal the
contents of this message to anyone without our explicit consent. The
integrity and security of this email cannot be guaranteed over the
Internet. Therefore, the sender will not be held liable for any damage
caused by the message. For our full privacy policy and disclaimers,
please go to https://www.namhost.com/privacy-policy

[11]

Links:
--
[1] http://www.namhost.com
[2] https://www.namhost.com
[3] tel:+264813231260
[4] https://www.namhost.com/
[5] https://www.facebook.com/namhost
[6] https://twitter.com/namhost
[7] https://www.instagram.com/namhostinternetservices/
[8] https://www.linkedin.com/company/namhos
[9] https://www.youtube.com/channel/UCTd5v-kVPaic_dguGur15AA
[10] 
https://www.adsigner.com/v1/l/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818/banner
[11] 
https://www.adsigner.com/v1/c/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818

Re: VM Backups

[Nux]

You certainly can. What is your hypervisor?

On 2023-11-07 10:28, Granwille Strauss wrote:

Hi Guys

I want to add on to this question, what is the industry standard of
making backups/snapshots of the VMs when using or working only with
local storage? You cannot make running/live VM snapshots if you use
local storage. So what do most guys implement in such cases?
On 11/7/23 05:25, Murilo Moura wrote:


Hi everyone!

What other solutions, besides Veeam, can be used (in production) to
backup
virtual machines integrated with CloudStack?


--

 Regards / Groete

 [1]
 Granwille Strauss  //  Senior Systems Admin

e: granwi...@namhost.com
m: +264 81 323 1260 [2]
w: www.namhost.com [3]

 [4] [5] [6] [7] [8]

 [9]

 Namhost Internet Services (Pty) Ltd,

24 Black Eagle Rd, Hermanus, 7210, RSA

The content of this message is confidential. If you have 
received
it by mistake, please inform us by email reply and then delete the
message. It is forbidden to copy, forward, or in any way reveal the
contents of this message to anyone without our explicit consent. The
integrity and security of this email cannot be guaranteed over the
Internet. Therefore, the sender will not be held liable for any damage
caused by the message. For our full privacy policy and disclaimers,
please go to https://www.namhost.com/privacy-policy

[10]

Links:
--
[1] https://www.namhost.com
[2] tel:+264813231260
[3] https://www.namhost.com/
[4] https://www.facebook.com/namhost
[5] https://twitter.com/namhost
[6] https://www.instagram.com/namhostinternetservices/
[7] https://www.linkedin.com/company/namhos
[8] https://www.youtube.com/channel/UCTd5v-kVPaic_dguGur15AA
[9] 
https://www.adsigner.com/v1/l/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818/banner
[10] 
https://www.adsigner.com/v1/c/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818

Re: Can't upload ova file format

[Nux]

Try "qemu-img convert -p VineetVM-disk1.vmdk-O qcow2 VineetVM-disk1.img" 
but judging by those errors, the vmdk may have issues (corruption).




On 2023-11-05 19:58, Technology rss wrote:

Thank you,
I am trying 3 way convert but always failed. have any option for 
success

convert ?

root@ubuntu:~# qemu-img convert -O qcow2 VineetVM-disk1.vmdk
VineetVM-disk1.img
qemu-img: error while reading at byte 9529458688: Invalid argument

root@ubuntu:~# qemu-img convert -f vmdk -O raw  VineetVM-disk1.vmdk
VineetVM-disk1.raw
qemu-img: error while reading at byte 9529458688: Invalid argument

root@ubuntu:~# qemu-img convert -O qcow2 VineetVM-disk1.vmdk
VineetVM-disk1.qcow2
qemu-img: error while reading at byte 9529458688: Invalid argument


--


*Thanks & Regards.**Support Admin*
--


*Facebook  | Twitter
 | YouTube
 | LinkedIn
**Address : *116/1 
West

Malibagh, D. I. T Road
Dhaka-1217, Bangladesh
*Mob :* +88 01716915504
*Email :* support.ad...@technologyrss.com
*Web :* www.technologyrss.com


On Sun, Nov 5, 2023 at 10:52 PM Rohit Yadav 
wrote:


Hi,

OVA templates aren't supported for KVM. You could convert the ova/vmdk 
to

qcow2/img to be able to use it with KVM.


Regards.


From: Technology Rss 
Sent: Sunday, November 5, 2023 11:25
To: users@cloudstack.apache.org ;
d...@cloudstack.apache.org 
Subject: Can't upload ova file format

*Hi,*

My ACS version is 4.18.1.0, kvm Hypervisor, I try to upload ova format
template but I face below error.

https://prnt.sc/HeGZoHq-SQ-b

I see ova file is supported.

What can I do now? Please help me...

--

*Thanks & Regards.*

*Support Admin*



*Facebook  | Twitter
 | YouTube
 | LinkedIn
*

*Address : *116/1 West Malibagh, D. I. T Road

Dhaka-1217, Bangladesh

*Mob :* +88 01716915504

*Email :* support.ad...@technologyrss.com

*Web :* www.technologyrss.com

Re: noVNC performance

[Nux]

In my experience the current NoVNC console is more than adequate for the 
task you mentioned - installing Windows.
I have done it more times than I want to remember and it never struck me 
as a blocker.


If it's such a painful experience for you then maybe there are other 
factors at play here such as local network, packet loss, firewalls etc.


On 2023-11-02 10:36, Murilo Moura wrote:

Perfect!


Thank you very much for your contributions on this issue.

As for the noVNC console being a support resource and not a means to 
spend

all day connected, I completely agree.

However, in some scenarios such as the installation of servers with a
graphical desktop (e.g. windows server), until the minimum setup is
completed to activate some remote access protocol (RDP, VNC, etc.), it 
ends

up being a poor quality experience, given the delay generated in the
console.

Regarding the comparison, accessing the VNC port directly, I'll test 
it.

Thank you for your suggestion.


Take care!



On Thu, Nov 2, 2023 at 5:57 AM Nux  wrote:


I think Rohit nails it here with regards to the performance penalty.

Historically the web console has only been used for basic or recovery
operations, not meant for long term, day to day use. As he suggested 
RDP
is a much better solution (by miles) and if you're target is Linux 
then

look at X2Go or FreeNX.

If you want to measure like for like, then what you can do is connect 
to

the KVM's VNC port directly using virt-manager or virt-viewer (you'll
need to get the VNC password from the DB and decrypt it).


On 2023-11-01 12:37, Rohit Yadav wrote:
> In case you've compared using KVM, by default the noVNC console is
> encrypted by CA framework b/w CPVM and the hypervisor host, which could
> induce some performance pressures.
>
> Also bear in mind you may be comparing:
>
> VM <- Proxmox vnc server -> novnc client in your browser (is this SSl
> enabled?)
>
> versus
>
> VM <- CloudStack KVM host encrypted qemu/vnc server -> vnc-over-TLS ->
> cpvm agent (reverse proxy) -> secured accessed your browser (in case of
> SSL enabled CPVM)
>
> In the latter (case with CloudStack), there is a double
> encryption/decryption that happens on the CPVM side on both sides.
>
>
> Regards.
>
> 
> From: Murilo Moura 
> Sent: Wednesday, November 1, 2023 16:22
> To: users@cloudstack.apache.org 
> Subject: Re: noVNC performance
>
> Hi Yadav!
>
>
> Yes, I even made this comparison with the same server where I was
> running
> Proxmox before. As for the client, I also accessed it from the same
> source
> that I previously used with Proxmox noVNC.
>
> I have the impression that there is some tuning opportunity that I
> haven't
> found yet, given that the noVNC library is used in both projects
> (Proxmox &
> Cloudstack), but with very different results.
>
>
>
> On Wed, Nov 1, 2023 at 7:26 AM Rohit Yadav 
> wrote:
>
>> Hi Murilo,
>>
>> Have you tested/compared VNC based traffic between CloudStack VMs and
>> proxmox (or others) from the same server and client locations?
>>
>> Depending on your env, if you've a busy console proxy you can try to
>> upgrade the systemvm (CPVM) offering with more CPU (cores and speed)
>> and
>> look at the network setup.
>>
>> You could also explore alternatives, for example if the guest VMs have
>> RDP
>> setup/install such as in case of Windows VMs, you could use a RDP
>> client
>> such as the Microsoft remote desktop app on the client side. In my
>> experience, RDP client with guest VMs have better performance and I/O
>> (webcam, microphone, speaker) than compared with VNC (noVNC).
>>
>>
>> Regards.
>>
>> 
>> From: Murilo Moura 
>> Sent: Wednesday, November 1, 2023 08:23
>> To: users@cloudstack.apache.org 
>> Subject: noVNC performance
>>
>> Is there any instruction to optimize the performance of the graphical
>> console via noVNC? For virtual machines with desktop enabled, the
>> performance of the noVNC console is very low.
>>
>> I came from experience with Proxmox and in it the noVNC console, even
>> protected by SSL, is much superior. That's why I wondered if there was
>> any
>> way of tuning noVNC in ACS.
>>
>>
>>
>>

Re: noVNC performance

[Nux]

I think Rohit nails it here with regards to the performance penalty.

Historically the web console has only been used for basic or recovery 
operations, not meant for long term, day to day use. As he suggested RDP 
is a much better solution (by miles) and if you're target is Linux then 
look at X2Go or FreeNX.


If you want to measure like for like, then what you can do is connect to 
the KVM's VNC port directly using virt-manager or virt-viewer (you'll 
need to get the VNC password from the DB and decrypt it).



On 2023-11-01 12:37, Rohit Yadav wrote:
In case you've compared using KVM, by default the noVNC console is 
encrypted by CA framework b/w CPVM and the hypervisor host, which could 
induce some performance pressures.


Also bear in mind you may be comparing:

VM <- Proxmox vnc server -> novnc client in your browser (is this SSl 
enabled?)


versus

VM <- CloudStack KVM host encrypted qemu/vnc server -> vnc-over-TLS -> 
cpvm agent (reverse proxy) -> secured accessed your browser (in case of 
SSL enabled CPVM)


In the latter (case with CloudStack), there is a double 
encryption/decryption that happens on the CPVM side on both sides.



Regards.


From: Murilo Moura 
Sent: Wednesday, November 1, 2023 16:22
To: users@cloudstack.apache.org 
Subject: Re: noVNC performance

Hi Yadav!


Yes, I even made this comparison with the same server where I was 
running
Proxmox before. As for the client, I also accessed it from the same 
source

that I previously used with Proxmox noVNC.

I have the impression that there is some tuning opportunity that I 
haven't
found yet, given that the noVNC library is used in both projects 
(Proxmox &

Cloudstack), but with very different results.



On Wed, Nov 1, 2023 at 7:26 AM Rohit Yadav 
wrote:


Hi Murilo,

Have you tested/compared VNC based traffic between CloudStack VMs and
proxmox (or others) from the same server and client locations?

Depending on your env, if you've a busy console proxy you can try to
upgrade the systemvm (CPVM) offering with more CPU (cores and speed) 
and

look at the network setup.

You could also explore alternatives, for example if the guest VMs have 
RDP
setup/install such as in case of Windows VMs, you could use a RDP 
client

such as the Microsoft remote desktop app on the client side. In my
experience, RDP client with guest VMs have better performance and I/O
(webcam, microphone, speaker) than compared with VNC (noVNC).


Regards.


From: Murilo Moura 
Sent: Wednesday, November 1, 2023 08:23
To: users@cloudstack.apache.org 
Subject: noVNC performance

Is there any instruction to optimize the performance of the graphical
console via noVNC? For virtual machines with desktop enabled, the
performance of the noVNC console is very low.

I came from experience with Proxmox and in it the noVNC console, even
protected by SSL, is much superior. That's why I wondered if there was 
any

way of tuning noVNC in ACS.

Re: Metrics not visible

[Nux]

Can't see the image, maybe link it elsewhere.
Also which Cloudstack version etc?

On 2023-10-17 09:49, cristian.c@istream.today wrote:

Hello,

  Is this a bug? I see like this for all VMs.

Best regards,

Cristian

Re: AW: Cloudstack VM HA

[Nux]

What I learned in practice is that enabling Host HA affects VM HA.. in 
that VM HA no longer works. :)


So what does Host HA do? It'll reboot the hypervisor via IPMI if it is 
deemed unreachable. While the hypervisor is down or rebooting the VMs 
CANNOT be moved/started on another hypervisor.


What does VM HA do? It'll make sure VMs on a HA offering will be 
restarted (possibly on another hypervisor) if it is deemed down. 
Possible scenarios where VM HA would kick in:

- hypervisor crashed and Cloudstack marked the VMs on it as down
- user has powered off the VM from within (poweroff via ssh for 
example), Cloudstack will notice it is down and restart it


As part of VM HA and for data integrity, a hypervisor will keep a 
heartbeat file (sort of lock file) on the NFS primary storage - if the 
the NFS share has gone away it will assume it is in a network split or 
has lost access to the storage and will forcefully reboot itself. This 
is where that happens:


https://github.com/apache/cloudstack/blob/d2ad9363a264290e9e5ee58db4a745cbb0e1c62a/scripts/vm/hypervisor/kvm/kvmheartbeat.sh#L162

HTH

On 2023-10-11 14:47, Bryan Tiang wrote:

Hi Nix and Swen,

Thanks for the input! Just curious, can VM HA and Host HA be enabled at 
the same time?


In our case, using Cloudstack + Linstor.

And to clarify my understanding. Host HA migrates VMs to another Host 
if Cloudstack detects the physical host to be unhealthy, right? That’s 
all?


Regards,
Bryan
On 11 Oct 2023 at 7:48 PM +0800, m...@swen.io, wrote:

Hi Bryan,

we are testing the exact same scenario at the moment! :-)

As far as I understand CS has 2 different HA. VM HA and Host HA. When 
talking about VM HA the VM needs to use an offering with ha is 
enabled. CS is now checking if the VM is running and if it is not 
running it will restart or recreate it. You can test this when 
destroying a vm via virsh destroy on KVM directly. CS will restart 
this VM.


Host HA only works, as NUX wrote, with NFS-storage at the moment. As 
far as I know StorPool is developing a new framework so other storages 
can be used for host ha in the future. I read something on the ccc 
agenda.


Regards,
Swen

-Ursprüngliche Nachricht-
Von: Bryan Tiang 
Gesendet: Dienstag, 10. Oktober 2023 12:36
An: users@cloudstack.apache.org
Betreff: Cloudstack VM HA

Hi All,

We are setting up Cloudstack + Linbit SDS (via plugin). Hypervisor is 
Ubuntu.


We are trying to test the VM HA by powering down a physical node at 
random. However, the VMs doesn’t seem to be failing over to the other 
nodes.


VM HA is enabled already, is there something we are missing?

Regards,
Bryan