Failed to build 4.15.1: cloud-plugin-user-authenticator-ldap

[Rene Moser]

Hi

I tried to update the cloudstack test container [1] for ansible 
integration tests to 4.15.1 but the build failed with a missing mvn 
dependency:


[ERROR] Failed to execute goal 
org.apache.maven.plugins:maven-dependency-plugin:3.1.1:resolve-plugins 
(resolve-plugins) on
project cloud-plugin-user-authenticator-ldap: Failure to find 
com.btmatthews.maven.plugins:ldap-maven-plugin:jar:1.1.3 in

https://repo.maven.apache.org/maven2

This hasn't changed since 2 years 
https://github.com/apache/cloudstack/blob/main/plugins/user-authenticators/ldap/pom.xml#L35


Any hints how to resolve?

Regards
René


[1] https://github.com/ansible/cloudstack-test-container/pull/13/

Re: How to use ansible for cloudstack initialization

[Rene Moser]

Hi Jerry

I am one of the authors of the cloudstack ansible integration, you can 
find the docs about every ansible module here 
https://docs.ansible.com/ansible/latest/collections/ngine_io/cloudstack/index.html


We have intregration tests playbooks, which also creates zones, pods, 
cluster, etc., which you can find here 
https://github.com/ngine-io/ansible-collection-cloudstack/tree/master/tests/integration/targets


further, Rafael (in cc) showed on the last cloudstack europe meetup how 
they provisioned cloudstack using ansible. You may get in touch with.


And I can not confirm that "Ansible felt slightly..clunky in this 
context." We made it as easy and reliable as possible to use ansible 
with cloudstack and continue to do so, if you feel, something is 
missing, feel free to get in touch.


On 26.06.21 10:34, li jerry wrote:

Hello everyone

Does anyone use ansible to add zone/pod/cluster/host/storage to cloudstack?




Currently I can only use ansible to complete the deployment of cloudstack, nfs, 
mysql and other services.
I can't use ansible to complete operations such as adding zone/pod

Can someone provide relevant documents or solutions?

Re: AW: CloudStack and Ansible

[Rene Moser]

Hi Peter

On 25.06.21 10:55, peter.murysh...@zv.fraunhofer.de wrote:

Hi Rafael,

as a follow-up to your great talk at the CSEUG session: in your email you wrote,

"The Ansible implementation for ACS is very complete and robust. It made it possible 
for us to fully automate from metal to the service."

Which Ansible implementation do you mean? The one I can find addresses rather 
API usage [1]; for full automation there is probably more scripting required to 
setup the actual
cluster, possibly with some variations depending on the architecture.

[1] 
https://docs.ansible.com/ansible/latest/collections/ngine_io/cloudstack/index.html#plugins-in-ngine-io-cloudstack
To provision your hardware, OS, and install cloudstack, like any other 
application, and dep services like DB, java, storage, nfs servers, 
firewall, networking (e.g. cisco switches), ansible is a perfect match 
but depending on your infra and choices.


The cloudstack integration addresses the api usage only, it is the 
missing piece after you (automated) installed cloudstack to fully 
automate the configuration of the cloud.


Hope this clarifies.

Regards
René

Re: AutoScale without using NetScaler

[Rene Moser]

Hi

On 4/16/21 3:37 PM, Дикевич Евгений Александрович wrote:
> Hi all.
> MB someone configured autoscale without using NetScaler?
We developed our own generic autoscaler for Clouds: scalr.

It's open source (MIT) and can currently scale CloudStack, Digital Ocean
and Hetzner Cloud and cloudscale.ch. Easy extendable and customizable.
Still alpha state though.

Read more about on https://ngine-io.github.io/scalr/

Yours
René

Re: CloudStack and Ansible

[Rene Moser]

Hi Ivet

On 10.05.21 16:52, Ivet Petrova wrote:

Hy everyone,

I would like to prepare a blog post on CloudStack and Ansible use case. Are 
there any users here of this combination, who are willing to share insights 
(how you use it, why you selected it, etc.) and help me for the post?


Yes, there are ;)

Actually I am one of the authors and started the cloudstack ansible 
integration.


When I started the project end of 2014, my vision was to not only 
install/update cloudstack (the application) and mysql with ansible, but 
a fully automated cloudstack setup including networking, storage, pod, 
host, cluster, configuration, etc.


Even though I worked hard to cover all related APIs, I've never had the 
chance to actually deploy a cloudstack on the ground up and my daily 
work has shifted away from cloudstack admininistration [shapeblue didn't 
hire my ;)]


Currently "only" using it in combination of exoscale to deploy and 
provision VMs, networks, autoscaling groups, security groups, ssh keys 
etc. So only user facing APIs.


However, Raphael (who is also on the list I guess and in cc) realized my 
vision and did it (what I have heard from him). AFIACS he applied as 
speaker for the CSEUG on May 27th to show it to the community.


Yours
René

Re: [VOTE] Renaming default git branch name from 'master' to 'main' and replace offensive words as appropriate for inclusiveness

[Rene Moser]

+1 (non-binding)

While context is important and "master" has many meanings, I am not 
offended when we switch from "master" to "main" in favor of political 
correctness.

Re: [VOTE] New life to Terraform Provider CloudStack with Apache CloudStack project

[Rene Moser]

Hi Rohit

On 19.04.21 13:37, Rohit Yadav wrote:

Hi René,

 From the discussion thread on the terraform provider, you can see some 
interest and commitment (https://markmail.org/message/xultlpdihdrrg4gq) and 
quite recently Peter/Fraunhofer and I/ShapeBlue had a meeting with 
Chris/Hashicorp to discuss and understand the handover/fork of the archived 
provider repository that Hashicorp is unable to maintain it and we agreed on 
the next steps; following which I started this voting thread.

I think from a project point of view when integrations are not being maintained 
by external projects, we should have a home within the Apache CloudStack 
community to keep them alive and it makes it easy for ACS contributors to work 
on it. There is nothing wrong with other providers/plugins being brought in by 
contributors if there is interest and demand in the community. We've done this 
before already, when the Kubernetes project removed providers from their 
codebase we created a new home for it within ACS project to be maintained and 
used by the ACS community: 
https://github.com/apache/cloudstack-kubernetes-provider

Can you reconsider your vote? Or, is that a -1 binding vote (i.e. a veto)? 
Thanks.


I am still -1 but non-binding,

My point is "we give it a home" is not the same as "we as members of ASF 
care, develop and maintain it".


I would't like it when the ASF becomes a graveyard of unmaintained 
Cloudstack integrations. Looking at 
https://github.com/apache/cloudstack-kubernetes-provider, it doesn't 
look like it gets much care either, there's not even be a release yet.


Regards
René

Re: [VOTE] New life to Terraform Provider CloudStack with Apache CloudStack project

[Rene Moser]

-1

First, I didn't see much commitment in actively supporting and 
maintaining this integration.


Second, there are many integrations, is terraform the one to pick for 
using cloudstack from the view of the ASF?
A "plugin" for a software developed outside of ASF? What about puppet, 
ansible, chef? The imbalance of this view results to a -1 from me.


Regards
René

On 15.04.21 11:05, Rohit Yadav wrote:

Hi All,

Following the discussion thread on Terraform [1], I would like to start a vote 
to gather consensus on the following actions:

   1.  Create a new "cloudstack-terraform-provider" repository based on Apache 
Licence v2.0 using re-licensed codebase of the archived/former terraform cloudstack 
provider repository: https://github.com/hashicorp/terraform-provider-cloudstack (note: 
re-licensing from MPL to AL will be done by Hashicorp)
   2.  Request ASF infra to enable issues, PR, and wiki features on the 
repository
   3.  Work with the community towards any further maintenance, development, 
and releases of the provider
   4.  Publish official releases on the official registry [2] if/after Apache 
CloudStack project gets a verified account (published by PMC members with 
access to the registry, or following guidelines from ASF infra if they've any)

The vote will be open for 120 hours, until Wed 21 April 2021.
For sanity in tallying the vote, can PMC members please be sure to indicate 
"(binding)" with their vote?

[ ] +1  approve
[ ] +0  no opinion
[ ] -1  disapprove (and reason why)

[1] https://markmail.org/message/iuggxin7kj6ri4hb
[2] https://registry.terraform.io/browse/providers


Regards.

rohit.ya...@shapeblue.com
www.shapeblue.com
3 London Bridge Street,  3rd floor, News Building, London  SE1 9SGUK
@shapeblue
   
  

Re: Cloud Provider Interested in CloudStack

[Rene Moser]

I can confirm this what Daan said, openstack needs orchestration tool to 
update components in particular order. It's doable but needs pretty good 
knowledge about each service and component and compatibility to each 
other and versions running.


Exposing openstack api to public is not a thing I would recommend, many 
clouds create their own api on top. As a consequence, tooling and 
integration must be developed. an investment in time and knowledge must 
be made.


Cloudstack is much easier to manage and the api can be exposed to the 
public. Some public clouds based on cloudstack just have reduces the 
features exposed to the api but have not changed api, though existing 
integration, like orchesration and tooling can be used. Onboarding for 
customers will be much better covered.



On 15.12.20 09:00, Daan Hoogland wrote:

Ivet, the simplest way to put it is that cloudstack is a turnkey solution,
while openstack is a set of frameworks. You will need to have your infra
components in place, but then you can start orchestrating them without
having to write much "glueing" software to get an orchestration platform. I
don't know the current state of openstack, so an honest comparison is not
possible but this basic difference has always been there.
In addition to that your client will have to look at support matrices for
hard- and software in both.

regards,

On Mon, Dec 14, 2020 at 2:28 PM ip  wrote:


Hello everyone,

At StorPool we have a customer interested to migrate from one cloud
management system to another. He is considering options and thinking for
OpenStack and CloudStack.

Does somebody want to share some experience with him?
Maybe some from ShapeBlue can say a few words to him about the CloudSatck
advantages. I already shared a few, but a more technical perspective will
be better.

Thank you all in advance,


*Ivet Petrova Madzharova*
*Marketing Manager*


*StorPool Storage*
m:
l:
+359883321596
linkedin.com/in/ivpetrova 
e:
w:
i...@storpool.com
www.storpool.com

[image: https://www.storpool.com] 

Re: Paid assitance with cloudstack deployment needed

[Rene Moser]

Hi Augusto

On 06.12.20 00:02, i...@defendhosting.com wrote:
We need help choosing the best server provider (we currently use OVH and 
Hetzner, we would like to continue with them if possible).


Our plan is to deploy servers in zones, and offer them to our customers 
(starting with USA and France).


Don't get me wrong but I think you underestimated the complexity of "we 
provide a cloud by installing cloudstack" part.


Usually when choosing to build an IaaS cloud (cloudstack or any cloud 
orchestrator), you also choose to have your own datacenter/cage/rack 
where you have full control of the network (vlan, public IPs, storage)


I would recommend to get in touch with https://www.shapeblue.com/ and 
ask for consulting about your PoC. It will probably save you time and 
money before taking any other action.


(they are also on this list though)

Regards
René

Re: VPC and Egress Rules: is it broken?

[Rene Moser]

On 12.10.20 17:30, rva...@privaz.io.INVALID wrote:

Am I missing something?



It's been a while but I remember the default egress rule is "allow from 
all".


https://docs.cloudstack.apache.org/en/4.14.0.0/adminguide/networking/virtual_private_cloud_config.html?#about-network-acl-lists

The doc however seems to be inconsistent, the table says "Deny all" for 
outgoing. I guess this is a typo in the table there.


Regards
René

[ANNOUNCE] Ansible 2.10

[Rene Moser]

Dear CloudStack users

I am pleased to announce the release of Ansible 2.10 with fully 
integrated CloudStack support.


The new distributed development model allows to release often and early. 
But it took some efforts the last couple of months to get all into 
shape. Even though it was not our main focus, we even have some new 
features:


You can find the changelog on 
https://github.com/ngine-io/ansible-collection-cloudstack/blob/master/CHANGELOG.rst


# Tests

With the help of Rafael del Valle, we are now able to test against 
CloudStack 4.13 API. Thank you Rafael.


# Docs

The location of the docs has change to:

https://docs.ansible.com/ansible/latest/collections/ngine_io/cloudstack/index.html#plugins-in-ngine-io-cloudstack

# Development

You can find us on 
https://github.com/ngine-io/ansible-collection-cloudstack.


We already have a couple of ideas and feature requests in our issues 
tracking. Help is much appreciated.


Happy Automating.

Regards
René

Re: cloudstack Can't find at least one running router!

[Rene Moser]

hi

On 07.09.20 14:49, Mindaugas Milinavičius wrote:

Hello,

Doesn't matter now, we decide to move from cloudstack to openstack and from
scaleio to linbit


Despite your decision, how much RAM did your routers had?

Regards
René

[ANNOUNCE]: CloudStack Autoscaling with Scalr

[Rene Moser]

Hi

I'd like to announce Scalr - the open source Cloud autoscaling engine.

Scalr follows a general approach to scale instances on several public
Clouds including any Apache CloudStack based Cloud.

Find more on https://ngine-io.github.io/scalr/

The project is currently actively in development, anyone is invited to
join forces.

Regards
René

[ANNOUNCE] CloudStack Ansible Collection

[Rene Moser]

Hi CloudStack users

Some may rembember, I am the author and maintainer of the official
cloudstack modules and want to give a heads up what has been going on
behind the scenes.

Ansible 2.10 is a now ACD (Ansible Community Distribution) the upstream
project of Red Hat Ansible Engine and has a fully distributed
development approach.

ACD consist of Ansible Collections and Ansible Base. Community supported
modules have been migrated into the trunk of a collection
community.general or into dedicated collections, such as AWS, OpenStack,
etc.

(To get an idea which collections are in ACD, see
https://github.com/ansible-community/ansible-build-data/blob/main/2.10/ansible.in,
these are are the . released on
https://galaxy.ansible.com/.)

This model allows to develop, release and maintain plugins independently
of the release cycle of ACD, ansible even allows to install newer
collections than what is released in ACD.

That is why I pick it up and created a dedicated CloudStack collection
hosted on https://github.com/ngine-io/ansible-collection-cloudstack
which is part of ACD and will be included with ansible 2.10 once released.

I invite you to join the working group on

https://github.com/ngine-io/ansible-collection-cloudstack

for ansible cloudstack modules and help maintain them as a community.

(I do accept sponsoring and provide commercial support as a freelancer role)

Regards
René

Re: Upgrade to Cloudstack 4.11.2 fails *AGAIN*

[Rene Moser]

Just a suspicion: have you checked, the system VMs actually have
allocated 512 MB RAM? I remember the systemvm templates had the setting
to only use 256 MB RAM in previous versions which is too low. IMHO this
setting must be adjusted manually in the database before the upgrade
(you can do it while running cloudstack 4.9)

I would appreciate if one of the list could assist to check and change
if necessary.

Regards
René



On 5/22/19 2:51 AM, Eric Lee Green wrote:
> You may remember me as the person who had to roll back to Cloudstack
> 4.9.x because Cloudstack 4.11.1 wouldn't start any virtual machines once
> I upgraded to it, claiming that there were inadequate resources even
> though I had over 150 gigabytes of memory free in my cluster and oodles
> of CPU free (and a minimum of 40gb on each node, plenty to start a 512mb
> router VM). So now I'm trying to upgrade to Cloudstack 4.11.2 and
> *again* it's misbehaving.
> 
> The symptom is that my virtual routers when I log into their console
> show 4.11.2 but when I look at them in the console they say 'Version:
> UNKNOWN'. Also when I try to ssh into their guest IP address or link
> local IP address it fails. And when I try to start up a virtual machine
> that uses that virtual network, it says "Network unavailable', even
> though the router for that network is showing up and running.
> 
> Clearly something's broken in the virtual routers but I don't know what
> because I can't get into the router virtual machines. How do I get the
> console password to get into the router virtual machines? It's encrypted
> in the database (duh), how do I decrypt it?
> 
> 

Ansible 2.8: CloudStack related changes

[Rene Moser]

Hi all

As announced previously in autumn 2018, I am ending my active
maintenance for the CloudStack Ansible integration with the 2.8 release.

It started as PoC during a weekend at a Swiss Linux hackers event
"Turrican Days" in autumn 2014 and turned into "thing" I have spent many
nights with. Take care of it.

The modules are in best conditions: Cloudstack is one of a few Ansible
integrations without any failing sanity checks. Special thanks goes to
David Passante who brought all the docs in shape!

We have automated integration tests based on a simulator docker setup
[1] currently running Cloudstack 4.11.2. The integration test code
coverage [2] is at >85%.

There are currently (only) 2 more members in the CloudStack team [3] in
Ansible.

Thanks again for all the support and appreciation I have received over
the years.

Ansible v2.8.0 is going to be released with the following, CloudStack
related changes, thanks for all the contributors:

David Passante (18):
  Cloudstack: fix support for some VPC service capabilities (#45727)
  cs_account: Implement role parameter support (#46166)
  cs_account: add ability to bind accounts to LDAP (#46219)
  Cloudstack: New module cs_vlan_ip_range (#51597)
  cloudstack: streamline modules doc (#52509)
  cloudstack: streamline modules doc (part 2) (#52730)
  cloudstack: streamline modules doc (part 3) (#53412)
  cs_iso: fix missing param "is_public" (#53740)
  cs_network_offering: Add choice list for supported_services in
arg_spec (#53901)
  cloudstack: streamline modules doc (part 4) (#53874)
  cs_volume: add volumes extraction and upload features (#54111)
  cs_instance_facts: add a "nic" fact to return VM networking
information (#54337)
  cs_service_offering: update params in arg spec and documentation
(#54511)
  cs_network_offering: add a for_vpc parameter (#54551)
  cloudstack: streamline modules doc (part 5) (#54523)
  cs_service_offering: Implement customizable compute offers (#54597)
  cloudstack: streamline modules doc (part 6) (#54641)
  cs_vlan_ip_range: Update return values documentation (#54677)

Gregor Riepl (1):
  Cloudstack: Add password reset module (#47931)

Patryk D. Cichy (5):
  Add new Cloudstack module cs_image_store (#53617)
  Add new CloudStack module cs_physical_network (#54098)
  Add a new CloudStack module - cs_traffic_type (#54451)
  Enable adding VLAN IP ranges for Physical Networks (#54576)
  Proper handling of lower case name for InternalLbVm Service
Provider (#55087)

Rene Moser (13):
  cs_loadbalancer_rule_member: fix error handling (#46012)
  cs_instance: fix host migration without volume (#46115)
  cs_instance: doc: fix typo in examples (#46035)
  cs_staticnat: fix sanity (#46037)
  cs_ip_address: use query_api, fixes error handling (#46034)
  cs_resourcelimit: use query_api for error handling (#46036)
  cs_ip_address: fix vpc and network mutually exclusive (#47846)
  cs_network_acl_rule: fix doc and sanity (#47835)
  cs_template: fix KeyError on state=extracted (#48675)
  cs_instance: fix typos in defaults for ip/ip6_ipaddress (#49064)
  cs_physical_network: use name as param for network (#54602)
  cloudstack: fix E326 (#54657)

This will be my last announcement and I most probably leaving the
cloudstack mailing lists in the next couple of days.

Best wishes
René

[1] https://github.com/ansible/cloudstack-test-container
[2]
https://codecov.io/gh/ansible/ansible/tree/devel/lib/ansible/modules/cloud/cloudstack
[3]
https://github.com/ansible/ansible/blob/0e0735f10ecb64634a4a1c9ac78a36743295417d/.github/BOTMETA.yml#L1471

Re: Cannot create instance with FQDN

[Rene Moser]

Hi

A common way to have a bootstrap mechanism in many clouds, so also in
cloudstack, is to use cloud-init [1] as described in the docs [2].

You would need to create a template (or iso) with cloud-init installed
and then pass userdata as base64 encoded cloud-config, an example for a
hostname setting would be
https://cloudinit.readthedocs.io/en/latest/topics/modules.html#update-hostname

cloud init will be executed on boot.

[1] https://cloudinit.readthedocs.io/en/latest/
[2]
http://docs.cloudstack.apache.org/en/latest/adminguide/virtual_machines/user-data.html?#using-cloud-init

On 4/25/19 3:06 PM, Fariborz Navidan wrote:
> hello folks,
> 
> When creating a new instance, it does not aceept dots to use in instance
> name  and there seems to be no way to explicitly set hostname for VM. It
> means hostnames cannot be a FQDN in ACS. How do you deal with this? Is
> there any setting to allow dots in instance name or assign hostnames
> explicitly and not to use VM name as hostname?
> 
> Kind Regards
> 

Re: [VOTE] Apache CloudStack 4.12.0.0 [RC2]

[Rene Moser]

Hi again

I found
https://github.com/apache/cloudstack/commit/323f791efca6f1d5b8bb63573d9e385c97c427e1#diff-386567a135e2a56f117a25d2abf98218R1435

AFAIK there is no other way to create a network in state=implemented
than creating a VM attached to the network, right?

Regards
René

Re: [VOTE] Apache CloudStack 4.12.0.0 [RC2]

[Rene Moser]

Hi

Seeing a failing ansible integration test for 4.12.0.0 RC2,
which passes in 4.11.2:

API says:
Network with UUID:19f750cf-de98-43ab-b565-1935a7c23f6e is in allocated
and needs to be implemented first before acquiring an IP address

https://gist.github.com/resmo/0c3a89055962456f68b27567bb5794f6

Tests
https://github.com/ansible/ansible/blob/devel/test/integration/targets/cs_firewall/tasks/main.yml#L14

I see a network in allocation state, which gets in implementation state
after a VM deploy as expected. After this, the tests passes. But it
seems the API doesn't allow acquiring IP addresses in allocation state.
Is this by intention?

Regards
René

Re: URGENT: Unable to schedule async job for command com.cloud.vm.VmWorkStart, unexpected exception

[Rene Moser]

Hi

On 12/13/18 11:50 AM, Ugo Vasi wrote:
> Hi René ,
> the cloustack installation is 4.11.1.0. From the issue you reported to
> me I do not understand if the problem has been solved or not..
> 
> The big problem is that I can not perform any new jobs.
> 
> In addition to the stopped VM there are two routes that were running on
> the host that has crashed.
> 
> One of these routers was redundant as a master of one of the isolated
> networks along with another that has taken its place and is now working.

As far as I can see, this issue is not solved. It is exactly the same
issue we encountered. It seems, that after a while "job timeout? job
cleanup time?" you will be able to run jobs again.

The guys from shapeblue should know more.

Regards
René

Re: URGENT: Unable to schedule async job for command com.cloud.vm.VmWorkStart, unexpected exception

[Rene Moser]

Hi

I think you hit https://github.com/apache/cloudstack/issues/2880

Is this already 4.11.2?

We have also seen this in our lab, could not really reproduce it, seems
to be a race condition.

Regards
René

On 12/13/18 9:01 AM, Ugo Vasi wrote:
> Hi all,
> I'm trying to reboot a vm after the host it ran on crashed and restarted
> from the HA system. All the VMs running on the rebooted host were
> restarted on other hosts except one.
> In the web interface and using cloudmonkey I get this message:
>   "Unable to schedule async job for command com.cloud.vm.VmWorkStart,
> unexpected exception."
> 
> In the management-server.log file there would seem to be a problem when
> creating an element that is duplicated (Duplicate entry '' for key
> 'PRIMARY'):
> 
> 2018-12-13 08:44:06,659 DEBUG [c.c.a.ApiServlet]
> (qtp1096283470-445:ctx-6c065e06) (logid:87edf8d7) ===START=== 10.80.0.6
> -- GET
> command=startVirtualMachine=json=dde566b2-ef2c-4f86-a82b-c8286f0c24f7&_=1544687047015
> 
> 2018-12-13 08:44:06,665 DEBUG [c.c.a.ApiServer]
> (qtp1096283470-445:ctx-6c065e06 ctx-c8b27e4a) (logid:87edf8d7) CIDRs
> from which account 'Acct[26e597f2-b5ca-11e8-a619-c8cbb8cb15cd-admin]' is
> allowed to perform API calls: 0.0.0.0/0,::/0
> 2018-12-13 08:44:06,693 INFO  [o.a.c.f.j.i.AsyncJobMonitor]
> (API-Job-Executor-8:ctx-b5905c86 job-1343) (logid:7e0c4dc9) Add job-1343
> into job monitoring
> 2018-12-13 08:44:06,698 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
> (qtp1096283470-445:ctx-6c065e06 ctx-c8b27e4a) (logid:87edf8d7) submit
> async job-1343, details: AsyncJobVO {id:1343, userId: 2, accountId: 2,
> instanceType: VirtualMachine, instanceId: 8, cmd:
> org.apache.cloudstack.api.command.admin.vm.StartVMCmdByAdmin, cmdInfo:
> {"response":"json","ctxUserId":"2","httpmethod":"GET","ctxStartEventId":"6170","id":"dde566b2-ef2c-4f86-a82b-c8286f0c24f7","ctxDetails":"{\"interface
> com.cloud.vm.VirtualMachine\":\"dde566b2-ef2c-4f86-a82b-c8286f0c24f7\"}","ctxAccountId":"2","uuid":"dde566b2-ef2c-4f86-a82b-c8286f0c24f7","cmdEventType":"VM.START","_":"1544687047015"},
> cmdVersion: 0, status: IN_PROGRESS, processStatus: 0, resultCode: 0,
> result: null, initMsid: 220777304233416, completeMsid: null,
> lastUpdated: null, lastPolled: null, created: null}
> 2018-12-13 08:44:06,700 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
> (API-Job-Executor-8:ctx-b5905c86 job-1343) (logid:6e9a71c5) Executing
> AsyncJobVO {id:1343, userId: 2, accountId: 2, instanceType:
> VirtualMachine, instanceId: 8, cmd:
> org.apache.cloudstack.api.command.admin.vm.StartVMCmdByAdmin, cmdInfo:
> {"response":"json","ctxUserId":"2","httpmethod":"GET","ctxStartEventId":"6170","id":"dde566b2-ef2c-4f86-a82b-c8286f0c24f7","ctxDetails":"{\"interface
> com.cloud.vm.VirtualMachine\":\"dde566b2-ef2c-4f86-a82b-c8286f0c24f7\"}","ctxAccountId":"2","uuid":"dde566b2-ef2c-4f86-a82b-c8286f0c24f7","cmdEventType":"VM.START","_":"1544687047015"},
> cmdVersion: 0, status: IN_PROGRESS, processStatus: 0, resultCode: 0,
> result: null, initMsid: 220777304233416, completeMsid: null,
> lastUpdated: null, lastPolled: null, created: null}
> 2018-12-13 08:44:06,705 DEBUG [c.c.a.ApiServlet]
> (qtp1096283470-445:ctx-6c065e06 ctx-c8b27e4a) (logid:87edf8d7)
> ===END===  10.80.0.6 -- GET
> command=startVirtualMachine=json=dde566b2-ef2c-4f86-a82b-c8286f0c24f7&_=1544687047015
> 
> 2018-12-13 08:44:06,745 DEBUG [c.c.n.NetworkModelImpl]
> (API-Job-Executor-8:ctx-b5905c86 job-1343 ctx-eb44a3e5) (logid:6e9a71c5)
> Service SecurityGroup is not supported in the network id=205
> 2018-12-13 08:44:06,752 DEBUG [c.c.n.NetworkModelImpl]
> (API-Job-Executor-8:ctx-b5905c86 job-1343 ctx-eb44a3e5) (logid:6e9a71c5)
> Service SecurityGroup is not supported in the network id=205
> 2018-12-13 08:44:06,774 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
> (API-Job-Executor-8:ctx-b5905c86 job-1343 ctx-eb44a3e5) (logid:6e9a71c5)
> DeploymentPlanner allocation algorithm: null
> 2018-12-13 08:44:06,774 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
> (API-Job-Executor-8:ctx-b5905c86 job-1343 ctx-eb44a3e5) (logid:6e9a71c5)
> Trying to allocate a host and storage pools from dc:1,
> pod:null,cluster:null, requested cpu: 8000, requested ram: 8594128896
> 2018-12-13 08:44:06,774 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
> (API-Job-Executor-8:ctx-b5905c86 job-1343 ctx-eb44a3e5) (logid:6e9a71c5)
> Is ROOT volume READY (pool already allocated)?: Yes
> 2018-12-13 08:44:06,783 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
> (API-Job-Executor-8:ctx-b5905c86 job-1343 ctx-eb44a3e5) (logid:6e9a71c5)
> Deploy avoids pods: [], clusters: [], hosts: []
> 2018-12-13 08:44:06,784 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
> (API-Job-Executor-8:ctx-b5905c86 job-1343 ctx-eb44a3e5) (logid:6e9a71c5)
> This VM has last host_id specified, trying to choose the same host: 10
> 2018-12-13 08:44:06,794 DEBUG [c.c.c.CapacityManagerImpl]
> (API-Job-Executor-8:ctx-b5905c86 job-1343 ctx-eb44a3e5) (logid:6e9a71c5)
> Host: 10 has cpu capability (cpu:12, speed:3000) to support 

Re: enable cloudStack SSL

[Rene Moser]

Hi Rich

We use nginx in front of cloudstack as a HTTP and SSL proxy. It is much
easier to setup.

Regards
René



On 11/21/18 7:31 PM, Richard Persaud wrote:
> Hello,
> 
> How can I enable SSL on cloudStack 4.11.1?
> 
> I have looked over the documentation located at:
> http://docs.cloudstack.apache.org/en/4.11.1.0/installguide/optional_installation.html?highlight=ssl
> http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html
> 
> Those refer to Tomcat configuration files that do not seem to exist on my 
> installation like the Tomcat server.xml file. In fact, I do not see a Tomcat 
> directory on my server at all.
> My installation is on Ubuntu 16.04 LTS via the ShapeBlue repository.
> 
> I tried modifying server.properties but that did not work.
> 
> Any suggestion on how to get SSL working?
> 
> Thank you in advance!
> 
> Regards,
> 
> Rich Persaud
> 
> 

Re: Google Authenticator 2fa in ACS?

[Rene Moser]

We use keycloak [1] as a SSO solutions (including 2FA) as a identidy and
access management.

It supports SAML, so any applicaion with SAML including CloudStack can
be connected.

[1] https://www.keycloak.org/about.html

On 11/13/18 6:56 PM, Matheus Fontes wrote:
> Hi,
> Is there anyway to implement Google Authenticator (or other free solution) as 
> 2-step verification on ACS?
> 
> thanks
> Matheus Fontes
> 

Re: cloudstack reset VM password files

[Rene Moser]

Hi again

Seems no one seems to read my stuff.

cloud-init is able to reset the password (similar the scripts), see
https://github.com/cloud-init/cloud-init/blob/master/cloudinit/sources/DataSourceCloudStack.py#L45


WE USE IT! IT REALLY WORKS.

Note that it uses the default user, e.g. for CentOS it is centos. That
is why we configure the default user.

Look at the conifgs I wrote in the first mail.

Regards
René

Re: cloudstack reset VM password files

[Rene Moser]

Hi

Nowadays the cloud-init [1] project supports cloudstack out of the box
and we switched our templates to only use cloud-init.

Unfortunately the docs regarding cloudstack is not that great (it is on
my list to give back my finding). There are some great docs here
https://wiki.archlinux.org/index.php/Cloud-init.

Our config under config dir /etc/cloud/cloud.cfg.d/ has two files

- 80_root.cfg
- 99_cloudstack.cfg

80_root.cfg contents is...

system_info:
  default_user:
name: root
disable_root: 0
ssh_pwauth: 1

...and 99_cloudstack.cfg looks like...

datasource:
  CloudStack: {}
  None: {}
datasource_list:
  - CloudStack

Note that cloud-init has a ton of great features beside the support of
cloudstack.

Hope that helps

René

[1] https://cloudinit.readthedocs.io/en/latest/

Re: [VOTE] Apache CloudStack 4.11.2.0 RC4

[Rene Moser]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 10/30/2018 05:10 PM, Paul Angus wrote:
> Git Branch and Commit SH: 
> https://gitbox.apache.org/repos/asf?p=cloudstack.git;a=shortlog;h=refs
/heads/4.11.2.0-RC20181030T1040
>
> 
Commit: 840ad40017612e169665fa799a6d31a23ecad347

+1 (binding): Good job!

I've tested:
- - Upgraded from 4.11.1 to 4.11.2 (VMware 5.5)
- - Router / SystemVM upgrades
- - Account, User, Project handling
- - Advanced networking (firewall, static NAT)
- - VPC and ACL rules
- - User VMs create/update/destroy
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEWCYZsaT2rovFithIgwaWW+bWMx0FAlvc5pYACgkQgwaWW+bW
Mx2wDBAAp/wLnr78JO7Z3HqZQW0fVuOXB6GoCtLR2IctzDYmbw3uTIzR5iNdPe4l
0YM6DSFYF+bCllOfzmPYiuWtmzcRdB6xRaItZAv53NMobbGAR3rp7sFkESCt+SBe
5HGTU0aDrtj6vAskxHT2eM+R25VlJJjwjxqjsj4j/cJTVbgRDu13wnSfqzoOoVHg
cQhHu1ExEsqhaHp49WoNnlcsyFRgII1KPYWwiCFpHStmCPwN7FFw1zXHTc5H58/G
KF9IyIQj6DXX4huIn2vY2bjzgXGV2drOXD0c0PWIu133I1HTZ8+Q0E6FBIlnf1WI
Ub4+r+TH6xT1YGD4l055HNhf8Enw/t2mZAtrqANdI4rfT4s4A+/+hF/WfQg/yV+0
+1LTUnrNuuVkn9JFjcJ/I1rwRHcScZgpEA3PNWMTTlqQdB5uW5U87s6lLoN3clIr
bzH+Wbu/2i+pRBBxlmOmkEQtAkd/rzNyMDwObBDR7TGYlPOVZxW6CON58i4yjV5U
LC4Qo/Kw4cja+7e50gcAiWVGs75AvltH3PEuvYIbC/e695vjTZTdypIjkSc2y8tr
KadHpNVSgYuCX03oLc6ZKbonAB3QtyR0Gf7/5FW15lKYgRkjMuIHZfz+NbUgs2YU
bkXmzw8cncIQiaxq9xpDbydB4vpNJgbPkO4WGf6BniRa+D5sAV0=
=feeG
-END PGP SIGNATURE-

Re: [VOTE] Apache CloudStack 4.11.2.0 RC4

[Rene Moser]

Thanks Paul

Perfect! Keep us busy testing ;)

Yours
René

Re: [VOTE] Apache CloudStack 4.11.2.0 RC3

[Rene Moser]

On 10/18/2018 12:54 PM, Paul Angus wrote:
> The vote will be open until the middle of next week, 26th September 2018.
s/September/October/ right?

Re: Ansible 2.7: CloudStack related changes and future

[Rene Moser]

...and thanks for all the fish... and for the kind words, and a special
thank to Exoscale for their continuous support.

It has been a great time, with many opportunities I was able to master.
I have followed the vision to make CloudStack a thing in Ansible.

However, the reason I started the development was to make my daily job
easier. I makes me incredibly happy to see that it has gone way beyond
this goal, CloudStack has become a better solution to users and to your
customers.

Even it was a hobby, I took it seriously to develop things the best I
could and to set a commitment to improve constantly when I have learned
better. To be there and work on it. To be honest, my life was not always
balanced during the last 3 years.

To leave my job also means to leave CloudStack, the community and my
work behind makes me still a bit sad and it took a while to take this
step, but it makes room for new challenges to solve.

The future is bright.

René

Re: Virtual Router not accepting SSH connections from CloudStack Management server

[Rene Moser]

On 10/09/2018 09:31 AM, Paul Angus wrote:
> Hi Cristian,
> 
> That is correct, ssh is only possible to system VMs on port 3922.  It is 
> passwordless, you must use the ssh keys which are stored on the management 
> server

I usually add the following ssh config to get a good user experience :)

# cat ~/.ssh/config
IdentityFile /var/cloudstack/management/.ssh/id_rsa
Port 3922
ControlPath ~/.ssh/master-%l-%r@%h:%p
ControlMaster auto

Host 10.100.10.*
  User root
  StrictHostKeyChecking no
  UserKnownHostsFile=/dev/null



Regards
René

Re: Ansible 2.7: CloudStack related changes and future

[Rene Moser]

Sorry, I forgot to mention, that David Passante is already part of the
ansible cloudstack team, but at least one other person would be helpful.

Thanks again
René

Ansible 2.7: CloudStack related changes and future

[Rene Moser]

Hi all

First, please note I am leaving my current job by the end of November
and I don't see that CloudStack will play any role in my professional
future.

As a result, I official announce the end of my maintenance for the
Ansible CloudStack modules with the release of Ansible v2.8.0 in spring
2019.

If anyone is interested to take over, please let me know so I can
officially introduce him/her to the Ansible community.

Thanks for all the support and joy I have had with CloudStack and the
community!

Ansible v2.7.0 is released with the following, CloudStack related changes:

David Passante (1):
  cloudstack: new module cs_disk_offering (#41795)

Rene Moser (4):
  cs_firewall: fix idempotence and tests for cloudstack v4.11 (#42458)
  cs_vpc: fix disabled or wrong vpc offering taken (#42465)
  cs_pod: workaround for 4.11 API break (#43944)
  cs_template: implement update and revamp (#37015)

Yoan Blanc (1):
  cs instance root_disk size update resizes the root volume (#43817)

nishiokay (2):
  [cloudstack] fix cs_host example (#42419)
  Update cs_storage_pool.py (#42454)


Best wishes
René

Re: Build template with Packer

[Rene Moser]

Hi Nicolas

On 10/08/2018 11:10 AM, Nicolas Bouige wrote:
> Did anyone try to set up template for cloudstack with Packer ?
> 
> Especially, to install all prerequisites and update.
> 
> If someone have some json example for cloudstack, so  i could work on it
> and set up my own build

Also see https://github.com/resmo/awesome-cloudstack#templates

Regards
René

Re: [4.11.1] VR memory leak?

[Rene Moser]

On 10/01/2018 01:41 PM, Simon Weller wrote:
> Any obvious processes using memory?

No, unfortunately not. Everything looks calm but real memory usage
increases slowly.

We are still trying to find the source issue.

René

[4.11.1] VR memory leak?

[Rene Moser]

Hi

We observe a specious pattern in memory usage (see graph free memory
https://photos.app.goo.gl/sffEmBEoZ1gbRd18A)

we restarted the VR last Friday, today on Monday, we have less then 20%
memory of 1 GB.

The memory is used memory not cached (also see
https://photos.app.goo.gl/b9eAd3xoETvDVKzH9)

Does anyone see an identical pattern? Anyone a chance to test 4.11.2
system VMs against this issue?

Regards
René

Re: [VOTE] Apache CloudStack 4.11.2.0 RC2

[Rene Moser]

Hi

On 09/28/2018 05:21 PM, Boris Stoyanov wrote:
> Hi guys,
> 
> I’ve did some upgrade testing of RC2. I did upgraded database successfully 
> from 4.5.2.2, 4.9.3 and 4.11.1, but unfortunately I’ve run into a 
> connectivity issue between vmware 4.5u3 environments. 
> 
> Looks like TLS1.2 is not supported at first glance.
> 
>   Caused by: javax.net.ssl.SSLHandshakeException: Server chose TLSv1, but 
> that protocol version is not enabled or not supported by the client.

> I’m guessing we’ll need an RC3. 

This is a known issue and also exists in 4.11 (upgrade from 4.5 to 4.11.1)

Probably only needs some docs:

in /etc/cloudstack/management/java.security.ciphers

change line

jdk.tls.disabledAlgorithms=SSLv2Hello, SSLv3, TLSv1, TLSv1.1, DH keySize
< 128, RSA keySize < 128, DES keySize < 128, SHA1 keySize < 128, MD5
keySize < 128, RC4

to

jdk.tls.disabledAlgorithms=SSLv2Hello, SSLv3, DH keySize < 128, RSA
keySize < 128, DES keySize < 128, SHA1 keySize < 128, MD5 keySize < 128, RC4

solves it.

Regards
René

Re: VRs swapping with 256 MB RAM

[Rene Moser]

Hi

Just to clarify, we had 256 MB in our lab only.

The prod VRs have 1 GB RAM and 4 CPUs, 1 CPU per network interface for
optimal performance + 1 for the OS.

Regards
René

On 09/20/2018 02:35 PM, Rakesh Venkatesh wrote:
> Hello Rene
> 
> Even for VR's running on KVM, 256MB is really less. Thats why we offer
> extra VR with 2 cores and 1GB RAM as another option so that customers can
> use it instead of the default 256MB and 1 core.
> 
> On Tue, Sep 18, 2018 at 5:56 PM Rene Moser  wrote:
> 
>> Hi
>>
>> While running test for a 4.11.1 (VMware) upgrade in our lab, we run into
>> low memory / swapping of VRs having 256 MB RAM. After 2-3 days it became
>> critical because the management server connections to VRs took very
>> long, minutes, this resulted in many more problems all over.
>>
>> Make sure your VRs have enough RAM.
>>
>> Regards
>> René
>>
> 
> 

VRs swapping with 256 MB RAM

[Rene Moser]

Hi

While running test for a 4.11.1 (VMware) upgrade in our lab, we run into
low memory / swapping of VRs having 256 MB RAM. After 2-3 days it became
critical because the management server connections to VRs took very
long, minutes, this resulted in many more problems all over.

Make sure your VRs have enough RAM.

Regards
René

Re: Github Issues

[Rene Moser]

Hi

On 07/17/2018 02:01 PM, Marc-Aurèle Brothier wrote:
> Hi Paul,
> 
> My 2 cents on the topic.
> 
> people are commenting on issues when it should by the PR and vice-versa
>>
> 
> I think this is simply due to the fact that with one login you can do both,
> versus before you had to have a JIRA login which people might have tried to
> avoid, preferring using github directly, ensuring the conversation will
> only be on the PR. Most of the issues in Jira didn't have any conversation
> at all.
> 
> But I do feel also the pain of searching the issues on github as it's more
> free-hand than a jira system. At the same time it's easier and quicker to
> navigate, so it ease the pain at the same time ;-)
> I would say that the current labels isn't well organized to be able to
> search like in jira but it could. For example any label has a prefix
> describing the jira attribute type (component, version, ...) Then a bot
> scanning the issue content could set some of them as other open source
> project are doing. The bad thing here is that you might end up with too
> many labels. Maybe @resmo can give his point of view on how things are
> managed in Ansible (https://github.com/ansible/ansible/pulls - lots of
> labels, lots of issues and PRs). I don't know if that's a solution but
> labels seem the only way to organize things.

Personally, I don't care much if jira or github issues. Github issues
worked pretty well for me so far.

However, We don't use all the things that make the work easier with
github issues. I assume we invested much more efforts in making "jira"
the way we wanted, now we assume that github just works?

The benefit about github issues is, that it has an extensive api which
let you automate. There are many helpful tools making our life easier.

Let a bot do the issue labeling, workflowing, and user guiding and even
merging PR after ci passed when 2 comments have LGTM.

Look at https://github.com/kubernetes/kubernetes e.g.

Short: If we want to automate things and evolve, github may be the
better platform, if we want to keep things manual, then jira is probably
more suitable.

Regards
René

Re: Broken guest vm consoles after upgrading to 4.11.1.0

[Rene Moser]

On 07/09/2018 12:40 PM, Ivan Kudryavtsev wrote:
> Hey, Andrei. There is a parameter ib global vars about SSL and CPVM which
> fixes it. Don't remember the name, but met it as well as you. I suppose
> it's a bug.

The issue has been filed
https://github.com/apache/cloudstack/issues/2733 and an PR fixing the
issue is available here https://github.com/apache/cloudstack/pull/2734

Regards
René

Ansible 2.6: CloudStack modules changelog

[Rene Moser]

Hi CloudStack users

As you may know, automation and orchestration is a big topic and Ansible
is one of the key players in this area. The good coverage of CloudStack
functionality in Ansible is one of the big advantages and making
CloudStack even more attractive.

I am delighted to announce the release of Ansible 2.6. The changelog for
cloudstack related changes, Thanks for all the contributors!

Fixes (partly backported to 2.5):
- cs_sshkeypair: fix ssh key rename (René Moser)
- cs_user: fix return user_api_secret for ACS >=v4.10 (René Moser)
- cs_instance: fix py3 user_data base64 (René Moser)
- cloudstack: fix for list APIs return any matching names (David Passante)
- cloudstack: vpn: compatiblity fix for 4.5 API (René Moser)
- cs_instance: fix err state=destroyed querying user_data (Rene Moser)

Features:
- cs_instance: add host migration support (René Moser)
- cs_instance: add details support (Yoan Blanc)
- General: Paging support implemented in many modules (Peter Farmer)
- cs_ip_address: add "tags" param to ensure idempotency (David Passante)
- cs_instance: add new template filter all (René Moser)
- cs_vpc: implement state=started (René Moser)
- cs_instance_facts: add host return (René Moser)

New modules:

* cs_role_permission (David Passante)

Yours René


P.S.
Like my works? I appreciate any help to keep up the development and
maintenance in my spare time. Thanks ;) https://www.paypal.me/resmo

Re: [VOTE] Apache CloudStack 4.11.1.0 LTS [RC3]

[Rene Moser]

Hi

0 - Not tested, because of conflicting high prio tasks (football world cup)

René

Re: 4.11.1 install feedback

[Rene Moser]

On 05/22/2018 06:36 PM, Dag Sonstebo wrote:
> You may want to try a update cloud.configuration set value='true' where 
> name='dynamic.apichecker.enabled' and see if that lets you login.

Thanks updated to entry, restarted management service, didn't help.

Below you find the screen shot of firebug, you can see that login is
successful but with quotaIsEnabled we get a 401.

https://ibb.co/mZQ4ao

Re: Welcoming Mike as the new Apache CloudStack VP

[Rene Moser]

yeay!

Thanks for the superb job Wido!

Congrats Mike!


On 03/26/2018 04:11 PM, Wido den Hollander wrote:
> Hi all,
> 
> It's been a great pleasure working with the CloudStack project as the
> ACS VP over the past year.
> 
> A big thank you from my side for everybody involved with the project in
> the last year.
> 
> Hereby I would like to announce that Mike Tutkowski has been elected to
> replace me as the Apache Cloudstack VP in our annual VP rotation.
> 
> Mike has a long history with the project and I am are happy welcome him
> as the new VP for CloudStack.
> 
> Welcome Mike!
> 
> Thanks,
> 
> Wido
> 

Re: Automated testing of our environment

[Rene Moser]

Hi Daniel again

On 03/21/2018 09:33 AM, daniel.herrm...@zv.fraunhofer.de wrote:
> Hi Rene, Hi Boris,
> 
> Thanks @Boris for the information about Marvin. I guess in our case (running 
> automated test against our prod environment) that would not be the ideal 
> choice.
> 
>> This would be very easy to do with ansible.
>>
>> It would even allow to log in to the deployed VM and run tasks on the
>> VM, e.g. install packages like a webserver and then check if the
>> webserver is accessable from the CI system.
>>  
>> Or in case of VPC integration tests: verify if a configured site2site
>> VPN works, etc. All with ansible's battery included...
>>  
>> https://github.com/resmo/ansible-cloudstack-example may give you some
>> ideas how to setup.
> 
> The ansible approach however looks promising, thank you. Going to look into 
> that and find out how to write "tests" using ansible. I'm much more addicted 
> to programming in Python than I am to ansible, and from the automation point 
> of view we are using puppet, so let's see what happens. :-)

If you like, you could even write ansible playbooks in python. Ansible
is in Python... But I don't see a real benefit

However, probably one more quickstart hint, I already wrote playbooks to
test the ansible modules.

These are located in
https://github.com/ansible/ansible/blob/devel/test/integration/targets/

and prefixed with cs_

e.g

https://github.com/ansible/ansible/blob/devel/test/integration/targets/cs_domain/tasks/main.yml

The nice thing is the interaction with the "assert" module which allows
to compare the return values from the cloudstack modules to be in the
expected state.

Have fun! ;)

Re: Automated testing of our environment

[Rene Moser]

Hi Daniel

On 03/20/2018 10:38 AM, daniel.herrm...@zv.fraunhofer.de wrote:
> We’d like to automatically run some tests again our live environment on
> regular basis. Something like:
> 
> “Deploy a VM with a specific template, assign an IP address, enable
> static NAT, and check if the SSH password and keys work”

This would be very easy to do with ansible.

It would even allow to log in to the deployed VM and run tasks on the
VM, e.g. install packages like a webserver and then check if the
webserver is accessable from the CI system.

Or in case of VPC integration tests: verify if a configured site2site
VPN works, etc. All with ansible's battery included...

https://github.com/resmo/ansible-cloudstack-example may give you some
ideas how to setup.

Yours
René

Re: Cloudstack metrics, usage collection and reporting?

[Rene Moser]

Only have
https://github.com/resmo/awesome-cloudstack#montitoring-and-graphs

Re: VPC DNS server DHCP options settings

[Rene Moser]

Hi

On 03/03/2018 02:56 PM, Eric Neumann wrote:
> Hi All,
> 
> How can a CloudStack tenant set their preferred DNS servers in the VPC’s DHCP 
> options it gives out. The VPC seems to give out it’s own IP address, which it 
> serves with DNSmasq - forwarding all requests to the public DNS ip addresses 
> defined; all of that works fine, but if a tenant wants to configure a set of 
> DNS servers internal to the VPC - AD Domain Controllers for example - then 
> how can this be accommodated?

There is a new field in the APIs for virtualmachines:
dhcpoptionsnetworklist which sound like the thing you are looking for,
but I haven't a chance to play with it. This is new for 4.11.

If have cloudstack < 4.11 you have a couple of choices.

I see another option: build your templates with cloud-init support.
Among other options and configurations, it allows your users to define
the cloud config
http://cloudinit.readthedocs.io/en/latest/topics/examples.html#configure-an-instances-resolv-conf
in the userdata field in the deployVirtualMachines API.

Unfortunately (as far as I remember) the UI has the user data form field
since 4.11, so your users can't use the built in UI to pass the cloud
configs.

They have to use the API directly of a configration management engine
(like ansible)

The ansible modules support it:

- cs_instance:
display_name: web-vm-1
template: Linux Debian 9 64-bit
service_offering: Tiny
ssh_key: j...@example.com
user_data: |
  #cloud-config
  manage_resolv_conf: true
  resolv_conf:
nameservers: ['8.8.4.4', '8.8.8.8']
searchdomains:
  - foo.example.com
  - bar.example.com
domain: example.com
options:
  rotate: true
  timeout: 1

Second option is to use a configuration management tool (puppet,
ansible, chef) after the vm has been deployed and overwrite the
resolv.conf and reconfigure the network configs to only use IP from dhcp
(so reboot is no problem) or create a template which already have this
setup and deploy the VMs from it.

Hope I could help

René

Re: [4.11] Management to VR connection issues

[Rene Moser]

On 02/26/2018 12:41 PM, Rohit Yadav wrote:

> - If waiting for ssh and apache2 as part of post-init solves the issue, this 
> would require a new systemvmtemplate as the systemd scripts cannot be changed 
> or make effect during first boot.

The waiting for ssh was not the issue, it was a result.

The hang of cloud-postinit caused by p.wait() when having a ton of
iptable rules was the issue. But this is addressed already. should be fine.

a systemctl list-jobs shows "no pending jobs" anymore, so the boot has
completed.

After that the VR should be accessable by SSH (3922) by managemement
right, but it is not.

Did you see  the changes after a reboot (please compare the screenshots
of the ip addr output I sent). After that reboot/network change, SSH
works...


> - I think the additional nics always used to show up for vmware, there is a 
> global setting to configure this (extra nics for vmware, probably because 
> older versions did not support dynamic nic addition on vmware vrs).

On 4.5.2, we only see 4 NICs. in 4.11 we see 5 of them. We were just
wondering if this could result in an issue. What global setting would
that be?


> - For VR timeouts, see logs and check if from management server host you're 
> able to SSH into the VR using the private IP and port 3922. See the 
> troubleshooting wiki: 
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/SSVM%2C+templates%2C+Secondary+storage+troubleshooting

Yes, after a manual reboot of the VR, we can SSH-in as I wrote. Without
a reboot of the VR, we get a "no route to host". So it seems not even an
arp ping is working.


> - Can you share/check which processes are consuming the RAM, 256MB ram is 
> usually enough for non-redundant VRs. (share output of top or check using 
> htop?). Make sure to use a latest Linux version (any Debian variant such as 
> Debian 8, 9 or Ubuntu 16.04+ may also work). The issue is vCenter/ESXi 6.5 
> for some reason, gives lower RAM compared to 6.0 and 5.5 and has poor support 
> for legacy os. I had faced/found this issue while testing redundant VRs which 
> take more RAM usually than normal VRs.

Using the shapeblue VR template (your template ;))

So the man docs says
https://manpages.debian.org/stretch/initscripts/tmpfs.5.en.html

unfortunately only a fstab entry worked for me, setting the
/etc/default/tmpfs didn't.

https://github.com/apache/cloudstack/pull/2468/commits/bd882a8f80763595a89a3b74330500e1965bfda3

Re: [4.11] Management to VR connection issues

[Rene Moser]

Hi again

We found the main problem.

== cloud-postinit hang

When having many iptables rules resulting in cloud-postinit to hang for
10min unless it was killed by systemd. As a result the ssh daemon was
not started for 10 min because it is configured to be started after
cloud-postinit.

It seems the issue was already fixed by
https://github.com/apache/cloudstack/commit/ce67726c6d3db6e7db537e76da6217c5d5f4b10e

== VR still needs manual reboot

However, we still notice adapter changes after a reboot: see before
after screenshots of "ip addr" in
https://photos.app.goo.gl/9XsjOJjLqQ9SRjYV2. We still need to manually
reboot the VR to make the network actually working.

== VR has too many adapters?

Next thing we noticed there are many network adapters (NICs) for this
non-vpc router (see screenshot of the vcenter in
https://photos.app.goo.gl/9XsjOJjLqQ9SRjYV2). Adapter 4 and 5 seem
unnecessary. Any comments on that?

== VR with 256 MB RAM dows not work

Next issue we found is, that the VR must have more than 256MB RAM.
Otherwise systemd will complain the daemon can not be reloaded, because
the ram disk of /run has too less space.

Feb 23 16:24:36 r-413-VM postinit.sh[1089]: Failed to reload daemon:
Refusing to reload, not enough space available on /run/systemd.
Currently, 8.6M are free, but a safety buffer of 16.0M is enforced.
root@r-413-VM:~# df -h /run/
Filesystem  Size  Used Avail Use% Mounted on
tmpfs16M  7.2M  8.7M  46% /run

Increaing to 512MB RAM helped:

root@r-413-VM:~# df -h /run/
Filesystem  Size  Used Avail Use% Mounted on
tmpfs41M  7.8M   34M  19% /run

Unsure if this can be tuned on systemd level, didn't find a way yet.

== VR API Command timeouts

When executing command related to VR, e.g. restart network, start/stop
router the command won't reach the vcenter api, and times out. We are
unsure yet, why.

== VR minor fixes

Next we fixed 2 minor things along.

* rsyslogd config syntax issue
* IMHO we should start apache2 also after cloud-postinit

Also see https://github.com/apache/cloudstack/pull/2468

Regards
René

Re: [4.11] Management to VR connection issues

[Rene Moser]

On 02/20/2018 08:04 PM, Rohit Yadav wrote:
> Hi Rene,
> 
> 
> Thanks for sharing - I've not seen this in test/production environment yet. 
> Does it help to destroy the VR and check if the issue persists? Also, is this 
> behaviour system-wide for every VR, or VRs of specific networks or topologies 
> such as VPCs? Are these VRs redundant in nature?

We have non-redundant VRs, and we haven't looked at VPC routers yet.

The current analyses shows the following:

1. Started the process to upgrade an existing router.
2. Router gets destroyed and re-deployed with new template 4.11 as expected.
3. Router OS has started, ACS router state keeps "starting". When we
login by console, we see some actions in the cloud.log. At this point,
router will be left in this state and gets destroyed after job timeout.
4. We reboot manually on the OS level. VR gets rebooted.
5. After the OS has booted, ACS Router state switches to "Running"
6. We can login by ssh. however ACS router still shows
"requires upgrade" (but the OS has already booted with template 4.11)
7. When we upgrade, the same process happens again points 1-3. Feels
like a dead lock.


Logs:
https://transfer.sh/DdTtH/management-server.log.gz

We continue our investigations

Regards
René

[4.11] Management to VR connection issues

[Rene Moser]

Hi

We upgraded from 4.9 to 4.11. VMware 6.5.0. (Testing environment).

VR upgrade went through. But we noticed that the communication between
the management server and the VR are not working properly.

We do not yet fully understand the issue, one thing we noted is that the
networks configs seems not be bound to the same interfaces after every
reboot. As a result, after a reboot you may can connect to the VR by
SSH, after another reboot you can't anymore.

The Network name eth0 switched from the NIC id 3 to 4 after reboot.

The VR is kept in "starting" state, of course as a consequence we get
many issues related to this, no VM deployments (kept in starting state),
VM expunging failure (cleanup fails), a.s.o.

Have anyone experienced similar issues?

Regards
René

Re: [DISCUSS] DB upgrade issue workaround for 4.10.0.0 users upgrading to 4.11.0.0

[Rene Moser]

On 02/14/2018 06:21 PM, Daan Hoogland wrote:
> the -x would only add it to the comment making it harder to find. As for
> multiple stable branches; merging forward always folows all branches
> forward so a fix on 4.9 would be merged forward to 4.10 and then 4.10 would
> be merged forward again to 4.11 and finally to master. of course there is
> always work to do in terms of solving merge conflicts but these are
> generally less then port work as the order of any commits to the
> intemediats is always preserved.

I don't say this workflow is "bad" or does not work "technically".

To me, it looks "hard" to make a decision to which branch should a fix
go in the first place. And in this workflow, you basically have to
decided it _before_ the merge: To 4.11? or even 4.10? And if I should
have merged to 4.10 but merged it to 4.11, now what?

In contrast of the cherry-pick workflow: you decide _after_ to which
versions the fix should be backported to.

To me, this seems much convenient. But can live with that.

René

Re: [DISCUSS] DB upgrade issue workaround for 4.10.0.0 users upgrading to 4.11.0.0

[Rene Moser]

Hi Daan

On 02/14/2018 05:26 PM, Daan Hoogland wrote:
> Rene,
> 
> The issue is certainly not due the git workflow but to upgrade schemes we
> have.
> 
> The result of this workflow for us is that it is easier to find to which
> branches a particular commit is added as by merging forward the commit id
> of the actual fix doesn't change. so instead of looking in each branch for
> a bit of code you can look for a commit id on a branches log.

Ah I see.

However, the same can be achieved by adding -x to cherry-picks (to add
the origin commit id), without the downside that a fix can "only" go
into one stable branch.

Keep in mind, we certainly do have more than one stable branch at a time
(4.11-lts, 4.12). A fix should be applicable to any stable branch.

Or how would this work with the current workflow?

René

Re: CloudStack modules in Ansible 2.5

[Rene Moser]

On 02/05/2018 10:11 AM, Dag Sonstebo wrote:
> Hi Renè,

Not quite, it's René. Even though Renè looks more "aerodynamic" :P

But no worries, I have seen all written variants of that name...  even
the nurse at my birthday wrote it worng "sigh". That is why I keep it
simple.

Rene

CloudStack modules in Ansible 2.5

[Rene Moser]

Hi

Ansible will shortly be frozen for new modules for the v2.5 release, I
take the chance to recap all the new and shiny things related to
CloudStack. The final release of 2.5 has target March 2018.

Ansible includes the following new CloudStack modules:

cs_network_offering
cs_service_offering
cs_vpc_offering
cs_vpn_connection
cs_vpn_customer_gateway

Many thanks to dpassante who contributed 2 modules including integration
tests!

dpassante (2):
  cloudstack: new module cs_network_offering (#34354)

  Add new Cloudstack module cs_vpc_offering (#34797)


Some noteworthy changes:

  cs_snapshot_policy: fix VM not found in non-default zone

  cs_vpc: fix network_domain param ignored (#35690)

  cs_network: implement support acl (#35706)

  cs_vpc: add new argument clean_up (#33278)

  cs_firewall: use list type for cidr (#33020)

  cloudstack: fix timeout in ini config file is ignored (#34833,
also backported to 2.4.3)

  cloudstack: cs_network: implement subdomain_access (#34741)

A complete overview of all CloudStack modules can be found at
http://docs.ansible.com/ansible/devel/module_docs/list_of_cloud_modules.html#cloudstack

Many thanks to all contributors.

René

Re: Ansible vpn customer Gateway

[Rene Moser]

Hi Ben

There is, it will be included in upcomming ansible 2.5 (target march
2018). However, you can use this as today with the following steps
(untested):

1. create a "library" directory the tree level of your playbooks (or
alternatively configure the library path in a .ansible.cfg)

2. copy the upsteam module into that library folder:
wget
https://raw.githubusercontent.com/ansible/ansible/devel/lib/ansible/modules/cloud/cloudstack/cs_vpn_customer_gateway.py


3. small code change needed to be compatible on line 256:
https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/cloud/cloudstack/cs_vpn_customer_gateway.py#L256

from

if self.has_changed(args, vpn_customer_gateway,
skip_diff_for_keys=['ipsecpsk']):

to

if self.has_changed(args, vpn_customer_gateway):

Regards
René


On 01/03/2018 09:10 AM, Benjamin Naber wrote:
> Hi together,
> 
> ist there any Ansible module which i can use to create a vpn customer gateway 
> ?
> 
> Kind regards
> 
> Benjamin
> 

Re: [DISCUSS] Changing events to include UUIDs, could it break your integration

[Rene Moser]

Hi

On 12/28/2017 10:52 AM, Rohit Yadav wrote:
> All,
> 
> 
> We've come across a pull request which changes the event description to 
> use/export UUIDs instead of the numeric internal ID of a resource. I'm not 
> sure if this could potentially break any external integration such as 
> billing, crms etc. so wanted to get your feedback on this. My understanding 
> is external billing/intergrations would consume from the usage related tables 
> for data than events table.
> 
> 
> The PR is https://github.com/apache/cloudstack/pull/1940
> 
> 
> Comments, thoughts? Thanks.

Even though I am +1 with this change, we should work towards versioning
the API to prevent breaking anything out there.

René

Re: [DISCUSS] Redundant Virtual Routers on VMware?

[Rene Moser]

Hi

On 12/08/2017 11:56 AM, Rohit Yadav wrote:
> Is anyone using redundant virtual routers with VMware, either in VPCs or 
> isolated networks (with recent or older versions of ACS)?

No, not currently. We once had rVR but this is quite a while ago. We
migrated away but it was related to issues finally turned out not
related to rVR.

Regards
René

Re: Call for participation: Issue triaging and PR review/testing

[Rene Moser]

Hi all

On 12/13/2017 05:04 AM, Ivan Kudryavtsev wrote:
> Hello, devs, users, Rohit. Have a good day.
> 
> Rohit, you intend to freeze 4.11 on 8 january and, frankly speaking, I see
> risks here. A major risk is that 4.10 is too buggy and it seems nobody uses
> it actually right now in production because it's unusable, unfortunately,
> so we are planning to freeze 4.11 which stands on untested 4.10 with a lot
> of lacks still undiscovered and not reported. I believe it's a very
> dangerous way to release one more release with bad quality. Actually,
> marvin and units don't cover regressions I meet in 4.10. Ok, let's take a
> look at new one our engineers found today in 4.10:

So, the point is, how do we (users, devs, all) improve quality?

Marvin is great for smoke testing but CloudStack is dealing with many
infra vendor components, which are not covered by the tests. How can we
detect flows not covered by marvin?

For me, I decided (independent of this discussion) to write integration
tests in a way one would not expect, not following the "happy path":

Try to break CloudStack, to make a better CloudStack.

Put a chaos monkey in your test infra: Shut down storage, kill a host,
put latency on storage, disable network on hosts, make load on a host.
read only fs on a cluster wide primary fs. shut down a VR, remove a VR.

Things that can happen!

Not surprisingly I use Ansible. It has an extensive amount of modules
which can be used to battle prove anything of your infra. Ansible
playbooks are fairly easy to write, even when you are not used to write
code.

I will share my works when ready.

René

Re: [Add Firewall Rules for SNMP on VPC]

[Rene Moser]

Hi Gian Paolo

Which cloudstack release? Do you have any egress rules?

Regards
René

On 11/21/2017 02:47 PM, Gian Paolo Buono wrote:
> 
> Hi all,
> 
> I need to monitorng with snmp a VPC from internal network. I have a vm 
> on the same vlan and have configure snmp on VPC to accept the query snmp 
> from internal network,  but the firewal block this query.  how can I do ?
> 
> Thanks
> 

POLL: ACL default egress policy rule in VPC

[Rene Moser]

Hi Devs

The last days I fought with the ACL egress rule behaviour and I would
like to make a poll in which direction the fix should go.

Short Version:

We need to define a better default behaviour for acl default egress
rule. I see 3 different options:

1. always add a default deny all egress rule.

This would be super easy to do (should probably also the intermediate
fix for 4.9, see https://github.com/apache/cloudstack/pull/2323)


2. add a deny all egress rule in case if have at least one egress allow
rule.

A bit intransparent to the user, but doable. This seems to be the
behaviour how it was designed and should have been implemented.


3. use the default setting in the network offering "egressdefaultpolicy"
to specify the default behavior.

There is already a setting which specifies this behaviour but is not
used in VPC. Why not use it?

As a consequence when using this setting, the user should get more infos
about the policy of the network offering while choosing it for the tier.


Poll:

1. []
2. []
3. []
4. [] Other? What?


Long Version:

First, let's have a look of the issue:

In version 4.5, creating a new acl with no egress (ACL_OUTBOUND) rule
would result in a "accept egress all":

-A PREROUTING -s 10.10.0.0/24 ! -d 10.10.0.1/32 -i eth2 -m state --state
NEW -j ACL_OUTBOUND_eth2
-A ACL_OUTBOUND_eth2 -j ACCEPT

When an egress (here deny 25 egress) rule (no mather if deny or allow)
gets added the result is a "deny all" appended:

-A PREROUTING -s 10.10.0.0/24 ! -d 10.10.0.1/32 -i eth2 -m state --state
NEW -j ACL_OUTBOUND_eth2
-A ACL_OUTBOUND_eth2 -p tcp -m tcp --dport 25 -j DROP
-A ACL_OUTBOUND_eth2 -j DROP

This does not make any sense and is a bug IMHO.


In 4.9 the behaviour is different:

(note there is a bug in the ordering of egress rules which is fixed by
https://github.com/apache/cloudstack/pull/2313)

The default policy is kept accept egress all.

-A PREROUTING -s 10.11.1.0/24 ! -d 10.11.1.1/32 -i eth2 -m state --state
NEW -j ACL_OUTBOUND_eth2
-A ACL_OUTBOUND_eth2 -d 224.0.0.18/32 -j ACCEPT
-A ACL_OUTBOUND_eth2 -d 225.0.0.50/32 -j ACCEPT
-A ACL_OUTBOUND_eth2 -p tcp -m tcp --dport 80 -j ACCEPT


To me it looks like the wanted behavior was "egress all as default. If
we have allow rules, append deny all". This would make sense but is
quite instransparent.

But let's poll

Re: Upgrade Cloudstack 4.5 to 4.9 - Unable to upgrade the database

[Rene Moser]

did you upgrade to 4.9.2 or 4.9.3? centos?

Regards
René

Quick 1 Question Survey

[Rene Moser]

What Linux OS and release are you running below your:

* CloudStack/Cloudplatform Management
* KVM/XEN Hypvervisor Host

Possible answer example

Cloudstack Management = centos6
KVM/XEN = None, No KVM/XEN

Thanks in advance

Regards
René

Re: CloudStack modules in Ansible 2.4

[Rene Moser]

Hi Dennis

On 09/01/2017 10:59 PM, Dennis Meyer wrote:

> I thought ansible is made to deploy the meaning or behaviour of a vm, and
> not managing its dependencies beyond its space.

au contraire, my friend. Ansible is _the_ generic IT orchestration engine.

Ansible literally allows to manage your whole infrastructure, not only
VM and servers, but network devices like cisco nexus, various cloud
providers (aws, cloudstack, openstack), use DNS service providers,
interact with loadbalancers such as netscaler or haproxy, manage system
configurations (windows, linux or unix), orchestrate your docker
containers, handle notifications, interact with monitoring tools, and
deploy app in a rolling updates, rollback on errors, etc while .. and
this is the most important part... keeping things relatively simple and
readable.

I can recommend a very well written book (shameless self plug)
http://www.ansiblebook.com/ ;)

René

CloudStack modules in Ansible 2.4

[Rene Moser]

Hi

Ansible 2.4 is in feature freeze and to be released in a couple of days.
Let me give you a summary about the CloudStack related changes:

# New Modules

We have a handful of new modules:

cs_instance_nic
cs_instance_nic_secondaryip
cs_network_acl
cs_network_acl_rule
cs_storage_pool
cs_vpn_gateway

The module cs_nic, introduced in 2.3 is maked as deprecated and replaced
by cs_instance_nic_secondaryip.

For a full overview of all modules, head over to the official docs
http://docs.ansible.com/ansible/latest/list_of_cloud_modules.html#cloudstack


# Automated Integration tests

I am very proud to present Ansible's fully automated integration test
suite of a cloudstack simulator, currently in versino 4.9.2, in docker.

This means, a new PR against a ansible cloudstack modules starts a
cloudsatck simulator and runs the integration test, fully automated.

But this is also for you, having docker installed you are a few commands
away to run a test run locally. To make it clear, this does it all for
you: It downloads the docker image, waits until booted, setup 2
cloudstack zones (basic, advanced, configures auth to run ansible
against the API.

How does this work?

## Get latest Ansible as virtual env (in the current terminal session)

$ git clone g...@github.com:ansible/ansible.git
$ cd ansible
$ source ./hacking/env-setup


## Run the full test suite

$ cd test/integration/
$ ansible-test integration cloud/cs -v --diff


## Run a subset e.g. cs_instance

$ ansible-test integration cloud/cs/cs_instance -v --diff

The docker image is located at the ansible project or
https://github.com/resmo/docker-cloudstack-simulator-for-ansible. I am
currently working to upgrade it to 4.10, which needs some adjustments in
the creationals handling as this as been changed.


# Full log of CloudStack related changes

See https://gist.github.com/resmo/5e5fcf0bd941421682c4771e28112e05 for a
full log of cloudstack related changes. Thanks for all contributors

Take care
René

Re: [VOTE] Apache Cloudstack 4.9.3.0 RC1

[Rene Moser]

+1

Run Ansible CloudStack simulator test suite with tests for
  account
  affinitygroup
  cluster
  configuration
  domain
  firewall
  host
  instance
  instancegroup
  nic
  iso
  LB
  network ACL
  network ACL rules
  pod
  portforward
  project
  region
  resourcelimit
  role
  router
  securitygroup
  secuirtygroup rule
  sshkeypair
  storage pool
  user
  vmsnapshot
  volume
  vpc
  network
  vpn gateway
  zone

+ Basic Testing on VMware 6.5 in Advanced Zone upgraded from 4.9.2

Thanks!
René


On 08/28/2017 03:14 PM, Rohit Yadav wrote:
> Hi All,
> 
> I've created a 4.9.3.0 RC1 release, with the following artifacts up for a
> vote:
> 
> Git Branch and Commit SH:
> 
> https://gitbox.apache.org/repos/asf?p=cloudstack.git;a=shortlog;h=refs/heads/4.9.3.0-RC20170828T1452
> https://github.com/apache/cloudstack/tree/4.9.3.0-RC20170828T1452
> Commit: d145944be0d04724802ff132399514bf71c3e7b0
> 
> 4.9 branch smoke test PR:
> https://github.com/apache/cloudstack/pull/2217
> 
> List of commits/changes since 4.9.2.0 release:
> https://github.com/apache/cloudstack/compare/4.9.2.0...4.9.3.0-RC20170828T1452
> 
> Source release (checksums and signatures are available at the same
> location):
> https://dist.apache.org/repos/dist/dev/cloudstack/4.9.3.0/
> 
> PGP release keys (signed using 0EE3D884):
> https://dist.apache.org/repos/dist/release/cloudstack/KEYS
> 
> Vote will be open for 72 hours.
> 
> For sanity in tallying the vote, can PMC members please be sure to indicate
> "(binding)" with their vote?
> 
> [ ] +1  approve
> [ ] +0  no opinion
> [ ] -1  disapprove (and reason why)
> 
> Regards,
> Rohit Yadav
> 

StoragePool: disable vs maintenance?

[Rene Moser]

Hi

While creating and testing ansible modules for the storagepool API, I
noticed there is a "enabled=true/false" in the update storage API which
enables/disabled the storage (not shown in the UI) and there is a
enableStorageMaintenace/cancelStorageMaintenance API.

Anyone has a clue what are the differences of maintenance vs disabling a
storage? Thanks for enlightenment.

Regards
René

Re: Error on Terraform with creating many networks

[Rene Moser]

Hi Dennis

On 08/14/2017 11:46 AM, Dennis Meyer wrote:
> Hi,
> i try to create a vpc and some networks with terraform.

Not sure but wasn't there a issue with more than (or equal 8) VPC networks?

https://issues.apache.org/jira/browse/CLOUDSTACK-

However, not sure which versions of cloudstack is affected.

René

Re: CloudStack-UI 1.0.7 released on July, 25, 2017

[Rene Moser]

Hi Ivan

Thanks for your update! Appreciate the progress.


Just a note after a quick test: It seems there is an error in the docker
image, I was not able to start a container with 1.0.7, but the very same
command works with 1.0.6.

$ docker logs cloudstack-ui



2017/08/14 09:27:12 [emerg] 13#13: host not found in upstream
"cs-extensions" in /etc/nginx/conf.d/default.conf:22
nginx: [emerg] host not found in upstream "cs-extensions" in
/etc/nginx/conf.d/default.conf:22

Regards
René

Re: Database connector failure on Upgrade from CS 4.3.2 to 4.9.2

[Rene Moser]

Hi

On 07/10/2017 06:27 PM, Rafael Weingärtner wrote:
> Did you try to set in the db.properties the "db.usage.driver"?
> something like: *db*.cloud.*driver*=jdbc:mysql

Related to CLOUDSTACK-9765

https://github.com/apache/cloudstack/commit/bcc6b4fbaf74865b971a72122d15d5bfde4ab7ba

Regards
René

Re: AW: Self-service web storefront including Apps Delivery

[Rene Moser]

Hi Ingo


On 06/29/2017 06:13 PM, Jochim, Ingo wrote:
> http://events.linuxfoundation.org/sites/events/files/slides/Usecase_Cloudstack_and_Ansible.pdf

Thanks for sharing, very interesting.

Question: I wondered about the slide #17 in where we can see an UI. Is
this a UI for a service on "top of Ansible"?

Thanks for clarification.

René

Re: Awesome CloudStack

[Rene Moser]

Hi Will

On 05/10/2017 07:49 PM, Will Stevens wrote:
> Awesome!!!  Great initiative Rene.  You going to be at ApacheCon in Miami?

Sad to say but no, I can not make it.

> Maybe we can give this list a bit of airtime to give it some more
> visibility.  :)

That would be awesome! ;)

Re: Awesome CloudStack

[Rene Moser]

On 05/10/2017 08:50 PM, Gabriel Beims Bräscher wrote:
> I work in the development of the Autonomiccs plugin; a plugin that
> autonomously manages environments orchestrated by Apache CloudStack (more
> details at [1]). Do you believe that it would be interesting adding plugins
> such as Autonomiccs to your project?

And yes! This sound pretty much like an awesome project! ;)

Re: Awesome CloudStack

[Rene Moser]

Hi Gabriel

On 05/10/2017 08:50 PM, Gabriel Beims Bräscher wrote:
> Hi Rene,
> 
> That is a great idea!
> 
> Is the content related to any project that is linked somehow with Apache
> CloudStack?

As simple as anything "awesome" or let's say useful that is related to
the CloudStack ecosystem. What it ever may be!

The idea of awesome lists is not invented here, see
https://github.com/sindresorhus/awesome.

Awesome CloudStack

[Rene Moser]

Hi

I started "A curated list of bookmarks, packages, tutorials, videos and
other cool resources from the CloudStack ecosystem" on
https://github.com/resmo/awesome-cloudstack

Feel free to extend it by sending PRs ;)

René

Re: Alternative Cloudstack UI for KVM and Basic Zones (with SG)

[Rene Moser]

On 04/25/2017 11:22 AM, Ivan Kudryavtsev wrote:
> Hello, Rene.
> 
> Of course, we are open for additional features. PRs will be accepted after
> review and integrational testing by QA.
> Just keep in mind that we (our developers or QA engineers) need to have an
> access to the zone with Advanced networking to do integration testing (and
> develop test plan for those features)
> because right now we only have deployments with Basic Zones.

That would be relatively easy to do, I made a docker image with 3 zones
(adv, basic and adv-secuirty-groups).

https://hub.docker.com/r/resmo/cloudstack-sim/

Just link the containers together :)

Regards
René

Re: Alternative Cloudstack UI for KVM and Basic Zones (with SG)

[Rene Moser]

Impressive! Well done!

I have some question, advanced networking on your roadmap or is this not
interesting for you? Would you accept PRs for implementing advanced
networking support?

Regards
René

On 04/25/2017 09:11 AM, Ivan Kudryavtsev wrote:
> Hello, Cloudstack community.
> 
> We are proud to present our last development effort to you. During the last
> 5 months we spend some time to develop alternative Cloudstack UI for basic
> zones with KVM hypervisor and security groups. This is basically the thing
> we are using in our clouds. During the design of the software we tried to
> fulfill the expectations of our average cloud users and simplify operations
> as much as possible.
> 
> The project is OSS and can be found at GitHub with bunch of screenshots and
> deployment guide. It's under active development so, we will ge glad if you
> join and provide us with additional feedback, UX considerations and other
> interesting information.
> 
> Project page at GitHub: https://bwsw.github.io/cloudstack-ui/
> Source code: https://github.com/bwsw/cloudstack-ui
> 
> Have a good day. Looking forward hearing your feedback.
> 

Re: Trouble Adding Ubuntu-KVM hosts on Cloudstack

[Rene Moser]

On 04/18/2017 06:33 PM, Muhammad Adeel Zahid wrote:
> I am on Ubuntu 16.04 LTS

AFAIK 16.04 is not yet be supported. And the offical docs only mention
14.04. I would give 14.04 a try.

Regards
René

Re: Trouble Adding Ubuntu-KVM hosts on Cloudstack

[Rene Moser]

Hi Adeel


On 04/18/2017 06:14 PM, Muhammad Adeel Zahid wrote:
> Hi Guys,
> 
> 
> Few weeks ago, I installed cloudsack management on one machine and KVM on 
> other machine. Both were using CentOS 6. All is working fine with these two 
> machines. Now, I installed ubuntu and KVM on third machine and wanted to add 
> it to the cluster but I never seem to be able to do it. I always get "failed 
> adding host" message.
> 
> 
> I followed 
> http://docs.cloudstack.apache.org/projects/cloudstack-installation/en/4.9/hypervisor/kvm.htmlfor
>  KVM installation on ubuntu. The only difference is that, I don't have eth0 
> interface. The only ethernet interface showing in my machine is enso1. So I 
> replaced every occurance of eth0 with enso1? I don't know if that might be 
> creating problem?

Which Ubuntu version did you take?

Regards
René

Re: DNS is not working after adding a private gateway

[Rene Moser]

How did you reboot the router? By OS reboot or by cloudstack API?

Regards
René

On 04/17/2017 10:33 PM, Vivek Kumar wrote:
> Hello Dag,
> 
> Yes i have tried to add static route for the remote subnet in the tab of
> private gateway, and it works as well, but after rebooting the router
> doesnt resolve DNS, however i can ping to DNS IP but it's not resolving.
> 
> So here is my complete scenario:
> 
> 1- Create a VPC and create a Tier.
> 2- I go to my router and everything works fine on router and tier as well.
> 3- I can see  default route is my public gateway.
> 4- i also can see 4 interface, one for public, one for link local, one
> for Tier and last for loopback.
> 5- then i add a private gateway, and i can see that one more interface
> is also added in router.
> 6- I check on my router , everything looks good, internet is working ,
> DNS is also resolving on router and tier as well.
> 7- when i reboot my router, everything is stopped working.
> 
>  i also compared my iptables pre-reboot and post reboot, some changes
> has been made in iptables post reboot so it might be a cause,
> 
> Any idea Dag ?
> 
> 
> *Vivek Kumar*
> Virtualization and Cloud Consultant
> 
> http://www.indiqus.com/images/logo.jpg  
> *I*ndi*Q*us Technologies Pvt Ltd 
> A-98, LGF, C.R.Park, New Delhi - 110019 
> *O* +91 11 4055 1409 ( 24*7 Support HelpLine )| *M* +91 7503460090 
> www.indiqus.com  
> 
> 
> On Tue, Apr 18, 2017 at 12:36 AM, Dag Sonstebo
> > wrote:
> 
> Hi Vivek,
> 
> __ __
> 
> I’ve not spent a lot of time playing with private gateways – but
> have you configured your routing table after adding this (Static
> Routes tab on the private gw)?
> 
> __ __
> 
> Regards,
> 
> Dag Sonstebo
> 
> Cloud Architect
> 
> ShapeBlue
> 
> __ __
> 
> dag.sonst...@shapeblue.com  
> www.shapeblue.com 
> @shapeblue
>   
> 
>   
> 
> *From: *Vivek Kumar  >
> *Reply-To: *"users@cloudstack.apache.org
> "  >
> *Date: *Monday, 17 April 2017 at 14:33
> *To: *"users@cloudstack.apache.org
> "  >
> *Subject: *DNS is not working after adding a private gateway
> 
> __ __
> 
> Hello Team, 
> 
> __ __
> 
> I have running ACS 4.7.1 with XenServer 6.5 SP1 and I have
> configured  a VPC and everything seems fine and I am able to reach
> internet and all vm’s inside the tiers as well, but when I create a
> private gateway and reboot the router, it stops working , neither I
> am able to reach internet or  able to resolve DNS ( however I am
> able to reach IP of any public address i.e 4.2.2.2 and 8.8.8.8 and I
> am also using same as a DNS ). Can anyone help me out? Even I tried
> to remove the private gateway also but still no luck.
> 
> __ __
> 
> I tried to trace route from the VR and its saying:
> 
> __ __
> 
> root@r-960-VM:~# traceroute google.com 
> 
> google.com : Name or service not known
> 
> Cannot handle "host" cmdline arg `google.com ' on
> position 1 (argc 1)
> 
> __ __
> 
> Before Private Gateway it was  running fine.
> 
> __ __
> 
> *Vivek Kumar*
> Virtualization and Cloud Consultant
> 
> 
>  
> IndiQus Technologies Pvt Ltd 
> A-98, LGF, C.R.Park, New Delhi - 110019 
> 24x7 +91 11 4055 1409 | M +91 7503460090 
> www.indiqus.com  
> 
> __ __
> 
> 

CloudStack related changes in Ansible 2.3

[Rene Moser]

Hi CloudStack users

Ansible 2.3 is about to be released, I would like to summarize the
CloudStack related features and changes in this release.


New modules
---

- cs_host
- cs_nic
- cs_region
- cs_role
- cs_vpc

Examples and usage for these modules can be found in the docs,
http://docs.ansible.com/ansible/list_of_cloud_modules.html#cloudstack as
usual.


Docs


The CloudStack guide
http://docs.ansible.com/ansible/guide_cloudstack.html has been updated,
note the new feature "Environment Variables"
http://docs.ansible.com/ansible/guide_cloudstack.html#environment-variables


VPC
---

The VPC support has been improved in the related modules, but there is
still some work to do.


Integration tests
-

Soon, CloudStack related new Ansible PRs will be automatically tested
(~1.000 tasks) on a CI against a CloudStack Simulator running 4.9.x.


Future Module Development
-

Due some other side projects of mine (writing books takes more time than
one would might think), development of new modules is lagging a bit. One
module (cs_serviceoffer) is currently WIP
https://github.com/ansible/ansible/pull/19041.

But no worries, new modules are planed:
- cs_diskoffer
- modules for VPN setup


Cloud Role
--

At SWISS TXT, we created a Ansible role for setting up VMs in a
cloudstack cloud with advanced networking for different customer
projects, The role is open source (BSD) and can be found on GitHub
https://github.com/swisstxt/ansible-role-cloud-infra

Feel free to fork and improve it.


Goal of my Ansible CloudStack Project
-

I often get ask, why I am doing it.

My goal is to not only install and upgrade CloudStack by Ansible (that
is relatively easy... and can even be done without that much cloudstack
api interaction) but configure _and_ maintaining a cloud (basic or
advanced networking) in a reliable way!

It will install the OS and install cloudstack management server, install
the OS on the hosts, setup hypversisors, create zones, pods, clusters,
accounts, users, add configured hosts to cloudstack all this by a single
run and the best of it, you can re-run it safely again and again,
without fear breaking anything.

Have to add a new host? No problem, put the hardware in the rack and
connect it to the net, ansible will take care on the next run: it can be
that simple.

Also note, ansible can manage your network switches, routers and
firewalls too! http://docs.ansible.com/ansible/list_of_network_modules.html

The possibilities are endless...

Thanks
René

Re: Upgrade ACS 4.5.2 to ACS 4.9.2 ShapeBlue repo

[Rene Moser]

Hi

On 03/21/2017 03:48 PM, Ciobanu Cristian wrote:
> I just need few info if possible, did anyone tested the upgrade for ACS
> 4.5.2 to 4.9.2 ?

Yes, we did it in our test env.

> Right now I have 2 old setups  : ACS 4.5.2 - VMware 5.5 configured with
> basic network, Installed from ShapeBlue repo ( CentOS 6 )

There is one little issue we run into with the config merge
db.properties https://github.com/apache/cloudstack/pull/1923

It is already merged in https://github.com/apache/cloudstack/tree/4.9
but not yet released.

Regards
René

Re: Welcoming Wido as the new ACS VP

[Rene Moser]

Thanks Will for all the efforts!

Congrats Wido and I have no doubts you keep up the good work ;)

-Rene

Re: Usage Server 4.9 Issue

[Rene Moser]

Thanks for sharing!

Regards
René

On 03/02/2017 10:12 AM, Stock, Alexander wrote:
> Hi,
> 
> a week ago we discovered an issue with the usage server version (4.9).
> After around two month from upgrading to 4.9.0 usage server stopped working 
> and produced following error messages in /var/log/cloudstack/usage/usage.log:
> 
> ERROR [usage.dao.UsageDaoImpl] (Usage-Job-1:null) (logid:) error saving 
> account to cloud_usage db
> java.lang.NullPointerException
> at 
> com.cloud.usage.dao.UsageDaoImpl.saveAccounts(UsageDaoImpl.java:116)
> at 
> com.cloud.usage.dao.UsageDaoImpl_EnhancerByCloudStack_330c46f7.CGLIB$saveAccounts$15()
> at 
> com.cloud.usage.dao.UsageDaoImpl_EnhancerByCloudStack_330c46f7_FastClassByCloudStack_80eceb8.invoke()
> at net.sf.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228)
> at 
> com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:122)
> at 
> com.cloud.usage.dao.UsageDaoImpl_EnhancerByCloudStack_330c46f7.saveAccounts()
> at com.cloud.usage.UsageManagerImpl.parse(UsageManagerImpl.java:516)
> at 
> com.cloud.usage.UsageManagerImpl.runInContextInternal(UsageManagerImpl.java:384)
> at 
> com.cloud.usage.UsageManagerImpl$1.runInContext(UsageManagerImpl.java:326)
> at 
> org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:49)
> at 
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:56)
> at 
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:103)
> at 
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:53)
> at 
> org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:46)
> at com.cloud.usage.UsageManagerImpl.run(UsageManagerImpl.java:323)
> at 
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
> at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:304)
> at 
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178)
> at 
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
> at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at java.lang.Thread.run(Thread.java:745)
> ERROR [cloud.usage.UsageManagerImpl] (Usage-Job-1:null) (logid:) Usage 
> Manager error
> com.cloud.utils.exception.CloudRuntimeException
> at 
> com.cloud.usage.dao.UsageDaoImpl.saveAccounts(UsageDaoImpl.java:135)
> at 
> com.cloud.usage.dao.UsageDaoImpl_EnhancerByCloudStack_330c46f7.CGLIB$saveAccounts$15()
> at 
> com.cloud.usage.dao.UsageDaoImpl_EnhancerByCloudStack_330c46f7_FastClassByCloudStack_80eceb8.invoke()
> at net.sf.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228)
> at 
> com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:122)
> at 
> com.cloud.usage.dao.UsageDaoImpl_EnhancerByCloudStack_330c46f7.saveAccounts()
> at com.cloud.usage.UsageManagerImpl.parse(UsageManagerImpl.java:516)
> at 
> com.cloud.usage.UsageManagerImpl.runInContextInternal(UsageManagerImpl.java:384)
> at 
> com.cloud.usage.UsageManagerImpl$1.runInContext(UsageManagerImpl.java:326)
> at 
> org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:49)
> at 
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:56)
> at 
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:103)
> at 
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:53)
> at 
> org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:46)
> at com.cloud.usage.UsageManagerImpl.run(UsageManagerImpl.java:323)
> at 
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
> at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:304)
> at 
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178)
> at 
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
> at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at 
> 

Re: latest security vulnerability "Cloudbleed"

[Rene Moser]

Hi Suresh

And this is interesting for cloudstack users because of... what reason?

René

On 02/25/2017 04:26 PM, Suresh Sadhu wrote:
> HI All,
> 
> On February 18th, 2017, Google security researchers discovered a potentially 
> dangerous leak in Cloudflare's services that resulted in the exposure of 
> sensitive data belonging to thousands of companies and their users. The media 
> has dubbed the leak "Cloudbleed.". The flaw was exposed via an issue with an 
> HTML parser.
> 
> http://gizmodo.com/cloudbleed-is-a-problem-but-it-gets-worse-1792721147
> 
> 
> Regards
> Sadhu
> 
> 
> 
> 
> 
> 
> DISCLAIMER
> ==
> This e-mail may contain privileged and confidential information which is the 
> property of Accelerite, a Persistent Systems business. It is intended only 
> for the use of the individual or entity to which it is addressed. If you are 
> not the intended recipient, you are not authorized to read, retain, copy, 
> print, distribute or use this message. If you have received this 
> communication in error, please notify the sender and delete all copies of 
> this message. Accelerite, a Persistent Systems business does not accept any 
> liability for virus infected mails.
> 

Re: Unplanned downtime

[Rene Moser]

Hi Virbol

On 02/08/2017 03:14 PM, Vibol Vireak wrote:
> I just install cloudstack, kvm as a hypervisor with ceph primary storage.
> And i don't have any running instant yet because i plan to setup advance
> network with openvswitch for my testing environment. as you mention, Did
> the cloudstack will automatic failover or restart the vmware to another
> hypervisor if we enable an instant HA ?


There are some docs about it
http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/4.9/reliability.html#ha-enabled-virtual-machines

Regards
René

Re: Giving Users SSH Access to VMs

[Rene Moser]

Hi John

On 02/08/2017 01:14 PM, John Adams wrote:
> Hello,
> 
> Just managed to setup version 4.9.2.0 with various Ubuntu 14.04 KVM hosts.
> In the release notes for v 4.6 there's a mention of being able to generate
> ssh-keys from the Web UI  but there's no mention of this in the
> administration documentation, or unless I'm not looking hard enough.

It's under the account, there is a dropdown which contains the "SSH key
pairs". If you select it, you will get into a view and on the right hand
side you find the button to generate the keys.

(hmm seems there is no way to upload existing keys in the UI, is there any?)

> 
> Also is it possible to add a user's public key into an already provisioned
> virtual machine?

Yes, but the VM has to be stopped, in the VM detail view, second icon
from right "reset ssh key pair"

René

Re: Python bindings

[Rene Moser]

Hi Ranjith

On 02/08/2017 09:07 AM, Ranjith Kumar wrote:
> Does cloudstack api have python bindings? other than REST api?.

Not sure if I fully understand your needs but there is a neat little
python lib for cloudstack on https://github.com/exoscale/cs.

It is also installable with pip: pip install cs

I use it for the ansible cloudstack modules.

René

Re: developing own webinterface

[Rene Moser]

Hi Swen

I have plans to develop a new UI for CloudStack in this year, which will
be most likely be implemented with vue.js https://vuejs.org/.

Regards
René

Re: AW: Template management

[Rene Moser]

Hi Swen again

On 01/19/2017 02:31 PM, S. Brüseke - proIO GmbH wrote:
> @Rene: Of course it is the user's responsibility, but we want to provide a VM 
> with the latest updates each time you deploy a new VM. :-) I know that 
> cloud-init can do this on boot, but what if the network has no internet 
> connection?

I understand, my comment was more like for the topic "how others do it". ;)

Regards
René

Re: Template management

[Rene Moser]

Hi Swen

On 01/19/2017 10:04 AM, S. Brüseke - proIO GmbH wrote:

> I am really interested in other solutions and workflows, so please shoot. :-)

We decided to not doing or minimize (1-2 updates per year) templates
updates for "system updates" for two main reasons:

1. It is the user's responsibility to keep systems up to date anyway.
2. Using cfg management and/or cloud-init is more than easy to update
systems.

Regards
René

Re: Dedicated IP range for SSVM/CPVM

[Rene Moser]

https://issues.apache.org/jira/browse/CLOUDSTACK-9750

Re: Dedicated IP range for SSVM/CPVM

[Rene Moser]

Hi Will

On 01/17/2017 06:13 AM, Will Stevens wrote:
> Rene, this is probably not going to solve your problem, but I use this
> trick for other use cases.  You can setup more than one range.  ACS seems
> to always exhaust one range before moving on to the next range.  If it is a
> new install, then you can do a range with only 2 IPs in it and make it
> first.  Since the first two IPs which will be provisioned when ACS is setup
> is the SSVM and CPVM, they will automatically take the two IPs from that
> special range.
> 
> I am pretty sure I have tested this.  Later when other IPs have been used
> from the other range, if you destroy the SSVM or CPVM, they will come back
> up on one of the two IPs that they were on before because they will be free
> again and they will be used first again.  If your system is really active,
> then you will be in a race condition while the SSVM and CPVM get bounced to
> get the same IPs back.
> 
> Anyway, I figured I would mention it because it may be a workaround you can
> make use of.  I do this in dev/staging environments which need real public
> IPs, but I don't need the SSVM and CPVM to have real public IPs.  This lets
> me preserve two real public IPs by using private IPs for that first range
> for the SSVM and CPVM.

Thanks for the hint, ;).Bbut it is an existing production setup, so it
won't help in my case.

René

Re: Dedicated IP range for SSVM/CPVM

[Rene Moser]

Hi

On 01/17/2017 05:37 AM, Nitin Kumar Maharana wrote:
> Hi Rene,
> 
> The default pool, which means are you mentioning the public IP range?
> 
> If it is a public IP range, user VMs won’t be consuming any IP from there.
> Only system VMs(CPVM/SSVM/VR) will be consuming. VRs will be providing public 
> access to the user VMs.

I referred the public IP assignment for the isolated networks for static
NATs and port forwarding to the VMs L2.

This assignment is going to use the "default" system IP range pool if no
dedicated pool is assigned to the account/project.

And the SSVM/CPVM also get an IP from this pool.

Regards
René

Dedicated IP range for SSVM/CPVM

[Rene Moser]

Hi

We would like to make a change proposal for SSVM/CPVM.

Currently, the SSVM/CPVM get an IP from the "default" pool of
vlaniprange which is the from the account "system"


  "vlaniprange": [
{
  "account": "system",
  "domain": "ROOT",
  "endip": "10.101.0.250",
  "forvirtualnetwork": true,
  "gateway": "10.101.0.1",
  "netmask": "255.255.255.0",
  "startip": "10.101.0.11",
  ...

},


  "systemvm": [
{
  "activeviewersessions": 0,
  "gateway": "10.101.0.1",
  "hypervisor": "VMware",
  "id": "d9a8abe5-b1e0-47d6-8f39-01b48ff1e0fa",
  "name": "v-5877-VM",
  "privatenetmask": "255.255.255.0",
  "publicip": "10.101.0.113",
  "publicnetmask": "255.255.255.0",
  "state": "Running",
  ...
},


For security considerations we would like to define a dedicated IP range
for SSVM/CPVM, which, preferably, should not have any relation to the
default pool range.

The default pool range should be used for userVMs only. To indicate the
use I propolse 2 new flags, which only considered for "account=system"
and indicate if the range can be used for userVMs or/and systemVMs.

For backwards compatibility this would be the default

"foruservms": true,
"forsystemvms": true,


to have a separate range for UserVMs/SystemVMs, it would look like


  "vlaniprange": [
{
  "account": "system",
  "domain": "ROOT",
  "foruservms": true,
  "forsystemvms": false,
  "endip": "192.160.123.250",
  "forvirtualnetwork": true,
  "gateway": "192.160.123.1",
  "netmask": "255.255.255.0",
  "startip": "192.160.123.11",
  ...

},

  "vlaniprange": [
{
  "account": "system",
  "domain": "ROOT",
  "foruservms": false,
  "forsystemvms": true,
  "endip": "10.101.0.250",
  "forvirtualnetwork": true,
  "gateway": "10.101.0.1",
  "netmask": "255.255.255.0",
  "startip": "10.101.0.11",
  ...

},


Does anyone has see any conflicts with this proposal?

Regards
René

Ansible 2.2: CloudStack Modules News

[Rene Moser]

Hi List

As I know there are a few Ansible users here using the CloudStack
modules, let me give you an update:

New Modules in 2.2
- cs_router
- cs_snapshot_policy

In the upcoming 2.2.1, the modules also work with python3.


Roadmap for 2.3
===

New modules planned
---
- cs_host
- cs_vpc (done)
- cs_nic (done)
- cs_serviceoffer (currently WIP
https://github.com/ansible/ansible-modules-extras/pull/3396, testing and
feedback would be welcome!)
- and more

Diff Support:
-
In 2.3 if you set --diff you will get a line diff of the things changed
for many of the cloudstack modules. This will also work for --check mode.


VPC Support
---
I am about to extend VPC support in the modules and working on new
modules related to VPC.


Integration Testing
---
I am working on fully automated integration tests for ansbile cloudstack
modules PRs against a dockerized simulator.


ENV VAR Support
---
I already implemented a way to set ENV variables for domain, account,
project, zone and vpc in 2.3. It allows to DRY With help of ansible
block feature. See more info in the cloudstack guide docs
http://docs.ansible.com/ansible/guide_cloudstack.html#environment-variables


Support
---
A good tooling is essential for CloudStack. Ansible is one of the most
used cfg management tools around.

Thanks for all the support I received in 2016
https://renemoser.net/blog/2015/11/26/crowdfunding-ansible-cloudstack-modules/.

I still need your support in 2017 to continuing my work. I don't have a
commercial use of these modules and develop them in my free time (1 day
per week). If you use them and/or like my work, a small donation would
be much appreciated. Please contact me off list for details.

Thanks
René

Distinguish VMs not belong to VPC

[Rene Moser]

Hi

I need a way to only get the VMs not belong to a VPC.

While the listVirtualMachines takes the argument vpcid to filter VMs per
VPC to only get VMs of an particular VPC, there seems no easy way to
find out if a VM belongs to a VPC as listVirtualMachines does return VMs
from vpc and as well.

The only way I currently see to find out is to query the network of the
VM if it belongs to a vpc.

Did I miss anything?

René

P.S. I already made an improvement request (jira) for the API of
listVirtualMachines to return the vpcid if a VM belongs to a VPC.

Re: replicate templates Between regions

[Rene Moser]

Hi

AFAIK there is no build in way, however luckely there is ansible.

this is how the playbook looks like
https://gist.github.com/resmo/74612d4fff6faccea5197f41753b7dd0

create a cloudstack.ini with 2 sections (first region, second region) as
described here
http://docs.ansible.com/ansible/guide_cloudstack.html#credentials-file

Regards
René

On 10/04/2016 09:19 PM, Ghaith Bannoura wrote:
> Hello All,
> 
> Is there any automated way to replicate templates between regions ?
> 
> Best Regards
> 
> Ghaith Bannoura
>