Scoping service offerings to individual accounts
Hello, Something I’ve been thinking about for a while - how do you go about restricting the use of a service offering to an individual account? One option that seems the most obvious is creating a separate domain for an account, and scoping a service offering - or a set of them - to that domain. But I feel that can mean lots of individual domains in the long run. I was wondering how others are thinking about this scenario - or dealing with it without writing a ton of wrappers on top? Thanks! Best, Rudi.
Re: [DISCUSS] Moving to OpenVPN as the remote access VPN provider
Hey! I’m personally a strong proponent of Wireguard. A couple years back, implementing a S2S or remote-access VPN with WG was complicated and it still is - but there’s definitely more tooling available these days. There are clients for just about every major platform - desktop and mobile. In the long term though, I think a general-purpose VPN provider like the one you outlined is far better - and I’d definitely like to take a stab at it, although I’ll admit my Java skills are basically..zero. But even so - a framework that allows users to select what platform they want - Strongswan vs OpenVPN vs Wireguard - would be awesome. Best! Rudraksh Mukta Kulshreshtha Vice-President - DevOps & R&D IndiQus Technologies O +91 11 4055 1411 | M +91 99589 54879 indiqus.com This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is confidential and/or privileged. If you are not the intended recipient please delete the original message and any copy of it from your computer system. You are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited unless proper authorization has been obtained for such action. If you have received this communication in error, please notify the sender immediately. Although IndiQus attempts to sweep e-mail and attachments for viruses, it does not guarantee that both are virus-free and accepts no liability for any damage sustained as a result of viruses. On 10 Jun 2021, 1:55 PM +0530, Rohit Yadav , wrote: > All, > > We've historically supported openswan and nowadays strongswan as the VPN > provider in VR for both site-to-site and remote access modes. After > discussing the situation with a few users and colleagues I learnt that > OpenVPN is generally far easier to use, have clients for most OS and > platforms (desktop, laptop, tablet, phones...) and allows multiple clients in > the same public IP (for example, multiple people in the office sharing a > client-side public IP/nat while trying to connect to a VPC or an isolated > network) and for these reasons many users actually deploy pfSense or setup a > OpenVPN server in their isolated network or VPC and use that instead. > > Therefore for the point-to-point VPN use-case of remote access [1] does it > make sense to switch to OpenVPN? Or, are there users using > strongswan/ipsec/l2tpd for remote access VPN? > > A general-purpose VPN-framework/provider where an account or admin (via > offering) can specify which VPN provider they want in the network > (strongswan/ipsec, OpenVPN, Wireguard...). However, it may be more complex to > implement and maintain. Any other thoughts in general about VPN > implementation and support in CloudStack? Thanks. > > [1] > http://docs.cloudstack.apache.org/en/latest/adminguide/networking_and_traffic.html#remote-access-vpn > > > > Regards. > > >
Re: [DISCUSS] Rocky 8.4 and CloudStack
+1. We were planning to run a few experiments with Rocky on ACS 4.15 sometime this week, across VMware, Xen and KVM to make sure there are no kinks around RPM packages, cloud-init and so on. Will message on this thread if something does come up. Best! Rudraksh Mukta Kulshreshtha Vice-President - DevOps & R&D IndiQus Technologies O +91 11 4055 1411 | M +91 99589 54879 indiqus.com This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is confidential and/or privileged. If you are not the intended recipient please delete the original message and any copy of it from your computer system. You are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited unless proper authorization has been obtained for such action. If you have received this communication in error, please notify the sender immediately. Although IndiQus attempts to sweep e-mail and attachments for viruses, it does not guarantee that both are virus-free and accepts no liability for any damage sustained as a result of viruses. On 22 Jun 2021, 1:12 PM +0530, Rohit Yadav , wrote: > All, > > With GA release of Rocky Linux 8.4 > (https://docs.rockylinux.org/release_notes/8.4) does it make sense now to > completely drop support for CentOS8 in the next major release? I did a quick > test and it seems rpms built on centos8 container continue to work on Rocky > release. Thoughts? > > Regards, > Rohit Yadav > > >
Re: How to use ansible for cloudstack initialization
Hi Jerry! I’m not sure if this solution would work for you, but we find that it’s better to use Ansible for just setting up and deploying the management server and the compute nodes; when it comes to setting up zones, clusters, pods and so on, we typically use Python scripts and the cs library. It allows us to have more control over what’s being created, and it also allows us to have people specify what hosts/zones/clusters they want in a spreadsheet, with the scripts just reading those sheets and making the relevant API calls. Ansible felt slightly..clunky in this context. Best! Rudraksh Mukta Kulshreshtha Vice-President - DevOps & R&D IndiQus Technologies O +91 11 4055 1411 | M +91 99589 54879 indiqus.com This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is confidential and/or privileged. If you are not the intended recipient please delete the original message and any copy of it from your computer system. You are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited unless proper authorization has been obtained for such action. If you have received this communication in error, please notify the sender immediately. Although IndiQus attempts to sweep e-mail and attachments for viruses, it does not guarantee that both are virus-free and accepts no liability for any damage sustained as a result of viruses. On 26 Jun 2021, 2:11 PM +0530, li jerry , wrote: > Hello everyone > > Does anyone use ansible to add zone/pod/cluster/host/storage to cloudstack? > Currently I can only use ansible to complete the deployment of cloudstack, > nfs, mysql and other services. > I can't use ansible to complete operations such as adding zone/pod > > Can someone provide relevant documents or solutions? > > thank you very much! > > > > -Jerry >
Re: How to use ansible for cloudstack initialization
Hi Rene! My apologies, I ought to have been a little clearer. Your playbooks are just perfect, when it comes to configuring an ACS deployment with zones and clusters and pods and so on. In our use case though, what typically happens is that a service provider usually provides spreadsheets with details about the zones and all they want. While Ansible has the capability when it comes to reading CSVs, it felt more verbose to write playbooks to do that; scripting it in Python felt easier. Having said that, I think I’d like to take a shot at this again, and see if we can use spreadsheets containing config details with your collection. Oh and thank you for your work on this :) Best! Rudraksh Mukta Kulshreshtha Vice-President - DevOps & R&D IndiQus Technologies O +91 11 4055 1411 | M +91 99589 54879 indiqus.com This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is confidential and/or privileged. If you are not the intended recipient please delete the original message and any copy of it from your computer system. You are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited unless proper authorization has been obtained for such action. If you have received this communication in error, please notify the sender immediately. Although IndiQus attempts to sweep e-mail and attachments for viruses, it does not guarantee that both are virus-free and accepts no liability for any damage sustained as a result of viruses. On 27 Jun 2021, 7:17 PM +0530, Rene Moser , wrote: > Hi Jerry > > I am one of the authors of the cloudstack ansible integration, you can > find the docs about every ansible module here > https://docs.ansible.com/ansible/latest/collections/ngine_io/cloudstack/index.html > > We have intregration tests playbooks, which also creates zones, pods, > cluster, etc., which you can find here > https://github.com/ngine-io/ansible-collection-cloudstack/tree/master/tests/integration/targets > > further, Rafael (in cc) showed on the last cloudstack europe meetup how > they provisioned cloudstack using ansible. You may get in touch with. > > And I can not confirm that "Ansible felt slightly..clunky in this > context." We made it as easy and reliable as possible to use ansible > with cloudstack and continue to do so, if you feel, something is > missing, feel free to get in touch. > > On 26.06.21 10:34, li jerry wrote: > > Hello everyone > > > > Does anyone use ansible to add zone/pod/cluster/host/storage to cloudstack? > > > > Currently I can only use ansible to complete the deployment of cloudstack, > > nfs, mysql and other services. > > I can't use ansible to complete operations such as adding zone/pod > > > > Can someone provide relevant documents or solutions? > >
Re: How to use ansible for cloudstack initialization
Hi Rafael, Yes it could. Bit dependent on what the lookup/discovery platform is, and having some sort of structured schema to it, along with endpoints for querying that data. But yes, it could be done. Best! Rudraksh Mukta Kulshreshtha Vice-President - DevOps & R&D IndiQus Technologies O +91 11 4055 1411 | M +91 99589 54879 indiqus.com This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is confidential and/or privileged. If you are not the intended recipient please delete the original message and any copy of it from your computer system. You are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited unless proper authorization has been obtained for such action. If you have received this communication in error, please notify the sender immediately. Although IndiQus attempts to sweep e-mail and attachments for viruses, it does not guarantee that both are virus-free and accepts no liability for any damage sustained as a result of viruses. On 28 Jun 2021, 12:55 PM +0530, Rafael del Valle , wrote: > Hi Rudraksh, > Interesting. > > it may also be possible to turn your python scripting to read the files that > customers provide into an alternative lookup plugin if CSV doesn't fit well. > > Regards, > Rafael > > > On Mon, 2021-06-28 07:50 AM, Rudraksh MK wrote: > > Hi Rene! > > > > My apologies, I ought to have been a little clearer. Your playbooks are > > just perfect, when it comes to configuring an ACS deployment with zones and > > clusters and pods and so on. In our use case though, what typically happens > > is that a service provider usually provides spreadsheets with details about > > the zones and all they want. While Ansible has the capability when it comes > > to reading CSVs, it felt more verbose to write playbooks to do that; > > scripting it in Python felt easier. > > > > Having said that, I think I’d like to take a shot at this again, and see if > > we can use spreadsheets containing config details with your collection. > > > > Oh and thank you for your work on this :) > > > > > > Best! > > > > Rudraksh Mukta Kulshreshtha > > Vice-President - DevOps & R&D > > IndiQus Technologies > > O +91 11 4055 1411 | M +91 99589 54879 > > indiqus.com > > > > This message is intended only for the use of the individual or entity to > > which it is addressed and may contain information that is confidential > > and/or privileged. If you are not the intended recipient please delete the > > original message and any copy of it from your computer system. You are > > hereby notified that any dissemination, distribution or copying of this > > communication is strictly prohibited unless proper authorization has been > > obtained for such action. If you have received this communication in error, > > please notify the sender immediately. Although IndiQus attempts to sweep > > e-mail and attachments for viruses, it does not guarantee that both are > > virus-free and accepts no liability for any damage sustained as a result of > > viruses. > > On 27 Jun 2021, 7:17 PM +0530, Rene Moser " > > target="_blank">, wrote: > > > Hi Jerry > > > > > > I am one of the authors of the cloudstack ansible integration, you can > > > find the docs about every ansible module here > > > https://docs.ansible.com/ansible/latest/collections/ngine_io/cloudstack/index.html > > > > > > We have intregration tests playbooks, which also creates zones, pods, > > > cluster, etc., which you can find here > > > https://github.com/ngine-io/ansible-collection-cloudstack/tree/master/tests/integration/targets > > > > > > further, Rafael (in cc) showed on the last cloudstack europe meetup how > > > they provisioned cloudstack using ansible. You may get in touch with. > > > > > > And I can not confirm that "Ansible felt slightly..clunky in this > > > context." We made it as easy and reliable as possible to use ansible > > > with cloudstack and continue to do so, if you feel, something is > > > missing, feel free to get in touch. > > > > > > On 26.06.21 10:34, li jerry wrote: > > > > Hello everyone > > > > > > > > Does anyone use ansible to add zone/pod/cluster/host/storage to > > > > cloudstack? > > > > > > > > > > Currently I can only use ansible to complete the deployment of > > > > cloudstack, nfs, mysql and other services. > > > > I can't use ansible to complete operations such as adding zone/pod > > > > > > > > Can someone provide relevant documents or solutions? > > > > > >
Re: Error while starting CloudStack 4.15
Just curious. When you installed MySQL, did you switch the default auth method from auth_socket to mysql_native_auth in MySQL? That can be a problem sometimes. Best! Rudraksh Mukta Kulshreshtha Vice-President - DevOps & R&D IndiQus Technologies O +91 11 4055 1411 | M +91 99589 54879 indiqus.com This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is confidential and/or privileged. If you are not the intended recipient please delete the original message and any copy of it from your computer system. You are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited unless proper authorization has been obtained for such action. If you have received this communication in error, please notify the sender immediately. Although IndiQus attempts to sweep e-mail and attachments for viruses, it does not guarantee that both are virus-free and accepts no liability for any damage sustained as a result of viruses. On 2 Jul 2021, 15:37 +0530, pradeep pal , wrote: > Hi, > > I have installed new CloudStack 4.15, when i start cloudstack service, > getting below error. > > OS: CentOS 7 64bit > CloudSatck: 4.15 > Mysql DB: mysql-community-server-5.7.34 > > > 2021-07-02 14:57:59,600 ERROR [c.c.u.d.Merovingian2] (main:null) (logid:) > Unable to get a new db connection > java.sql.SQLNonTransientConnectionException: Could not create connection to > database server. Attempted reconnect 3 times. Giving up. > at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:110) > at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:97) > at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:89) > at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:63) > at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:73) > at > com.mysql.cj.jdbc.ConnectionImpl.connectWithRetries(ConnectionImpl.java:906) > at com.mysql.cj.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:831) > at com.mysql.cj.jdbc.ConnectionImpl.(ConnectionImpl.java:456) > at com.mysql.cj.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:246) > at > com.mysql.cj.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:197) > at java.sql/java.sql.DriverManager.getConnection(DriverManager.java:677) > at java.sql/java.sql.DriverManager.getConnection(DriverManager.java:228) > at > org.apache.commons.dbcp2.DriverManagerConnectionFactory.createConnection(DriverManagerConnectionFactory.java:121) > at > org.apache.commons.dbcp2.PoolableConnectionFactory.makeObject(PoolableConnectionFactory.java:355) > at > org.apache.commons.pool2.impl.GenericObjectPool.create(GenericObjectPool.java:889) > at > org.apache.commons.pool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:424) > at > org.apache.commons.pool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:349) > at > org.apache.commons.dbcp2.PoolingDataSource.getConnection(PoolingDataSource.java:134) > at > com.cloud.utils.db.TransactionLegacy.getStandaloneConnectionWithException(TransactionLegacy.java:211) > at com.cloud.utils.db.Merovingian2.(Merovingian2.java:68) > at com.cloud.utils.db.Merovingian2.createLockMaster(Merovingian2.java:88) > at com.cloud.server.LockMasterListener.(LockMasterListener.java:33) > at > java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native > Method) > at > java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) > at > java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) > at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490) > at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:203) > at > org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:117) > at > org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:310) > at > org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:295) > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1358) > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1204) > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:557) > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:517) > at > org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:323) > at > org.springframewor
Re: KVM + iSCSI or FC shared storage
Hi Yevgeni, From a purely architectural perspective, here are a few points: 1. A lot will depend on what hypervisors you’re planning to run. Hyper-V won’t work with either. 2. A lot also depends on the existing network setup, and how far you’re willing to go to tweak it. If you look at pure physics, FCs are definitely faster - but the network setup is far more complex, and you need more specialised equipments - switches, adapters, and so on. I’ll go out on a limb and say that although theoretically FCs give you better performance, iSCSI isn’t too bad either when you’ve got separate high-speed switches for your storage layer. 3. Well it also depends on what your scaling plans are. If you’re looking at adding more compute and storage cap to your setup frequently, FCs are definitely not the best way to go. They’re not great when it comes to scaling. 4. Your biggest tradeoff is between reliability and scalability. FCs are theoretically more reliable - but not easy to scale. iSCSI may not have the same level of reliability, but it’s decent enough - and easier to scale. As a starting point, perhaps looking at Ceph or Storpool with iSCSI gateways might be a good idea, I personally feel. Best! Rudraksh Mukta Kulshreshtha Vice-President - DevOps & R&D IndiQus Technologies O +91 11 4055 1411 | M +91 99589 54879 indiqus.com This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is confidential and/or privileged. If you are not the intended recipient please delete the original message and any copy of it from your computer system. You are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited unless proper authorization has been obtained for such action. If you have received this communication in error, please notify the sender immediately. Although IndiQus attempts to sweep e-mail and attachments for viruses, it does not guarantee that both are virus-free and accepts no liability for any damage sustained as a result of viruses. On 1 Sep 2021, 1:49 PM +0530, Дикевич Евгений Александрович , wrote: > Hi all! > Which is better solution to use KVM with iSCSI or FC shared storage in 2021:) > ? > Now we have many vendor's supported storages which we can't swap. Some of > them we can reconfigure to use NFS but another- not:( > How we can use that storages with KVM? Maybe someone have success stories > with similar configurations? > > Please give me any ideas or advices or success stories:) > Thx a lot > > > > Внимание! > Это электронное письмо и все прикрепленные к нему файлы являются > конфиденциальными и предназначены исключительно для использования лицом > (лицами), которому (которым) оно предназначено. Если Вы не являетесь лицом > (лицами), которому (которым) предназначено это письмо, не копируйте и не > разглашайте его содержимое и удалите это сообщение и все вложения из Вашей > почтовой системы. Любое несанкционированное использование, распространение, > раскрытие, печать или копирование этого электронного письма и прикрепленных к > нему файлов, кроме как лицом (лицами) которому (которым) они предназначены, > является незаконным и запрещено. Принимая во внимание, что передача данных > посредством Интернет не является безопасной, мы не несем никакой > ответственности за любой потенциальный ущерб, причиненный в результате ошибок > при передаче данных или этим сообщением и прикрепленными к нему файлами. > > Attention! > This email and all attachments to it are confidential and are intended solely > for use by the person (or persons) referred to (mentioned) as the intended > recipient (recipients). If you are not the intended recipient of this email, > do not copy or disclose its contents and delete the message and any > attachments to it from your e-mail system. Any unauthorized use, > dissemination, disclosure, printing or copying of this e-mail and files > attached to it, except by the intended recipient, is illegal and is > prohibited. Taking into account that data transmission via Internet is not > secure, we assume no responsibility for any potential damage caused by data > transmission errors or this message and the files attached to it.
Re: Some help for the CloudStack Collaboration Conference
Hi Ivet, I’d love to pitch in. Best! Rudraksh Mukta Kulshreshtha Vice-President - DevOps & R&D IndiQus Technologies O +91 11 4055 1411 | M +91 99589 54879 indiqus.com This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is confidential and/or privileged. If you are not the intended recipient please delete the original message and any copy of it from your computer system. You are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited unless proper authorization has been obtained for such action. If you have received this communication in error, please notify the sender immediately. Although IndiQus attempts to sweep e-mail and attachments for viruses, it does not guarantee that both are virus-free and accepts no liability for any damage sustained as a result of viruses. On 24 Sep 2021, 17:30 +0530, Ivet Petrova , wrote: > Hi All, > > I am writing as I will need some volunteers to help for the CloudStack > Collaboration Conference. > At the day of the conference we will need a few people to help for moderation > of the event - mainly ask questions after each talk and encourage the > listeners to join live the event and engage with speakers. > Help will be needed also in the lounge area to break initially the ice > between people and open conversations. > > Are there some community members, who would be willing to volunteer as event > moderators? > > Kind regards, > > > >
