Re: Event Notification

2014-03-27 Thread Murali Reddy 

Please try the adding the spring config file as suggested in the thread
https://www.mail-archive.com/dev@cloudstack.apache.org/msg18883.html

On 27/03/14 12:32 PM, "Gopala Krishnan"  wrote:

>Hi Sandeep,
>
>I have already used this command and locate that files
>componentContext.xml
>or applicationContext.xml but its not available in this latest version.
>
>File is available on
>/usr/share/cloudstack-management/webapps/client/WEB-INF/classes
>folder in cloudstack-4.2 version only.
>
>
>
>On Thu, Mar 27, 2014 at 12:16 PM, sandeep khandekar <
>cloudstack.sand...@gmail.com> wrote:
>
>> Hope these helps
>>
>> use the following command to find
>>
>> root@managementserver:/etc/modprobe.d# find / -name componentContext.xml
>>
>> 
>>/home/cloudstack/apache-cloudstack-4.2.0-src/debian/cloudstack-management
>>/etc/cloudstack/management/componentContext.xml
>>
>> 
>>/home/cloudstack/apache-cloudstack-4.2.0-src/debian/tmp/etc/cloudstack/ma
>>nagement/componentContext.xml
>> /etc/cloudstack/management/componentContext.xml
>> root@managementserver:/etc/modprobe.d#
>>
>> in cs4.2
>>
>>
>> On Thu, Mar 27, 2014 at 11:46 AM, Gopala Krishnan > >wrote:
>>
>> > Hi,
>> >
>> > I have upgraded new cloudstack 4.3 version and try to configured Event
>> > Notification componentContext.xml Rabbit MQ settings but could not
>>find
>> any
>> > file componentContext.xml in cloudstack management files path.
>> > How can we enable this event notification configuration?
>> >
>> > --
>> > Gopala Krishnan.S
>> > Mobile : +91 9865709094 / +91 9994874447
>> > *cPanel KnowledgeBase *
>> > *Linux Server Admin Tools* 
>> >
>>
>>
>>
>> --
>> SANDEEP KHANDEKAR
>> Assistant Professor
>> Department of Computer science and engineering
>> Sreenidhi Institute of science and Technology
>> Hyderabad
>>
>
>
>
>-- 
>Gopala Krishnan.S
>*cPanel KnowledgeBase *
>*Linux Server Admin Tools* 
>

Re: Portable IPs question

2013-12-09 Thread Murali Reddy 

You would need an additional IP range.

On 06/12/13 3:33 PM, "Andrija Panic"  wrote:

>Hi,
>
>just to ask if Portable IP range (that an admin defines) can overlap with
>Guest IP range (public IP addresses). Or do I need additional IP range
>outside that  ?
>
>Thanks,
>
>-- 
>
>Andrija Panić
>

Re: Isolated Network with no Services

2013-12-09 Thread Murali Reddy 

>From the UI yes, you can try with API directly.

On 09/12/13 12:19 PM, "Simon Murphy"  wrote:

>I can successfully create the network offering with no services, however
>when I go to deploy it is not listed under the available network
>offerings.Seems like only Isolated Networks with SourceNAT enabled are
>displayedŠis this correct?
>
>
>Simon Murphy
>Solutions Architect
>  
>ViFX | Cloud Infrastructure
>Level 7, 57 Fort Street, Auckland, New Zealand 1010
>PO Box 106700, Auckland, New Zealand 1143
>M +64 21 285 4519 | S simon_a_murphy
>www.vifx.co.nz <http://www.vifx.co.nz/> follow us on twitter
><https://twitter.com/ViFX>
>Auckland | Wellington | Christchurch
>   
>
> 
>experience. expertise. execution.
> 
>This email and any files transmitted with it are confidential, without
>prejudice and may contain information that is subject to legal privilege.
>It is intended solely for the use of the individual/s to whom it is
>addressed in accordance with the provisions of the Privacy Act (1993). The
>content contained in this email does not, necessarily, reflect the
>official policy position of ViFX nor does ViFX have any responsibility for
>any alterations to the contents of this email that may occur following
>transmission. If you are not the addressee it may be unlawful for you to
>read, copy, distribute, disclose or otherwise use the information
>contained within this email. If you are not the intended recipient, please
>notify the sender prior to deleting this email message from your system.
>Please note ViFX reserves the right to monitor, from time to time, the
>communications sent to and from its email network.
>
>
>
>
>
>
>On 3/12/13 6:29 PM, "Murali Reddy"  wrote:
>
>>HTH
>>
>>http://blog.remibergsma.com/2012/03/10/howto-create-a-network-in-cloudsta
>>c
>>k-without-a-virtual-router/
>>
>>From: Simon Murphy
>>mailto:simon.mur...@vifx.co.nz>>
>>Reply-To: "d...@cloudstack.apache.org<mailto:d...@cloudstack.apache.org>"
>>mailto:d...@cloudstack.apache.org>>
>>Date: Tuesday, 3 December 2013 8:15 AM
>>To: "users@cloudstack.apache.org<mailto:users@cloudstack.apache.org>"
>>mailto:users@cloudstack.apache.org>>,
>>"d...@cloudstack.apache.org<mailto:d...@cloudstack.apache.org>"
>>mailto:d...@cloudstack.apache.org>>
>>Subject: Isolated Network with no Services
>>
>>Is it possible to configure a network offering for an isolated network
>>that has no services? I would like to give the customer the option to
>>create a network that is totally isolated (no L3 connectivity) so that
>>they can bring their own software router/firewall. The isolated network
>>would be connected to other networks via the customers virtual router.
>>
>>I can create the network offering however it is not listed as an
>>available service when I try to create the network.
>>
>>Cheers,
>>Simon
>>
>>
>>
>>
>>
>>Simon Murphy
>>Solutions Architect
>>
>>ViFX | Cloud Infrastructure
>>Level 7, 57 Fort Street, Auckland, New Zealand 1010
>>PO Box 106700, Auckland, New Zealand 1143
>>M +64 21 285 4519 | S simon_a_murphy
>>www.vifx.co.nz<http://www.vifx.co.nz/> follow us on
>>twitter<https://twitter.com/ViFX>
>>Auckland | Wellington | Christchurch
>>
>>[cid:image003.jpg@01CDDF95.815BF160]
>>
>>experience. expertise. execution.
>>
>>This email and any files transmitted with it are confidential, without
>>prejudice and may contain information that is subject to legal privilege.
>>It is intended solely for the use of the individual/s to whom it is
>>addressed in accordance with the provisions of the Privacy Act (1993).
>>The content contained in this email does not, necessarily, reflect the
>>official policy position of ViFX nor does ViFX have any responsibility
>>for any alterations to the contents of this email that may occur
>>following transmission. If you are not the addressee it may be unlawful
>>for you to read, copy, distribute, disclose or otherwise use the
>>information contained within this email. If you are not the intended
>>recipient, please notify the sender prior to deleting this email message
>>from your system. Please note ViFX reserves the right to monitor, from
>>time to time, the communications sent to and from its email network.
>
>

Re: Isolated Network with no Services

2013-12-02 Thread Murali Reddy 
HTH

http://blog.remibergsma.com/2012/03/10/howto-create-a-network-in-cloudstack-without-a-virtual-router/

From: Simon Murphy mailto:simon.mur...@vifx.co.nz>>
Reply-To: "d...@cloudstack.apache.org" 
mailto:d...@cloudstack.apache.org>>
Date: Tuesday, 3 December 2013 8:15 AM
To: "users@cloudstack.apache.org" 
mailto:users@cloudstack.apache.org>>, 
"d...@cloudstack.apache.org" 
mailto:d...@cloudstack.apache.org>>
Subject: Isolated Network with no Services

Is it possible to configure a network offering for an isolated network that has 
no services? I would like to give the customer the option to create a network 
that is totally isolated (no L3 connectivity) so that they can bring their own 
software router/firewall. The isolated network would be connected to other 
networks via the customers virtual router.

I can create the network offering however it is not listed as an available 
service when I try to create the network.

Cheers,
Simon





Simon Murphy
Solutions Architect

ViFX | Cloud Infrastructure
Level 7, 57 Fort Street, Auckland, New Zealand 1010
PO Box 106700, Auckland, New Zealand 1143
M +64 21 285 4519 | S simon_a_murphy
www.vifx.co.nz follow us on 
twitter
Auckland | Wellington | Christchurch

[cid:image003.jpg@01CDDF95.815BF160]

experience. expertise. execution.

This email and any files transmitted with it are confidential, without 
prejudice and may contain information that is subject to legal privilege. It is 
intended solely for the use of the individual/s to whom it is addressed in 
accordance with the provisions of the Privacy Act (1993). The content contained 
in this email does not, necessarily, reflect the official policy position of 
ViFX nor does ViFX have any responsibility for any alterations to the contents 
of this email that may occur following transmission. If you are not the 
addressee it may be unlawful for you to read, copy, distribute, disclose or 
otherwise use the information contained within this email. If you are not the 
intended recipient, please notify the sender prior to deleting this email 
message from your system. Please note ViFX reserves the right to monitor, from 
time to time, the communications sent to and from its email network.

Re: Creating advanced network

2013-10-18 Thread Murali Reddy 
Bjoern,

Sorry that commit, only fixes part of the problem. Still there are two more 
issues (source NAT and SG + source NAT combination is not permitted and public 
traffic type is not allowed in security group based shared network). I opened a 
feature enhancement CLOUDSTACK-4891 bug for this issue.

You may want to try basic zone model of CloudStack which provides security 
group based L3 isolation with EIP(1:1 NAT) & ELB services with NetScaler.

Thanks,
Murali

From: Bjoern Teipel 
mailto:bjoern.tei...@internetbrands.com>>
Reply-To: "users@cloudstack.apache.org<mailto:users@cloudstack.apache.org>" 
mailto:users@cloudstack.apache.org>>
Date: Thursday, 17 October 2013 10:29 AM
To: "users@cloudstack.apache.org<mailto:users@cloudstack.apache.org>" 
mailto:users@cloudstack.apache.org>>
Subject: Re: Creating advanced network

Hi Murali,

I saw your git commits. I want to compile now your changes into our  source 
code. Do i need just the one for 4.2 or also the master commits:


Commit 4d07493a5e6e13462b80ba09c3535fa4af0ebdc7 in branch refs/heads/4.2 from 
Murali 
Reddy<https://issues.apache.org/jira/secure/ViewProfile.jspa?name=murali.reddy>

<https://issues.apache.org/jira/browse/CLOUDSTACK-4717#>
[cid:part3.09050002.00050203@internetbrands.com]ASF subversion and git 
services<https://issues.apache.org/jira/secure/ViewProfile.jspa?name=jira-bot> 
added a comment - Today 06:18

Commit df3b09944968718111d9b6b29d4c7f5a5cfaf630 in branch refs/heads/master 
from Murali 
Reddy<https://issues.apache.org/jira/secure/ViewProfile.jspa?name=murali.reddy>

<https://issues.apache.org/jira/browse/CLOUDSTACK-4717#>
[cid:part3.09050002.00050203@internetbrands.com]ASF subversion and git 
services<https://issues.apache.org/jira/secure/ViewProfile.jspa?name=jira-bot> 
added a comment - Today 14:45

Commit df3b09944968718111d9b6b29d4c7f5a5cfaf630 in branch refs/heads/ui-restyle 
from Murali 
Reddy<https://issues.apache.org/jira/secure/ViewProfile.jspa?name=murali.reddy>


Thanks,
Bjoern

On 10/16/2013 2:35 AM, Murali Reddy wrote:

On 16/10/13 12:23 PM, "Bjoern Teipel" 
<mailto:bjoern.tei...@internetbrands.com>
wrote:



Murali,

That would be great if you're right. But I'm now in a dead lock:

Adding new network offering including LB:

2013-10-15 23:34:50,920 WARN [network.element.VirtualRouterElement]
(catalina-exec-19:null) Virtual router can't enable services [Dns Dhcp
UserData Lb ] without source NAT service
2013-10-15 23:34:50,924 ERROR [cloud.api.ApiServer]
(catalina-exec-19:null) unhandled exception executing api command:
createNetworkOffering
com.cloud.exception.UnsupportedServiceException: Provider VirtualRouter
doesn't support services combination: [Dns, Dhcp, UserData, Lb]

That forces me to add source nat, but once I want add a guest network in
the zone I get the opposite error. I can't mix SG + sourceNat

013-10-15 23:46:30,896 INFO  [cloud.api.ApiServer]
(catalina-exec-22:null) Service SourceNat is not allowed in security
group enabled zone


First issue is know issue (CLOUDSTACK-4717) is getting addressed in 4.2.1.
Not sure why source NAT should not be allowed in SG network. Sorry, this
is indeed a dead lock situation. It does not look like you can use LB with
in shared network with SG in advanced zone.



So no internal lb ?

Thanks,
Bjoern

On 10/15/2013 11:28 PM, Murali Reddy wrote:


On 16/10/13 7:17 AM, "Bjoern Teipel" 
<mailto:bjoern.tei...@internetbrands.com>
wrote:



Wow, all user@cloudstack mails got catched in my spam filter, so sorry
for the late response.

After tinkering the whole day I gave up using a tagged VLAN for the
storage traffic, seems not to work. It ignores the VID and doesn't
create the VLAN on the hypervisor.
I added the vlan to the hypervisor now and bound cloudbr1 to it and
using it untagged in cloudstack.
Finally all is up. :-)

Now I was looking how to use a load balancer like the internal
cloudstack one or even the F5 and it seems it's not supported.
No cloudstack support for internal LB (the VR one) or F5 ? Really !!!
According to the advanced network and security groups specification (

https://cwiki.apache.org/confluence/display/CLOUDSTACK/Isolation+based+o
n+
Security+Groups+in+Advance+zone)
AddF5LoadBalancerCmd api commands will just fail in SG enabled zone.
That's just a joke.


4.1 did not support PF/NAT/LB services in shared network. From 4.2, all
network services are supported in shared network with or without SG so
you
should be able to use F5/VR/Netscaler for LB.



I'm really close to end the cloudstack adventure and move on with open
stack.
Having a shared network with SG and loadbalancer is not really a
uncommon solution

Re: Creating advanced network

2013-10-16 Thread Murali Reddy 
On 16/10/13 12:23 PM, "Bjoern Teipel" 
wrote:

>Murali,
>
>That would be great if you're right. But I'm now in a dead lock:
>
>Adding new network offering including LB:
>
>2013-10-15 23:34:50,920 WARN [network.element.VirtualRouterElement]
>(catalina-exec-19:null) Virtual router can't enable services [Dns Dhcp
>UserData Lb ] without source NAT service
>2013-10-15 23:34:50,924 ERROR [cloud.api.ApiServer]
>(catalina-exec-19:null) unhandled exception executing api command:
>createNetworkOffering
>com.cloud.exception.UnsupportedServiceException: Provider VirtualRouter
>doesn't support services combination: [Dns, Dhcp, UserData, Lb]
>
>That forces me to add source nat, but once I want add a guest network in
>the zone I get the opposite error. I can't mix SG + sourceNat
>
>013-10-15 23:46:30,896 INFO  [cloud.api.ApiServer]
>(catalina-exec-22:null) Service SourceNat is not allowed in security
>group enabled zone

First issue is know issue (CLOUDSTACK-4717) is getting addressed in 4.2.1.
Not sure why source NAT should not be allowed in SG network. Sorry, this
is indeed a dead lock situation. It does not look like you can use LB with
in shared network with SG in advanced zone.

>
>So no internal lb ?
>
>Thanks,
>Bjoern
>
>On 10/15/2013 11:28 PM, Murali Reddy wrote:
>> On 16/10/13 7:17 AM, "Bjoern Teipel" 
>> wrote:
>>
>>> Wow, all user@cloudstack mails got catched in my spam filter, so sorry
>>> for the late response.
>>>
>>> After tinkering the whole day I gave up using a tagged VLAN for the
>>> storage traffic, seems not to work. It ignores the VID and doesn't
>>> create the VLAN on the hypervisor.
>>> I added the vlan to the hypervisor now and bound cloudbr1 to it and
>>> using it untagged in cloudstack.
>>> Finally all is up. :-)
>>>
>>> Now I was looking how to use a load balancer like the internal
>>> cloudstack one or even the F5 and it seems it's not supported.
>>> No cloudstack support for internal LB (the VR one) or F5 ? Really !!!
>>> According to the advanced network and security groups specification (
>>> 
>>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Isolation+based+o
>>>n+
>>> Security+Groups+in+Advance+zone)
>>> AddF5LoadBalancerCmd api commands will just fail in SG enabled zone.
>>> That's just a joke.
>> 4.1 did not support PF/NAT/LB services in shared network. From 4.2, all
>> network services are supported in shared network with or without SG so
>>you
>> should be able to use F5/VR/Netscaler for LB.
>>
>>> I'm really close to end the cloudstack adventure and move on with open
>>> stack.
>>> Having a shared network with SG and loadbalancer is not really a
>>> uncommon solution
>>
>
>

Re: Creating advanced network

2013-10-15 Thread Murali Reddy 
On 16/10/13 7:17 AM, "Bjoern Teipel" 
wrote:

>Wow, all user@cloudstack mails got catched in my spam filter, so sorry
>for the late response.
>
>After tinkering the whole day I gave up using a tagged VLAN for the
>storage traffic, seems not to work. It ignores the VID and doesn't
>create the VLAN on the hypervisor.
>I added the vlan to the hypervisor now and bound cloudbr1 to it and
>using it untagged in cloudstack.
>Finally all is up. :-)
>
>Now I was looking how to use a load balancer like the internal
>cloudstack one or even the F5 and it seems it's not supported.
>No cloudstack support for internal LB (the VR one) or F5 ? Really !!!
>According to the advanced network and security groups specification (
>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Isolation+based+on+
>Security+Groups+in+Advance+zone)
>AddF5LoadBalancerCmd api commands will just fail in SG enabled zone.
>That's just a joke.

4.1 did not support PF/NAT/LB services in shared network. From 4.2, all
network services are supported in shared network with or without SG so you
should be able to use F5/VR/Netscaler for LB.

>
>I'm really close to end the cloudstack adventure and move on with open
>stack.
>Having a shared network with SG and loadbalancer is not really a
>uncommon solution

Re: Assign instance to another account

2013-10-03 Thread murali reddy 
http://cloudstack.apache.org/docs/api/apidocs-4.0.0/root_admin/assignVirtualMachine.html


On Thu, Oct 3, 2013 at 6:06 PM, Chris Sciarrino
wrote:

> Hi,
>
> Is it possible to assign a VM to another user through the cloudstack web
> interface?
>
> For example if I had a request from a user to have an instance deployed for
> them, I would be able to deploy it as the admin and then assign it to their
> account so that they would still be able to control the VM (power on/off,
> snapshots etc).
>
> I have seen references that it is possible to do this but can't seem to
> find the option.
>

Re: cloudstack 4.1 GRE/SDN

2013-10-02 Thread murali reddy 
Have you tried to create a new isolated network for the VM after setting
'sdn.ovs.controller' to  true? Please see
https://issues.apache.org/jira/browse/CLOUDSTACK-2878


On Thu, Oct 3, 2013 at 9:11 AM, Luca Salvatore  wrote:

> i'm trying to do some testing with cloudstack 4.1, specifically around the
> GRE and SDN features.
> I have configured the management server and I have two zones.  Everything
> is working well, I can deploy VMs in each zone and everything there is
> good. Each zone is configured with GRE isolation.
> When I changed the sdn.ovs.controller to true and tried to deploy VMs they
> all failed, weird thing is that they don't even appear in the management
> console in a error state, just nothing happens.  The logs do show an
> exception:
>
>
> 2013-10-03 11:48:47,171 DEBUG [cloud.vm.VirtualMachineManagerImpl]
> (catalina-exec-20:null) Allocating entries for VM: VM[User|test1]
> 2013-10-03 11:48:47,172 DEBUG [cloud.vm.VirtualMachineManagerImpl]
> (catalina-exec-20:null) Allocating nics for VM[User|test1]
> 2013-10-03 11:48:47,173 DEBUG [cloud.network.NetworkManagerImpl]
> (catalina-exec-20:null) Allocating nic for vm VM[User|test1] in network
> Ntwk[208|Guest|8] with requested profile NicProfile[0-0-null-null-null
> 2013-10-03 11:48:47,179 DEBUG [db.Transaction.Transaction]
> (catalina-exec-20:null) Rolling back the transaction: Time = 22 Name =
>  createVirtualMachine; called by
> -Transaction.rollback:890-Transaction.removeUpTo:833-Transaction.close:657-TransactionContextBuilder.interceptException:63-ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept:133-VirtualMachineManagerImpl.allocate:304-ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept:125-CloudOrchestrator.createVirtualMachine:211-UserVmManagerImpl.createVirtualMachine:3384-ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept:125-UserVmManagerImpl.createAdvancedVirtualMachine:3101-DeployVMCmd.create:460
> 2013-10-03 11:48:47,189 ERROR [cloud.api.ApiServer]
> (catalina-exec-20:null) unhandled exception executing api command:
> deployVirtualMachine
> java.lang.NullPointerException
> at
> com.cloud.network.NetworkManagerImpl.allocateNic(NetworkManagerImpl.java:1267)
> at
> com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:125)
> at
> com.cloud.network.NetworkManagerImpl.allocate(NetworkManagerImpl.java:1206)
> at
> com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:125)
> at
> com.cloud.vm.VirtualMachineManagerImpl.allocate(VirtualMachineManagerImpl.java:304)
> at
> com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:125)
>
>
> Not sure what is going on here.  Any thoughts?
> I'm using XenSever 6.1 with a single bond (2 NICs) for all networks, also
> using local storage for all VMs.
> Can't seem to find much doco on how to configure zones for SDN… Any help
> would be great
>
> Thanks
> Luca.
>
>
>
>
>
>
>
>

Re: Create shared network in Avdanced Zone setup

2013-09-13 Thread murali reddy 
On Fri, Sep 13, 2013 at 1:52 AM, alex wrote:

> Hi,
>
> I would like to setup a machine which can reach all tenant VMs in my
> advanced zone. The use case is a centralized monitoring service of tenant
> VMs.
>
> So I was thinking to create a VM on a shared network under ROOT and add new
> NICs on the same network to the machines of the 3 tenants in order to
> monitor them. It doesn't work.
>

Can you please elaborate what does not work? Is monitoring service VM on
shared network is able to reach out to the tenant VM's in isolated network?
If there are more than one tenant networks, then does CIDR's of the tenants
network overlap?


>
> Doubt :
> - are my thoughts correct?
>

Yes. Its a valid use-case for shared networks to be used for a monitoring.


> - this network needs a router?
> - if so, which are the router services I need?
>

Router will be created any way for DHCP and DNS service. That should be
sufficient at the minimum unless you want to make monitoring service make
it available out side the shared network.

>
> thanks a lot,
> Alex
>
>
>

Re: V4.1 Advanced Network, VR reboot, NAT rules gone

2013-09-13 Thread Murali Reddy 

How are you rebooting the VR? Through CloudStack or outside?

On 13/09/13 5:10 AM, "Noel Kendall"  wrote:

>FW rules are not persistent in VR? I am trying to figure out why a V4.1
>VR does not properly NAT, and of course,reboot several times to reset
>state. I see that after each reboot, the NAT rules are gone. If I go to
>the mgr, and touchthe rules for the network in some way, the rules are
>re-instated.
>Makes me think that the mgr is not aware of the VR change of state on
>reboot, and is failing to command it with properset of rules.
>Rather discouraging. I had a working environment in 4.0.1, now, toast.
>Thoughts??
>N

Re: Architecture Question

2013-08-06 Thread Murali Reddy 

Can 'hosting zones' represented in diagram can be contained into a
CloudStack zone? If so you can dedicated set of hosts to be in the DMZ.
Then you can leverage 'host tags' [1] functionality to place VM's
providing edge services (CloudStack system VM's or user VM's) on the hosts
dedicated in DMZ.

[1] https://cwiki.apache.org/CLOUDSTACK/host-tags-and-storage-tags.html

On 05/08/13 11:28 PM, "Bradley Hieber"  wrote:

>The goal is to have a virtualized dmz area where we can place public
>facing
>webservers, and other software based firewalls to protect the different
>virtualization areas. Each of the virtualization areas will host different
>environments for clients to utilize.
>
>
>On Mon, Aug 5, 2013 at 1:55 PM, Chip Childers
>wrote:
>
>> Can you explain a bit more about what your diagram implies?  That might
>> help us help you.
>>
>>
>> On Mon, Aug 5, 2013 at 10:24 AM, Bradley Hieber > >wrote:
>>
>> > Is it possible to create this type of architecture with cloudstack?
>>Any
>> > design ideas you can provide?
>> >
>> > http://img850.imageshack.us/img850/7940/lnzp.jpg
>> >
>> > --
>> > Brad
>> >
>>
>
>
>
>-- 
>Brad
>

Re: CS4.1 with netscaler

2013-07-25 Thread Murali Reddy 
On 26/07/13 5:51 AM, "Brian Galura"  wrote:

>I figured out this broke because the user's password changed who added
>the netscaler to cloudstack. Can we update the password in the DB without
>deleting and re-adding the device?

Delete and re-add is the easy approach. Bit you change the password in the
host_details table for the host id that corresponds to NetScaler and
restart the management server.

>
>-Original Message-
>From: Brian Galura [mailto:brian.gal...@citrix.com]
>Sent: Thursday, July 25, 2013 4:36 PM
>To: users@cloudstack.apache.org
>Subject: CS4.1 with netscaler
>
>Im trying to get the netscaler to work with an isolated network on an
>advanced zone. When I try to make a VM on this network I get an error
>message "Resource [Network:209] is unreachable: External load balancer
>was unable to implement the guest network on the external load balancer
>in zone us-test1-zone1"
>
>I have added the netscaler with appropriate credentials and interfaces.
>Is there any where I can find a more detailed log of what isn't working?
>
>Very long log file:
>http://pastie.org/8175945
>

Re: Shared network to muliple domains

2013-07-25 Thread Murali Reddy 
On 25/07/13 7:21 PM, "David Comerford"  wrote:

>Hi list,
>
>Is it possible to create a shared network and have it accessible to a list
>of domains, without using the "subdomain access" checkbox in the Add Guest
>Network wizard?
>Thanks

No, list works only for sub-domains.

>
>Best regards,
>David Comerford
>
>Tel: +353 87 1238295
>Email: davest...@gmail.com
>Website: http://dave.ie
>GPG key: http://gpg.dave.ie
>

Re: Global Guest Networks

2013-07-25 Thread Murali Reddy 
On 25/07/13 6:57 PM, "Christopher M. Ryan"  wrote:

>Hi all,
>
>
>
>Is there a way to force all users to only have the option to pick from a
>list of predefined guest networks instead of creating their own? These
>networks can be shared. We are trying to have 2 networks that a user can
>create a VM on and are finding it difficult to lock them into predefined
>networks.
>

You could disable all network offerings with 'isolated' guest traffic
type, and create shared networks and make them available to all users.

>
>
>Thank!
>
>
>
>

Re: multiple ip addresses in zone

2013-07-24 Thread Murali Reddy 
On 22/07/13 5:29 PM, "Valery Ciareszka"  wrote:

>>Not sure what you meant by 'combined' isolated and guest networks, but
>>you
>can have both 'isolated' and 'shared' networks co-existing in a zone.
>
>I created shared network -
>http://thesuki.org/temp/ss/SS-20130722145047.png
>Cloudstack treats it as guest network:
>http://thesuki.org/temp/ss/SS-20130722145209.png
>And when I create VM within this "whitenet", its traffic is going through
>guest vlan (guest network as
>http://thesuki.org/temp/ss/SS-20130722145337.png)  on HV node.
>But this guest vlan has no access to public internet. Is it possible to
>configure CS so that traffic from this "whiteguest"  network would flow
>through public network as on
>http://thesuki.org/temp/ss/SS-20130722145337.png instead of guest network
>?

Sorry, I replied to the question with out properly understanding the
problem. 'Shared' networks are treated as networks with traffic type as
'Guest'. So in this case even though 'whiteguest' shared network is
created with with real public ips' traffic still goes through
'cloudbrguest' instead of 'cloudbrpublic'. Unfortunately user can not
create network/network offering with public traffic type. You may want to
work around the problem.

>
>
>
>
>
>On Mon, Jul 22, 2013 at 2:35 PM, Murali Reddy
>wrote:
>
>> On 22/07/13 3:36 PM, "Valery Ciareszka" 
>>wrote:
>>
>> >Hi all,
>> >
>> >I'm using CS 4.1 / KVM with different bridge labels(vlans) for each
>>type
>> >of
>> >traffic - cloudbrpublic, cloudbrstor,cloudbrmanage,cloudbrguest
>> >
>> >I tried to add real ip subnetwork to zone as guest network, but it
>>seems
>> >that cloudstack tries to route its traffic through guest bridge label,
>> >thus
>> >vms with real ip addresses don't have access to internet  - cloudstack
>> >agent creates bridge for guest network with real ips on top of
>> >cloudbrguest
>> >instead of cloudbrpublic.
>>
>> Did you create 'isolated' guest network with public IP's? 'isolated'
>> networks are typically used with rfc1918 ip's and the traffic is treated
>> as guest traffic. Public access for the VM's in isolated guest networks
>> needs NAT. Shared guest networks can give direct internet access to the
>> VM's without NAT.
>>
>> >
>> >Is it possible to combine isolated guest network(private rfc1918 ips )
>> >with
>> >shared guest network(public ips)  within the same zone ?
>>
>> Not sure what you meant by 'combined' isolated and guest networks, but
>>you
>> can have both 'isolated' and 'shared' networks co-existing in a zone.
>>
>> >
>> >
>> >--
>> >Regards,
>> >Valery
>> >
>> >http://protocol.by/slayer
>> >
>>
>>
>>
>
>
>-- 
>Regards,
>Valery
>
>http://protocol.by/slayer
>

Re: multiple ip addresses in zone

2013-07-22 Thread Murali Reddy 
On 22/07/13 3:36 PM, "Valery Ciareszka"  wrote:

>Hi all,
>
>I'm using CS 4.1 / KVM with different bridge labels(vlans) for each type
>of
>traffic - cloudbrpublic, cloudbrstor,cloudbrmanage,cloudbrguest
>
>I tried to add real ip subnetwork to zone as guest network, but it seems
>that cloudstack tries to route its traffic through guest bridge label,
>thus
>vms with real ip addresses don't have access to internet  - cloudstack
>agent creates bridge for guest network with real ips on top of
>cloudbrguest
>instead of cloudbrpublic.

Did you create 'isolated' guest network with public IP's? 'isolated'
networks are typically used with rfc1918 ip's and the traffic is treated
as guest traffic. Public access for the VM's in isolated guest networks
needs NAT. Shared guest networks can give direct internet access to the
VM's without NAT.

>
>Is it possible to combine isolated guest network(private rfc1918 ips )
>with
>shared guest network(public ips)  within the same zone ?

Not sure what you meant by 'combined' isolated and guest networks, but you
can have both 'isolated' and 'shared' networks co-existing in a zone.

>
>
>-- 
>Regards,
>Valery
>
>http://protocol.by/slayer
>

Re: How to create a network offering without firewall?

2013-06-27 Thread Murali Reddy 

Yes, egress firewall default action is 'BLOCK'. Here is a nice blog from
Radhika 
http://writersopendiary.wordpress.com/2013/05/27/egress-firewall-rules-in-a
pache-cloudstack/

On 27/06/13 2:21 PM, "WXR" <474745...@qq.com> wrote:

>By the way , when I select the default guestnetworkwithsourceNAT and
>create an instance,the vm can not access to the Internet,is this a
>default setting?how can I let the vm access the Internet?
>
>
>
>
>------ Original --
>From:  "Murali Reddy";
>Date:  Thu, Jun 27, 2013 04:46 PM
>To:  "users@cloudstack.apache.org";
>
>Subject:  Re: How to create a network offering without firewall?
>
>
>
>
>Also, by default all the ports that will be used by edge services are
>blocked by iptable config in the router VM templates. They needed to be
>opened explicitly with firewall rules.
>
>On 27/06/13 2:08 PM, "Jayapal Reddy Uradi" 
>wrote:
>
>>With out firewall provider you can't have sourceNAT and static NAT
>>services because these services are provided by firewall provider only.
>>
>>Thanks,
>>Jayapal
>>
>>On 27-Jun-2013, at 1:35 PM, WXR <474745...@qq.com>
>> wrote:
>>
>>> If I create a new network offering and check
>>>dns,dhcp,userdata,sourceNAT,staticNAT,not check the firewall service.But
>>>the firewall will be added into it automatically.
>>> I don't need the firewall service ,how can I create a network offering
>>>without firewall?
>>
>>
>
>
>.

Re: How can I allocate a specific IP when I create an instance.

2013-06-27 Thread Murali Reddy 
On 27/06/13 2:46 AM, "Geoff Higginbottom"
 wrote:

>@Dave: you are right about advanced networks but the original question
>was in relation to basic networking.
>
>@All: I did some testing over a year ago around changing IPs for guest.
>For a VM on and advanced network you can edit the IP directly in the
>database but restarting the VM is not enough, you have to also restart
>the virtual Router for that network.
>
>The new 4.1 add NIC API call Dave is referring to is great and to me one
>of the best new features of 4.1, but again it's only for advanced
>networking so no good for the original problem.
>
>The multiple IPs to a single NIC has been discussed a lot, but I believe
>it is still in development.

Multiple Ip per nic is going in 4.2 [1]. Also in 4.2, you can reserve a
sub-range of guest CIDR that user can control and assign to the VM's [2]
but again this is only in advanced network.

[1] 
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Multiple+IP+address+
per+NIC
[2] 
https://cwiki.apache.org/confluence/display/CLOUDSTACK/IP+Range+Reservation
+within+a+Network


>
>Regards
>
>Geoff Higginbottom
>CTO / Cloud Architect
>
>D: +44 20 3603 0542 | S: +44 20 3603
>0540| M: +447968161581
>
>geoff.higginbot...@shapeblue.com
>|www.shapeblue.com | Twitter:@shapeblue
>
>ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N 4HS
>
>
>On 26 Jun 2013, at 11:22, "Dave Dunaway"
>mailto:dave.duna...@gmail.com>> wrote:
>
>@Geoff: Of course we are talking advanced networking, and having
>consideration of what your networks are that you can use. If someone wants
>to put a 10.x.x.x ip on a VM that is on a 192.x.x.x network, then they can
>gladly shoot themselves in the foot. Ideally the person making such a
>change understands the 'basic's of advanced networking in CloudPlatform.
>Otherwise they should stick the UI.;)
>
>@Jason: Look in the cloud.nics table. The nics for VMs are defined here.
>Modify as needed. A restart of the VM to make sure it all works is highly
>recommended.
>
>In our testing environment I can move a VM from one network to another,
>add
>nics, change IP's etc quite easily. Some of the 4.1 API will add this
>functionality (add nics for example to an existing VM). But there's still
>a
>lot of immutable things in CloudPlatform that shouldn't be, and  that
>maybe
>one day will be a feature. We just need to make the requests for those
>features.
>
>
>
>
>
>
>On Wed, Jun 26, 2013 at 1:30 PM, Jason Pavao
>mailto:jason.pa...@oracle.com>> wrote:
>
>Do you by chance have a sample sql query that would perform this?
>
>
>
>On 6/26/2013 8:51 AM, Dave Dunaway wrote:
>
>There should be a way to have the ability to reserve an IP and still have
>DHCP assign the IP by mac reservation. There's no technical reason this
>wouldn't work and likely a feature a lot of people would love to see. The
>only hold back is the UI not allowing you to do so.
>
>Ultimately, you can go to the DB and change the VM's IP in the nics table
>to what you want (reboot the VM and the IP change will occur). Which is
>not
>the preferred way to do so, but ultimately that functionality from the UI
>would be ideal.
>
>Even going as far as intergrating IPAM functionality into the product
>would
>be ideal.
>
>
>On Wed, Jun 26, 2013 at 11:44 AM, Geoff Higginbottom <
>geoff.higginbottom@shapeblue.**com
>mailto:geoff.higginbot...@shapeblue.com>
>>>
>wrote:
>
>Simple answer - you can't.
>
>In an advanced zone, you can specify the IP address when you create a new
>VM using the API, however in a basic zone, because the IP will depend on
>which POD your VM ends up in, and as a user you cannot influence this,
>there is no way to specific the IP, even if you are a root admin.
>
>The reason it still fails when you manually change the IP is that the
>security groups feature is expecting the VM to have the IP CloudStack
>allocated it via DHCP.
>
>Regards
>
>Geoff Higginbottom
>CTO / Cloud Architect
>
>
>D: +44(0)20 3603 0542 | S: +44(0)20 3603 0540+442036030540> | M: +44(0)7968161581
>
>geoff.higginbottom@shapeblue.**com
>mailto:geoff.higginbot...@shapeblue.com>
>>
>ginbot...@shapeblue.com>
>
>| www.shapeblue.com
>
>ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N 4HS
>
>
>
>On 26 Jun 2013, at 05:02, "WXR"
><474745...@qq.com>>
>wrote:
>
>cloudstack version: 4.1
>network type: basic network
>
>When I create a new instance,the vm will get a random IP from the DHCP
>server on vrouter.
>
>If I want to:
>1.allocate a specific ip to the vm.
>2.allocate multiple ips to the vm.
>3.change the vm ip from one to another.
>
>How can I achieve it? I try to bind the ip to the vm nic manually but the
>ip can not be accessed.
>This email and any attachments to it may be confidential and are intended
>sol

Re: How to create a network offering without firewall?

2013-06-27 Thread Murali Reddy 

Also, by default all the ports that will be used by edge services are
blocked by iptable config in the router VM templates. They needed to be
opened explicitly with firewall rules.

On 27/06/13 2:08 PM, "Jayapal Reddy Uradi" 
wrote:

>With out firewall provider you can't have sourceNAT and static NAT
>services because these services are provided by firewall provider only.
>
>Thanks,
>Jayapal
>
>On 27-Jun-2013, at 1:35 PM, WXR <474745...@qq.com>
> wrote:
>
>> If I create a new network offering and check
>>dns,dhcp,userdata,sourceNAT,staticNAT,not check the firewall service.But
>>the firewall will be added into it automatically.
>> I don't need the firewall service ,how can I create a network offering
>>without firewall?
>
>

Re: Load balance in basic network model

2013-06-27 Thread Murali Reddy 
On 27/06/13 5:01 AM, "j...@millican.us"  wrote:

>Hello,
>I am running CloudStack 4.1 on Ubuntu 12.04.2 with KVM for hypervisors
>and am using NFS for primary and secondary storage.
>I am currently running Basic Networking model and would like to have two
>VMs on separate hosts load balanced.
>I see in the network section of Service Offerings "Default Isolated
>Network Offering With Source NAT Service" and
>under System Offering for "System Offering for Elastic LB VM"  But am
>not able to find anyway to use them.
>I have Googled the heck out of this and have found many post that say
>this is doable but none that give any examples or "how to" instructions.

In basic zone you do get load balancing functionality but current
implementation works only with NetScaler. At some point in 2.x there was
ELB VM's providing load balancing in basic zone but its not supported
(actually not enabled, whole code exists in CloudStack some one needs to
test and re-enable it) lately. Advanced zone networking model provides
lots of rich networking features with native virtual router appliance. Any
particular reason you choose 'basic network' model? If you have option you
might want to consider using advanced zone deployment.

>
>It would also be nice to have the System VMs and routers be redundant so
>that if a host fails it will automatically fail over to the other host
>with as little down time as possible.  Again I see lots of talk about
>this but nothing to show how to do it.

For virtual router, you have redundant virtual router which can be enabled
in the network offering. System VM's are also HA enabled.

>
>Even a simple pointer to where I can find example or a how to would be
>great. I have read the admin guide at
>http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.1.0/html/Admin
>_Guide/ 
>   and am not finding my answers.
>
>Thanks
>JohnM
>
>
>

Re: [DISCUSS] EIP Enhancements FS & Design Document

2013-05-21 Thread Murali Reddy 
On 20/05/13 11:31 PM, "Chip Childers"  wrote:

>On Mon, May 20, 2013 at 02:19:24PM +, Murali Reddy wrote:
>> 
>> Swamy,
>> 
>> As mentioned in my merge request [1], I have generalised this feature
>>and
>> tried to not enforce AWS EIP semantics. Please see the updated FS [2]
>> 
>> [1] http://s.apache.org/xjy
>> [2] 
>> 
>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/portable+public+IP
>> 
>> Let me know if you need further clarification.
>
>Do you want the older page to be deleted?  Is it still relevant?
>Perhaps we should move it to an abandoned designs parent page?

Its not relevant, left a note in the old FS mentioning it as obsolete.
Also moved the spec out of 4.2 design documents to 'designs not committed
for any release' for now.

>
>> 
>> Thanks,
>> Murali
>> 
>> On 15/05/13 10:51 PM, "Venkata SwamyBabu Budumuru"
>>  wrote:
>> 
>> >Hi,
>> >
>> >I didn't find the old mail thread about this FS. Hence posting my
>>review
>> >comments in a new thread.
>> >
>> >I have few queries/ comments after reviewing the FS [1]
>> >
>> >[1] https://cwiki.apache.org/CLOUDSTACK/eip-enhancements.html
>> >[2] Prior discussion thread :  http://sy.pe/6bNG
>> >
>> >
>> >1. Are we providing any flexibility for admin to impose no. of EIPs an
>> >account can use?
>> >2. As per the Spec, when an instance has a public ip with
>> >is_system=false, then we don't let user asosciateEIP. I feel, it would
>>be
>> >better if allow the user to associate EIP in this case?
>> >3. When "Associate PublicIP" is false then are going to keep all the
>> >semantics to stand the same except the fact that vm deployment by
>>default
>> >not getting the public ip?
>> >4. Do allow CS to reprogram NAT rules on the provider in case of n/w
>> >restarts?
>> >5. Under Scope, point 4 says that we only support static NAT on region
>> >level EIP. Is this true for advanced zones as well? we cannot we
>>support
>> >other services like PF / LB etc..,?
>> >6. Can you confirm that we are supporting this for Shared n/ws in
>> >advanced zone?
>> >7. I see in the spec that "createElasticIpRange" API not having any
>>VLAN
>> >id. Are we supporting region level IP CIDR with both tagged and
>>untagged?
>> >multiple subnets in the same VLAN and different VLANs etc..,
>> >8. When there is an ElasticIp associated with instance, Does the
>>current
>> >implementation release this IP and gives it back to account when VM got
>> >to stopped state? if yes, does this mean user has to associateEIP every
>> >time user starts instance?
>> >
>> >
>> >Thanks,
>> >SWAMY
>> >
>> >
>> 
>> 
>> 
>

Re: [DISCUSS] EIP Enhancements FS & Design Document

2013-05-20 Thread Murali Reddy 

Swamy,

As mentioned in my merge request [1], I have generalised this feature and
tried to not enforce AWS EIP semantics. Please see the updated FS [2]

[1] http://s.apache.org/xjy
[2] 
https://cwiki.apache.org/confluence/display/CLOUDSTACK/portable+public+IP

Let me know if you need further clarification.

Thanks,
Murali

On 15/05/13 10:51 PM, "Venkata SwamyBabu Budumuru"
 wrote:

>Hi,
>
>I didn't find the old mail thread about this FS. Hence posting my review
>comments in a new thread.
>
>I have few queries/ comments after reviewing the FS [1]
>
>[1] https://cwiki.apache.org/CLOUDSTACK/eip-enhancements.html
>[2] Prior discussion thread :  http://sy.pe/6bNG
>
>
>1. Are we providing any flexibility for admin to impose no. of EIPs an
>account can use?
>2. As per the Spec, when an instance has a public ip with
>is_system=false, then we don't let user asosciateEIP. I feel, it would be
>better if allow the user to associate EIP in this case?
>3. When "Associate PublicIP" is false then are going to keep all the
>semantics to stand the same except the fact that vm deployment by default
>not getting the public ip?
>4. Do allow CS to reprogram NAT rules on the provider in case of n/w
>restarts?
>5. Under Scope, point 4 says that we only support static NAT on region
>level EIP. Is this true for advanced zones as well? we cannot we support
>other services like PF / LB etc..,?
>6. Can you confirm that we are supporting this for Shared n/ws in
>advanced zone?
>7. I see in the spec that "createElasticIpRange" API not having any VLAN
>id. Are we supporting region level IP CIDR with both tagged and untagged?
>multiple subnets in the same VLAN and different VLANs etc..,
>8. When there is an ElasticIp associated with instance, Does the current
>implementation release this IP and gives it back to account when VM got
>to stopped state? if yes, does this mean user has to associateEIP every
>time user starts instance?
>
>
>Thanks,
>SWAMY
>
>

Re: how to configure netscaler to enable DefaultSharedNetscalerEIPandELBNetworkOffering

2013-05-15 Thread Murali Reddy 
On 15/05/13 3:21 PM, "jekie"  wrote:

>Dear All:
>I  have configured a cloudstack 4.0.1-incubating basic zone with
>DefaultSharedNetscalerEIPandELBNetworkOffering following document on
>http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Insta
>llation_Guide/zone-add.html,below is the summary of my configuration:
>netscaler vpx 10.0:
>system ip:192.168.10.9
>subnet ip range:192.168.50.20-192.168.50.40
>vlan :50 with interface 1/1 tagged
>zone:
>name:zone1
>dns1:192.168.50.254
>internal dns1:192.168.10.254
>hypervisor:kvm
>network offering: DefaultSharedNetscalerEIPand ELBNetworkOffering
>public:checked
>cloudstack netscalr configuration:
>ipaddr 192.168.10.9
>user/password:nsroot/nsroot
>type:netscaler vpx loadbalancer
>public interface:1/1
>private interface 1/2
>number of retries:2
>capacity:1
>dedicated:not check
> public traffic:
>gateway:192.168.50.254
>netmask:255.255.255.0
>vlan:50
>startip:192.168.50.20
>endip:192.168.50.40
>pod:
>name:pod1
>reserved system gateway:192.168.10.254
>reserved system netmask:255.255.255.0
>start/end reserved system ip:192.168.10.20-192.168.10.40
>
>
>guest traffic:
>guest gateway:192.168.30.254
>guest netmask:255.255.255.0
>guest start ip/end ip:192.168.30.20-192.168.30.70
>
>
>After enabling this basic zone,what makes  me confused is that my system
>vms' public address are all in guest subnet,console proxy vm' public ip
>is 192.168.30.20,secondary storage vm 's public ip is 192.168.30.30,the
>vnc console doestn't work properly,it alerts me

This is expected behaviour. System VM's will get an IP from the guest
subnet, however there is a public acquired for each system VM (similar to
user VM's) and there is 1:1 NAT established between the acquired public IP
for the system VM and guest IP os system VM. There are bugs due to which
system VM's were not getting public IP in 4.0. Fix is currently available
in 4.2 release.

>https://192-168-50-23.realhostip.com/ajax?token=txmijPkR_7vKEi3LmfY9ZoI5ZO
>euH_k8FeUHJN_iDmc4UIGpsKSwpG0rGImS01oiKye2FMn2IyFwn9t2D1f7Q9sxbTBd1JrUolkU
>hGLbAC41mwpDn9mG2EQU4v86tC54r2sDCLAQJQfX7sYuVlOCD1zJdCnQT82XNxlpuGP8Sj4go6
>qBA79mtJ_V4XgW2I7l8hl1thtWXQ7vVnoBFyfiznsAvnXBLbNKhe3weJQgg0nbdTPNAL1bZxLg
>bZt4LRozreQwhkKpBjg cannot connected
>error 501 net::ERR_INSECURE_RESPONSE
>
>
>At the sametime ,i even cannot add vm in cloudstack
>guestNetworkForBasicZone -> Add Load Balancer  UI ,I think my problem
>lies in netscaler configuration, please help me !
>
>
>thanks in advance!
>
>
>
>
>
>

Re: problem of adding netscaler network service provider

2013-05-13 Thread Murali Reddy 

Are you building from source? There are oss and non-oss builds. You need
to use non-oss build to use NetScaler functionality.

Please see 
https://cwiki.apache.org/CLOUDSTACK/how-to-build-on-master-branch.html


On 13/05/13 12:58 PM, "jekie"  wrote:

>Dear All:
>I have setup advanced zone in  cloudstack 4.0.1 incubating,now i want to
>test the autoscaling feature ,so i downloaded a Citrix NetScaler VPX 10.0
>applicance and deployed it on vmware esxi,when i adding netscaler device
>through cloudstack ui zone->network service provider ->netscaler,it
>always alert me that "Unable to find the Network Element implementing the
>Service Provider 'NetScaler'",the catalina.out log as below:
>WARN  [cloud.network.NetworkManagerImpl] (catalina-exec-23:) Unable to
>find provider Netscaler in physical network id=200
>INFO  [cloud.api.ApiDispatcher] (catalina-exec-2:) Unable to find the
>Network Element implementing the Service Provider 'Netscaler'
>WARN  [cloud.api.ApiServer] (catalina-exec-10:) The given
>command:listNetscalerLoadBalancers does not exist
>INFO  [cloud.api.ApiDispatcher] (catalina-exec-18:) Unable to find the
>Network Element implementing the Service Provider 'Netscaler'
>INFO  [cloud.api.ApiDispatcher] (catalina-exec-20:) Unable to find the
>Network Element implementing the Service Provider 'Netscaler'
>INFO  [cloud.api.ApiDispatcher] (catalina-exec-20:) Unable to find the
>Network Element implementing the Service Provider 'Netscaler'
>WARN  [cloud.api.ApiServer] (catalina-exec-3:) The given
>command:listNetscalerLoadBalancers does not exist
>INFO  [cloud.api.ApiDispatcher] (catalina-exec-16:) Unable to find the
>Network Element implementing the Service Provider 'Netscaler'
>INFO  [cloud.api.ApiDispatcher] (catalina-exec-5:) Unable to find the
>Network Element implementing the Service Provider 'Netscaler'
>INFO  [cloud.api.ApiDispatcher] (catalina-exec-7:) Unable to find the
>Network Element implementing the Service Provider 'Netscaler'
>INFO  [cloud.api.ApiDispatcher] (catalina-exec-21:) Unable to find the
>Network Element implementing the Service Provider 'Netscaler'
>INFO  [cloud.api.ApiDispatcher] (catalina-exec-14:) Unable to find the
>Network Element implementing the Service Provider 'Netscaler'
>WARN  [cloud.api.ApiServer] (catalina-exec-6:) The given
>command:listNetscalerLoadBalancers does not exist
>INFO  [cloud.api.ApiDispatcher] (catalina-exec-24:) Unable to find the
>Network Element implementing the Service Provider 'Netscaler'
>WARN  [cloud.api.ApiServer] (catalina-exec-6:) The given
>command:listNetscalerLoadBalancers does not exist
>INFO  [cloud.api.ApiDispatcher] (catalina-exec-24:) Unable to find the
>Network Element implementing the Service Provider 'Netscaler'
>INFO  [cloud.api.ApiDispatcher] (catalina-exec-17:) Unable to find the
>Network Element implementing the Service Provider 'Netscaler'
>WARN  [cloud.api.ApiServer] (catalina-exec-2:) The given
>command:listNetscalerLoadBalancers does not exist
>INFO  [cloud.api.ApiDispatcher] (catalina-exec-19:) Unable to find the
>Network Element implementing the Service Provider 'Netscaler'
>WARN  [cloud.api.ApiServer] (catalina-exec-21:) The given
>command:listNetscalerLoadBalancers does not exist
>INFO  [cloud.api.ApiDispatcher] (catalina-exec-9:) Unable to find the
>Network Element implementing the Service Provider 'Netscaler'
>WARN  [cloud.api.ApiServer] (catalina-exec-8:) The given
>command:listNetscalerLoadBalancers does not exist
>INFO  [cloud.api.ApiDispatcher] (catalina-exec-16:) Unable to find the
>Network Element implementing the Service Provider 'Netscaler'
>INFO  [cloud.api.ApiDispatcher] (catalina-exec-7:) Unable to find the
>Network Element implementing the Service Provider 'Netscaler'
>
>
>My cloudstack configuation:
>management/storage subnet is 192.168.10.0,netmask 255.255.255.0,gateway
>192.168.10.254
>guest subnet is 192.168.30.0/24 vlan range is 30-49.
>public subnet for system vm:192.168.50.20/70,netmask
>255.255.255.0,gateway 192.168.50.254 ,vlan is 50
>public subnet for user vm:192.168.50.71/100,netmask 255.255.255.0,gateway
>192.168.50.254 ,vlan is 50
>
>
>netscaler management ip is 192.168.10.9,public ip is 192.168.50.254
>all the system vm can ping its' public gateway 192.168.50.254 very well,i
>still cannot make clear why it cannot find provider Netscaler in physical
>network ,please help me !
>
>

Re: Recommended network setup

2013-04-26 Thread Murali Reddy 
On 26/04/13 7:17 AM, "Carlos Reategui"  wrote:

>I am re-doing my setup and looking for advice.
>
>This cluster is primarily going to be used by a dev and qa team
>internally.
> We would like to have ELB capability though.
>
>Storage for primary and secondary are NFS and will be on management
>server.
> Here is my setup:
>
>Network:
>- switch 1 isolated from the rest of the network: 192.168.200.0/24
>- switch 2 has route to our office network: 192.168.10.0/24
>
>Management/storage server has:
>2 x 10Gbe connected to switch 1
>2 x 1Gbe connected to switch 2
>
>Hosts - running XS 6.0.2
>4 x 1Gbe on switch 1
>4 x 1Gbe on switch 2
>I can re-wire these.
>
>My thought was to use Basic network setup and have 2 bonds (of 4 nics
>each)
>on the hosts. One for primary storage and the other bond would be the
>management network (and guest and secondary storage traffic).
>
>Security is not really an issue so if there is a setup option that would
>keep things simple I am all ears.

Couple of more details would help. So your primary use case is to provide
a cloud for DevOps right? What is that your use-case of using ELB? At
present in basic zone network services EIP & ELB are only available
through the NetScaler. If you want CloudStack to provision network
services static NAT (with EIP) and LB (with ELB) in basic zone then you
will have to use NetScaler.

>
>Using XS my understanding is I need to change it to bridge networking
>instead of ovs.  I'm also assuming I still setup the bonds using xe (they
>seem to default to slb).  Is it possible to use LACP?  XS 6.0.2 does not
>support LACP but since I will using bridge networking I'm wondering if it
>might.  Should the bonds have specific names or be labeled something
>specific?

If security is not a concern and does not want security groups in basic
zone, then you could still use OVS.

>
>Would I be better off having a separate management network from the guest
>network?  I.e. separating out that bond into 2 bonds?  I'm assuming that
>would require setting up a vlan.  Would I need to use advanced network
>too?
> I am a bit of a newbie when it comes to networks.

In general you can do NIC bonding, traffic (guest,storage,management)
isolation is both advanced and basic zones. But if you want CloudStack to
orchestrate and provide network services (static/source NAT, PF, lb etc)
in self-service manner using virtual router then you can opt for advanced
zone. But downside of advanced zone is you will have to deal with VLAN's.
If network services are not important or you can provision network
services outside of CloudStack then basic-zone is the simplest deployment
model that that you should be using.

>
>Thanks,
>Carlos
>

Re: Using different DNS for guests than Virtual Router

2013-04-23 Thread Murali Reddy 

You can try with network offering with out DHCP and DNS services and
control the guest instances to use AD as DNS/DHCP service provider. Please
try out the steps outlined in [1].

[1] 
http://www.shapeblue.com/2012/05/10/using-the-api-for-advanced-network-mana
gement/

On 23/04/13 2:12 AM, "David Ortiz"  wrote:

>Hello,
>I am trying to setup a Windows AD server as a guest on my cloudstack
>cluster, and join my other guests to the domain it is serving using
>PowerBroker Identity Services Open.  From what I am seeing, the virtual
>router will block me from being able to perform nslookup or join the
>domain using the domainjoin-cli command.  If I modify /etc/resolv.conf to
>point directly at my DC as the dns server, it can join the domain without
>any issues.  Unfortunately when I reboot, the dhcp setup with the virtual
>router will point it back to the virtual router as the name server.  I
>also found that I could get nslookup (but not joining the domain) to work
>by playing with the dnsmasq.conf settings on the virtual router a little
>bit, which works until it is rebooted at which point they revert back to
>what they had been originally.  Is there a way to get the virtual router
>to point guests at the domain controller as the DNS, or to set up the
>dnsmasq to allow the AD joins to occur (and make those settings
>persistent)?  Or alternatively, would I be able to set up DHCP on the DC
>and just circumvent the virtual router entirely?
>Thanks,
> David Ortiz

Re: F5 LB - Guest VLAN Advanced Zone

2013-04-18 Thread murali reddy 
On Fri, Apr 19, 2013 at 9:51 AM, Anoop Mohan  wrote:

> Hi Team,
>
>
>
>
>
> If I want to use external load balancer  F5 , is it mandate to use an
> external firewall rather than using VR as Firewall service?
>
>
>
So there are two deployment models. 'inline' and 'side-by-side'. In inline
case your LB service provider like F5 is configured to be behind firewall.
Where as in 'side-by-side' mode, load balancer device will receive inbound
public traffic directly with out going though the firewall. You can have
a 'side-by-side' combination of VR providing firewall service and F5
providing the load balancing service.


>
> Regards,
>
> Anoop Mohan
>
> The information transmitted is intended only for the person or entity to
> which it is addressed and may contain confidential and/or privileged
> material.
> Any review, re-transmission, dissemination or other use of or taking of
> any action in reliance upon,this information by persons or entities other
> than the intended recipient is prohibited.
> If you received this in error, please contact the sender and delete the
> material from your computer.
> Microland takes all reasonable steps to ensure that its electronic
> communications are free from viruses.
> However, given Internet accessibility, the Company cannot accept liability
> for any virus introduced by this e-mail or any attachment and you are
> advised to use up-to-date virus checking software.
>

Re: [QA][PROPOSAL][ACS4.2] Test plan review: GSLB (Global Server Load Balancing)

2013-04-15 Thread Murali Reddy 

Thanks for test plan. Test plan looks good to me.For the below questions
you raised in the test plan please open a bug.

1. Provide a mechanism for updating information about existing Netscaler
device that is enabled for GSLB (like change isGslbProvider from True to
False and vice versa etc..,)
2. Prvide a mechanism for reprogramming GSLB info on the network devices
in case of any changes or configuration lost /messed up situations.



On 12/04/13 8:51 AM, "Venkata SwamyBabu Budumuru"
 wrote:

>
>Hi Murali,
>
>Please review the test plan [1] for feature " GSLB (Global Server Load
>Balancing)" and let me know the review comments. The test cases are
>mentioned in an excel sheet attached to the page.
>
>[1] Test Plan  :
>https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=31817730
>[2] Functional Spec:
>https://cwiki.apache.org/CLOUDSTACK/gslb-global-server-load-balancing-func
>tional-specification-and-design-document.html
>[3] Bug Id   :
>https://issues.apache.org/jira/browse/CLOUDSTACK-894
>
>
>Thanks,
>SWAMY
>
>

Re: email notifications & hooks

2013-04-11 Thread Murali Reddy 
On 11/04/13 5:56 PM, "Chip Childers"  wrote:

>On Thu, Apr 11, 2013 at 12:21:28PM +, Nitin Mehta wrote:
>> Since its a user community I would have liked to look at a way of using
>>it
>> seeing a default implementation. The FS suggests different use cases it
>> can be used in a deployment scenario.
>> Can you please educate us if there is indeed an implementation and how
>>to
>> enable it ?
>
>Rabbit MQ is the implementation being provided in the upcoming 4.1
>release.  A basic documentation page will be in that release's admin
>guide.  If someone wants to give this a try, they will need to pull in
>the 4.1 branch to test before we release.
>

4.1 documentation for events-framework is at

https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=docs/en-U
S/event-framework.xml;h=88c45c9033d4b048be67e6f746a55720d052ea4c;hb=refs/he
ads/4.1

Re: Can't Delete Physical Network

2013-04-01 Thread Murali Reddy 
Check op_dc_vnet_alloc table, there should be not any entries left for the 
physical network Id.

From: niz mailto:n...@chinanetcenter.com>>
Reply-To: "users@cloudstack.apache.org" 
mailto:users@cloudstack.apache.org>>, 
"n...@chinanetcenter.com" 
mailto:n...@chinanetcenter.com>>
Date: Monday, 1 April 2013 2:00 PM
To: users mailto:users@cloudstack.apache.org>>
Subject: Can't Delete Physical Network

The Physical Network is not deletable because there are allocated vnets for 
this physical network

I have deleted all the networks and IP resources, but can not delete this 
physical network, what's the problem?

2013-04-01

倪珍 综合管理部
网宿科技股份有限公司厦门分公司


Tel: 0592-5520608-8022
Fax:0592-5520515
E-mail:n...@chinanetcenter.com
http://www.chinanetcenter.com

[说明: 说明: LOGO small]

分公司:北京-上海-广州-深圳
免费咨询:800-816-8777
卓越的互联网业务平台提供商