Re: How to configure TLS on ACS 4.11.1 Web UI
Hi,
Yes, I know I can use proxy or lb to ssl offload but I need to do
end-to-end with TLS. That is why I need to terminate TLS on ACS server.
Thanks for your suggestion anyway.
Regards,
On Tue, 18 Sep 2018 at 1:36 PM, Skale Franz
wrote:
> Why not using nginx as a reverse proxy ?
> To start with, check my example config (replace ip, hostname and of course
> generate a dhparam file and use a valid certificate).
> Will produce an A+ on ssllabs test and downwards compatibles to old
> browsers !
>
> server {
> listen 10.1.1.1:80;
> server_name cloudstack.example.com;
> ## redirect http to https ##
> rewrite ^ https://$server_name/client/ permanent;
> }
>
> server {
> listen 10.1.1.1:443;
> server_name cloudstack.example.com;
>
> rewrite ^/$ https://cloudstack.example.com/client/ permanent;
>
> ### ssl config - customize as per your cert files ###
> ssl on;
> ssl_certificate /etc/ssl/certs/cloudstack.example.com.pem;
> ssl_certificate_key /etc/ssl/private/cloudstack.example.com.key;
> ssl_protocolsTLSv1 TLSv1.1 TLSv1.2;
> ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
> ssl_prefer_server_ciphers on;
> ssl_dhparam /etc/ssl/certs/dhparam.pem;
> keepalive_timeout70;
> ssl_session_cacheshared:SSL:10m;
> ssl_session_timeout 10m;
>
> ## Reverse Proxy
> location / {
> add_header Front-End-Httpson;
> add_header Cache-Control "public, must-revalidate";
> add_header Strict-Transport-Security "max-age=63072000;
> includeSubdomains; preload";
> add_header X-Frame-Options "DENY";
> proxy_pass http://127.0.0.1:8080;
> proxy_next_upstream error timeout invalid_header http_500 http_502
> http_503;
> proxy_set_headerHost$host;
> proxy_set_headerX-Real-IP $remote_addr;
> proxy_set_headerX-Forwarded-For $proxy_add_x_forwarded_for;
> }
> }
>
> Best regards
> Franz Skale
>
> Rechenzentrum-Services
>
>
> Citycom Telekommunikation GmbH
> Gadollaplatz 1
> 8010 Graz | Austria
>
> T: +43(316)887-6264
> M: +43(664)88275444
> E: franz.sk...@citycom-austria.com
> www.citycom-austria.com
>
> FN 165640p, Landes- als Firmenbuchgericht Graz
> UID-Nr.: ATU 61241999
>
>
>
>
> Von: Netlynker
> Gesendet: Dienstag, 18. September 2018 05:57
> An: users@cloudstack.apache.org
> Betreff: How to configure TLS on ACS 4.11.1 Web UI
>
> Hi,
> The document for 4.11.1 is not updated and it is still refering to tomcat
> ssl config.
>
> Where can I find information to configure TLS/SSL on ACS 4.11.1 Web UI?
>
> Thanks in advance,
> Netlynker
>
VRs swapping with 256 MB RAM
Hi While running test for a 4.11.1 (VMware) upgrade in our lab, we run into low memory / swapping of VRs having 256 MB RAM. After 2-3 days it became critical because the management server connections to VRs took very long, minutes, this resulted in many more problems all over. Make sure your VRs have enough RAM. Regards René
Unable to migrate instance to new host
We were running cloudstack 4.11.1 with 1 host. Now we added another identical host. The procedure completed successfully. But the attempt to migrate instance to this new host fails with error message: Migration was refused connection to destination: qemu+tcp://A.B.C.D/system. Please check libvirt configuration compatibility and firewall rules on the source and destination hosts. iptables configuration on both hosts is the one suggested here http://docs.cloudstack.apache.org/projects/archived-cloudstack-installation/en/4.11/hypervisor/kvm.html#configuring-the-firewall Please help.
Adding Physical Networks to Existing Zone
Hello I wonder if anyone can help me. I've successfully installed cloudstack 4.11 on a test server and created a zone with advanced networking,etc I added additional physical network interfaces to the server but I can't see where I can add these to the existing zone. I've searched for information on this but have been unable to find any. Could someone point me in the direction on where I can find the documentation on adding physical Interfaces to an existing zone. I can remove interfaces but I can't find how to add them back. Thanks Richard
Re: Adding Physical Networks to Existing Zone
Richard, You'll need to use the API - http://cloudstack.apache.org/api/apidocs-4.11/apis/createPhysicalNetwork.html Easiest way is to install Cloudmonkey - https://github.com/apache/cloudstack-cloudmonkey for the Go version, or pip install cloudmonkey for the python version. https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+cloudmonkey+CLI for examples. - Si From: Richard M Sent: Tuesday, September 18, 2018 11:55 AM To: users@cloudstack.apache.org Subject: Adding Physical Networks to Existing Zone Hello I wonder if anyone can help me. I've successfully installed cloudstack 4.11 on a test server and created a zone with advanced networking,etc I added additional physical network interfaces to the server but I can't see where I can add these to the existing zone. I've searched for information on this but have been unable to find any. Could someone point me in the direction on where I can find the documentation on adding physical Interfaces to an existing zone. I can remove interfaces but I can't find how to add them back. Thanks Richard
RE: Unable to migrate instance to new host
Hello Jevgeni, Whats is your linux distribution ? On ubuntu 16.04, We ran into the same problem few month ago and we had to modify the libvirt-bin.service as well. 'ExecStart=/usr/sbin/libvirtd $libvirtd_opts' >> 'ExecStart=/usr/sbin/libvirtd -l $libvirtd_opts' Add the "-l" before $libvirtd_opts Best regards, N.B -Message d'origine- De : Jevgeni Zolotarjov [mailto:j.zolotar...@gmail.com] Envoyé : mardi 18 septembre 2018 18:10 À : users@cloudstack.apache.org Objet : Unable to migrate instance to new host We were running cloudstack 4.11.1 with 1 host. Now we added another identical host. The procedure completed successfully. But the attempt to migrate instance to this new host fails with error message: Migration was refused connection to destination: qemu+tcp://A.B.C.D/system. Please check libvirt configuration compatibility and firewall rules on the source and destination hosts. iptables configuration on both hosts is the one suggested here http://docs.cloudstack.apache.org/projects/archived-cloudstack-installation/en/4.11/hypervisor/kvm.html#configuring-the-firewall Please help.
[VOTE] 4.11.2.0 RC1
Hi All, I've created a 4.11.2.0 release (RC1), with the following artefacts up for testing and a vote: Git Branch and Commit SH: https://gitbox.apache.org/repos/asf?p=cloudstack.git;a=shortlog;h=refs/heads/4.11.2.0-RC20180918T1628 Commit: 115fb482409da71b5e82bbc2190c50291c833c15 Source release (checksums and signatures are available at the same location): https://dist.apache.org/repos/dist/dev/cloudstack/4.11.2.0/ PGP release keys (signed using 8B309F7251EE0BC8): https://dist.apache.org/repos/dist/release/cloudstack/KEYS The vote will be open until the beginning of next week, 24th September 2018. For sanity in tallying the vote, can PMC members please be sure to indicate "(binding)" with their vote [ ] +1 approve [ ] +0 no opinion [ ] -1 disapprove (and reason why) Additional information: For users' convenience, I've built packages from 115fb482409da71b5e82bbc2190c50291c833c15 and published RC1 repository here: http://packages.shapeblue.com/testing/41120rc1/ 4.11.2 systemvm templates are available from here: http://packages.shapeblue.com/testing/systemvm/ paul.an...@shapeblue.com www.shapeblue.com Amadeus House, Floral Street, London WC2E 9DPUK @shapeblue
Re: Adding Physical Networks to Existing Zone
Hello Thanks. I successfully managed to add the additional Interfaces and traffic types with the information you provided. Much Appreciated. Regards Richard On Tuesday, 18 September 2018, 18:07:15 GMT+1, Simon Weller wrote: Richard, You'll need to use the API - http://cloudstack.apache.org/api/apidocs-4.11/apis/createPhysicalNetwork.html Easiest way is to install Cloudmonkey - https://github.com/apache/cloudstack-cloudmonkey for the Go version, or pip install cloudmonkey for the python version. https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+cloudmonkey+CLI for examples. - Si From: Richard M Sent: Tuesday, September 18, 2018 11:55 AM To: users@cloudstack.apache.org Subject: Adding Physical Networks to Existing Zone Hello I wonder if anyone can help me. I've successfully installed cloudstack 4.11 on a test server and created a zone with advanced networking,etc I added additional physical network interfaces to the server but I can't see where I can add these to the existing zone. I've searched for information on this but have been unable to find any. Could someone point me in the direction on where I can find the documentation on adding physical Interfaces to an existing zone. I can remove interfaces but I can't find how to add them back. Thanks Richard
Re: Unable to migrate instance to new host
My host is running on Centos7. tried to set "LIBVIRTD_ARGS=-l" in /etc/sysconfig/libvirtd But nothing changed On Tue, Sep 18, 2018 at 8:42 PM Nicolas Bouige wrote: > Hello Jevgeni, > > Whats is your linux distribution ? > On ubuntu 16.04, We ran into the same problem few month ago and we had to > modify the libvirt-bin.service as well. > > 'ExecStart=/usr/sbin/libvirtd $libvirtd_opts' >> > 'ExecStart=/usr/sbin/libvirtd -l $libvirtd_opts' > > Add the "-l" before $libvirtd_opts > > Best regards, > N.B > > -Message d'origine- > De : Jevgeni Zolotarjov [mailto:j.zolotar...@gmail.com] > Envoyé : mardi 18 septembre 2018 18:10 > À : users@cloudstack.apache.org > Objet : Unable to migrate instance to new host > > We were running cloudstack 4.11.1 with 1 host. > Now we added another identical host. > > The procedure completed successfully. > > But the attempt to migrate instance to this new host fails with error > message: > > Migration was refused connection to destination: qemu+tcp://A.B.C.D/system. > Please check libvirt configuration compatibility and firewall rules on the > source and destination hosts. > > iptables configuration on both hosts is the one suggested here > http://docs.cloudstack.apache.org/projects/archived-cloudstack-installation/en/4.11/hypervisor/kvm.html#configuring-the-firewall > > Please help. >
Re: Unable to migrate instance to new host
Resolved the problem by following changes in /etc/libvirt/libvirtd.conf listen_tls=0 listen_tcp=1 Now I can move running instances between hosts! BUT - new problem The instances, running on freshly added host are not accessible over TCP from LAN. When I open console for these instances, then the network is available, IP address is correct and IP addresses in LAN are accessible from these instances. What is still missing? Help appreciated. On Tue, Sep 18, 2018 at 11:46 PM Jevgeni Zolotarjov wrote: > My host is running on Centos7. > > tried to set "LIBVIRTD_ARGS=-l" in > /etc/sysconfig/libvirtd > > But nothing changed > > On Tue, Sep 18, 2018 at 8:42 PM Nicolas Bouige wrote: > >> Hello Jevgeni, >> >> Whats is your linux distribution ? >> On ubuntu 16.04, We ran into the same problem few month ago and we had >> to modify the libvirt-bin.service as well. >> >> 'ExecStart=/usr/sbin/libvirtd $libvirtd_opts' >> >> 'ExecStart=/usr/sbin/libvirtd -l $libvirtd_opts' >> >> Add the "-l" before $libvirtd_opts >> >> Best regards, >> N.B >> >> -Message d'origine- >> De : Jevgeni Zolotarjov [mailto:j.zolotar...@gmail.com] >> Envoyé : mardi 18 septembre 2018 18:10 >> À : users@cloudstack.apache.org >> Objet : Unable to migrate instance to new host >> >> We were running cloudstack 4.11.1 with 1 host. >> Now we added another identical host. >> >> The procedure completed successfully. >> >> But the attempt to migrate instance to this new host fails with error >> message: >> >> Migration was refused connection to destination: >> qemu+tcp://A.B.C.D/system. >> Please check libvirt configuration compatibility and firewall rules on >> the source and destination hosts. >> >> iptables configuration on both hosts is the one suggested here >> http://docs.cloudstack.apache.org/projects/archived-cloudstack-installation/en/4.11/hypervisor/kvm.html#configuring-the-firewall >> >> Please help. >> >
Re: Unable to resize down data disk: libvirt exception - invalid argument: can't shrink capacity below existing allocation
Hi,
Anyone can advise on below? Or is it confirmed that resizing down
(shrinking) the data-disk is no longer supported on CloudStack with KVM,
libvirt and Ceph RBD storage?
Looking forward to your reply, thank you.
Cheers.
On Thu, Aug 16, 2018 at 6:07 PM, Cloud List wrote:
> Hi,
>
> We are using CloudStack 4.8.1.1 with QEMU/KVM hypervisor, libvirt and Ceph
> RBD storage.
>
> We just realised that we are not able to resize down any of our
> data-disks, and we are sure that we were able to do that before. Not too
> sure since when the problem started to happen.
>
> When we tried to resize a data disk of a VM on CloudStack admin panel by
> stopping the VM and then go to Instance > VM hostname > View Volumes >
> DATA- > Resize volume > Select a disk offering with lower storage size
> > Tick on "Shrink OK" > click OK, we get this error messages as a pop-up on
> the CloudStack admin panel:
>
>
> org.libvirt.LibvirtException: invalid argument: can't shrink capacity
> below existing allocation
>
>
> On management server logs:
>
>
> 2018-08-16 17:52:31,541 ERROR [c.c.a.ApiAsyncJobDispatcher]
> (API-Job-Executor-99:ctx-1392adbe job-69196) (logid:2f71074c) Unexpected
> exception while executing org.apache.cloudstack.api.command.admin.volume.
> ResizeVolumeCmdByAdmin
> com.cloud.utils.exception.CloudRuntimeException:
> org.libvirt.LibvirtException: invalid argument: can't shrink capacity below
> existing allocation
> at com.cloud.storage.VolumeApiServiceImpl.orchestrateResizeVolume(
> VolumeApiServiceImpl.java:1213)
> at com.cloud.storage.VolumeApiServiceImpl.orchestrateResizeVolume(
> VolumeApiServiceImpl.java:2920)
> at sun.reflect.GeneratedMethodAccessor1400.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at com.cloud.vm.VmWorkJobHandlerProxy.handleVmWorkJob(
> VmWorkJobHandlerProxy.java:107)
> at com.cloud.storage.VolumeApiServiceImpl.handleVmWorkJob(
> VolumeApiServiceImpl.java:2944)
> at sun.reflect.GeneratedMethodAccessor1396.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at org.springframework.aop.support.AopUtils.
> invokeJoinpointUsingReflection(AopUtils.java:317)
> at org.springframework.aop.framework.ReflectiveMethodInvocation.
> invokeJoinpoint(ReflectiveMethodInvocation.java:183)
> at org.springframework.aop.framework.ReflectiveMethodInvocation.
> proceed(ReflectiveMethodInvocation.java:150)
> at org.springframework.aop.interceptor.
> ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:91)
> at org.springframework.aop.framework.ReflectiveMethodInvocation.
> proceed(ReflectiveMethodInvocation.java:172)
> at org.springframework.aop.framework.JdkDynamicAopProxy.
> invoke(JdkDynamicAopProxy.java:204)
> at com.sun.proxy.$Proxy194.handleVmWorkJob(Unknown Source)
> at com.cloud.vm.VmWorkJobDispatcher.runJob(
> VmWorkJobDispatcher.java:102)
> at org.apache.cloudstack.framework.jobs.impl.
> AsyncJobManagerImpl$5.runInContext(AsyncJobManagerImpl.java:554)
> at org.apache.cloudstack.managed.context.
> ManagedContextRunnable$1.run(ManagedContextRunnable.java:49)
> at org.apache.cloudstack.managed.context.impl.
> DefaultManagedContext$1.call(DefaultManagedContext.java:56)
> at org.apache.cloudstack.managed.context.impl.
> DefaultManagedContext.callWithContext(DefaultManagedContext.java:103)
> at org.apache.cloudstack.managed.context.impl.
> DefaultManagedContext.runWithContext(DefaultManagedContext.java:53)
> at org.apache.cloudstack.managed.context.
> ManagedContextRunnable.run(ManagedContextRunnable.java:46)
> at org.apache.cloudstack.framework.jobs.impl.
> AsyncJobManagerImpl$5.run(AsyncJobManagerImpl.java:502)
> at java.util.concurrent.Executors$RunnableAdapter.
> call(Executors.java:471)
> at java.util.concurrent.FutureTask.run(FutureTask.java:262)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(
> ThreadPoolExecutor.java:1145)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(
> ThreadPoolExecutor.java:615)
> at java.lang.Thread.run(Thread.java:745)
> 2018-08-16 17:52:31,543 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
> (API-Job-Executor-99:ctx-1392adbe job-69196) (logid:2f71074c) Complete
> async job-69196, jobStatus: FAILED, resultCode: 530, result:
> org.apache.cloudstack.api.response.Except
> ionResponse/null/{"uuidList":[],"errorcode":530,"errortext":"org.libvirt.LibvirtException:
> invalid argument: can\u0027t shrink capacity below existing allocation"}
>
>
> On the hypervisor host's CloudStack agent log:
>
>
> 2018-08-16 17:52:29,790 DEBUG [cloud.agent.Agent]
>
