Re: [one-users] sunstone nil

[Hyun Woo Kim]

Hi,
Sorry, please ignore my previous email
Turns out this error is caused by my modifications in our use of sunstone.

Hyunwoo
FermiCloud

From: Hyunwoo Kim mailto:hyun...@fnal.gov>>
Date: Thursday, May 8, 2014 3:34 PM
To: users mailto:users@lists.opennebula.org>>
Subject: [one-users] sunstone nil

Hi,

We are testing ON4.6 here in Fermilab
and sunstone produces the following error right after we start sunstone
as shown in C far below.

My guess is as follows:

The error message  A originates from another message B
A : NoMethodError - undefined method `call' for nil:NilClass:
B:  /usr/lib/one/sunstone/sunstone-server.rb:470:in `GET /:pool'

and B is found in   /usr/lib/one/sunstone/sunstone-server.rb
get '/:pool' do
zone_client = nil

if params[:zone_id]
zone = OpenNebula::Zone.new_with_id(params[:zone_id].to_i,
$cloud_auth.client(session[:user]))
rc   = zone.info
return [500, rc.message] if OpenNebula.is_error?(rc)
zone_client = $cloud_auth.client(session[:user],
 zone['TEMPLATE/ENDPOINT'])
end

@SunstoneServer.get_pool(params[:pool],
 session[:user_gid],
 zone_client)
end

My guess is, zone_client is still nil in @SunstoneServer.get_pool
and the reason might be not properly setting up ZONE in our configuration.
I could not find what to do about ZONE in ON manual.

Please point us at the right direction regarding this error.
Thank you.
Hyunwoo Kim
FermiCloud

=

A : NoMethodError - undefined method `call' for nil:NilClass:
B:  /usr/lib/one/sunstone/sunstone-server.rb:470:in `GET /:pool'

C: The entire original error messages:
/var/log/one/sunstone.error
NoMethodError - undefined method `call' for nil:NilClass:
 /usr/lib/one/ruby/opennebula/pool.rb:132:in `xmlrpc_info'
 /usr/lib/one/ruby/opennebula/pool.rb:59:in `info'
 /usr/lib/one/ruby/opennebula/zone_pool.rb:53:in `info'
 /usr/lib/one/ruby/opennebula/pool.rb:183:in `get_hash'
 /usr/lib/one/sunstone/models/SunstoneServer.rb:71:in `get_pool'
 /usr/lib/one/sunstone/sunstone-server.rb:470:in `GET /:pool'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:863:in `call'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:863:in `route'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:521:in 
`instance_eval'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:521:in `route_eval'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:500:in `route!'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:497:in `catch'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:497:in `route!'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:476:in `each'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:476:in `route!'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:601:in `dispatch!'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:411:in `call!'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:566:in 
`instance_eval'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:566:in `invoke'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:566:in `catch'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:566:in `invoke'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:411:in `call!'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:399:in `call'
 /usr/lib/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/commonlogger.rb:18:in `call'
 /usr/lib/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/deflater.rb:13:in `call'
 /usr/lib/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/session/abstract/id.rb:63:in 
`context'
 /usr/lib/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/session/abstract/id.rb:58:in 
`call'
 /usr/lib/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/showexceptions.rb:24:in `call'
 /usr/lib/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/methodoverride.rb:24:in `call'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:979:in `call'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:1005:in 
`synchronize'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:979:in `call'
 /usr/lib/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/content_length.rb:13:in `call'
 /usr/lib/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/chunked.rb:15:in `call'
 /usr/lib/ruby/gems/1.8/gems/thin-1.2.8/lib/thin/connection.rb:84:in 
`pre_process'
 /usr/lib/ruby/gems/1.8/gems/thin-1.2.8/lib/thin/connection.rb:82:in `catch'
 /usr/lib/ruby/gems/1.8/gems/thin-1.2.8/lib/thin/connection.rb:82:in 
`pre_process'
 /usr/lib/ruby/gems/1.8/gems/thin-1.2.8/lib/thin/connection.rb:57:in `process'
 /usr/lib/ruby/gems/1.8/gems/thin-1.2.8/lib/thin/connection.rb:42:in 
`receive_data'
 /usr/lib/ruby/gems/1.8/gems/eventmachine-0.12.10/lib/eventmachine.rb:256:in 
`run_machine'
 /usr/lib/ruby/gems/1.8/gems/eventmachine-0.12.10/lib/eventmachine.rb:256:i

[one-users] sunstone nil

[Hyun Woo Kim]

Hi,

We are testing ON4.6 here in Fermilab
and sunstone produces the following error right after we start sunstone
as shown in C far below.

My guess is as follows:

The error message  A originates from another message B
A : NoMethodError - undefined method `call' for nil:NilClass:
B:  /usr/lib/one/sunstone/sunstone-server.rb:470:in `GET /:pool'

and B is found in   /usr/lib/one/sunstone/sunstone-server.rb
get '/:pool' do
zone_client = nil

if params[:zone_id]
zone = OpenNebula::Zone.new_with_id(params[:zone_id].to_i,
$cloud_auth.client(session[:user]))
rc   = zone.info
return [500, rc.message] if OpenNebula.is_error?(rc)
zone_client = $cloud_auth.client(session[:user],
 zone['TEMPLATE/ENDPOINT'])
end

@SunstoneServer.get_pool(params[:pool],
 session[:user_gid],
 zone_client)
end

My guess is, zone_client is still nil in @SunstoneServer.get_pool
and the reason might be not properly setting up ZONE in our configuration.
I could not find what to do about ZONE in ON manual.

Please point us at the right direction regarding this error.
Thank you.
Hyunwoo Kim
FermiCloud

=

A : NoMethodError - undefined method `call' for nil:NilClass:
B:  /usr/lib/one/sunstone/sunstone-server.rb:470:in `GET /:pool'

C: The entire original error messages:
/var/log/one/sunstone.error
NoMethodError - undefined method `call' for nil:NilClass:
 /usr/lib/one/ruby/opennebula/pool.rb:132:in `xmlrpc_info'
 /usr/lib/one/ruby/opennebula/pool.rb:59:in `info'
 /usr/lib/one/ruby/opennebula/zone_pool.rb:53:in `info'
 /usr/lib/one/ruby/opennebula/pool.rb:183:in `get_hash'
 /usr/lib/one/sunstone/models/SunstoneServer.rb:71:in `get_pool'
 /usr/lib/one/sunstone/sunstone-server.rb:470:in `GET /:pool'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:863:in `call'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:863:in `route'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:521:in 
`instance_eval'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:521:in `route_eval'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:500:in `route!'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:497:in `catch'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:497:in `route!'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:476:in `each'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:476:in `route!'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:601:in `dispatch!'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:411:in `call!'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:566:in 
`instance_eval'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:566:in `invoke'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:566:in `catch'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:566:in `invoke'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:411:in `call!'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:399:in `call'
 /usr/lib/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/commonlogger.rb:18:in `call'
 /usr/lib/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/deflater.rb:13:in `call'
 /usr/lib/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/session/abstract/id.rb:63:in 
`context'
 /usr/lib/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/session/abstract/id.rb:58:in 
`call'
 /usr/lib/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/showexceptions.rb:24:in `call'
 /usr/lib/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/methodoverride.rb:24:in `call'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:979:in `call'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:1005:in 
`synchronize'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:979:in `call'
 /usr/lib/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/content_length.rb:13:in `call'
 /usr/lib/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/chunked.rb:15:in `call'
 /usr/lib/ruby/gems/1.8/gems/thin-1.2.8/lib/thin/connection.rb:84:in 
`pre_process'
 /usr/lib/ruby/gems/1.8/gems/thin-1.2.8/lib/thin/connection.rb:82:in `catch'
 /usr/lib/ruby/gems/1.8/gems/thin-1.2.8/lib/thin/connection.rb:82:in 
`pre_process'
 /usr/lib/ruby/gems/1.8/gems/thin-1.2.8/lib/thin/connection.rb:57:in `process'
 /usr/lib/ruby/gems/1.8/gems/thin-1.2.8/lib/thin/connection.rb:42:in 
`receive_data'
 /usr/lib/ruby/gems/1.8/gems/eventmachine-0.12.10/lib/eventmachine.rb:256:in 
`run_machine'
 /usr/lib/ruby/gems/1.8/gems/eventmachine-0.12.10/lib/eventmachine.rb:256:in 
`run'
 /usr/lib/ruby/gems/1.8/gems/thin-1.2.8/lib/thin/backends/base.rb:61:in `start'
 /usr/lib/ruby/gems/1.8/gems/thin-1.2.8/lib/thin/server.rb:159:in `start'
 /usr/lib/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/handler/thin.rb:14:in `run'
 /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb

Re: [one-users] restricted_attr in oned.conf of ON44

[Hyun Woo Kim]

Hi Ruben,

Thanks again for your response. It is very clear to me now..

My previous assertion
> but it (VM_RESTRICTED_ATTR="CPU" in oned.conf) does NOT prevent users from 
> using CPU attribute in their VM templates.
is wrong, I made a mistake when I was testing this feature,
i.e. now I know that VM_RESTRICTED_ATTR in oned.conf works..

Let me ask one last question regarding IMAGE_RESTRICTED_ATTR.
In ON3.2, we know the following code
less src/image/ImageTemplate.cc
const string ImageTemplate::RESTRICTED_ATTRIBUTES[] = {
"SOURCE"
};
disallows non-oneadmin-group users to use the command onevm saveas
because internally this involves SOURCE attribute,

but in newer version e.g. ON4.4, this seems to be gone
even when we have IMAGE_RESTRICTED_ATTR=SOURCE in oned.conf.
This is what I learned from my testings.

Could you confirm this?
Thank you!

Hyunwoo
FermiCloud


From: "Ruben S. Montero" 
mailto:rsmont...@opennebula.org>>
Date: Thursday, April 17, 2014 4:37 PM
To: Hyunwoo Kim mailto:hyun...@fnal.gov>>
Cc: Carlos Martín Sánchez 
mailto:cmar...@opennebula.org>>, users 
mailto:users@lists.opennebula.org>>, Steven C Timm 
mailto:t...@fnal.gov>>
Subject: Re: [one-users] restricted_attr in oned.conf of ON44




On Wed, Apr 16, 2014 at 5:15 PM, Hyun Woo Kim 
mailto:hyun...@fnal.gov>> wrote:
Hi Ruben,

Thanks for the message. (It's still confusing to me though.)

Let me see if I understand this right.

In "Merge Use Case" section of 
http://docs.opennebula.org/4.4/user/virtual_resource_management/vm_guide.html
suppose there is VM_RESTRICTED_ATTR="CPU" in oned.conf.
This only prevents non-oneadmin-group users from
using —cpu option to onetemplate instantiate command
but it (VM_RESTRICTED_ATTR="CPU" in oned.conf) does NOT prevent users from using
CPU attribute in their VM templates. Is this right?

Right (although they won't be able to instantiate them)


In ON3.2, src/vm/VirtualMachineTemplate.cc has the following code
[A] =
const string VirtualMachineTemplate::RESTRICTED_ATTRIBUTES[] = {
   "CONTEXT/FILES",
"DISK/SOURCE",
"NIC/MAC",
"NIC/VLAN_ID",
"RANK"
};

We know that this prevents non-oneadmin-users from using for example 
CONTEXT/FILES attribute in their template
so we had to modify the above to comment out CONTEXT/FILES and RANK.

But it looks like this array is gone now but the new entries in oned.cof 
(VM_RESTRICTED_ATTR) has NOT inherited the functionality.

You are right, we've restructured the code, and probably move the checks to 
onetemplate instantiate / onevm create.


So, in summary, looks like there is restriction that prevents normal users from 
using
those attributes [A] in their templates.

Do I understand right?

In summary, template checks for restricted attributes are made:

1.- on VM template instantiate (onetemplate instantiate)
2.- on VM create (onevm create)
3.- on VM attach nic (onevm attachnic) (for example to not allow users to use 
NIC/MAC)


Hope it is clearer now,

Cheers

Ruben

Thanks again,
Hyunwoo
FermiCloud


From: "Ruben S. Montero" 
mailto:rsmont...@opennebula.org>>
Date: Wednesday, April 16, 2014 9:37 AM
To: Carlos Martín Sánchez 
mailto:cmar...@opennebula.org>>
Cc: Hyunwoo Kim mailto:hyun...@fnal.gov>>, users 
mailto:users@lists.opennebula.org>>
Subject: Re: [one-users] restricted_attr in oned.conf of ON44

Hi Hyun

We've taken a look into it and it seems to be working. A couple of notes:

1.- VM Template is checked for restricted attributes if the owner is not 
oneadmin (or in oneadmin group). The rationale behind it is that oneadmin can 
prepare templates with "unsafe" attributes but let the user instantiate them 
(but not set or modify the attributes). We'll make it clearer in the doc.

2. Disk snapshot operation may use the SOURCE attribute but internally, the 
user cannot modify or set the SOURCE attribute.

Hope it makes it clearer.

Cheers

Ruben


On Wed, Apr 16, 2014 at 3:22 PM, Carlos Martín Sánchez 
mailto:cmar...@opennebula.org>> wrote:
Hi,

There is not much to it, it should be working as you describe. We'll try to 
reproduce it and fix it for 4.6 if it's broken.
http://dev.opennebula.org/issues/2838

Regards.

--
Carlos Martín, MSc
Project Engineer
OpenNebula - Flexible Enterprise Cloud Made Simple
www.OpenNebula.org<http://www.OpenNebula.org> | 
cmar...@opennebula.org<mailto:cmar...@opennebula.org> | 
@OpenNebula<http://twitter.com/opennebula><mailto:cmar...@opennebula.org>


On Tue, Apr 15, 2014 at 5:50 PM, Hyun Woo Kim 
mailto:hyun...@fnal.gov>> wrote:
Hello,

http://docs.opennebula.org/4.4/administration/references/oned_conf.html#oned-conf-restricted-attributes-configuration
says we can use {VM,IMAGE}_RESTRICTED_ATTR
to restrict users outside the oneadmin group

Re: [one-users] restricted_attr in oned.conf of ON44

[Hyun Woo Kim]

Hi Ruben,

Thanks for the message. (It's still confusing to me though.)

Let me see if I understand this right.

In "Merge Use Case" section of 
http://docs.opennebula.org/4.4/user/virtual_resource_management/vm_guide.html
suppose there is VM_RESTRICTED_ATTR="CPU" in oned.conf.
This only prevents non-oneadmin-group users from
using —cpu option to onetemplate instantiate command
but it (VM_RESTRICTED_ATTR="CPU" in oned.conf) does NOT prevent users from using
CPU attribute in their VM templates. Is this right?

In ON3.2, src/vm/VirtualMachineTemplate.cc has the following code
[A] =
const string VirtualMachineTemplate::RESTRICTED_ATTRIBUTES[] = {
   "CONTEXT/FILES",
"DISK/SOURCE",
"NIC/MAC",
"NIC/VLAN_ID",
"RANK"
};

We know that this prevents non-oneadmin-users from using for example 
CONTEXT/FILES attribute in their template
so we had to modify the above to comment out CONTEXT/FILES and RANK.

But it looks like this array is gone now but the new entries in oned.cof 
(VM_RESTRICTED_ATTR) has NOT inherited the functionality.

So, in summary, looks like there is restriction that prevents normal users from 
using
those attributes [A] in their templates.

Do I understand right?

Thanks again,
Hyunwoo
FermiCloud


From: "Ruben S. Montero" 
mailto:rsmont...@opennebula.org>>
Date: Wednesday, April 16, 2014 9:37 AM
To: Carlos Martín Sánchez 
mailto:cmar...@opennebula.org>>
Cc: Hyunwoo Kim mailto:hyun...@fnal.gov>>, users 
mailto:users@lists.opennebula.org>>
Subject: Re: [one-users] restricted_attr in oned.conf of ON44

Hi Hyun

We've taken a look into it and it seems to be working. A couple of notes:

1.- VM Template is checked for restricted attributes if the owner is not 
oneadmin (or in oneadmin group). The rationale behind it is that oneadmin can 
prepare templates with "unsafe" attributes but let the user instantiate them 
(but not set or modify the attributes). We'll make it clearer in the doc.

2. Disk snapshot operation may use the SOURCE attribute but internally, the 
user cannot modify or set the SOURCE attribute.

Hope it makes it clearer.

Cheers

Ruben


On Wed, Apr 16, 2014 at 3:22 PM, Carlos Martín Sánchez 
mailto:cmar...@opennebula.org>> wrote:
Hi,

There is not much to it, it should be working as you describe. We'll try to 
reproduce it and fix it for 4.6 if it's broken.
http://dev.opennebula.org/issues/2838

Regards.

--
Carlos Martín, MSc
Project Engineer
OpenNebula - Flexible Enterprise Cloud Made Simple
www.OpenNebula.org<http://www.OpenNebula.org> | 
cmar...@opennebula.org<mailto:cmar...@opennebula.org> | 
@OpenNebula<http://twitter.com/opennebula><mailto:cmar...@opennebula.org>


On Tue, Apr 15, 2014 at 5:50 PM, Hyun Woo Kim 
mailto:hyun...@fnal.gov>> wrote:
Hello,

http://docs.opennebula.org/4.4/administration/references/oned_conf.html#oned-conf-restricted-attributes-configuration
says we can use {VM,IMAGE}_RESTRICTED_ATTR
to restrict users outside the oneadmin group

but I experiment as a user whose group is users, not oneadmin
to launch a VM from a vm.template with CONTEXT/FILES
and onevm disk-snapshot command which must use SOURCE attribute,
both work, i.e. restricted_attr do not seem to work..

Am I missing something?

Thanks,
Hyunwoo KIM
FermiCloud



___
Users mailing list
Users@lists.opennebula.org<mailto:Users@lists.opennebula.org>
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org



___
Users mailing list
Users@lists.opennebula.org<mailto:Users@lists.opennebula.org>
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org




--
--
Ruben S. Montero, PhD
Project co-Lead and Chief Architect
OpenNebula - Flexible Enterprise Cloud Made Simple
www.OpenNebula.org<http://www.OpenNebula.org> | 
rsmont...@opennebula.org<mailto:rsmont...@opennebula.org> | @OpenNebula
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] onedb upgrade and XML

[Hyun Woo Kim]

Thanks for confirming this.
Hyunwoo
Fermicloud

From: Carlos Martín Sánchez 
mailto:cmar...@opennebula.org>>
Date: Wednesday, April 16, 2014 8:08 AM
To: Hyunwoo Kim mailto:hyun...@fnal.gov>>
Cc: users mailto:users@lists.opennebula.org>>
Subject: Re: [one-users] onedb upgrade and XML

Hi,

Your approach looks correct. The cpu element should also work with simple text 
instead of cdata.
Refer to the REXML docs for more information: 
http://ruby-doc.org/stdlib-2.1.1/libdoc/rexml/rdoc/index.html

Regards

--
Carlos Martín, MSc
Project Engineer
OpenNebula - Flexible Enterprise Cloud Made Simple
www.OpenNebula.org<http://www.OpenNebula.org> | 
cmar...@opennebula.org<mailto:cmar...@opennebula.org> | 
@OpenNebula<http://twitter.com/opennebula><mailto:cmar...@opennebula.org>


On Tue, Apr 15, 2014 at 11:11 PM, Hyun Woo Kim 
mailto:hyun...@fnal.gov>> wrote:
I have found one possible solution

I modified /usr/lib/one/ruby/onedb/3.8.5_to_3.9.30.rb as follows;

@db.fetch("SELECT * FROM old_template_pool") do |row|
doc = Document.new(row[:body])
template = nil
doc.root.each_element("TEMPLATE") do |e|
template = e
end

doc.root.each_element("TEMPLATE") do |e|
   elem = e.delete_element("REQUIREMENTS")
   if !elem.nil?
template.add_element("SCHED_REQUIREMENTS").text = elem.text
end

elem = e.delete_element("RANK")
if !elem.nil?
template.add_element("SCHED_RANK").text = elem.text
end

# NEW> e.add_element("CPU").text = "1"
end

# NEW>   doc.root.each_element("TEMPLATE/GRAPHICS") { |e|
# NEW>   e.delete_element("PORT")
# NEW >  }


The second part to delete PORT works!

The issue is the first part. With the above code, the body field of 
template_pool shows a new entry 1
while I expect it to be 

So, I am thinking of modifying as follows instead;
 e.add_element("CPU").text = ""

I believe this will result in the DB as 

What do you ON developers think?

Thanks,
Hyunwoo
FermiCloud

From: Hyunwoo Kim mailto:hyun...@fnal.gov>>
Date: Tuesday, April 15, 2014 10:08 AM
To: users mailto:users@lists.opennebula.org>>
Cc: Hyunwoo Kim mailto:hyun...@fnal.gov>>
Subject: onedb upgrade and XML

Hello,

onedb upgrade command of ON44 against an old DB
fails to do the following two tasks.
1.   should have been inserted, but missing
2.   in /VMTEMPLATE/TEMPLATE/GRAPHICS/ should have been removed, 
but still there..

What should I do about these?

I am investigating a possibility to use xpath command
with mysql -h localhost -u root -e "select body from template_pool limit 1" 
open nebula
or something, but I am not sure if this is any good solution..

Any advice will be very appreciated.
Thanks,

Hyunwoo KIM
FermiCloud



___
Users mailing list
Users@lists.opennebula.org<mailto:Users@lists.opennebula.org>
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org


___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] onedb upgrade and XML

[Hyun Woo Kim]

I have found one possible solution

I modified /usr/lib/one/ruby/onedb/3.8.5_to_3.9.30.rb as follows;

@db.fetch("SELECT * FROM old_template_pool") do |row|
doc = Document.new(row[:body])
template = nil
doc.root.each_element("TEMPLATE") do |e|
template = e
end

doc.root.each_element("TEMPLATE") do |e|
   elem = e.delete_element("REQUIREMENTS")
   if !elem.nil?
template.add_element("SCHED_REQUIREMENTS").text = elem.text
end

elem = e.delete_element("RANK")
if !elem.nil?
template.add_element("SCHED_RANK").text = elem.text
end

# NEW> e.add_element("CPU").text = "1"
end

# NEW>   doc.root.each_element("TEMPLATE/GRAPHICS") { |e|
# NEW>   e.delete_element("PORT")
# NEW >  }


The second part to delete PORT works!

The issue is the first part. With the above code, the body field of 
template_pool shows a new entry 1
while I expect it to be 

So, I am thinking of modifying as follows instead;
 e.add_element("CPU").text = ""

I believe this will result in the DB as 

What do you ON developers think?

Thanks,
Hyunwoo
FermiCloud

From: Hyunwoo Kim mailto:hyun...@fnal.gov>>
Date: Tuesday, April 15, 2014 10:08 AM
To: users mailto:users@lists.opennebula.org>>
Cc: Hyunwoo Kim mailto:hyun...@fnal.gov>>
Subject: onedb upgrade and XML

Hello,

onedb upgrade command of ON44 against an old DB
fails to do the following two tasks.
1.   should have been inserted, but missing
2.   in /VMTEMPLATE/TEMPLATE/GRAPHICS/ should have been removed, 
but still there..

What should I do about these?

I am investigating a possibility to use xpath command
with mysql -h localhost -u root -e "select body from template_pool limit 1" 
open nebula
or something, but I am not sure if this is any good solution..

Any advice will be very appreciated.
Thanks,

Hyunwoo KIM
FermiCloud


___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

[one-users] restricted_attr in oned.conf of ON44

[Hyun Woo Kim]

Hello,

http://docs.opennebula.org/4.4/administration/references/oned_conf.html#oned-conf-restricted-attributes-configuration
says we can use {VM,IMAGE}_RESTRICTED_ATTR
to restrict users outside the oneadmin group

but I experiment as a user whose group is users, not oneadmin
to launch a VM from a vm.template with CONTEXT/FILES
and onevm disk-snapshot command which must use SOURCE attribute,
both work, i.e. restricted_attr do not seem to work..

Am I missing something?

Thanks,
Hyunwoo KIM
FermiCloud


___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

[one-users] onedb upgrade and XML

[Hyun Woo Kim]

Hello,

onedb upgrade command of ON44 against an old DB
fails to do the following two tasks.
1.   should have been inserted, but missing
2.   in /VMTEMPLATE/TEMPLATE/GRAPHICS/ should have been removed, 
but still there..

What should I do about these?

I am investigating a possibility to use xpath command
with mysql -h localhost -u root -e "select body from template_pool limit 1" 
open nebula
or something, but I am not sure if this is any good solution..

Any advice will be very appreciated.
Thanks,

Hyunwoo KIM
FermiCloud


___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] data store not created in VMHosts

[Hyun Woo Kim]

If HostXML::test_ds_capacity only creates  $DATASTORE_LOCATION/ assuming  
$DATASTORE_LOCATION itself exists,
my next question here might be,
which code creates  $DATASTORE_LOCATION itself and when?

I don't think I missed an instruction to create  $DATASTORE_LOCATION manually 
in the ON documentation..
i.e.  $DATASTORE_LOCATION must be created by ON codes (maybe) during the first 
VM deployment.

But like I described in the original email, our test ON4.4  fails at this.

Hyunwoo Kim
FermiCloud





The $DATASTORE_LOCATION/ dir is created by the first VM deployment. That is 
why in HostXML::test_ds_capacity (called from Scheduler.cc), we use 
HOST/FREE_DISK as the free space when the ds-id subdir does not exist, to allow 
the first deployment.
But now it seems that monitor_ds should also consider that $DATASTORE_LOCATION 
may actually not exist.

___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] data store not created in VMHosts

[Hyun Woo Kim]

Hi,
Here is the output.

By the way, In VMHost:/var/lib/one/,  subdirectory datastores itself does not 
get created, let alone datastores/100

Thank you.
Hyunwoo KIM
FermiCloud Project

-bash-4.1$ onehost show -x 4

  4
  fgtest12
  2
  kvm
  kvm
  dummy
  1396022208
  101
  ipv6
  
0
0
0
0
16329064
400
0
15874132
397
0
454932
2
0

  
  
  








  





From: Carlos Martín Sánchez 
mailto:cmar...@opennebula.org>>
Date: Friday, March 28, 2014 10:54 AM
To: Hyunwoo Kim mailto:hyun...@fnal.gov>>
Cc: "users@lists.opennebula.org<mailto:users@lists.opennebula.org>" 
mailto:users@lists.opennebula.org>>
Subject: Re: [one-users] data store not created in VMHosts

Hi,

On Thu, Mar 27, 2014 at 9:57 PM, Hyun Woo Kim 
mailto:hyun...@fnal.gov>> wrote:
Hi,

I am testing the data store feature of ON 4.4 in a very simple configuration
and I am getting an error that I can NOT understand.

I have one cluster with
one img type DS (ID 1, DS=fs, T/M=ssh) and
one sys type DS   (ID 100, that I created with ssh TM)

Then I attach one VMHost to this cluster.
According to the manual, the first deployment of VM creates
datastores/100 under /var/lib/one/, right?

But in my case, the first deployed VM is pending
with an error message in sched.log saying,
 Local Datastore 100 in Host 8 filtered out. Not enough capacity.
 No suitable System DS found for Host: 8. Filtering out host.

This VM gets deployed if I manually create this directory;
mkdir -p /var/lib/one/datastores/100

This error sometimes does not happen for a certain VMHost.

So, I would like to understand why datastores/ID is created in some VMHosts
and not in other VMHosts.

if the ON developers could point me at right codes to look at,
or describe what I am doing wrong,
it will be very helpful.

Thanks,
Hyuwoo Kim
FermiCloud

The scheduler should take into account the space of /var/lib/one/datastores 
when ../100 does not exist. Can you send us the output of onehost show -x?

Regards
--
Carlos Martín, MSc
Project Engineer
OpenNebula - Flexible Enterprise Cloud Made Simple
www.OpenNebula.org<http://www.opennebula.org/> | 
cmar...@opennebula.org<mailto:cmar...@opennebula.org> | 
@OpenNebula<http://twitter.com/opennebula><mailto:cmar...@opennebula.org>

___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] data store not created in VMHosts

[Hyun Woo Kim]

Thanks very much.
We are already familiar with monitor_ds.sh
and our problem is,  monitor_ds.sh does not report system_DS capacities
until I manually mkdir –p /var/lib/one/datastores/100(our system_ds ID)..
(Note –p option to mkdir).

Thanks again and we look forward to hearing from you
as this issue is one of road blocks that are stopping us from upgrading to ON 
4.4.

Hyunwoo
FermiCloud Project.


From: Carlos Martín Sánchez 
mailto:cmar...@opennebula.org>>
Date: Friday, March 28, 2014 11:24 AM
To: Hyunwoo Kim mailto:hyun...@fnal.gov>>
Cc: "users@lists.opennebula.org<mailto:users@lists.opennebula.org>" 
mailto:users@lists.opennebula.org>>
Subject: Re: [one-users] data store not created in VMHosts

Hi,

On Fri, Mar 28, 2014 at 5:05 PM, Hyun Woo Kim 
mailto:hyun...@fnal.gov>> wrote:
Hi,
Here is the output.

By the way, In VMHost:/var/lib/one/,  subdirectory datastores itself does not 
get created, let alone datastores/100


I see... we will take a look into it [1].
In case you want to play around with it, the script is located at 
/var/lib/one/remotes/im//monitor_ds.sh

Best regards

[1] http://dev.opennebula.org/issues/2816

--
Carlos Martín, MSc
Project Engineer
OpenNebula - Flexible Enterprise Cloud Made Simple
www.OpenNebula.org<http://www.opennebula.org/> | 
cmar...@opennebula.org<mailto:cmar...@opennebula.org> | 
@OpenNebula<http://twitter.com/opennebula><mailto:cmar...@opennebula.org>


Thank you.
Hyunwoo KIM
FermiCloud Project

-bash-4.1$ onehost show -x 4

  4
  fgtest12
  2
  kvm
  kvm
  dummy
  1396022208
  101
  ipv6
  
0
0
0
0
16329064
400
0
15874132
397
0
454932
2
0

  
  
  








  





From: Carlos Martín Sánchez 
mailto:cmar...@opennebula.org>>
Date: Friday, March 28, 2014 10:54 AM
To: Hyunwoo Kim mailto:hyun...@fnal.gov>>
Cc: "users@lists.opennebula.org<mailto:users@lists.opennebula.org>" 
mailto:users@lists.opennebula.org>>
Subject: Re: [one-users] data store not created in VMHosts

Hi,

On Thu, Mar 27, 2014 at 9:57 PM, Hyun Woo Kim 
mailto:hyun...@fnal.gov>> wrote:
Hi,

I am testing the data store feature of ON 4.4 in a very simple configuration
and I am getting an error that I can NOT understand.

I have one cluster with
one img type DS (ID 1, DS=fs, T/M=ssh) and
one sys type DS   (ID 100, that I created with ssh TM)

Then I attach one VMHost to this cluster.
According to the manual, the first deployment of VM creates
datastores/100 under /var/lib/one/, right?

But in my case, the first deployed VM is pending
with an error message in sched.log saying,
 Local Datastore 100 in Host 8 filtered out. Not enough capacity.
 No suitable System DS found for Host: 8. Filtering out host.

This VM gets deployed if I manually create this directory;
mkdir -p /var/lib/one/datastores/100

This error sometimes does not happen for a certain VMHost.

So, I would like to understand why datastores/ID is created in some VMHosts
and not in other VMHosts.

if the ON developers could point me at right codes to look at,
or describe what I am doing wrong,
it will be very helpful.

Thanks,
Hyuwoo Kim
FermiCloud

The scheduler should take into account the space of /var/lib/one/datastores 
when ../100 does not exist. Can you send us the output of onehost show -x?

Regards
--
Carlos Martín, MSc
Project Engineer
OpenNebula - Flexible Enterprise Cloud Made Simple
www.OpenNebula.org<http://www.opennebula.org/> | 
cmar...@opennebula.org<mailto:cmar...@opennebula.org> | 
@OpenNebula<http://twitter.com/opennebula><mailto:cmar...@opennebula.org>


___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

[one-users] data store not created in VMHosts

[Hyun Woo Kim]

Hi,

I am testing the data store feature of ON 4.4 in a very simple configuration
and I am getting an error that I can NOT understand.

I have one cluster with
one img type DS (ID 1, DS=fs, T/M=ssh) and
one sys type DS   (ID 100, that I created with ssh TM)

Then I attach one VMHost to this cluster.
According to the manual, the first deployment of VM creates
datastores/100 under /var/lib/one/, right?

But in my case, the first deployed VM is pending
with an error message in sched.log saying,
 Local Datastore 100 in Host 8 filtered out. Not enough capacity.
 No suitable System DS found for Host: 8. Filtering out host.

This VM gets deployed if I manually create this directory;
mkdir -p /var/lib/one/datastores/100

This error sometimes does not happen for a certain VMHost.

So, I would like to understand why datastores/ID is created in some VMHosts
and not in other VMHosts.

if the ON developers could point me at right codes to look at,
or describe what I am doing wrong,
it will be very helpful.

Thanks,
Hyuwoo Kim
FermiCloud



___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] econe-describe-images command in ON 4.4

[Hyun Woo Kim]

This patch solved my problem.
Thanks again!

Hyunwoo

From: Daniel Molina mailto:dmol...@opennebula.org>>
Date: Wednesday, February 5, 2014 12:14 PM
To: Hyunwoo Kim mailto:hyun...@fnal.gov>>
Cc: "users@lists.opennebula.org<mailto:users@lists.opennebula.org>" 
mailto:users@lists.opennebula.org>>
Subject: Re: [one-users] econe-describe-images command in ON 4.4




On 5 February 2014 19:08, Hyun Woo Kim 
mailto:hyun...@fnal.gov>> wrote:
Let me ask further questions.

When I do the following command,
econe-register  ami-0008   -U http://fermicloud122.fnal.gov:4567/ 
-K hwkim -S 5baa61e…

I am getting an error message
--
Command econe-register requires 2 parameters to run.
Command 'econe-register' not found
## SYNOPSIS
econe-register [OPTIONS] IMAGE-ID
## OPTIONS
 -K, --access-key id   The username of the user
 -S, --secret-key key  The sha1 hashed password of the user
 -U, --url url Set url as the web service url to use
 
--
The last line seems to suggest that I should give an IP address as well,
so I tried again

econe-register 192.168.1.1   ami-0008   -U 
http://fermicloud122.fnal.gov:4567/ -K hwkim -S 5baa61e…

And now I am getting a new error message;
econe-register: [ImageInfo] Error getting image [192].

I can not figure out what is wrong with my configuration.

There is a bug in the econe-register command (that is already deprecated), to 
fix it apply the following patch

diff --git a/src/cloud/ec2/bin/econe-register b/src/cloud/ec2/bin/econe-register
index 8556e3d..871b21f 100755
--- a/src/cloud/ec2/bin/econe-register
+++ b/src/cloud/ec2/bin/econe-register
@@ -50,7 +50,7 @@ EOT"
 EC2QueryClient::URL
 ]

-main :public_ip, :instance_id do
+main :instance_id do
 begin
 ec2_client = EC2QueryClient::Client.new(
 options[:access_key],

econe-register 8   -U http://fermicloud122.fnal.gov:4567/ -K hwkim -S 5baa61e…

or just provide the ID the image as first parameter. Note that you have to 
provide just the ID, since it's not an ami yet

econe-register 8  whatever   -U http://fermicloud122.fnal.gov:4567/ -K hwkim -S 
5baa61e…


Thanks,
Hyunwoo


From: Daniel Molina mailto:dmol...@opennebula.org>>
Date: Wednesday, February 5, 2014 10:13 AM

To: Hyunwoo Kim mailto:hyun...@fnal.gov>>
Cc: "users@lists.opennebula.org<mailto:users@lists.opennebula.org>" 
mailto:users@lists.opennebula.org>>
Subject: Re: [one-users] econe-describe-images command in ON 4.4




On 5 February 2014 16:37, Hyun Woo Kim 
mailto:hyun...@fnal.gov>> wrote:
Hi Daniel,
Thanks very much for a quick response, I appreciate it.

Yes, I was also looking for a similar solution in
http://docs.opennebula.org/stable/advanced_administration/public_cloud/ec2qug.html

I remember prior versions used to explicitly show how to use econe-register 
command.
(although I didn't have to use it).

Yes, the command is missing in the docs and it shouldn't, we will fix it:
http://dev.opennebula.org/issues/2711

Thank you for your feedback


Any way, thanks again!

Hyunwoo

From: Daniel Molina mailto:dmol...@opennebula.org>>
Date: Wednesday, February 5, 2014 8:08 AM
To: Hyunwoo Kim mailto:hyun...@fnal.gov>>
Cc: "users@lists.opennebula.org<mailto:users@lists.opennebula.org>" 
mailto:users@lists.opennebula.org>>
Subject: Re: [one-users] econe-describe-images command in ON 4.4

Hi Hyunwoo,


On 5 February 2014 13:20, Hyun Woo Kim 
mailto:hyun...@fnal.gov>> wrote:
Hi,

I have recently deployed ON 4.4 and have been testing EC2 (econe-) commands.

First I could do econe-upload successfully.
The new image can be seen with oneimage list command,
but econe-describe-images just shows an empty list.
(This command is working in our ON 3.2 EC2 system).

What has changed? Or am I missing a configuration step?

In one 4.4, after using econe-upload or just to make an OpenNebula image 
available through econe, the econe-register is necessary. This command will 
include the EC2_AMI=YES tag in the template and then it will be listed in the 
describe-images command and you will be able to use it through the ec2 api.

More information on the one-4.4 changes can be found here:
http://docs.opennebula.org/stable/release_notes44/compatibility.html#ec2-server

Cheers


Thanks very much
Hyunwoo
FermiCloud Project


___
Users mailing list
Users@lists.opennebula.org<mailto:Users@lists.opennebula.org>
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org




--
--
Daniel Molina
Project Engineer
OpenNebula - Flexible Enterprise Cloud Made Simple
www.OpenNebula.org<http://www.OpenNebula.org> | 
dmol...@opennebula.org<mailto:dmol...@opennebul

Re: [one-users] econe-describe-images command in ON 4.4

[Hyun Woo Kim]

Let me ask further questions.

When I do the following command,
econe-register  ami-0008   -U http://fermicloud122.fnal.gov:4567/ 
-K hwkim -S 5baa61e…

I am getting an error message
--
Command econe-register requires 2 parameters to run.
Command 'econe-register' not found
## SYNOPSIS
econe-register [OPTIONS] IMAGE-ID
## OPTIONS
 -K, --access-key id   The username of the user
 -S, --secret-key key  The sha1 hashed password of the user
 -U, --url url Set url as the web service url to use
 
--
The last line seems to suggest that I should give an IP address as well,
so I tried again

econe-register 192.168.1.1   ami-0008   -U 
http://fermicloud122.fnal.gov:4567/ -K hwkim -S 5baa61e…

And now I am getting a new error message;
econe-register: [ImageInfo] Error getting image [192].

I can not figure out what is wrong with my configuration.

Thanks,
Hyunwoo


From: Daniel Molina mailto:dmol...@opennebula.org>>
Date: Wednesday, February 5, 2014 10:13 AM
To: Hyunwoo Kim mailto:hyun...@fnal.gov>>
Cc: "users@lists.opennebula.org<mailto:users@lists.opennebula.org>" 
mailto:users@lists.opennebula.org>>
Subject: Re: [one-users] econe-describe-images command in ON 4.4




On 5 February 2014 16:37, Hyun Woo Kim 
mailto:hyun...@fnal.gov>> wrote:
Hi Daniel,
Thanks very much for a quick response, I appreciate it.

Yes, I was also looking for a similar solution in
http://docs.opennebula.org/stable/advanced_administration/public_cloud/ec2qug.html

I remember prior versions used to explicitly show how to use econe-register 
command.
(although I didn't have to use it).

Yes, the command is missing in the docs and it shouldn't, we will fix it:
http://dev.opennebula.org/issues/2711

Thank you for your feedback


Any way, thanks again!

Hyunwoo

From: Daniel Molina mailto:dmol...@opennebula.org>>
Date: Wednesday, February 5, 2014 8:08 AM
To: Hyunwoo Kim mailto:hyun...@fnal.gov>>
Cc: "users@lists.opennebula.org<mailto:users@lists.opennebula.org>" 
mailto:users@lists.opennebula.org>>
Subject: Re: [one-users] econe-describe-images command in ON 4.4

Hi Hyunwoo,


On 5 February 2014 13:20, Hyun Woo Kim 
mailto:hyun...@fnal.gov>> wrote:
Hi,

I have recently deployed ON 4.4 and have been testing EC2 (econe-) commands.

First I could do econe-upload successfully.
The new image can be seen with oneimage list command,
but econe-describe-images just shows an empty list.
(This command is working in our ON 3.2 EC2 system).

What has changed? Or am I missing a configuration step?

In one 4.4, after using econe-upload or just to make an OpenNebula image 
available through econe, the econe-register is necessary. This command will 
include the EC2_AMI=YES tag in the template and then it will be listed in the 
describe-images command and you will be able to use it through the ec2 api.

More information on the one-4.4 changes can be found here:
http://docs.opennebula.org/stable/release_notes44/compatibility.html#ec2-server

Cheers


Thanks very much
Hyunwoo
FermiCloud Project


___
Users mailing list
Users@lists.opennebula.org<mailto:Users@lists.opennebula.org>
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org




--
--
Daniel Molina
Project Engineer
OpenNebula - Flexible Enterprise Cloud Made Simple
www.OpenNebula.org<http://www.OpenNebula.org> | 
dmol...@opennebula.org<mailto:dmol...@opennebula.org> | @OpenNebula



--
--
Daniel Molina
Project Engineer
OpenNebula - Flexible Enterprise Cloud Made Simple
www.OpenNebula.org<http://www.OpenNebula.org> | 
dmol...@opennebula.org<mailto:dmol...@opennebula.org> | @OpenNebula
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] econe-describe-images command in ON 4.4

[Hyun Woo Kim]

Hi Daniel,
Thanks very much for a quick response, I appreciate it.

Yes, I was also looking for a similar solution in
http://docs.opennebula.org/stable/advanced_administration/public_cloud/ec2qug.html

I remember prior versions used to explicitly show how to use econe-register 
command.
(although I didn't have to use it).

Any way, thanks again!

Hyunwoo

From: Daniel Molina mailto:dmol...@opennebula.org>>
Date: Wednesday, February 5, 2014 8:08 AM
To: Hyunwoo Kim mailto:hyun...@fnal.gov>>
Cc: "users@lists.opennebula.org<mailto:users@lists.opennebula.org>" 
mailto:users@lists.opennebula.org>>
Subject: Re: [one-users] econe-describe-images command in ON 4.4

Hi Hyunwoo,


On 5 February 2014 13:20, Hyun Woo Kim 
mailto:hyun...@fnal.gov>> wrote:
Hi,

I have recently deployed ON 4.4 and have been testing EC2 (econe-) commands.

First I could do econe-upload successfully.
The new image can be seen with oneimage list command,
but econe-describe-images just shows an empty list.
(This command is working in our ON 3.2 EC2 system).

What has changed? Or am I missing a configuration step?

In one 4.4, after using econe-upload or just to make an OpenNebula image 
available through econe, the econe-register is necessary. This command will 
include the EC2_AMI=YES tag in the template and then it will be listed in the 
describe-images command and you will be able to use it through the ec2 api.

More information on the one-4.4 changes can be found here:
http://docs.opennebula.org/stable/release_notes44/compatibility.html#ec2-server

Cheers


Thanks very much
Hyunwoo
FermiCloud Project


___
Users mailing list
Users@lists.opennebula.org<mailto:Users@lists.opennebula.org>
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org




--
--
Daniel Molina
Project Engineer
OpenNebula - Flexible Enterprise Cloud Made Simple
www.OpenNebula.org<http://www.OpenNebula.org> | 
dmol...@opennebula.org<mailto:dmol...@opennebula.org> | @OpenNebula
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

[one-users] econe-describe-images command in ON 4.4

[Hyun Woo Kim]

Hi,

I have recently deployed ON 4.4 and have been testing EC2 (econe-) commands.

First I could do econe-upload successfully.
The new image can be seen with oneimage list command,
but econe-describe-images just shows an empty list.
(This command is working in our ON 3.2 EC2 system).

What has changed? Or am I missing a configuration step?

Thanks very much
Hyunwoo
FermiCloud Project

___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] oneimage create command in ON3.4 and up

[Hyun Woo Kim]

Carlos,
I found what was wrong with my configuration;

onedatastore show default   reveals that BASE_PATH was pointing at the wrong 
path.
(This is because I started with one path and then later renamed the directory.)

onedatastore update default  did not let me change this BASE_PATH,
so I had to modify the DB content directly,

mysql> update datastore_pool set body=" … " where oid=1;
and also had to restart oned in order to flush the memory contents.

After this,  onedatastore list now shows
-bash-4.1$ od list
  ID NAMESIZE AVAIL CLUSTER  IMAGES TYPE DS   TM
   0 system - - - 0 sys  -ssh
   1 default   434.9G 91%   production0 img  fs   ssh
   2 files 0M - - 0 fil  fs   ssh


Thanks again,
HyunWoo


From: Hyunwoo Kim mailto:hyun...@fnal.gov>>
Date: Tuesday, December 3, 2013 9:15 AM
To: Hyunwoo Kim mailto:hyun...@fnal.gov>>, Carlos Martín 
Sánchez mailto:cmar...@opennebula.org>>
Cc: "users@lists.opennebula.org<mailto:users@lists.opennebula.org>" 
mailto:users@lists.opennebula.org>>
Subject: Re: [one-users] oneimage create command in ON3.4 and up

Carlos,
in your email, you said,
"The datastore size is initialized to 0, and then populated with the right size"

What do you mean by "right size" here?
How do we set the right size in the first place?

Thanks,
HyunWoo
FermiCloud


From: Hyunwoo Kim mailto:hyun...@fnal.gov>>
Date: Tuesday, December 3, 2013 8:59 AM
To: Carlos Martín Sánchez 
mailto:cmar...@opennebula.org>>
Cc: "users@lists.opennebula.org<mailto:users@lists.opennebula.org>" 
mailto:users@lists.opennebula.org>>
Subject: Re: [one-users] oneimage create command in ON3.4 and up

Hi,
Thanks for the reply.

My oned.log has those messages
Tue Dec  3 08:53:08 2013 [InM][I]: Monitoring datastore default (1)
Tue Dec  3 08:53:08 2013 [ImM][I]: Datastore default (1) successfully monitored.

but I still can not do oneimage create with the same error message;
-bash-4.1$ oneimage create firstimage.template  --datastore default
Not enough space in datastore

Any other suggestion?

Thank you.
HyunWoo
FermiCloud


From: Carlos Martín Sánchez 
mailto:cmar...@opennebula.org>>
Date: Tuesday, December 3, 2013 4:06 AM
To: Hyunwoo Kim mailto:hyun...@fnal.gov>>
Cc: "users@lists.opennebula.org<mailto:users@lists.opennebula.org>" 
mailto:users@lists.opennebula.org>>
Subject: Re: [one-users] oneimage create command in ON3.4 and up

Hi,

The datastore size is initialized to 0, and then populated with the right size 
after the monitorization begins to work. Maybe there was a problem trying to 
monitor it. Take a look at /var/log/one/oned.log, you should have messages like 
these:

Fri Nov 29 17:29:19 2013 [InM][D]: Monitoring datastore default (1)
Fri Nov 29 17:29:20 2013 [ImM][D]: Datastore default (1) successfully monitored.

Or an error message from the drivers.

Regards

--
Carlos Martín, MSc
Project Engineer
OpenNebula - Flexible Enterprise Cloud Made Simple
www.OpenNebula.org<http://www.OpenNebula.org> | 
cmar...@opennebula.org<mailto:cmar...@opennebula.org> | 
@OpenNebula<http://twitter.com/opennebula><mailto:cmar...@opennebula.org>


On Mon, Dec 2, 2013 at 11:37 PM, Hyun Woo Kim 
mailto:hyun...@fnal.gov>> wrote:
Hi,

Let me ask a basic question.

I just started testing ON4.2
and when I use oneimage command to register a first image,
I am getting the following error message

-bash-4.1$ oneimage create firstimage.template  --datastore default
Not enough space in datastore

I guess this is because the "default" datastore has "0M" size as shown below,
-bash-4.1$ onedatastore list
  ID NAMESIZE AVAIL CLUSTERIMAGES TYPE DS   TM
   0 system - - -  0
 sys  -ssh
   1 default   0M - production0   img 
fs   ssh


My question is, how can I increase this size?

I could not find relevant information from onedatastore help,
I guessed this size will increase when I add a new host, create a cluster, add 
the host in this cluster
and create a new virtual network and add it to the cluster etc,
but I am still getting the same error message..

Thanks in advance.
HyunWoo KIM
FermiCloud


___
Users mailing list
Users@lists.opennebula.org<mailto:Users@lists.opennebula.org>
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org


___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] oneimage create command in ON3.4 and up

[Hyun Woo Kim]

Carlos,
in your email, you said,
"The datastore size is initialized to 0, and then populated with the right size"

What do you mean by "right size" here?
How do we set the right size in the first place?

Thanks,
HyunWoo
FermiCloud


From: Hyunwoo Kim mailto:hyun...@fnal.gov>>
Date: Tuesday, December 3, 2013 8:59 AM
To: Carlos Martín Sánchez 
mailto:cmar...@opennebula.org>>
Cc: "users@lists.opennebula.org<mailto:users@lists.opennebula.org>" 
mailto:users@lists.opennebula.org>>
Subject: Re: [one-users] oneimage create command in ON3.4 and up

Hi,
Thanks for the reply.

My oned.log has those messages
Tue Dec  3 08:53:08 2013 [InM][I]: Monitoring datastore default (1)
Tue Dec  3 08:53:08 2013 [ImM][I]: Datastore default (1) successfully monitored.

but I still can not do oneimage create with the same error message;
-bash-4.1$ oneimage create firstimage.template  --datastore default
Not enough space in datastore

Any other suggestion?

Thank you.
HyunWoo
FermiCloud


From: Carlos Martín Sánchez 
mailto:cmar...@opennebula.org>>
Date: Tuesday, December 3, 2013 4:06 AM
To: Hyunwoo Kim mailto:hyun...@fnal.gov>>
Cc: "users@lists.opennebula.org<mailto:users@lists.opennebula.org>" 
mailto:users@lists.opennebula.org>>
Subject: Re: [one-users] oneimage create command in ON3.4 and up

Hi,

The datastore size is initialized to 0, and then populated with the right size 
after the monitorization begins to work. Maybe there was a problem trying to 
monitor it. Take a look at /var/log/one/oned.log, you should have messages like 
these:

Fri Nov 29 17:29:19 2013 [InM][D]: Monitoring datastore default (1)
Fri Nov 29 17:29:20 2013 [ImM][D]: Datastore default (1) successfully monitored.

Or an error message from the drivers.

Regards

--
Carlos Martín, MSc
Project Engineer
OpenNebula - Flexible Enterprise Cloud Made Simple
www.OpenNebula.org<http://www.OpenNebula.org> | 
cmar...@opennebula.org<mailto:cmar...@opennebula.org> | 
@OpenNebula<http://twitter.com/opennebula><mailto:cmar...@opennebula.org>


On Mon, Dec 2, 2013 at 11:37 PM, Hyun Woo Kim 
mailto:hyun...@fnal.gov>> wrote:
Hi,

Let me ask a basic question.

I just started testing ON4.2
and when I use oneimage command to register a first image,
I am getting the following error message

-bash-4.1$ oneimage create firstimage.template  --datastore default
Not enough space in datastore

I guess this is because the "default" datastore has "0M" size as shown below,
-bash-4.1$ onedatastore list
  ID NAMESIZE AVAIL CLUSTERIMAGES TYPE DS   TM
   0 system - - -  0
 sys  -ssh
   1 default   0M - production0   img 
fs   ssh


My question is, how can I increase this size?

I could not find relevant information from onedatastore help,
I guessed this size will increase when I add a new host, create a cluster, add 
the host in this cluster
and create a new virtual network and add it to the cluster etc,
but I am still getting the same error message..

Thanks in advance.
HyunWoo KIM
FermiCloud


___
Users mailing list
Users@lists.opennebula.org<mailto:Users@lists.opennebula.org>
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org


___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] oneimage create command in ON3.4 and up

[Hyun Woo Kim]

Hi,
Thanks for the reply.

My oned.log has those messages
Tue Dec  3 08:53:08 2013 [InM][I]: Monitoring datastore default (1)
Tue Dec  3 08:53:08 2013 [ImM][I]: Datastore default (1) successfully monitored.

but I still can not do oneimage create with the same error message;
-bash-4.1$ oneimage create firstimage.template  --datastore default
Not enough space in datastore

Any other suggestion?

Thank you.
HyunWoo
FermiCloud


From: Carlos Martín Sánchez 
mailto:cmar...@opennebula.org>>
Date: Tuesday, December 3, 2013 4:06 AM
To: Hyunwoo Kim mailto:hyun...@fnal.gov>>
Cc: "users@lists.opennebula.org<mailto:users@lists.opennebula.org>" 
mailto:users@lists.opennebula.org>>
Subject: Re: [one-users] oneimage create command in ON3.4 and up

Hi,

The datastore size is initialized to 0, and then populated with the right size 
after the monitorization begins to work. Maybe there was a problem trying to 
monitor it. Take a look at /var/log/one/oned.log, you should have messages like 
these:

Fri Nov 29 17:29:19 2013 [InM][D]: Monitoring datastore default (1)
Fri Nov 29 17:29:20 2013 [ImM][D]: Datastore default (1) successfully monitored.

Or an error message from the drivers.

Regards

--
Carlos Martín, MSc
Project Engineer
OpenNebula - Flexible Enterprise Cloud Made Simple
www.OpenNebula.org<http://www.OpenNebula.org> | 
cmar...@opennebula.org<mailto:cmar...@opennebula.org> | 
@OpenNebula<http://twitter.com/opennebula><mailto:cmar...@opennebula.org>


On Mon, Dec 2, 2013 at 11:37 PM, Hyun Woo Kim 
mailto:hyun...@fnal.gov>> wrote:
Hi,

Let me ask a basic question.

I just started testing ON4.2
and when I use oneimage command to register a first image,
I am getting the following error message

-bash-4.1$ oneimage create firstimage.template  --datastore default
Not enough space in datastore

I guess this is because the "default" datastore has "0M" size as shown below,
-bash-4.1$ onedatastore list
  ID NAMESIZE AVAIL CLUSTERIMAGES TYPE DS   TM
   0 system - - -  0
 sys  -ssh
   1 default   0M - production0   img 
fs   ssh


My question is, how can I increase this size?

I could not find relevant information from onedatastore help,
I guessed this size will increase when I add a new host, create a cluster, add 
the host in this cluster
and create a new virtual network and add it to the cluster etc,
but I am still getting the same error message..

Thanks in advance.
HyunWoo KIM
FermiCloud


___
Users mailing list
Users@lists.opennebula.org<mailto:Users@lists.opennebula.org>
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org


___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

[one-users] oneimage create command in ON3.4 and up

[Hyun Woo Kim]

Hi,

Let me ask a basic question.

I just started testing ON4.2
and when I use oneimage command to register a first image,
I am getting the following error message

-bash-4.1$ oneimage create firstimage.template  --datastore default
Not enough space in datastore

I guess this is because the "default" datastore has "0M" size as shown below,
-bash-4.1$ onedatastore list
  ID NAMESIZE AVAIL CLUSTERIMAGES TYPE DS   TM
   0 system - - -  0
 sys  -ssh
   1 default   0M - production0   img 
fs   ssh


My question is, how can I increase this size?

I could not find relevant information from onedatastore help,
I guessed this size will increase when I add a new host, create a cluster, add 
the host in this cluster
and create a new virtual network and add it to the cluster etc,
but I am still getting the same error message..

Thanks in advance.
HyunWoo KIM
FermiCloud

___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] an error associated with onevm delete of persistent image

[Hyun Woo Kim]

Hi Ruben,

Thanks very much for the response.

Fortunately, this does not seem to happen frequently in our cluster
and even if it happens, it does not cause any big trouble,
we just have to manually do "oneimage enable" the persistent image
which went to "err" because of "onevm delete" .

Thanks for confirming this.

HyunWoo


From: "Ruben S. Montero" 
mailto:rsmont...@opennebula.org>>
Date: Wednesday, May 1, 2013 2:58 PM
To: Hyunwoo Kim mailto:hyun...@fnal.gov>>
Cc: "users@lists.opennebula.org<mailto:users@lists.opennebula.org>" 
mailto:users@lists.opennebula.org>>
Subject: Re: [one-users] an error associated with onevm delete of persistent 
image

Hi Hyunwoo

Yes totally right, this is in fact a bug that has been solved in recent 
versions of OpenNebula... In this situation, the delete operation will leave 
the persistent images in the error state so the consistency of the image can be 
checked. OpenNebula will not try to move the image back to the datastore. 
oneimage enable will activate the image again.


Cheers

Ruben




On Wed, May 1, 2013 at 6:43 PM, Hyun Woo Kim 
mailto:hyun...@fnal.gov>> wrote:
Hi,

Let me describe an error situation that I experienced.

We are using ONe3.2.

I launch a VM off a persistent image but it fails at an very early stage (for 
example tm_ln.sh)
so I end up having a VM in "failed" state.

Next, when I try to delete it via "onevm delete", I have error messages that say
 Message received: LOG E 4 mv: Command "mv -f $ONE_LOCATION/var/56/disk.0 
$IRP/images/837d6675a4846f2df76ebbf69d174229" failed.
 Message received: LOG E 4 mv: mv: cannot stat `$ONE_LOCATION/var/56/disk.0': 
No such file or directory

These error messages make sense because, the launching process failed before 
doing anything,
thus all of the followings
 - $VM_DIR/images/disk.0
 - $ONE_LOCATION/var/vmid/disk.0
must be absent.

I think what is wrong is,
"onevm delete" on a failed vm from persistent image trying to move disk.0 to 
the repository.
In other words, "delete" might not be a right operation in this "failed" state 
for persistent image.
I could not find a right one at least from current list of possible operations 
for "onevm" command

What will be the right one?

Thank you very much.

Hyunwoo KIM
FermiCloud Project.



___
Users mailing list
Users@lists.opennebula.org<mailto:Users@lists.opennebula.org>
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

--
Ruben S. Montero, PhD
Project co-Lead and Chief Architect
OpenNebula - The Open Source Solution for Data Center Virtualization
www.OpenNebula.org<http://www.OpenNebula.org> | 
rsmont...@opennebula.org<mailto:rsmont...@opennebula.org> | @OpenNebula
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

[one-users] an error associated with onevm delete of persistent image

[Hyun Woo Kim]

Hi,

Let me describe an error situation that I experienced.

We are using ONe3.2.

I launch a VM off a persistent image but it fails at an very early stage (for 
example tm_ln.sh)
so I end up having a VM in "failed" state.

Next, when I try to delete it via "onevm delete", I have error messages that say
 Message received: LOG E 4 mv: Command "mv -f $ONE_LOCATION/var/56/disk.0 
$IRP/images/837d6675a4846f2df76ebbf69d174229" failed.
 Message received: LOG E 4 mv: mv: cannot stat `$ONE_LOCATION/var/56/disk.0': 
No such file or directory

These error messages make sense because, the launching process failed before 
doing anything,
thus all of the followings
 - $VM_DIR/images/disk.0
 - $ONE_LOCATION/var/vmid/disk.0
must be absent.

I think what is wrong is,
"onevm delete" on a failed vm from persistent image trying to move disk.0 to 
the repository.
In other words, "delete" might not be a right operation in this "failed" state 
for persistent image.
I could not find a right one at least from current list of possible operations 
for "onevm" command

What will be the right one?

Thank you very much.

Hyunwoo KIM
FermiCloud Project.


___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] shared transfer manager and image file ownership to qemu

[Hyun Woo Kim]

Hi,

Thanks for the message.
I was aware of dynamic_ownership attribute
but I did not know the documentation also had instruction about user and
group.

I solved this problem by directly modifying /etc/group to put the user
qemu in the group oneadmin.
I should try what the documentation suggests instead.

Thanks again.
Hyunwoo Kim
FermiCloud Project


On 4/11/13 1:14 AM, "Giovanni Toraldo"  wrote:

>Hi,
>
>it looks like you are completely missing this useful paragraph from
>the documentation:
>
>http://opennebula.org/documentation:rel3.8:kvmg#kvm_configuration
>
>chmod 660 should be sufficient since OpenNebula frontend and VMs
>should be running with the same user (usually oneadmin) on every node.
>
>--
>Giovanni Toraldo
>http://gionn.net

___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] onevm cancel for a persistent image via TM_ shared

[Hyun Woo Kim]

Dear Jaime,

Sorry for the delayed response.
(I returned from a log vacation.)

If using read link in order to check if the two(SRC and DST) are identical is 
intentional, I will need to think more on this issue.
I guess that as far as the original image file does not get corrupted by the 
link file, I think it is ok to us.
Anyway, let me think more on this issue.

Thanks for the response.

Hyunwoo Kim
FermiCloud Project

From: Jaime Melis mailto:jme...@opennebula.org>>
Date: Thursday, March 28, 2013 10:08 AM
To: Hyunwoo Kim mailto:hyun...@fnal.gov>>
Cc: "users@lists.opennebula.org<mailto:users@lists.opennebula.org>" 
mailto:users@lists.opennebula.org>>
Subject: Re: [one-users] onevm cancel for a persistent image via TM_ shared

Dear Hyun,

I don't quite understand what you mean. The step 3 doesn't do anything because 
it's the same file, so "it's already done". What would you have it do instead?

cheers,
Jaime


On Mon, Mar 18, 2013 at 4:17 PM, Hyun Woo Kim 
mailto:hyun...@fnal.gov>> wrote:
Dear ON Developers,

Our ON configuration is a bit different from what ON manual assumes.
The following is my guess of how onevm cancel VM where this VM is from a 
persistent image and running in a host via shared transfer manager.

I believe the following two variables are assumed in ON standard deployment.
SRC=$IMAGE_REPOSITORY_PATH/
DST=$VM_DIR/vmid/images

In this case, onevm cancel will do

1. tm_mv.sh : mv $DST/disk.0 /var/log/one/vmid/disk.0
Note here that $DST/disk.0 is actually a link to 
$IMAGE_REPOSITORY_PATH/original_file
2. tm_delete.sh : rm –f $DST
3. Image Driver will invoke var/remote/image/fs/mv to try to 
/var/log/one/vmid/disk.0 to the same image in IMAGE_REPOSITORY_PATH
which will not happen because Image Drive will realize that these two are 
identical when running readlink command.

My guess is that, if this is true, this step "3" appears to be a bug.
In other words, in step "3", the mv should not be prevented because they have 
the same pathname.

Could ON developers check this?
(I might be wrong.)


Thank you.
Hyunwoo
FermiCloud Project



___
Users mailing list
Users@lists.opennebula.org<mailto:Users@lists.opennebula.org>
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org




--
Jaime Melis
Project Engineer
OpenNebula - The Open Source Toolkit for Cloud Computing
www.OpenNebula.org<http://www.OpenNebula.org> | 
jme...@opennebula.org<mailto:jme...@opennebula.org>
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] shared transfer manager and image file ownership to qemu

[Hyun Woo Kim]

Please ignore the original question and let me ask a new question.

When using shared transfer manager,
it looks like the image at IMAGE_REPOSITORY_PATH must have 666 permission to 
get launched
(I had to chmod manually)
but $ONE_LOCATION/var/remotes/image/fs/mv which must be called from onevm 
cancel/shutdown command
has exec_and_log "chmod 0660 $DST" which returns the permission back to 660.
Which is wrong here?

Thanks,
Hyunwoo Kim
FermiCloud Project



From: Hyunwoo Kim mailto:hyun...@fnal.gov>>
Date: Tuesday, April 9, 2013 2:10 PM
To: "users@lists.opennebula.org" 
mailto:users@lists.opennebula.org>>
Subject: [one-users] shared transfer manager and image file ownership to qemu

To ON developers,

When we launch a vm via tm_shared, we observe that the original image file in 
the repository
changes its ownership from oneadmin to qemu as soon as it starts running.

Could you point me to the code that does this ownership change for the image?
Thanks in advance.

Hyunwoo Kim
FermiCloud Project


___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

[one-users] shared transfer manager and image file ownership to qemu

[Hyun Woo Kim]

To ON developers,

When we launch a vm via tm_shared, we observe that the original image file in 
the repository
changes its ownership from oneadmin to qemu as soon as it starts running.

Could you point me to the code that does this ownership change for the image?
Thanks in advance.

Hyunwoo Kim
FermiCloud Project


___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

[one-users] tm_clone versus tm_ln in shared

[Hyun Woo Kim]

Let me ask a question.

We are using ON3.2.

In $ONE_LOCATION/lib/tm_commands/shared/
tm_clone.sh calls fix_paths and tm_ln.sh calls fix_dst_path in order to adjust 
SRC/DST_PATH.

I understand this is because default configuration assumes that VMDIR is 
/var/lib/one
and thus the FrontEnd(FE) mounts the shared storage at /var/lib/one.
But if ONE_LOCATION is defined, FE is assumed to mount the shared storage at 
$ONE_LOCATION/var/
and this is why DST_PATH should be adjusted.

But what I do not understand is, why does SRC_PATH have to be adjusted too?
Does this mean, even if ONE_LOCATION is defined, 
Open Nebula still assumes that the IMAGE_REPOSITORY_PATH is set to 
/var/lib/one/images
while the shared storage is actually mounted on $ONE_LOCATION/var/?

If that is the case, why does tm_ln.sh not call fix_paths?

Thanks in advance
Hyunwoo 
FermiCloud Project
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

[one-users] onevm cancel for a persistent image via TM_ shared

[Hyun Woo Kim]

Dear ON Developers,

Our ON configuration is a bit different from what ON manual assumes.
The following is my guess of how onevm cancel VM where this VM is from a 
persistent image and running in a host via shared transfer manager.

I believe the following two variables are assumed in ON standard deployment.
SRC=$IMAGE_REPOSITORY_PATH/
DST=$VM_DIR/vmid/images

In this case, onevm cancel will do

1. tm_mv.sh : mv $DST/disk.0 /var/log/one/vmid/disk.0
Note here that $DST/disk.0 is actually a link to 
$IMAGE_REPOSITORY_PATH/original_file
2. tm_delete.sh : rm –f $DST
3. Image Driver will invoke var/remote/image/fs/mv to try to 
/var/log/one/vmid/disk.0 to the same image in IMAGE_REPOSITORY_PATH
which will not happen because Image Drive will realize that these two are 
identical when running readlink command.

My guess is that, if this is true, this step "3" appears to be a bug.
In other words, in step "3", the mv should not be prevented because they have 
the same pathname.

Could ON developers check this?
(I might be wrong.)


Thank you.
Hyunwoo
FermiCloud Project


___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] econe-server with x509 fails to set HTTP_SSL_CLIENT_CERT

[Hyun Woo Kim]

Hi Daniel, 

Thanks very much for your message.
> $ curl "https://myone38sever?Action=DescribeInstances"; --cert cert.pem
I see. So, for each of 6(on3.2) or 21(one.3.8) econe commands, we will have to 
set proper action 
to Action= in the curl..

> Please, also check that the headers module is enable in Apache and
> your apache conf includes the following lines for the econe server:
We have been using Apache and GridSite for a while in order to 
enable use of certificates on the client site.

Thanks again.
Hyunwoo
FermiCloud Project



From: Daniel Molina [dmol...@opennebula.org]
Sent: Thursday, January 17, 2013 5:06 AM
To: Hyun Woo Kim
Cc: users@lists.opennebula.org
Subject: Re: [one-users] econe-server with x509 fails to set 
HTTP_SSL_CLIENT_CERT

Hi Hyunwoo,

On 17 January 2013 05:38, Hyun Woo Kim  wrote:
> I first set ONE_AUTH to be ~/.one/one_x509 (created from my personal
> certificate)
> and then do,
> econe-upload  --url https://myone38sever file.img
>
> This fails with the error message;
> econe-upload:
> 
> AuthFailure
> Could not create X509 certificate from
> 
> 
>
>
> I can find that this message originates from
> $ONE_LOCATION/lib/ruby/cloud/CloudAuth/X509CloudAuth.rb
> because HTTP_SSL_CLIENT_CERT is not set(see below [1]).
>
> I also confirmed that Apache also fails to set it
> which means the client side, econe-upload command fails to send PEM string
> correctly,
>
> If you look at "upload_image method"  in
> $ONE_LOCATION/lib/ruby/cloud/econe/EC2QueryClient.rb,
> I guess one of the following lines fails;
> str = AWS.canonical_string(params, @uri.host)
> sig = AWS.encode(@access_key_secret, str, false)
>
> if curb
> …
> post_fields << Curl::PostField.content("Signature",sig)
> post_fields << Curl::PostField.file("file",file_name)
>
> connection = Curl::Easy.new(@uri.to_s)
> connection.multipart_form_post = true
> connection.ssl_verify_peer = false
> connection.http_post(*post_fields)
>
>
> Could Open Nebula developers investigate this?
> (I am seeing the same error in both ON3.2 and ON3.8)
>
> Thanks very much.
>
> Hyunwoo Kim
> FermiCloud Project
>
> 
> [1] module X509CloudAuth
> def do_auth(env, params={})
> # For https, the web service should be set to include the user cert
> in the environment.
> cert_line   = env['HTTP_SSL_CLIENT_CERT']
> cert_line   = nil if cert_line == '(null)' # For Apache mod_ssl
> chain_index = 0
>
> # Use the https credentials for authentication
> unless cert_line.nil?
> begin
> m  = cert_line.match(/(-+BEGIN
> CERTIFICATE-+)([^-]*)(-+END CERTIFICATE-+)/)
> cert_s = "#{m[1]}#{m[2].gsub(' ',"\n")}#{m[3]}"
> cert   = OpenSSL::X509::Certificate.new(cert_s)
> rescue
> raise "Could not create X509 certificate from " + cert_line
> end
> ===
>

Currently econe tools do not support x509 client certificates. If you
want to use x509 authentication through EC2 you must use curl to
interact with the server. If you use this kind of authentication, the
EC2 Signature method will not be used anymore and you will have to
specify your certificate in the curl command.

For example if you want to list all your running instances:
$ curl "https://myone38sever?Action=DescribeInstances"; --cert
/path/to/your/client/cert.pem

Please, also check that the headers module is enable in Apache and
your apache conf includes the following lines for the econe server:
  RequestHeader set SSL_CLIENT_S_DN "%{SSL_CLIENT_S_DN}s"
  RequestHeader set SSL_CLIENT_I_DN "%{SSL_CLIENT_I_DN}s"
  RequestHeader set SSL_SERVER_S_DN_OU "%{SSL_SERVER_S_DN_OU}s"
  RequestHeader set SSL_CLIENT_VERIFY "%{SSL_CLIENT_VERIFY}s"
  RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"


You may find this guide usefull. It shows how to enable x509 auth in Sunstone:
http://wiki.opennebula.org/sunstone_x509

Cheers

PS: Note that econe-upload is not an EC2 API method. We created this
method to be able to upload images to OpenNebula as an alternative to
S3 API.

--
Daniel Molina
Project Engineer
OpenNebula - The Open Source Solution for Data Center Virtualization
www.OpenNebula.org | dmol...@opennebula.org | @OpenNebula
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

[one-users] econe-server with x509 fails to set HTTP_SSL_CLIENT_CERT

[Hyun Woo Kim]

I first set ONE_AUTH to be ~/.one/one_x509 (created from my personal 
certificate)
and then do,
econe-upload  --url https://myone38sever file.img

This fails with the error message;
econe-upload:

AuthFailure
Could not create X509 certificate from 



I can find that this message originates from
$ONE_LOCATION/lib/ruby/cloud/CloudAuth/X509CloudAuth.rb
because HTTP_SSL_CLIENT_CERT is not set(see below [1]).

I also confirmed that Apache also fails to set it
which means the client side, econe-upload command fails to send PEM string 
correctly,

If you look at "upload_image method"  in 
$ONE_LOCATION/lib/ruby/cloud/econe/EC2QueryClient.rb,
I guess one of the following lines fails;
str = AWS.canonical_string(params, @uri.host)
sig = AWS.encode(@access_key_secret, str, false)

if curb
…
post_fields << Curl::PostField.content("Signature",sig)
post_fields << Curl::PostField.file("file",file_name)

connection = Curl::Easy.new(@uri.to_s)
connection.multipart_form_post = true
connection.ssl_verify_peer = false
connection.http_post(*post_fields)


Could Open Nebula developers investigate this?
(I am seeing the same error in both ON3.2 and ON3.8)

Thanks very much.

Hyunwoo Kim
FermiCloud Project


[1] module X509CloudAuth
def do_auth(env, params={})
# For https, the web service should be set to include the user cert in 
the environment.
cert_line   = env['HTTP_SSL_CLIENT_CERT']
cert_line   = nil if cert_line == '(null)' # For Apache mod_ssl
chain_index = 0

# Use the https credentials for authentication
unless cert_line.nil?
begin
m  = cert_line.match(/(-+BEGIN CERTIFICATE-+)([^-]*)(-+END 
CERTIFICATE-+)/)
cert_s = "#{m[1]}#{m[2].gsub(' ',"\n")}#{m[3]}"
cert   = OpenSSL::X509::Certificate.new(cert_s)
rescue
raise "Could not create X509 certificate from " + cert_line
end
===
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] regular monitoring logged in oned.log

[Hyun Woo Kim]

Hi,

When you said  "3 and 4 may come from Sunstone, clients periodically refresh 
the information",
can you be more specific about "clients"?

In case of (3) below, when the last ID of virtual machine is N, 
some part of ON seems to mistakenly think that there is one more VM whose ID is 
N+1
and does something like "onevm show N+1" which produces an error message
(obviously because VM N+1 does not exist) every hour:20.

I would like to know which part exactly does this hourly monitorings against 
the list of virtual machines.

Thanks,
Hyunwoo

From: Ruben S. Montero [rsmont...@opennebula.org]
Sent: Thursday, December 27, 2012 3:04 AM
To: Hyun Woo Kim
Cc: users@lists.opennebula.org
Subject: Re: [one-users] regular monitoring logged in oned.log

Hi

3 and 4 may come from Sunstone, clients periodically refresh the information. 
Also the sunstone server (or econe-server) caches the user pool to perform 
authentications, so periodically polling UserPool.

Cheers

Ruben




On Sat, Dec 22, 2012 at 8:14 PM, Hyun Woo Kim 
mailto:hyun...@fnal.gov>> wrote:
I observe the following repeated messages in oned.log

1. Every 30 seconds
   - HostPoolInfo
   - VirtualMachinePoolInfo
   - AclInfo

2. Every 10 minutes
   - Monitoring VM "all IDs"
   - Monitoring host "all names"

3. Every hour(:20)
   - UserInfo
   - VirtualMachineInfo

4. Every 15 minutes(00, 15, 30, 45)
   - VirtualMachineInfo

I understand (1) is controlled by SCHED_INTERVAL in sched.conf
and conducted by the sched daemon.

I understand (2) is controlled by the two variables in oned.conf
HOST_MONITORING_INTERVAL
VM_POLLING_INTERVAL
and conducted by VMM.

I would like to know which part of opennebula code conducts (3).

Thanks in advance..

Hyunwoo
___
Users mailing list
Users@lists.opennebula.org<mailto:Users@lists.opennebula.org>
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org



--
Ruben S. Montero, PhD
Project co-Lead and Chief Architect
OpenNebula - The Open Source Solution for Data Center Virtualization
www.OpenNebula.org<http://www.OpenNebula.org> | 
rsmont...@opennebula.org<mailto:rsmont...@opennebula.org> | @OpenNebula
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

[one-users] regular monitoring logged in oned.log

[Hyun Woo Kim]

I observe the following repeated messages in oned.log

1. Every 30 seconds
   - HostPoolInfo 
   - VirtualMachinePoolInfo
   - AclInfo

2. Every 10 minutes
   - Monitoring VM "all IDs"
   - Monitoring host "all names"

3. Every hour(:20)
   - UserInfo
   - VirtualMachineInfo

4. Every 15 minutes(00, 15, 30, 45)
   - VirtualMachineInfo

I understand (1) is controlled by SCHED_INTERVAL in sched.conf
and conducted by the sched daemon.

I understand (2) is controlled by the two variables in oned.conf
HOST_MONITORING_INTERVAL
VM_POLLING_INTERVAL
and conducted by VMM.

I would like to know which part of opennebula code conducts (3).

Thanks in advance..

Hyunwoo
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] option to prevent a VM instance from being deployed

[Hyun Woo Kim]

Hi Simon,

Thanks for the patch.
I think I understand how I use this new feature from reading your instruction.
Let me confirm that I am understanding right.

1. apply the patch in the first place
2. define a new VM_HOOK in oned.conf that looks like
   VM_HOOK= [
 name = "special_hold"
 on = "CREATE"
command = "a new script"
argument = "$VMID $TEMPLATE"  ]
3. create the "a new script" which decodes $TEMPLATE first and
looks for a "a custom VM attribute"
and depending on the value of the attribute, onevm release $VMID

Is this correct?

I also would like to know if your patch has been tested in a production cluster.

Thanks again,
HyunWoo
FermiCloud Project


From: Simon Boulet mailto:si...@nostalgeek.com>>
Date: Thursday, December 20, 2012 8:22 AM
To: Hyunwoo Kim mailto:hyun...@fnal.gov>>
Cc: Carlos Martín Sánchez 
mailto:cmar...@opennebula.org>>, 
"users@lists.opennebula.org<mailto:users@lists.opennebula.org>" 
mailto:users@lists.opennebula.org>>
Subject: Re: [one-users] option to prevent a VM instance from being deployed

Hi,

I have just submitted a patch that solves this.

http://dev.opennebula.org/issues/1103

You could use that patch along with a custom CREATE VM HOOK that checks for a 
custom VM attribute you specify in your templates.

Feedback more than welcome!

Thanks

Simon


On Thu, Dec 20, 2012 at 9:14 AM, Hyun Woo Kim 
mailto:hyun...@fnal.gov>> wrote:
Hi, Carlos,

Thanks for a quick and precise information.
- onevm hold will not be helpful to us because it also requires users to be 
"quick" just like deploy.
- For the time being, using some impossible requirement will be our solution
- We will look forward to the new option that you plan to add to 4.0

Thanks again
HyunWoo
FermiCloud Project.


From: Carlos Martín Sánchez 
[cmar...@opennebula.org<mailto:cmar...@opennebula.org>]
Sent: Thursday, December 20, 2012 4:46 AM
To: Hyun Woo Kim
Cc: users@lists.opennebula.org<mailto:users@lists.opennebula.org>
Subject: Re: [one-users] option to prevent a VM instance from being deployed

Hi,

That is what the command 'onevm hold' [1] does. But that command requires you 
to instantiate the template, and then quickly hold the new VM.
For the next version we will add the option to create the new VMs directly on 
hold instead of pending [2].

Meanwhile, if you don't want to instantiate & hold, you can also use this 
workaround: Add an imposible requirement [3], such as REQUIREMENTS="NAME = 
NONEXISTENTHOST". The scheduler won't be able to find a suitable host, but you 
can still deploy that VMs manually.

Regards

[1] http://opennebula.org/documentation:rel3.8:vm_guide_2#life-cycle_operations
[2] http://dev.opennebula.org/issues/1103
[3] 
http://opennebula.org/documentation:rel3.8:template#requirement_expression_syntax

--
Carlos Martín, MSc
Project Engineer
OpenNebula - The Open-source Solution for Data Center Virtualization
www.OpenNebula.org<http://www.OpenNebula.org><http://www.OpenNebula.org> | 
cmar...@opennebula.org<mailto:cmar...@opennebula.org><mailto:cmar...@opennebula.org<mailto:cmar...@opennebula.org>>
 | 
@OpenNebula<http://twitter.com/opennebula><mailto:cmar...@opennebula.org<mailto:cmar...@opennebula.org>>


On Wed, Dec 19, 2012 at 10:22 PM, Hyun Woo Kim 
mailto:hyun...@fnal.gov><mailto:hyun...@fnal.gov<mailto:hyun...@fnal.gov>>>
 wrote:
Hi Open Nebula developers and users,

Is it possible to prevent a VM instance from being deployed automatically after 
a couple of seconds?
When we do "onetemplate instantiate N",
the new VM will stay at "PEND" briefly and go to "PROL" in just a few seconds, 
right?

For a certain types of templates, we would like to make
the virtual machines (in the PEND state) to wait for admin's command "onevm 
deploy"
(to be sent to a specific set of hosts)..

Hyunwoo
FermiCloud Project


___
Users mailing list
Users@lists.opennebula.org<mailto:Users@lists.opennebula.org><mailto:Users@lists.opennebula.org<mailto:Users@lists.opennebula.org>>
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org


___
Users mailing list
Users@lists.opennebula.org<mailto:Users@lists.opennebula.org>
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] option to prevent a VM instance from being deployed

[Hyun Woo Kim]

Hi, Carlos,

Thanks for a quick and precise information.
- onevm hold will not be helpful to us because it also requires users to be 
"quick" just like deploy.
- For the time being, using some impossible requirement will be our solution
- We will look forward to the new option that you plan to add to 4.0

Thanks again
HyunWoo
FermiCloud Project.


From: Carlos Martín Sánchez [cmar...@opennebula.org]
Sent: Thursday, December 20, 2012 4:46 AM
To: Hyun Woo Kim
Cc: users@lists.opennebula.org
Subject: Re: [one-users] option to prevent a VM instance from being deployed

Hi,

That is what the command 'onevm hold' [1] does. But that command requires you 
to instantiate the template, and then quickly hold the new VM.
For the next version we will add the option to create the new VMs directly on 
hold instead of pending [2].

Meanwhile, if you don't want to instantiate & hold, you can also use this 
workaround: Add an imposible requirement [3], such as REQUIREMENTS="NAME = 
NONEXISTENTHOST". The scheduler won't be able to find a suitable host, but you 
can still deploy that VMs manually.

Regards

[1] http://opennebula.org/documentation:rel3.8:vm_guide_2#life-cycle_operations
[2] http://dev.opennebula.org/issues/1103
[3] 
http://opennebula.org/documentation:rel3.8:template#requirement_expression_syntax

--
Carlos Martín, MSc
Project Engineer
OpenNebula - The Open-source Solution for Data Center Virtualization
www.OpenNebula.org<http://www.OpenNebula.org> | 
cmar...@opennebula.org<mailto:cmar...@opennebula.org> | 
@OpenNebula<http://twitter.com/opennebula><mailto:cmar...@opennebula.org>


On Wed, Dec 19, 2012 at 10:22 PM, Hyun Woo Kim 
mailto:hyun...@fnal.gov>> wrote:
Hi Open Nebula developers and users,

Is it possible to prevent a VM instance from being deployed automatically after 
a couple of seconds?
When we do "onetemplate instantiate N",
the new VM will stay at "PEND" briefly and go to "PROL" in just a few seconds, 
right?

For a certain types of templates, we would like to make
the virtual machines (in the PEND state) to wait for admin's command "onevm 
deploy"
(to be sent to a specific set of hosts)..

Hyunwoo
FermiCloud Project


___
Users mailing list
Users@lists.opennebula.org<mailto:Users@lists.opennebula.org>
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org


___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

[one-users] option to prevent a VM instance from being deployed

[Hyun Woo Kim]

Hi Open Nebula developers and users,

Is it possible to prevent a VM instance from being deployed automatically after 
a couple of seconds?
When we do "onetemplate instantiate N",
the new VM will stay at "PEND" briefly and go to "PROL" in just a few seconds, 
right?

For a certain types of templates, we would like to make
the virtual machines (in the PEND state) to wait for admin's command "onevm 
deploy"
(to be sent to a specific set of hosts)..

Hyunwoo
FermiCloud Project

___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] econe-server with x509 and econe command

[Hyun Woo Kim]

Hi Ruben,

We are glad we could contribute to OpenNebula.

Thank you.
Hyunwoo
FermiCloud

PS. BTW, the link below (...issues/1485) seems to point to a different thread..


From: Ruben S. Montero [rsmont...@opennebula.org]
Sent: Thursday, September 20, 2012 4:57 AM
To: Hyun Woo Kim
Cc: users@lists.opennebula.org
Subject: Re: [one-users] econe-server with x509 and econe command

Hi Hyunwoo

Thanks very much for looking into this. I've filled an issue[1] to include that 
option as part of the CLI command.

Thanks again for your great feedback

Cheers

Ruben

http://dev.opennebula.org/issues/1485

On Mon, Sep 17, 2012 at 11:23 PM, Hyun Woo Kim 
mailto:hyun...@fnal.gov>> wrote:
Hi,

I found out that modifying EC2QueryClient.rb to add
connection.ssl_verify_peer = false
relieves econe-upload of the error message(SSLCACertificateError.

Thanks
Hyunwoo

On Sep 14, 2012, at 11:40 PM, Hyun Woo Kim wrote:

> Hi,
> Please ignore the previous question.
> I have more understanding of econe- commands (at the moment I am using 
> econe-upload)
> and I am getting a new error.
>
> When I do the following,
> econe-upload --url https://example.com:8443 /path/name/image.img
> (econe-server is running in the same host, example.com<http://example.com>)
>
> I am getting the following error messages,
> /usr/lib/ruby/gems/1.8/gems/curb-0.8.1/lib/curl/easy.rb:60:
>in `perform': Curl::Err::SSLCACertificateError 
> (Curl::Err::SSLCACertificateError)
> from /home/onemod/lib/ruby/cloud/econe/EC2QueryClient.rb:166:in `http_post'
> from /home/onemod/lib/ruby/cloud/econe/EC2QueryClient.rb:166:in `upload_image'
> from /home/onemod/bin/econe-upload:119
>
> My guess is that, econe-upload and Curl::Easy tries to verify the 
> target(https://example.com)
> and for that purpose, it needs to know the location of CA that signed 
> example.com<http://example.com>'s host certificate.
> In example.com<http://example.com>, the CA certificate exists.
>
> I even tried the followings;
> 1. modify EC2QueryClient.rb :
>  - add connection.ssl_verify_host = 0
>below connection = Curl::Easy.new(@uri.to_s)
>(Curl::Easyhas ssl_verify_host= method)
> 2. or download cacert.pem from curl.haxx.se<http://curl.haxx.se> and modify 
> EC2QueryClient.rb as
>   connection.cacert = File.join("/path/name/", "cacert.pem")
>
> All these fail..
> What is wrong with my econe configuration?
> How can I make econe-upload aware of the location of CA certificate?
>
> My general configurations are as follows..
>
> $ONE_LOCATION/etc/auth/x509_auth.conf has
> :ca_dir: "/etc/grid-security/certificates"
>
> $ONE_LOCATION/etc/auth/server_x509_auth.conf has
> :srv_user: serveradmin
> :one_cert: "/etc/grid-security/hostcert.pem"
> :one_key: "/etc/grid-security/hostkey.pem"
>
> Thanks in advance
> Hyunwoo
>
> 
> From: 
> users-boun...@lists.opennebula.org<mailto:users-boun...@lists.opennebula.org> 
> [users-boun...@lists.opennebula.org<mailto:users-boun...@lists.opennebula.org>]
>  on behalf of Hyun Woo Kim [hyun...@fnal.gov<mailto:hyun...@fnal.gov>]
> Sent: Friday, September 14, 2012 5:42 PM
> To: Ruben S. Montero
> Cc: users@lists.opennebula.org<mailto:users@lists.opennebula.org>
> Subject: Re: [one-users] econe-server with x509 and econe command
>
> Hi,
>
> Thanks very much for the response.
>
> Our econe server is already configured to use SSL proxy.
> We are using mod_gridsite.
> This module works just fine with sunstone server.
>
> My question can be rephrased as follows.
>
> As you mentioned, HTTP_SSL_CLIENT_CERT is set during SSL handshake.
> This I understand.
>
> What I do not understand is, my client which is econe-upload does not specify
> my certificate and private key like I use wget --certificate --private-key.
> I tried econe-upload --access-key=mycertificate --secret-key=myprivatekey or 
> so.
>
> How can a SSL handshake take place between Apache and econe-upload
> when econe-upload does not know my certificate and private key?
>
> Thanks again.
> Hyunwoo
> 
> From: Ruben S. Montero 
> [rsmont...@opennebula.org<mailto:rsmont...@opennebula.org>]
> Sent: Friday, September 14, 2012 5:19 PM
> To: Hyun Woo Kim
> Cc: users@lists.opennebula.org<mailto:users@lists.opennebula.org>
> Subject: Re: [one-users] econe-server with x509 and econe command
>
> Hi
>
> The HTTP_SSL_CLIENT_CERT variable should be set by the Web server as a result 
> of the SSL handshake. The econe server should be configured through a SSL 
> proxy [1]
&

Re: [one-users] econe-server with x509 and econe command

[Hyun Woo Kim]

Hi,

I found out that modifying EC2QueryClient.rb to add
connection.ssl_verify_peer = false
relieves econe-upload of the error message(SSLCACertificateError.

Thanks
Hyunwoo

On Sep 14, 2012, at 11:40 PM, Hyun Woo Kim wrote:

> Hi, 
> Please ignore the previous question.
> I have more understanding of econe- commands (at the moment I am using 
> econe-upload)
> and I am getting a new error.
> 
> When I do the following,
> econe-upload --url https://example.com:8443 /path/name/image.img
> (econe-server is running in the same host, example.com)
> 
> I am getting the following error messages,
> /usr/lib/ruby/gems/1.8/gems/curb-0.8.1/lib/curl/easy.rb:60:
>in `perform': Curl::Err::SSLCACertificateError 
> (Curl::Err::SSLCACertificateError)
> from /home/onemod/lib/ruby/cloud/econe/EC2QueryClient.rb:166:in `http_post'
> from /home/onemod/lib/ruby/cloud/econe/EC2QueryClient.rb:166:in `upload_image'
> from /home/onemod/bin/econe-upload:119
> 
> My guess is that, econe-upload and Curl::Easy tries to verify the 
> target(https://example.com)
> and for that purpose, it needs to know the location of CA that signed 
> example.com's host certificate.
> In example.com, the CA certificate exists.
> 
> I even tried the followings;
> 1. modify EC2QueryClient.rb :
>  - add connection.ssl_verify_host = 0
>below connection = Curl::Easy.new(@uri.to_s)
>(Curl::Easyhas ssl_verify_host= method)
> 2. or download cacert.pem from curl.haxx.se and modify EC2QueryClient.rb as
>   connection.cacert = File.join("/path/name/", "cacert.pem")
> 
> All these fail..
> What is wrong with my econe configuration?
> How can I make econe-upload aware of the location of CA certificate?
> 
> My general configurations are as follows..
> 
> $ONE_LOCATION/etc/auth/x509_auth.conf has
> :ca_dir: "/etc/grid-security/certificates"
> 
> $ONE_LOCATION/etc/auth/server_x509_auth.conf has
> :srv_user: serveradmin
> :one_cert: "/etc/grid-security/hostcert.pem"
> :one_key: "/etc/grid-security/hostkey.pem"
> 
> Thanks in advance
> Hyunwoo
> 
> 
> From: users-boun...@lists.opennebula.org [users-boun...@lists.opennebula.org] 
> on behalf of Hyun Woo Kim [hyun...@fnal.gov]
> Sent: Friday, September 14, 2012 5:42 PM
> To: Ruben S. Montero
> Cc: users@lists.opennebula.org
> Subject: Re: [one-users] econe-server with x509 and econe command
> 
> Hi,
> 
> Thanks very much for the response.
> 
> Our econe server is already configured to use SSL proxy.
> We are using mod_gridsite.
> This module works just fine with sunstone server.
> 
> My question can be rephrased as follows.
> 
> As you mentioned, HTTP_SSL_CLIENT_CERT is set during SSL handshake.
> This I understand.
> 
> What I do not understand is, my client which is econe-upload does not specify
> my certificate and private key like I use wget --certificate --private-key.
> I tried econe-upload --access-key=mycertificate --secret-key=myprivatekey or 
> so.
> 
> How can a SSL handshake take place between Apache and econe-upload
> when econe-upload does not know my certificate and private key?
> 
> Thanks again.
> Hyunwoo
> 
> From: Ruben S. Montero [rsmont...@opennebula.org]
> Sent: Friday, September 14, 2012 5:19 PM
> To: Hyun Woo Kim
> Cc: users@lists.opennebula.org
> Subject: Re: [one-users] econe-server with x509 and econe command
> 
> Hi
> 
> The HTTP_SSL_CLIENT_CERT variable should be set by the Web server as a result 
> of the SSL handshake. The econe server should be configured through a SSL 
> proxy [1]
> 
> Cheers
> 
> ruben
> 
> [1] http://opennebula.org/documentation:rel3.6:ec2qcg#configuring_a_ssl_proxy
> 
> On Fri, Sep 14, 2012 at 10:41 PM, Hyun Woo Kim 
> mailto:hyun...@fnal.gov>> wrote:
> Dear developers,
> 
> $ONE_LOCATION/etc/econe.conf  has
> :auth: x509
> 
> I understand this eventually causes
> do_auth in $ONE_LOCATION/lib/ruby/cloud/CloudAuth/X509CloudAuth.rb
> to be invoked.
> 
> This code X509CloudAuth.rb has
>cert_line   = env['HTTP_SSL_CLIENT_CERT']
> at the beginning,
> 
> but, it is empty.
> 
> For this test, I am using econe-upload command with the following options
> econe-upload -M
> --access-key  "my account name"
> --secret-key   "the DN of my certificate"
> --url https://hostname:8443 (this is our site-specific)
> pathname to image file
> 
> 
> I think this result (HTTP_SSL_CLIENT_CERT being empty) is natural
> because the command econe-upload does not point to my actual certificate..
> 
> Could you pl

Re: [one-users] econe-server with x509 and econe command

[Hyun Woo Kim]

Hi, 
Please ignore the previous question.
I have more understanding of econe- commands (at the moment I am using 
econe-upload)
and I am getting a new error.

When I do the following,
econe-upload --url https://example.com:8443 /path/name/image.img
(econe-server is running in the same host, example.com)

I am getting the following error messages,
/usr/lib/ruby/gems/1.8/gems/curb-0.8.1/lib/curl/easy.rb:60:
in `perform': Curl::Err::SSLCACertificateError 
(Curl::Err::SSLCACertificateError)
from /home/onemod/lib/ruby/cloud/econe/EC2QueryClient.rb:166:in `http_post'
from /home/onemod/lib/ruby/cloud/econe/EC2QueryClient.rb:166:in `upload_image'
from /home/onemod/bin/econe-upload:119

My guess is that, econe-upload and Curl::Easy tries to verify the 
target(https://example.com)
and for that purpose, it needs to know the location of CA that signed 
example.com's host certificate.
In example.com, the CA certificate exists.

I even tried the followings;
1. modify EC2QueryClient.rb :
  - add connection.ssl_verify_host = 0
below connection = Curl::Easy.new(@uri.to_s)
(Curl::Easy has ssl_verify_host= method)
2. or download cacert.pem from curl.haxx.se and modify EC2QueryClient.rb as
   connection.cacert = File.join("/path/name/", "cacert.pem")

All these fail..
What is wrong with my econe configuration?
How can I make econe-upload aware of the location of CA certificate?

My general configurations are as follows..

$ONE_LOCATION/etc/auth/x509_auth.conf has
:ca_dir: "/etc/grid-security/certificates"

$ONE_LOCATION/etc/auth/server_x509_auth.conf has
:srv_user: serveradmin
:one_cert: "/etc/grid-security/hostcert.pem"
:one_key: "/etc/grid-security/hostkey.pem"

Thanks in advance
Hyunwoo


From: users-boun...@lists.opennebula.org [users-boun...@lists.opennebula.org] 
on behalf of Hyun Woo Kim [hyun...@fnal.gov]
Sent: Friday, September 14, 2012 5:42 PM
To: Ruben S. Montero
Cc: users@lists.opennebula.org
Subject: Re: [one-users] econe-server with x509 and econe command

Hi,

Thanks very much for the response.

Our econe server is already configured to use SSL proxy.
We are using mod_gridsite.
This module works just fine with sunstone server.

My question can be rephrased as follows.

As you mentioned, HTTP_SSL_CLIENT_CERT is set during SSL handshake.
This I understand.

What I do not understand is, my client which is econe-upload does not specify
my certificate and private key like I use wget --certificate --private-key.
I tried econe-upload --access-key=mycertificate --secret-key=myprivatekey or so.

How can a SSL handshake take place between Apache and econe-upload
when econe-upload does not know my certificate and private key?

Thanks again.
Hyunwoo

From: Ruben S. Montero [rsmont...@opennebula.org]
Sent: Friday, September 14, 2012 5:19 PM
To: Hyun Woo Kim
Cc: users@lists.opennebula.org
Subject: Re: [one-users] econe-server with x509 and econe command

Hi

The HTTP_SSL_CLIENT_CERT variable should be set by the Web server as a result 
of the SSL handshake. The econe server should be configured through a SSL proxy 
[1]

Cheers

ruben

[1] http://opennebula.org/documentation:rel3.6:ec2qcg#configuring_a_ssl_proxy

On Fri, Sep 14, 2012 at 10:41 PM, Hyun Woo Kim 
mailto:hyun...@fnal.gov>> wrote:
Dear developers,

$ONE_LOCATION/etc/econe.conf  has
:auth: x509

I understand this eventually causes
do_auth in $ONE_LOCATION/lib/ruby/cloud/CloudAuth/X509CloudAuth.rb
to be invoked.

This code X509CloudAuth.rb has
cert_line   = env['HTTP_SSL_CLIENT_CERT']
at the beginning,

but, it is empty.

For this test, I am using econe-upload command with the following options
econe-upload -M
--access-key  "my account name"
--secret-key   "the DN of my certificate"
--url https://hostname:8443 (this is our site-specific)
pathname to image file


I think this result (HTTP_SSL_CLIENT_CERT being empty) is natural
because the command econe-upload does not point to my actual certificate..

Could you please clarify on how to use x509 auth with econe?

Thank you in advance.
Hyunwoo



___
Users mailing list
Users@lists.opennebula.org<mailto:Users@lists.opennebula.org>
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org




--
Ruben S. Montero, PhD
Project co-Lead and Chief Architect
OpenNebula - The Open Source Solution for Data Center Virtualization
www.OpenNebula.org<http://www.OpenNebula.org> | 
rsmont...@opennebula.org<mailto:rsmont...@opennebula.org> | @OpenNebula
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] econe-server with x509 and econe command

[Hyun Woo Kim]

Hi,

Thanks very much for the response.

Our econe server is already configured to use SSL proxy.
We are using mod_gridsite.
This module works just fine with sunstone server.

My question can be rephrased as follows.

As you mentioned, HTTP_SSL_CLIENT_CERT is set during SSL handshake.
This I understand.

What I do not understand is, my client which is econe-upload does not specify
my certificate and private key like I use wget --certificate --private-key.
I tried econe-upload --access-key=mycertificate --secret-key=myprivatekey or so.

How can a SSL handshake take place between Apache and econe-upload
when econe-upload does not know my certificate and private key?

Thanks again.
Hyunwoo

From: Ruben S. Montero [rsmont...@opennebula.org]
Sent: Friday, September 14, 2012 5:19 PM
To: Hyun Woo Kim
Cc: users@lists.opennebula.org
Subject: Re: [one-users] econe-server with x509 and econe command

Hi

The HTTP_SSL_CLIENT_CERT variable should be set by the Web server as a result 
of the SSL handshake. The econe server should be configured through a SSL proxy 
[1]

Cheers

ruben

[1] http://opennebula.org/documentation:rel3.6:ec2qcg#configuring_a_ssl_proxy

On Fri, Sep 14, 2012 at 10:41 PM, Hyun Woo Kim 
mailto:hyun...@fnal.gov>> wrote:
Dear developers,

$ONE_LOCATION/etc/econe.conf  has
:auth: x509

I understand this eventually causes
do_auth in $ONE_LOCATION/lib/ruby/cloud/CloudAuth/X509CloudAuth.rb
to be invoked.

This code X509CloudAuth.rb has
cert_line   = env['HTTP_SSL_CLIENT_CERT']
at the beginning,

but, it is empty.

For this test, I am using econe-upload command with the following options
econe-upload -M
--access-key  "my account name"
--secret-key   "the DN of my certificate"
--url https://hostname:8443 (this is our site-specific)
pathname to image file


I think this result (HTTP_SSL_CLIENT_CERT being empty) is natural
because the command econe-upload does not point to my actual certificate..

Could you please clarify on how to use x509 auth with econe?

Thank you in advance.
Hyunwoo



___
Users mailing list
Users@lists.opennebula.org<mailto:Users@lists.opennebula.org>
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org




--
Ruben S. Montero, PhD
Project co-Lead and Chief Architect
OpenNebula - The Open Source Solution for Data Center Virtualization
www.OpenNebula.org<http://www.OpenNebula.org> | 
rsmont...@opennebula.org<mailto:rsmont...@opennebula.org> | @OpenNebula
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

[one-users] econe-server with x509 and econe command

[Hyun Woo Kim]

Dear developers,

$ONE_LOCATION/etc/econe.conf  has
:auth: x509

I understand this eventually causes 
do_auth in $ONE_LOCATION/lib/ruby/cloud/CloudAuth/X509CloudAuth.rb
to be invoked.

This code X509CloudAuth.rb has
cert_line   = env['HTTP_SSL_CLIENT_CERT']
at the beginning,

but, it is empty.

For this test, I am using econe-upload command with the following options
econe-upload -M 
--access-key  "my account name"
--secret-key   "the DN of my certificate"
--url https://hostname:8443 (this is our site-specific)
pathname to image file


I think this result (HTTP_SSL_CLIENT_CERT being empty) is natural 
because the command econe-upload does not point to my actual certificate..

Could you please clarify on how to use x509 auth with econe?

Thank you in advance.
Hyunwoo




smime.p7s
Description: S/MIME cryptographic signature
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] Context variables - getting username

[Hyun Woo Kim]

Hi, 
Thanks for the information,
I will try that in my init.sh..

Thanks,
Hyunwoo
FermiCloud Project
On Aug 30, 2012, at 4:10 AM, Nicolas AGIUS wrote:

> Hi
> 
> With this method, you have to add a NAME variable in every user template, 
> which could become quickly boring.
> 
> I've done this in a more reliable way, and without patching or doing manual 
> template modification, using the full xml template.
> 
> Example, in the context definiton :
> 
> CONTEXT=[
>   FILES=init.sh,
>   CTX_USER="$USER[TEMPLATE]"
> ]
> 
> And within the vm, in the init.sh script :
> 
> #!/bin/bash
> source context.sh
> username=$(echo $CTX_USER | base64 -d | xpath -e '/USER/NAME/text()' )
> 
> 
> Cheers,
> Nicolas AGIUS
> 
> --- En date de : Mar 28.8.12, Hyun Woo Kim  a écrit :
> 
> De: Hyun Woo Kim 
> Objet: Re: [one-users] Context variables - getting username
> À: "Jon Burger" 
> Cc: "" 
> Date: Mardi 28 août 2012, 17h04
> 
> Hi,
> 
> Yesterday I learned from ON developer Ruben that
> for instance oneadmin can do
> oneuser update ID(of the user who actually instantiates the VM template) 
> which will open an editor where oneadmin can type in
> NAME="the username you want".
> This will enable $USER[NAME] to return "the username you want" in the CONTEXT.
> 
> Hope this helps.
> Hyunwoo
> 
> 
> On Aug 27, 2012, at 6:42 PM, Jon Burger wrote:
> 
> > Hello,
> > 
> > I would like to know if there is a context variable that contains the 
> > username of the person creating the VM.  We have OpenNebula authenticating 
> > against active directory and wish to pass the username into the VM to 
> > create the user id locally (in the case of Linux use kerberose).
> > 
> > I understand I can get UserID eg $UID, and that by using $USER[TEMPLATE] 
> > can receive a 64bit encoded XML string that contains the username, but I'd 
> > rather not parse XML if I can help it as that feels a little dirty to me.
> > 
> > We have tried the obvious $USER[NAME] - which always returns null.  
> > 
> > It may just be a bug, but before submitting I thought I would ask.
> > 
> > Thanks,
> > 
> > Jon
> > ___
> > Users mailing list
> > Users@lists.opennebula.org
> > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
> 
> 
> -La pièce jointe associée suit-
> 
> ___
> Users mailing list
> Users@lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org



smime.p7s
Description: S/MIME cryptographic signature
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] Using USER template variable in VM Template

[Hyun Woo Kim]

Dear Ruben,

Thanks very much for quick responses from ON developers.
We will try this patch.

Hyunwoo

On Aug 28, 2012, at 10:05 AM, Ruben S. Montero wrote:

> Hi
> 
> There is a patch at [1]. You can apply it to OpenNebula3.6, recompile and 
> reinstall or just copy the oned binary.
> 
> Cheers
> 
> Ruben
> 
> [1] http://dev.opennebula.org/issues/1428
> 
> On Tue, Aug 28, 2012 at 5:23 AM, Hyun Woo Kim  wrote:
> Dear Ruben,
> 
> Your answer below about using oneuser update to modify  of user's 
> information
> works perfectly for me(us)!!
> Thank you very much for your kind and persistent answers.
> 
> Also, please let me know of the patch that you mentioned will be available in 
> a few days.
> (about a new variable for user name similar to UID..)
> That will be another solution..
> 
> Thanks again.
> Hyunwoo
> FermiCloud Project
> 
> 
> 
> =
> Question 2.
> Are SSH_KEY and TEMPLATE the only two s available
>  for $USER? or is there more? if so, what are they?
> why can I not use NAME like
> CONTEXT = [
> username = $USER[NAME, USER_ID=$VID]
> ]
> 
> 
> 1.- Templates are free form, you can add anything you want. Please try, in 
> the command line:
> 
> >oneuser update
> ...
> This will open your EDITOR, using the standard syntax you can add any 
> variable, e.g.:
> NAME=my_user_name
> PASSWORD=mypass
> SSH_KEY=AHxa245...
> LOGIN=my_login
> 
> Then simply add to the VM template:
> 
> CONTEXT = [
> username = $USER[NAME]
> login = $USER[LOGIN]
> ssh = $USER[SSH_KEY]
> ]
> 
> 2.- You do not need to "qualify" the USER, it will always refer to the user 
> creating the VM. Note that otherwise that will be a security hole, as you 
> could access other user data.
> 
> 3.- There are no variables in the user template by default. Note the 
>  element in oneuser show -x, before and after adding template 
> variables with oneuser update.
> 
> 
> From: Ruben S. Montero 
> [rsmont...@opennebula.org<mailto:rsmont...@opennebula.org>]
> Sent: Sunday, August 26, 2012 4:33 PM
> To: Hyun Woo Kim
> Cc: users@lists.opennebula.org<mailto:users@lists.opennebula.org>
> Subject: Re: [one-users] Using USER template variable in VM Template
> 
> Hi
> 
> If you look at the output of the XML, -x option, there is something like:
> 
>   
> 6
> 1
> users
> demo
> 89e495e7941cf9e40e6980d14a16bf023ccd4c91
> core
> 1
> 
> 
> 
> 
> 
>   
> 
> You can access to anything inside the  element, empty by default.
> 
> There is no direct way to include that information in a VM Template.
> This can be done at the API level with some hacking. (Unless you add
> NAME to TEMPLATE)
> 
> The original set of pre-defined variables UID, TEMPLATE aren't
> obviously up-to-date. I've filled an issue to address this for the
> next release [1].
> 
> Thanks
> 
> Ruben
> 
> [1] http://dev.opennebula.org/issues/1428
> 
> On Sun, Aug 26, 2012 at 11:07 PM, Hyun Woo Kim 
> mailto:hyun...@fnal.gov>> wrote:
> > Hi,
> >
> > Thanks very much for the response.
> >
> > Actually, your answer seems a bit different from what the manual says
> > and what I observe.
> >
> > I observe that the "USERS" actually have "TEMPLATE" attribute
> > which returns the contents of "user_pool" in the database
> > (We are using MySQL).
> > The contents of MySQL "user_pool" contain NAME field.
> > I thought these fields in DB and s of USER template
> > somehow are related..
> >
> > Let me simplify my original question.
> > Is there anyway to fetch the NAME field of the DB for the
> > user who does "onetemplate instantiate"..?
> >
> > Thanks,
> > Hyunwoo
> >
> >
> >
> > Current version of OpenNebula can only access template variables from
> > users, or networks. By default users have an empty template, so there
> > is no NAME variable unless you define it, e.g. oneuser update. About
> > $UID, this variable is predefined so the OpenNebula core it is not
> > actually accessing the user information but that stored in the VM.
> >
> > Cheers
> >
> > Ruben
> >
> > On Fri, Aug 24, 2012 at 10:37 PM, Hyun Woo Kim 
> > mailto:hyun...@fnal.gov>> wrote:
> >> Dear Developers,
> >>
> >> I want to define a variable "username" in CONTEXT
> >> and replace it by a real user name who does
> >> onetempl

Re: [one-users] Context variables - getting username

[Hyun Woo Kim]

Hi,

Yesterday I learned from ON developer Ruben that
for instance oneadmin can do
oneuser update ID(of the user who actually instantiates the VM template) 
which will open an editor where oneadmin can type in
NAME="the username you want".
This will enable $USER[NAME] to return "the username you want" in the CONTEXT.

Hope this helps.
Hyunwoo


On Aug 27, 2012, at 6:42 PM, Jon Burger wrote:

> Hello,
> 
> I would like to know if there is a context variable that contains the 
> username of the person creating the VM.  We have OpenNebula authenticating 
> against active directory and wish to pass the username into the VM to create 
> the user id locally (in the case of Linux use kerberose).
> 
> I understand I can get UserID eg $UID, and that by using $USER[TEMPLATE] can 
> receive a 64bit encoded XML string that contains the username, but I'd rather 
> not parse XML if I can help it as that feels a little dirty to me.
> 
> We have tried the obvious $USER[NAME] - which always returns null.  
> 
> It may just be a bug, but before submitting I thought I would ask.
> 
> Thanks,
> 
> Jon
> ___
> Users mailing list
> Users@lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org



smime.p7s
Description: S/MIME cryptographic signature
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] Using USER template variable in VM Template

[Hyun Woo Kim]

Dear Ruben,

Your answer below about using oneuser update to modify  of user's 
information
works perfectly for me(us)!!
Thank you very much for your kind and persistent answers.

Also, please let me know of the patch that you mentioned will be available in a 
few days.
(about a new variable for user name similar to UID..)
That will be another solution..

Thanks again.
Hyunwoo
FermiCloud Project



=
Question 2.
Are SSH_KEY and TEMPLATE the only two s available
 for $USER? or is there more? if so, what are they?
why can I not use NAME like
CONTEXT = [
username = $USER[NAME, USER_ID=$VID]
]


1.- Templates are free form, you can add anything you want. Please try, in the 
command line:

>oneuser update
...
This will open your EDITOR, using the standard syntax you can add any variable, 
e.g.:
NAME=my_user_name
PASSWORD=mypass
SSH_KEY=AHxa245...
LOGIN=my_login

Then simply add to the VM template:

CONTEXT = [
username = $USER[NAME]
login = $USER[LOGIN]
ssh = $USER[SSH_KEY]
]

2.- You do not need to "qualify" the USER, it will always refer to the user 
creating the VM. Note that otherwise that will be a security hole, as you could 
access other user data.

3.- There are no variables in the user template by default. Note the 
 element in oneuser show -x, before and after adding template 
variables with oneuser update.


From: Ruben S. Montero 
[rsmont...@opennebula.org<mailto:rsmont...@opennebula.org>]
Sent: Sunday, August 26, 2012 4:33 PM
To: Hyun Woo Kim
Cc: users@lists.opennebula.org<mailto:users@lists.opennebula.org>
Subject: Re: [one-users] Using USER template variable in VM Template

Hi

If you look at the output of the XML, -x option, there is something like:

  
6
1
users
demo
89e495e7941cf9e40e6980d14a16bf023ccd4c91
core
1





  

You can access to anything inside the  element, empty by default.

There is no direct way to include that information in a VM Template.
This can be done at the API level with some hacking. (Unless you add
NAME to TEMPLATE)

The original set of pre-defined variables UID, TEMPLATE aren't
obviously up-to-date. I've filled an issue to address this for the
next release [1].

Thanks

Ruben

[1] http://dev.opennebula.org/issues/1428

On Sun, Aug 26, 2012 at 11:07 PM, Hyun Woo Kim 
mailto:hyun...@fnal.gov>> wrote:
> Hi,
>
> Thanks very much for the response.
>
> Actually, your answer seems a bit different from what the manual says
> and what I observe.
>
> I observe that the "USERS" actually have "TEMPLATE" attribute
> which returns the contents of "user_pool" in the database
> (We are using MySQL).
> The contents of MySQL "user_pool" contain NAME field.
> I thought these fields in DB and s of USER template
> somehow are related..
>
> Let me simplify my original question.
> Is there anyway to fetch the NAME field of the DB for the
> user who does "onetemplate instantiate"..?
>
> Thanks,
> Hyunwoo
>
>
>
> Current version of OpenNebula can only access template variables from
> users, or networks. By default users have an empty template, so there
> is no NAME variable unless you define it, e.g. oneuser update. About
> $UID, this variable is predefined so the OpenNebula core it is not
> actually accessing the user information but that stored in the VM.
>
> Cheers
>
> Ruben
>
> On Fri, Aug 24, 2012 at 10:37 PM, Hyun Woo Kim 
> mailto:hyun...@fnal.gov>> wrote:
>> Dear Developers,
>>
>> I want to define a variable "username" in CONTEXT
>> and replace it by a real user name who does
>> onetemplate instantiate
>>
>> The CONTEXT section of my VM Template looks like the following;
>> CONTEXT = [
>> username= "$USER[NAME]"
>> ]
>>
>> I am following the instruction in
>> http://opennebula.org/documentation:archives:rel3.2:template
>> which says at the bottom ;
>> ...
>> Using User template variables
>> $USER[  ]: Any single value variable in the user template
>> for example: ssh_key = "$USER[SSH_KEY]"
>> The user_attribute can be TEMPLATE to include…
>> …..
>>
>>
>> So, I thought NAME can be one possible  like TEMPLATE,
>> but this does not work..
>> I even tried
>> username= "$USER[NAME, USER_ID=$UID]"
>> username= "$USER[NAME, ID=$UID]"
>> username= "$USER[NAME, USER_ID=2]"
>> username= "$USER[NAME, ID=2]"
>> All fail..
>>
>> By the way,
>> username= "$UID" works and username is assigned my correct user id
>>
>> What am I doing wrong here?
>>
>>
>> Thank you

Re: [one-users] Using USER template variable in VM Template

[Hyun Woo Kim]

Dear Ruben,

Thanks again for your response, I appreciate that.

I am willing to hack the relevant API that will enable this.
Before doing that, let me rephrase my questions one more time to clarify what I 
want,
in order to find out which part will be the easiest to hack..


The manual says that  possible values for VARIABLE in CONTEXT section are
1. hardcoded values
2. template variables such $VMID or $NIC which are sections in the VM template
3. $NETWORK or $IMAGE or $USER like
   $NETWORK[attribute, NETWORK_ID=3]
   $IMAGE[attribute, IMAGE_ID=2]
   $USER[attribute, USER_ID=3] where attribute can be SSH_KEY or TEMPLATE
4. pre-defined variable: $UID and $TEMPLATE.

Question 1.
As UID points to the ID of the user(owner of the VM),
is it possible to create a new "pre-defined variable" USERNAME or UNAME
which points to the name of the owner of the VM?

Question 2.
Are SSH_KEY and TEMPLATE the only two s available
 for $USER? or is there more? if so, what are they?
why can I not use NAME like
CONTEXT = [
username = $USER[NAME, USER_ID=$VID]
]


Question(s) 3.
Two major standard sections(DISK and NETWORK) in a VM Template
they must access the database as follows;
1. DISK: this must access image_pool
2. NETWORK : this must access network_pool
Is this correct?

Then, if I define a new section for instance USER2
(I am not using USER, because it is already reserved keywork, right?)

USER2 = [ USER_ID=$UID ]
(assuming the predefined UID can be used in other sections as well besides 
CONTEXT)

and in the CONTEXT section,

CONTEXT = [
username = $USER2[NAME]
]

will this access the user_pool in the DB and get the NAME?

If this does not work in the current configuration,
can I modify the source code to enable this just like DISK and NETWORK sections
access the DB?

Thank you.
Hyunwoo




From: Ruben S. Montero [rsmont...@opennebula.org]
Sent: Sunday, August 26, 2012 4:33 PM
To: Hyun Woo Kim
Cc: users@lists.opennebula.org
Subject: Re: [one-users] Using USER template variable in VM Template

Hi

If you look at the output of the XML, -x option, there is something like:

  
6
1
users
demo
89e495e7941cf9e40e6980d14a16bf023ccd4c91
core
1





  

You can access to anything inside the  element, empty by default.

There is no direct way to include that information in a VM Template.
This can be done at the API level with some hacking. (Unless you add
NAME to TEMPLATE)

The original set of pre-defined variables UID, TEMPLATE aren't
obviously up-to-date. I've filled an issue to address this for the
next release [1].

Thanks

Ruben

[1] http://dev.opennebula.org/issues/1428

On Sun, Aug 26, 2012 at 11:07 PM, Hyun Woo Kim  wrote:
> Hi,
>
> Thanks very much for the response.
>
> Actually, your answer seems a bit different from what the manual says
> and what I observe.
>
> I observe that the "USERS" actually have "TEMPLATE" attribute
> which returns the contents of "user_pool" in the database
> (We are using MySQL).
> The contents of MySQL "user_pool" contain NAME field.
> I thought these fields in DB and s of USER template
> somehow are related..
>
> Let me simplify my original question.
> Is there anyway to fetch the NAME field of the DB for the
> user who does "onetemplate instantiate"..?
>
> Thanks,
> Hyunwoo
>
>
>
> Current version of OpenNebula can only access template variables from
> users, or networks. By default users have an empty template, so there
> is no NAME variable unless you define it, e.g. oneuser update. About
> $UID, this variable is predefined so the OpenNebula core it is not
> actually accessing the user information but that stored in the VM.
>
> Cheers
>
> Ruben
>
> On Fri, Aug 24, 2012 at 10:37 PM, Hyun Woo Kim  wrote:
>> Dear Developers,
>>
>> I want to define a variable "username" in CONTEXT
>> and replace it by a real user name who does
>> onetemplate instantiate
>>
>> The CONTEXT section of my VM Template looks like the following;
>> CONTEXT = [
>> username= "$USER[NAME]"
>> ]
>>
>> I am following the instruction in
>> http://opennebula.org/documentation:archives:rel3.2:template
>> which says at the bottom ;
>> ...
>> Using User template variables
>> $USER[  ]: Any single value variable in the user template
>> for example: ssh_key = "$USER[SSH_KEY]"
>> The user_attribute can be TEMPLATE to include…
>> …..
>>
>>
>> So, I thought NAME can be one possible  like TEMPLATE,
>> but this does not work..
>> I even tried
>> username= "$USER[NAME, USER_ID=$UID]"
>> username= "$USER[NAME, ID=$UID]"
>> username= "$USE

Re: [one-users] Using USER template variable in VM Template

[Hyun Woo Kim]

Hi,

Thanks very much for the response.

Actually, your answer seems a bit different from what the manual says
and what I observe.

I observe that the "USERS" actually have "TEMPLATE" attribute
which returns the contents of "user_pool" in the database
(We are using MySQL).
The contents of MySQL "user_pool" contain NAME field.
I thought these fields in DB and s of USER template
somehow are related..

Let me simplify my original question.
Is there anyway to fetch the NAME field of the DB for the 
user who does "onetemplate instantiate"..?

Thanks,
Hyunwoo



Current version of OpenNebula can only access template variables from
users, or networks. By default users have an empty template, so there
is no NAME variable unless you define it, e.g. oneuser update. About
$UID, this variable is predefined so the OpenNebula core it is not
actually accessing the user information but that stored in the VM.

Cheers

Ruben

On Fri, Aug 24, 2012 at 10:37 PM, Hyun Woo Kim  wrote:
> Dear Developers,
>
> I want to define a variable "username" in CONTEXT
> and replace it by a real user name who does
> onetemplate instantiate
>
> The CONTEXT section of my VM Template looks like the following;
> CONTEXT = [
> username= "$USER[NAME]"
> ]
>
> I am following the instruction in
> http://opennebula.org/documentation:archives:rel3.2:template
> which says at the bottom ;
> ...
> Using User template variables
> $USER[  ]: Any single value variable in the user template
> for example: ssh_key = "$USER[SSH_KEY]"
> The user_attribute can be TEMPLATE to include…
> …..
>
>
> So, I thought NAME can be one possible  like TEMPLATE,
> but this does not work..
> I even tried
> username= "$USER[NAME, USER_ID=$UID]"
> username= "$USER[NAME, ID=$UID]"
> username= "$USER[NAME, USER_ID=2]"
> username= "$USER[NAME, ID=2]"
> All fail..
>
> By the way,
> username= "$UID" works and username is assigned my correct user id
>
> What am I doing wrong here?
>
>
> Thank you.
> Hyunwoo
> ___
> Users mailing list
> Users@lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>



--
Ruben S. Montero, PhD
Project co-Lead and Chief Architect
OpenNebula - The Open Source Solution for Data Center Virtualization
www.OpenNebula.org | rsmont...@opennebula.org | @OpenNebula
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

[one-users] Using USER template variable in VM Template

[Hyun Woo Kim]

Dear Developers,

I want to define a variable "username" in CONTEXT
and replace it by a real user name who does
onetemplate instantiate 

The CONTEXT section of my VM Template looks like the following;
CONTEXT = [
username= "$USER[NAME]"
]

I am following the instruction in
http://opennebula.org/documentation:archives:rel3.2:template 
which says at the bottom ;
...
Using User template variables
$USER[  ]: Any single value variable in the user template
for example: ssh_key = "$USER[SSH_KEY]"
The user_attribute can be TEMPLATE to include…
…..


So, I thought NAME can be one possible  like TEMPLATE,
but this does not work..
I even tried
username= "$USER[NAME, USER_ID=$UID]"
username= "$USER[NAME, ID=$UID]"
username= "$USER[NAME, USER_ID=2]"
username= "$USER[NAME, ID=2]"
All fail..

By the way,
username= "$UID" works and username is assigned my correct user id

What am I doing wrong here?


Thank you.
Hyunwoo

smime.p7s
Description: S/MIME cryptographic signature
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

[one-users] questions on sunstone and serveradmin with x509

[Hyun Woo Kim]

Dear ONe developers,

(We are using OpenNebula 3.2)

We are using SunStone GUI with my x509 certificate imported in my 
browser(firefox or chrome)
which means etc/sunstone-server.conf  is configured in the following way,
   :auth: x509
   :core_auth: x509

We also configured so that serveramin uses server_x509.

The manual says that 
for serveradmin who uses server_x509 driver, 
a special-format token will be created which contains
serveradmin:target_username:secret.

I have two questions:
1. I would like to know where this token can be found.
I guess if I explicitly do "oneuser login serveradmin   ",
it will be created somewhere such as /var/lib/one/.one,
   but in my situation, I do not do it but only use SunStone GUI..

2. When I enable the following line in remotes/auth/server_x509/authenticate,
OpenNebula.log_debug("Authenticating #{user}, with password #{pass} 
(#{secret})")
oned.log shows the secret part.
  When I perform base64 twice on the secret and then rsa-decode, 
  I see serveradmin:serveradmin:1342645861,
 not serveradmin:target_user:1342645861,
I think this can be expected as server_x509_auth.rb shows,
  def login_token(expire, target_user=nil)
target_user ||= @options[:srv_user]
token_txt   =   "#{@options[:srv_user]}:#{target_user}:#{expire}"
   How can I enable SunStone to pass target_user (who uses SS with a 
certificate) to login_token?

Thanks,
Hyunwoo
FermiCloud Project






smime.p7s
Description: S/MIME cryptographic signature
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] Monitoring in the dashboard of SunStone not working for our OpenNebula3.2

[Hyun Woo Kim]

Oh, you are right, 
when I look at the graphs for individual nodes,
I can see some activity.
I could not see the activity in the global dashboard plots because of the 
scaling issue
as the max was too high compared to usage numbers..

Thanks for your help..
Hyunwoo


On Jul 10, 2012, at 4:26 PM, Hector Sanjuan wrote:

> Are the hosts reporting >0 monitoring values in the hosts tab? (or in the
> CLI running onehost show )? Is it only the global graphos or are the
> individual monitoring graphs per host showing wrongly?
> 
> H
> 
> En Tue, 10 Jul 2012 23:12:01 +0200, Hyun Woo Kim 
> escribió:
> 
>> Right, sorry, I should have been more accurate,
>> 
>> cpu/mem_usage and used_cpu/mem are zeros..
>> whereas max is correct
>> 
>> Thanks,
>> Hyunwoo
>> 
>> 
>> On Jul 10, 2012, at 4:05 PM, Hector Sanjuan wrote:
>> 
>>> Hello,
>>> 
>>> hmm what do you mean not correct? Are they 0, are they a wrong value? Could 
>>> you provide a screenshot?
>>> 
>>> Hector
>>> 
>>> En Tue, 10 Jul 2012 22:46:13 +0200, Hyun Woo Kim  
>>> escribió:
>>> 
>>>> Dear developers,
>>>> 
>>>> We are using OpenNebula 3.2.
>>>> 
>>>> Our SunStone dashboard seems to show correct "Total VM count" and "VM 
>>>> Network stats" plots.
>>>> 
>>>> But upper two plots,  "Hosts CPU" and "Hosts memory"
>>>> do not show correct "cpu/mem_usage" and "used_cpu/mem"
>>>> while "max_cpu/mem" looks ok.
>>>> 
>>>> I followed the instructions n
>>>> http://www.opennebula.org/documentation:archives:rel3.2:acctd_conf
>>>> - I first "gem install"ed json and sequel. (sqlite3 is not installed 
>>>> obviously as we are using mysql)
>>>> - then I modified /etc/one/acctd.conf to use mysql and left all the rest 
>>>> to the default values..
>>>> 
>>>> Am I missing any important steps?
>>>> 
>>>> Thanks.
>>>> Hyunwoo,
>>>> 
>>>> FermiCloud Project
>>>> Fermilab Computing Sector
>>>> 
>>> 
>>> 
>>> --
>>> Hector Sanjuan
>>> OpenNebula Developer
>>> ___
>>> Users mailing list
>>> Users@lists.opennebula.org
>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>> 
> 
> 
> -- 
> Hector Sanjuan
> OpenNebula Developer
> ___
> Users mailing list
> Users@lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org



smime.p7s
Description: S/MIME cryptographic signature
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] Monitoring in the dashboard of SunStone not working for our OpenNebula3.2

[Hyun Woo Kim]

Right, sorry, I should have been more accurate,

cpu/mem_usage and used_cpu/mem are zeros..
whereas max is correct

Thanks,
Hyunwoo


On Jul 10, 2012, at 4:05 PM, Hector Sanjuan wrote:

> Hello,
> 
> hmm what do you mean not correct? Are they 0, are they a wrong value? Could 
> you provide a screenshot?
> 
> Hector
> 
> En Tue, 10 Jul 2012 22:46:13 +0200, Hyun Woo Kim  escribió:
> 
>> Dear developers,
>> 
>> We are using OpenNebula 3.2.
>> 
>> Our SunStone dashboard seems to show correct "Total VM count" and "VM 
>> Network stats" plots.
>> 
>> But upper two plots,  "Hosts CPU" and "Hosts memory"
>> do not show correct "cpu/mem_usage" and "used_cpu/mem"
>> while "max_cpu/mem" looks ok.
>> 
>> I followed the instructions n
>> http://www.opennebula.org/documentation:archives:rel3.2:acctd_conf
>> - I first "gem install"ed json and sequel. (sqlite3 is not installed 
>> obviously as we are using mysql)
>> - then I modified /etc/one/acctd.conf to use mysql and left all the rest to 
>> the default values..
>> 
>> Am I missing any important steps?
>> 
>> Thanks.
>> Hyunwoo,
>> 
>> FermiCloud Project
>> Fermilab Computing Sector
>> 
> 
> 
> -- 
> Hector Sanjuan
> OpenNebula Developer
> ___
> Users mailing list
> Users@lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org



smime.p7s
Description: S/MIME cryptographic signature
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

[one-users] Monitoring in the dashboard of SunStone not working for our OpenNebula3.2

[Hyun Woo Kim]

Dear developers,

We are using OpenNebula 3.2.

Our SunStone dashboard seems to show correct "Total VM count" and "VM Network 
stats" plots.

But upper two plots,  "Hosts CPU" and "Hosts memory" 
do not show correct "cpu/mem_usage" and "used_cpu/mem"
while "max_cpu/mem" looks ok.

I followed the instructions n
http://www.opennebula.org/documentation:archives:rel3.2:acctd_conf
- I first "gem install"ed json and sequel. (sqlite3 is not installed obviously 
as we are using mysql)
- then I modified /etc/one/acctd.conf to use mysql and left all the rest to the 
default values..

Am I missing any important steps?

Thanks.
Hyunwoo, 

FermiCloud Project
Fermilab Computing Sector



smime.p7s
Description: S/MIME cryptographic signature
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] a question on restricted use of context files by normal users in ONe3.2

[Hyun Woo Kim]

Thanks very much for the message.
We appreciate quick responses from opennebula developers..

Hyunwoo


On Jul 3, 2012, at 11:12 AM, Carlos Martín Sánchez wrote:

> Hi,
> 
> Since OpenNebula 3.4 you can change the restricted attributes in oned.conf, 
> see [1].
> 
> If for any reason you can't upgrade, the only option you have left is to 
> modify the code. The list of restricted VM attributes is defined in 
> src/vm/VirtualMachineTemplate.cc, 
> VirtualMachineTemplate::RESTRICTED_ATTRIBUTES
> 
> 
> Regards
> 
> [1] 
> http://opennebula.org/documentation:rel3.4:compatibility#configuration_and_administration
> --
> Carlos Martín, MSc
> Project Engineer
> OpenNebula - The Open-source Solution for Data Center Virtualization
> www.OpenNebula.org | cmar...@opennebula.org | @OpenNebula
> 
> 
> 
> On Mon, Jul 2, 2012 at 11:39 PM, Hyun Woo Kim  wrote:
> I am deploying OpenNebula 3.2 and I am observing a new feature different from 
> ONe 3.0.
> 
> When a normal user in the "users" group wants to use the "files" attribute in 
> CONTEXT
> and instantiate a new VM, we are getting the following error message;
> [TemplateInstantiate] Error allocating a new virtual machine. VM Template 
> includes a restricted attribute CONTEXT/FILES.
> 
> I know that if the normal user can belong to oneadmin group, this error does 
> not appear.
> 
> If this is actually how ONe3.2 works, can we get around this and let normal 
> users use CONTEXT/FILES
> without having to change the user's group to oneadmin?
> 
> Thank you.
> Hyunwoo
> 
> 
> 
> ___
> Users mailing list
> Users@lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
> 
> 



smime.p7s
Description: S/MIME cryptographic signature
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

[one-users] a question on restricted use of context files by normal users in ONe3.2

[Hyun Woo Kim]

I am deploying OpenNebula 3.2 and I am observing a new feature different from 
ONe 3.0.

When a normal user in the "users" group wants to use the "files" attribute in 
CONTEXT
and instantiate a new VM, we are getting the following error message;
[TemplateInstantiate] Error allocating a new virtual machine. VM Template 
includes a restricted attribute CONTEXT/FILES.

I know that if the normal user can belong to oneadmin group, this error does 
not appear.

If this is actually how ONe3.2 works, can we get around this and let normal 
users use CONTEXT/FILES
without having to change the user's group to oneadmin?

Thank you.
Hyunwoo




smime.p7s
Description: S/MIME cryptographic signature
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org