Re: DDOS Attacks from my virtual Router

2024-02-08 Thread Jayanth Reddy
Hi, Allocated means that it is assigned somewhere. You'll need to check the Public IP Address tab. Use the shared GH issue for exceptional case. The VR does bind only on the internal network. No, manually updating packages on VRs and System VMs might produce strange results. Please provision the

Re: DDOS Attacks from my virtual Router

2024-02-08 Thread Wei ZHOU
Hi, The issue was very old (happened in 2017). I do not believe the recent dnsmasq/cloudstack still have the same problem. What cloudstack version do you use ? "Allocated" public ip addresses, which do not have associated VM, could be used as source nat, port forwarding or load balancer, or even

Re: DDOS Attacks from my virtual Router

2024-02-08 Thread Granwille Strauss
Hi Yes, I have Advanced network set up. I am going to check for the allocated IPs that have zero VMs associated via the DB and see what I can find. I see more than one that is "allocated" in different guest networks. However, I would appreciate any clues or tips, as I have barely touched CS d

Re: Agent Stuck in Activating State

2024-02-08 Thread Wei ZHOU
That's strange The agent talks to the management server, not the database. Did you install cloudstack-management on the kvm host ? -Wei On Fri, 9 Feb 2024 at 08:29, Bharat Bhushan Saini wrote: > Hi Wei, > > > > The configuration of database is done and GUI is up and running but the > issue is

Re: Agent Stuck in Activating State

2024-02-08 Thread Bharat Bhushan Saini
Hi Wei, The configuration of database is done and GUI is up and running but the issue is with agent. Thanks and Regards, Bharat Saini [signature_4116628861] From: Wei ZHOU Date: Friday, 9 February 2024 at 12:57 PM To: users@cloudstack.apache.org Subject: Re: Agent Stuck in Activating State E

Re: Agent Stuck in Activating State

2024-02-08 Thread Wei ZHOU
Hi, Have you set up the database yet? If not, please refer to the "Set up the database." step on https://docs.cloudstack.apache.org/en/latest/installguide/management-server/_database.html If you have already set up the database (please check the tables in "cloud" database), and want to regenerate

Re: DDOS Attacks from my virtual Router

2024-02-08 Thread Wei ZHOU
+1 it looks like one of the VMs in the isolated network is compromised. try to capture the packets of port 53 (tcp/udp) by tcpdump in the virtual router, and see what is the source IP of the packets. -Wei On Fri, 9 Feb 2024 at 08:18, Jayanth Reddy wrote: > Hello, > The VR does process DNS quer

Re: DDOS Attacks from my virtual Router

2024-02-08 Thread Jayanth Reddy
Hello, The VR does process DNS queries, and if you're using cloud-init on VMs, the primary nameserver would be your VR IP. VR is usually configured to forward the requested DNS queries to upstream servers which is defined in the zone settings. So I guess one of the VMs should have gotten comprom

Re: DDOS Attacks from my virtual Router

2024-02-08 Thread Granwille Strauss
I found this: https://cloudstack.apache.org/blog/dnsmasq-vulnerabilities-advisory-for-cloudstack/ and applied the recommended steps to all my SVMs, whether this will work or not I am not sure. Do you guys maybe know of anything else that can be done. What are the implications of blocking port 5

DDOS Attacks from my virtual Router

2024-02-08 Thread Granwille Strauss
Hei My DC has just sent me notice that two of my IP addresses from the allocated subnets are responsible for amplifying DDOS attacks. One out of the two is my virtual router IP address. I was advised to firewall port 53 or deactivate recursive functions. Can you perhaps provide some in sight

Agent Stuck in Activating State

2024-02-08 Thread Bharat Bhushan Saini
Hi All, I install cloudstack on a bare metal and after all set up the agent service is not coming in the running state on ubuntu 22.04.3 with cloudstack 4.18.1 version. Some information I am sharing for your reference as below, Unable to load db configuration, using defaults with 5 connections

VXLAN+BGP with KVM/VTEP

2024-02-08 Thread David Amorín
Hi all, We are evaluating a change in our core network architecture, currently based on VLANs with advanced network in ACS. The change we want to implement is VXLAN+BGP, using hypervisors with KVM as VTEP (Thank you @Wido Den Hollander for sharing your knowle

Re: Unable to find the virtio-win package

2024-02-08 Thread Nux
Hello, Sorry to see virtio-win is not available in your Ubuntu distro. I tested a while back and the package was available, although I forget the version I used. Anyway, it's no big deal, can easily be worked around. So these are the files the RPM installs (as of 08-02-2024), they are basical

Re: db upgrade issue

2024-02-08 Thread Wei ZHOU
Hi, It seems you dumped the database and reimported it. When you dumped the database, you need to use "mysqldump -R" which stores the procedures. Related issue and workaround: https://github.com/apache/cloudstack/issues/8546 -Wei On 08/02/2024, Piotr Pisz wrote: > Hi, > > > > Unfortunately, the

Re: VMware to KVM Migration tool

2024-02-08 Thread Titus Baugus
This happens right after the Vm is done cloning in Vsphere. I was not able to attach the management log to this email. I have sent it to you separately. please let me know if that’s out of bonds or how to go about doing it in the future. Thanks From: Nicolas Vazquez Date: Wednesday, February

Re: Unable to find the virtio-win package

2024-02-08 Thread Jimmy Huybrechts
Hi, As far as I know you cannot, you need to add it to a VM as a separate ISO. -- Jimmy Van: Cloudstack Users Datum: donderdag, 8 februari 2024 om 14:23 Aan: users@cloudstack.apache.org Onderwerp: Re: Unable to find the virtio-win package OK, for those of us that are not that familiar with lin

Re: Regarding the Log4j upgrade

2024-02-08 Thread Guto Veronezi
Hello guys We finally merged PR #7131 [1]. With that, other PRs targeted to the branch "main" might get the conflict status. The PR #7131 [1] description contains instructions on how to fix the conflicts; however, if you have any doubts, do not hesitate to contact us. For those who have PRs t

db upgrade issue

2024-02-08 Thread Piotr Pisz
Hi, Unfortunately, the db upgrade from 4.18.1 to 4.19 is not performed, it stops here: 2024-02-08 14:19:19,631 DEBUG [c.c.u.d.ScriptRunner] (main:null) (logid:) -- Add remover account ID to quarantined IPs table. 2024-02-08 14:19:19,631 DEBUG [c.c.u.d.ScriptRunner] (main:null) (logid:) CAL

Re: Unable to find the virtio-win package

2024-02-08 Thread Cloudstack Users
OK, for those of us that are not that familiar with linux, can you please let me know how to get that from the ISO to an installer on the KVM host? Thank you. From: Wei ZHOU Date: Thursday, February 8, 2024 at 8:14 AM To: users@cloudstack.apache.org Subject: Re: Unable to find the virtio-win pa

Re: Unable to find the virtio-win package

2024-02-08 Thread Wei ZHOU
Hi, you can download the ISO from https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/ -Wei On Thu, 8 Feb 2024 at 14:10, Cloudstack Users wrote: > Hello, > > We are trying to install the virtio-win drivers on our Ubuntu 22.04 > installation for our KVM hosts. When we run the comma

Unable to find the virtio-win package

2024-02-08 Thread Cloudstack Users
Hello, We are trying to install the virtio-win drivers on our Ubuntu 22.04 installation for our KVM hosts. When we run the command as specified in the documentation, we get an error. https://docs.cloudstack.apache.org/en/latest/adminguide/virtual_machines.html#requirements-on-the-kvm-hosts For

Re: Issue Upgrade Cloudstack 4.18.1 to 4.19

2024-02-08 Thread Wei ZHOU
The log indicates the column already existed. You need to check the logs when it was added. Please check management server logs, not the "journalctl" output which only contains the recent logs. -Wei On Thu, 8 Feb 2024 at 09:21, Palash Biswas wrote: > Hi, > > Here you go. > > Feb 07 06:57:43 n2

Re: Issue Upgrade Cloudstack 4.18.1 to 4.19

2024-02-08 Thread Wei ZHOU
Hi, can you search "public_role" in your management server logs zgrep "public_role" /var/log/cloudstack/management/management-server.log* -Wei On Thu, 8 Feb 2024 at 01:33, Palash Biswas wrote: > Hi, > > Yes we got errors, that database failed to upgrade. > > Feb 07 06:57:43 n2ncs-mgmt01 java