Whoa. You mean it's not entirely my fault? :-) I should be able to use cloudmonkey to get around this bug, right?
Thanks again for all your help! On Thu, Sep 5, 2013 at 4:27 AM, Geoff Higginbottom < geoff.higginbot...@shapeblue.com> wrote: > Sorry just looked at screen shot and you do appear to running an advanced > zone. > > There have been a few GUI bugs creep in with 4.1.1 in relation to > networking, this looks like another I have not seen reported so please > raise it as an issue. > > CloudMonkey provides an easier way to use the API so yes you can just use > CloudMonkey > > Regards > > Geoff Higginbottom > CTO / Cloud Architect > > > D: +44 20 3603 0542<tel:+442036030542> | S: +44 20 3603 0540<tel: > +442036030540> | M: +447968161581<tel:+447968161581> > > geoff.higginbot...@shapeblue.com<mailto:geoff.higginbot...@shapeblue.com> > | www.shapeblue.com > > ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N 4HS > > > > On 5 Sep 2013, at 07:24, "Geoff Higginbottom" < > geoff.higginbot...@shapeblue.com<mailto:geoff.higginbot...@shapeblue.com>> > wrote: > > Nick, > > Are you using an Advanced or Basic Zone? > > Regards > > Geoff Higginbottom > CTO / Cloud Architect > > > D: +44 20 3603 0542<tel:+442036030542> | S: +44 20 3603 0540<tel: > +442036030540> | M: +447968161581<tel:+447968161581> > > geoff.higginbot...@shapeblue.com<mailto:geoff.higginbot...@shapeblue.com > ><mailto:geoff.higginbot...@shapeblue.com> | www.shapeblue.com< > http://www.shapeblue.com> > > ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N 4HS > > > > On 5 Sep 2013, at 01:57, "Nick Burke" <n...@nickburke.com<mailto: > n...@nickburke.com><mailto:n...@nickburke.com>> wrote: > > Hi Geoff, > > Thanks again for your reply and patience. I'm relieved to hear it's > possible with a little elbow grease! > > I have no problem starting again what-so-ever with anything. This is > preproduction. I've been doing regular 'drop database cloud's so anything > dangerous can easily be done. > > I think a large part of my problem is there is no "add guest network" in > Infrastructure / Zones / your-zone-name / Physical Network Tab / > your-network-name (the one with Guest Traffic) / Guest-Configure / Network > Tab. (See screen shot: http://i.imgur.com/fOtttgD.png ). There are no > "right click" options either. I'm running version 4.1.1, if there is some > kind of version thing happening here. > > > Regarding API, can I use cloudmonkey or do I have to start doing research > into the API calls? > > > On Wed, Sep 4, 2013 at 6:18 PM, Geoff Higginbottom < > geoff.higginbot...@shapeblue.com<mailto:geoff.higginbot...@shapeblue.com > ><mailto:geoff.higginbot...@shapeblue.com>> wrote: > > Hi Nick > > What you are trying to do is achievable, but you need to start again, as > once you have created a network which has taken its VLAN from the Default > Guest VLAN range you cannot change the network Offering to one which has > the 'Specify VLAN' option set. > > Fortunately you can create the new networks you need using the correct > Network Offerings, then use the 'addNicToVirtualMachine' and > 'removeNicFromVirtualMachine' API commands to add the new Networks to the > VM, and remove the old ones. > > > > I would create two network offerings, I'll call them 'External' and > 'Internal' > > 'External' should not have any 'Services' as it does not need them, that > way no VR will be created for this Network. Assign a 'Name'& 'Description', > and check the 'Specify VLAN' option as you want to manually set the VLAN ID > so it can connect to your external physical Router. You do not need the > 'Persistent' feature as there will be no VR. > > 'Internal' should have 'Specify VLAN' checked and 'DHCP' and 'DNS' > services enabled, all set to 'Virtual Router' You don't need the > 'Persistent' option as this simply keeps the VR running when you have no > VMs, and as you want to run a 'Intrusion Detection' VM you will always have > one running, and the VLAN is persistent even if do shut all VMs down, as > you used the 'Specify VLAN' option. > > To actually create the networks you cannot use the main 'Network' tab, you > must navigate to: > > Infrastructure / Zones / your-zone-name / Physical Network Tab / > your-network-name (the one with Guest Traffic) / Guest-Configure / Network > Tab > > Then click 'Add Guest Network' and set the 'scope' to account, you will > now see the two new Network Offerings listed (as long as you enabled them). > Create the 'External' Network with 'VLAN ID' of 200 and 'Guest Gateway' > set to the IP of the Physical Router connected to the Internet. Set the > 'Guest Start IP' and 'Guest End IP' range so that it spans the IP you want > to allocate to the External interface of your VM. Although you will be > setting the IP on the VM manually, and even though we did not assign the > DHCP service to this Network, CloudStack will still allocate an IP to this > VM and this will appear in the GUI. To keep things neat I always use the > API to allocate the IP of the VM when I create it so that the CloudStack > allocated IP and my manually configured IP are the same. > > Repeat the process to create your 'Internal' network, setting the 'VLAN > ID' to 100, the 'Guest Gateway' to the IP you intend to allocate to the > Internal Interface of your Intrusion Detection VM, and setting 'Guest Start > IP' and 'Guest End IP', ensuring they do not overlap the Guest Gateway. > Note that the VR which gets created to handle the DHCP and DNS will be > allocated the 1st IP from the Guest Range. > > Now create your Intrusion Detection VM using the API and not the GUI so > you can specify the IPs for the External and Internal Interfaces, and set > the External as the Default. Once created, you can add additional VMs onto > the Internal Network, and they will use the 'Intrusion Detection VM' as > their Gateway. > > Note that the VLANs you use for the External and Internal networks must be > outside of the default Guest VLAN Range. > > Regards > > Geoff Higginbottom > > D: +44 20 3603 0542 | S: +44 20 3603 0540 | M: +447968161581 > > geoff.higginbot...@shapeblue.com<mailto:geoff.higginbot...@shapeblue.com > ><mailto:geoff.higginbot...@shapeblue.com> > > -----Original Message----- > From: Nick Burke [mailto:n...@nickburke.com] > Sent: 04 September 2013 18:56 > To: users@cloudstack.apache.org<mailto:users@cloudstack.apache.org > ><mailto:users@cloudstack.apache.org> > Subject: Re: Some network offerings missing after creating them > > Hello Geoff, > > Thank you for replying! > > I went there and tried to change it to the service offering I wanted, but > once again the only one available is > DefaultIsolatedNetworkOfferingWithSourceNatService. There is no associated > VM's with this network. I can't add anything on that scree > > Here is a screenshot: http://imgur.com/ljrVYgP > > > I think I'm missing something dreadfully obvious or I'm not being clear on > what I'm trying to accomplish... or both! :-) > > > Here is my end goal: > > IE: VLAN100 has a public/static IP of 4.2.2.2/24 (internet facing) -> > Intrusion Prevention System (aka, a cloudstack VMserver running linux) -> > VLAN200 public/static 4.3.3.3/24 > > > Both virtual nics are public IP addresses. One side is on one vlan, the > other side is on a different one. All traffic routed from the internet must > go through this virtual machine to reach the target 4.3.3.3/24 network > and vice versa. > > > > > On Wed, Sep 4, 2013 at 2:59 PM, Geoff Higginbottom < > geoff.higginbot...@shapeblue.com<mailto:geoff.higginbot...@shapeblue.com > ><mailto:geoff.higginbot...@shapeblue.com>> wrote: > > Nick, > > You need to go to Infrastructure / Zone / Phys Networks / Guest > Networks etc to use this type of network offering. > > The Networks Tab only shows network offerings which have the 'Source NAT' > service enabled > > Regards > > Geoff Higginbottom > CTO / Cloud Architect > > > D: +44 20 3603 0542<tel:+442036030542> | S: +44 20 3603 0540<tel: > +442036030540> | M: +447968161581<tel:+447968161581> > > geoff.higginbot...@shapeblue.com<mailto:geoff.higginbot...@shapeblue.com > ><mailto:geoff.higginbot...@shapeblue.com><mailto: > geoff.higginbottom@shapeblue.c > om> > | www.shapeblue.com<http://www.shapeblue.com><http://www.shapeblue.com> > > ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N 4HS > > > > On 4 Sep 2013, at 17:53, "Nick Burke" <n...@nickburke.com<mailto: > n...@nickburke.com><mailto:n...@nickburke.com><mailto: > n...@nickburke.com<mailto:n...@nickburke.com><mailto:n...@nickburke.com>>> > wrote: > > Thank you for the reply! > > I am logged in through the GUI as the default admin user under the > ROOT domain. Just a quick clarification: I can see it under "Network > Offerings", but I can't actually use it/see it when I try to deploy an > instance and/or when creating a network. > > According to cloudmonkey, it's enabled (this is the default system > created one I'd like to use); > > CLOUD> list networkofferings > count = 8 > networkoffering: > name = DefaultIsolatedNetworkOffering > id = 14b2f56b-b941-4495-a9e6-377a756bee70 > availability = Optional > conservemode = True > displaytext = Offering for Isolated networks with no Source Nat > service forvpc = False guestiptype = Isolated isdefault = True > ispersistent = False networkrate = 200 > service: > name = Dhcp > provider: > name = VirtualRouter > > ====================================================================== > ========== > name = UserData > provider: > name = VirtualRouter > > ====================================================================== > ========== > name = Dns > provider: > name = VirtualRouter > > ====================================================================== > ========== serviceofferingid = d430a7fc-e294-4940-bd32-bb57a9caff3e > specifyipranges = True > specifyvlan = True > state = Enabled > traffictype = Guest > > > This is the one I created myself: > > CLOUD> list networkofferings id="e00234b0-9252-4541-9f82-7d575b8b131e" > count = 1 > networkoffering: > name = test > id = e00234b0-9252-4541-9f82-7d575b8b131e > availability = Optional > conservemode = False > displaytext = test > forvpc = False > guestiptype = Isolated > isdefault = False > ispersistent = True > networkrate = 200 > service: > name = Dhcp > provider: > name = VirtualRouter > > ====================================================================== > ========== > name = UserData > provider: > name = VirtualRouter > > ====================================================================== > ========== > name = Dns > provider: > name = VirtualRouter > > ====================================================================== > ========== serviceofferingid = d430a7fc-e294-4940-bd32-bb57a9caff3e > specifyipranges = True > specifyvlan = True > state = Enabled > traffictype = Guest > > > > > On Wed, Sep 4, 2013 at 1:48 PM, Chiradeep Vittal < > chiradeep.vit...@citrix.com<mailto:chiradeep.vit...@citrix.com><mailto: > chiradeep.vit...@citrix.com><mailto:chiradeep.vit...@citrix.com>> wrote: > > If the offering has 'specify VLAN', then only the admin should be able > to see it. > You can also use cloudmonkey to verify the offerings. > > > On 9/4/13 12:00 PM, "Nick Burke" <n...@nickburke.com<mailto: > n...@nickburke.com><mailto:n...@nickburke.com><mailto: > n...@nickburke.com<mailto:n...@nickburke.com><mailto:n...@nickburke.com>>> > wrote: > > I've read the documents, but I can't seem to find anything about this > even after google searching. > > Here is what I'm trying to accomplish: I'd like to have an external > hardware router handle the routing for certain networks. It's on VLAN10. > > Here is what I'm seeing: Only one network offering is showing up under > "network offering" in create a network and for instances. It is " > DefaultIsolatedNetworkOfferingWithSourceNatService" > > > I've tried creating a new network offering with specify vlan and > specify IP addresses, but it doesn't seem to ever show up to be used. > Additionally, there is a system created one that looks like it could > do it, "DefaultIsolatedNetworkOffering" but it too doesn't show up. > > If I create a network offering with the exact same options as as > DefaultIsolatedNetworkOfferingWithSourceNatService, it does show up > and can be used. > > > I'm in advanced networking mode for the zone, and as far as I can tell > everything is working well as expected. > > Does anyone have any place they can point me to for this or offer some > advice as to why at least the system DefaultIsolatedNetworkOffering > can't be used? > > -- > Nick > > *'What is a human being, then?' > 'A seed' > 'A... seed?' > 'An acorn that is unafraid to destroy itself in growing into a tree.' > -David Zindell, A Requiem for Homo Sapiens* > > > > > -- > Nick > > *'What is a human being, then?' > 'A seed' > 'A... seed?' > 'An acorn that is unafraid to destroy itself in growing into a tree.' > -David Zindell, A Requiem for Homo Sapiens* This email and any > attachments to it may be confidential and are intended solely for the > use of the individual to whom it is addressed. Any views or opinions > expressed are solely those of the author and do not necessarily > represent those of Shape Blue Ltd or related companies. If you are not > the intended recipient of this email, you must neither take any action > based upon its contents, nor copy or show it to anyone. Please contact > the sender if you believe you have received this email in error. Shape > Blue Ltd is a company incorporated in England & Wales. ShapeBlue > Services India LLP is operated under license from Shape Blue Ltd. > ShapeBlue is a registered trademark. > > > > > -- > Nick > > *'What is a human being, then?' > 'A seed' > 'A... seed?' > 'An acorn that is unafraid to destroy itself in growing into a tree.' > -David Zindell, A Requiem for Homo Sapiens* > This email and any attachments to it may be confidential and are intended > solely for the use of the individual to whom it is addressed. Any views or > opinions expressed are solely those of the author and do not necessarily > represent those of Shape Blue Ltd or related companies. If you are not the > intended recipient of this email, you must neither take any action based > upon its contents, nor copy or show it to anyone. Please contact the sender > if you believe you have received this email in error. Shape Blue Ltd is a > company incorporated in England & Wales. ShapeBlue Services India LLP is > operated under license from Shape Blue Ltd. ShapeBlue is a registered > trademark. > > > > > -- > Nick > > *'What is a human being, then?' > 'A seed' > 'A... seed?' > 'An acorn that is unafraid to destroy itself in growing into a tree.' > -David Zindell, A Requiem for Homo Sapiens* > This email and any attachments to it may be confidential and are intended > solely for the use of the individual to whom it is addressed. Any views or > opinions expressed are solely those of the author and do not necessarily > represent those of Shape Blue Ltd or related companies. If you are not the > intended recipient of this email, you must neither take any action based > upon its contents, nor copy or show it to anyone. Please contact the sender > if you believe you have received this email in error. Shape Blue Ltd is a > company incorporated in England & Wales. ShapeBlue Services India LLP is > operated under license from Shape Blue Ltd. ShapeBlue is a registered > trademark. > This email and any attachments to it may be confidential and are intended > solely for the use of the individual to whom it is addressed. Any views or > opinions expressed are solely those of the author and do not necessarily > represent those of Shape Blue Ltd or related companies. If you are not the > intended recipient of this email, you must neither take any action based > upon its contents, nor copy or show it to anyone. Please contact the sender > if you believe you have received this email in error. Shape Blue Ltd is a > company incorporated in England & Wales. ShapeBlue Services India LLP is > operated under license from Shape Blue Ltd. ShapeBlue is a registered > trademark. > -- Nick *'What is a human being, then?' 'A seed' 'A... seed?' 'An acorn that is unafraid to destroy itself in growing into a tree.' -David Zindell, A Requiem for Homo Sapiens*
