Re: Advanced network configuration

[cloudstackhelp]

Hi,


I have no idea why my emails don't turn out like they should. They are exactly 
like what you formatted when I send them out. Really apologise for that. I will 
try to send them from another device and I apologise in advance if there's 
still an issue.


I'm using Dell Cloud servers as the HVs so I'm constrained by dual gigabit NICs 
and dual 10gbe NICs by expansion card. Currently I am planning to use both 
10gbe ports as a bonded interface for storage traffic but I'm starting to 
wonder if it's an overkill. Maybe I'll split them between storage and guest 
traffic instead. Would it be advisable to trunk them or have dedicated networks?


Also, if all networks are segregated physically what is the point of VLAN 
tagging?


Thanks!

Josh



From: Nux!

Sent: Sunday, February 28, 21:16

Subject: Re: Advanced network configuration

To: users@cloudstack.apache.org



Here's the readable version, so others waste less time on this. 

Mate you really need to learn how to format emails, if you expect any kind of 
positive response. 


== 

Hi all, 


I've decided to go with the advanced network. I have some questions: 


1. Should the HV management interface be on a public IP or is it sufficient to 
have it on the private management network? 

2. I have 2 NICs on each HV to be split between Public, Guest & Management 
traffic (Storage traffic has its own 10GbE switch). 


Should I split them as: 

a. 2 NICs connected to a L3 switch with trunked ports for P,G&M VLANs or 

b. 1 NIC connected to a L3 switch for P&M VLANs and 1 NIC to a L2 switch with 
only G VLANs 

3. Is it advisible to mix Dell (Cisco style bulk VLAN trunking) switches with 
HP switches (HP style tagging each individual VLAN to ports) 

4. This article suggests a separate switch for the management server farm. 


Can I place the management server directly on the zone level L3 switch? Same 
for the secondary storage server. 

  

Should the hardware firewall be in front of the management server or in front 
of the zone level L3 switch? 

http://servermanagement24x7.com/wp-content/jk27/2013/07/Cloudstack-Networking-in-a-Zone.png5
 


What VLANs should each machine have access to? 


Thanks! 


Josh 

== 


And now some answers: 


1. Management can be private, though it might need some sort of NAT for certain 
things. For example I think the management server probes template/iso URLs when 
you add them, so it needs to be able to reach them. 


2. I would keep management completely separate, if you end up having high 
traffic (genuine or attacks) on Public or Guest nets, then management server 
might not be able to reach the HV for status checks in time and think it's down 
and start to do crazy things. I would add another NIC in the server for this 
purpose; if it's not possible then mix public and guest on a single NIC - think 
of the impact on performance. 


No reason comes to mind as to why you shouldn't be able to add management and 
secondary storage zone wide; but I think at this point in time only KVM 
supports zone-wide sec storage, so depends which HV you are using. 


HTH 




-- 

Sent from the Delta quadrant using Borg technology! 


Nux! 

www.nux.ro 


- Original Message - 

> From: "Josh Davis"  

> To: users@cloudstack.apache.org 

> Sent: Sunday, 28 February, 2016 12:21:50 

> Subject: Advanced network configuration 


> Hi all, 

> I've decided to go with the advanced network. I have some questions: 

> 1. Should the HV management interface be on a public IP or is it sufficient 
> to 

> have it on the private management network?2. I have 2 NICs on each HV to be 

> split between Public, Guest & Management traffic (Storage traffic has its own 

> 10GbE switch). Should I split them as:a. 2 NICs connected to a L3 switch with 

> trunked ports for P,G&M VLANs orb. 1 NIC connected to a L3 switch for P&M 
> VLANs 

> and 1 NIC to a L2 switch with only G VLANs3. Is it advisible to mix Dell 
> (Cisco 

> style bulk VLAN trunking) switches with HP switches (HP style tagging each 

> individual VLAN to ports)4. This article suggests a separate switch for the 

> management server farm. Can I place the management server directly on the 
> zone 

> level L3 switch? Same for the secondary storage server. Should the hardware 

> firewall be in front of the management server or in front of the zone level 
> L3 

> switch?http://servermanagement24x7.com/wp-content/jk27/2013/07/Cloudstack-Networking-in-a-Zone.png5.
>  

> What VLANs should each machine have access to? 

> Thanks!Josh 

Re: Advanced network configuration

[cloudstackhelp]

I forgot to add that I wanted 2 links for storage to have redundancy (separate 
switches to cut down on points of failure.






On Sun, Feb 28, 2016 at 5:55 AM -0800,  wrote:







Hi,


I have no idea why my emails don't turn out like they should. They are exactly 
like what you formatted when I send them out. Really apologise for that. I will 
try to send them from another device and I apologise in advance if there's 
still an issue.


I'm using Dell Cloud servers as the HVs so I'm constrained by dual gigabit NICs 
and dual 10gbe NICs by expansion card. Currently I am planning to use both 
10gbe ports as a bonded interface for storage traffic but I'm starting to 
wonder if it's an overkill. Maybe I'll split them between storage and guest 
traffic instead. Would it be advisable to trunk them or have dedicated networks?


Also, if all networks are segregated physically what is the point of VLAN 
tagging?


Thanks!

Josh



From: Nux!

Sent: Sunday, February 28, 21:16

Subject: Re: Advanced network configuration

To: users@cloudstack.apache.org



Here's the readable version, so others waste less time on this.

Mate you really need to learn how to format emails, if you expect any kind of 
positive response.


==

Hi all,


I've decided to go with the advanced network. I have some questions:


1. Should the HV management interface be on a public IP or is it sufficient to 
have it on the private management network?

2. I have 2 NICs on each HV to be split between Public, Guest & Management 
traffic (Storage traffic has its own 10GbE switch).


Should I split them as:

a. 2 NICs connected to a L3 switch with trunked ports for P,G&M VLANs or

b. 1 NIC connected to a L3 switch for P&M VLANs and 1 NIC to a L2 switch with 
only G VLANs

3. Is it advisible to mix Dell (Cisco style bulk VLAN trunking) switches with 
HP switches (HP style tagging each individual VLAN to ports)

4. This article suggests a separate switch for the management server farm.


Can I place the management server directly on the zone level L3 switch? Same 
for the secondary storage server.



Should the hardware firewall be in front of the management server or in front 
of the zone level L3 switch?

http://servermanagement24x7.com/wp-content/jk27/2013/07/Cloudstack-Networking-in-a-Zone.png5


What VLANs should each machine have access to?


Thanks!


Josh

==


And now some answers:


1. Management can be private, though it might need some sort of NAT for certain 
things. For example I think the management server probes template/iso URLs when 
you add them, so it needs to be able to reach them.


2. I would keep management completely separate, if you end up having high 
traffic (genuine or attacks) on Public or Guest nets, then management server 
might not be able to reach the HV for status checks in time and think it's down 
and start to do crazy things. I would add another NIC in the server for this 
purpose; if it's not possible then mix public and guest on a single NIC - think 
of the impact on performance.


No reason comes to mind as to why you shouldn't be able to add management and 
secondary storage zone wide; but I think at this point in time only KVM 
supports zone-wide sec storage, so depends which HV you are using.


HTH




--

Sent from the Delta quadrant using Borg technology!


Nux!

www.nux.ro


- Original Message -

> From: "Josh Davis" 

> To: users@cloudstack.apache.org

> Sent: Sunday, 28 February, 2016 12:21:50

> Subject: Advanced network configuration


> Hi all,

> I've decided to go with the advanced network. I have some questions:

> 1. Should the HV management interface be on a public IP or is it sufficient to

> have it on the private management network?2. I have 2 NICs on each HV to be

> split between Public, Guest & Management traffic (Storage traffic has its own

> 10GbE switch). Should I split them as:a. 2 NICs connected to a L3 switch with

> trunked ports for P,G&M VLANs orb. 1 NIC connected to a L3 switch for P&M 
> VLANs

> and 1 NIC to a L2 switch with only G VLANs3. Is it advisible to mix Dell 
> (Cisco

> style bulk VLAN trunking) switches with HP switches (HP style tagging each

> individual VLAN to ports)4. This article suggests a separate switch for the

> management server farm. Can I place the management server directly on the zone

> level L3 switch? Same for the secondary storage server. Should the hardware

> firewall be in front of the management server or in front of the zone level L3

> switch?http://servermanagement24x7.com/wp-content/jk27/2013/07/Cloudstack-Networking-in-a-Zone.png5.

> What VLANs should each machine have access to?

> Thanks!Josh

Re: Management server + MySQL server requirements

[cloudstackhelp]

Hi Simon,


Is there any way to estimate the size of the DB? Doesn't seem to be any 
documents on how much space to provision based on the expected size.


Josh






On Mon, Feb 29, 2016 at 11:48 AM -0800, "Simon Weller"  wrote:





Paul,


You could argue the same thing with your MySQL master. If you need to restart 
the server due to kernel updates et al, it's still going to require a failover 
to your backup MySQL server instance for all management servers.  Any CS 
management design should be built to deal with this and all management 
instances should be able to use a secondary synced database source.


In an ideal world, yes, separating the DB layer is a good idea. But if your ACS 
deployment isn't that large, co-locating the database with management should 
(and does) work fine.


- Si


From: Paul Angus 
Sent: Monday, February 29, 2016 1:20 PM
To: users@cloudstack.apache.org
Subject: RE: Management server + MySQL server requirements

Hi All,

I'd suggest that outside of a lab environment, the MySQL database(s) should 
never be in the same vm as any of the management services. The most critical 
reason being that if you wish to restart the management server which the MySQL 
master happens to be on, it will require the MySQL services to also be 
shutdown. If they are separated, then secondary management servers can continue 
to service requests and updates while the other mgmt. server is restarted.




[ShapeBlue]
Paul Angus
VP Technology   ,   ShapeBlue


d:  +44 203 617 0528 | s: +44 203 603 
0540 |  
m:  +44 7711 418784

e:  paul.an...@shapeblue.com | t: 
@cloudyangus  |
  w:  www.shapeblue.com

a:  53 Chandos Place, Covent Garden London WC2N 4HS UK


[cid:imageae9a7f.png@77afc97c.49946570]


Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services 
India LLP is a company incorporated in India and is operated under license from 
Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in 
Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd 
is a company registered by The Republic of South Africa and is traded under 
license from Shape Blue Ltd. ShapeBlue is a registered trademark.
This email and any attachments to it may be confidential and are intended 
solely for the use of the individual to whom it is addressed. Any views or 
opinions expressed are solely those of the author and do not necessarily 
represent those of Shape Blue Ltd or related companies. If you are not the 
intended recipient of this email, you must neither take any action based upon 
its contents, nor copy or show it to anyone. Please contact the sender if you 
believe you have received this email in error.




-Original Message-
From: Stavros Konstantaras [mailto:s.konstanta...@uva.nl]
Sent: 29 February 2016 11:16
To: users@cloudstack.apache.org
Subject: Re: Management server + MySQL server requirements

Hi Simon,

Your proposal is correct,I currently have the recommended setup: 2 machines 
with nice amount of cores and RAM, with management server and mysql installed. 
Usage server is not currently used, BUT we do use MySQL replication for some 
form of HA.

However, the drawback that I see is that the management server on the second 
head node must be down otherwise it causes the replication to fail pretty 
quickly. So in case of failure of the first head node the admin needs to login 
to the second head node and initiate the management server (or maybe you can 
script it and automate this).

Last requirement needed is a script that automates MySQL backups (crontab can 
be used for that).

Kind Regards
Stavros

> On 28 Feb 2016, at 00:06, Simon Weller  wrote:
>
> Josh,
>
> Unless you plan to create a massive cloud, there is probably no reason to 
> separate MySQL from the management server. It would actually be better to 
> deploy two management servers and then replicate MySQL over to the second 
> server for some form of HA.
>
> You don't really need SSDs. A couple of 10/15K SAS/SATA drives will be fine. 
> Most of the space allocate is for the MySQL databases. If you plan to use the 
> usage service, the stats collection will require more drive space. This is 
> configured as a separate MySQL database.
>
> I'd suggest you deploy a minimum of 16GB of RAM and 8 cores or so. If you 
> plan to grow the deployment rapidly, leave some empty memory slots for the 
> future.
>
> - Si
>
> 
> From: Josh Davis 
> Sent: Saturday, February 27, 2016 10:37 AM
> To: users@cloudstack.apache.org
> Subject: Management server + MySQL server requirements
>
> Hi all, apologies for the spam.
> This is the hardware suggestion for MySQL on the management server node. I'm 
> looking at a separate server for MySQL DB.
> Is the bulk of the 250GB requirem

Re: Management server + MySQL server requirements

[cloudstackhelp]

Hi Simon,


Looking at a 6-8 24core host cluster which will eventually be doubled in size



From: Simon Weller

Sent: Tuesday, March 1, 21:15

Subject: Re: Management server + MySQL server requirements

To: users@cloudstack.apache.org



Josh, 


Can you give us an idea of the size of your deployment? How many hosts? 



 

From: cloudstackh...@outlook.com  

Sent: Tuesday, March 1, 2016 6:09 AM 

To: users@cloudstack.apache.org; users@cloudstack.apache.org 

Subject: Re: Management server + MySQL server requirements 


Hi Simon, 



Is there any way to estimate the size of the DB? Doesn't seem to be any 
documents on how much space to provision based on the expected size. 



Josh 







On Mon, Feb 29, 2016 at 11:48 AM -0800, "Simon Weller"  wrote: 






Paul, 



You could argue the same thing with your MySQL master. If you need to restart 
the server due to kernel updates et al, it's still going to require a failover 
to your backup MySQL server instance for all management servers.  Any CS 
management design should be built to deal with this and all management 
instances should be able to use a secondary synced database source. 



In an ideal world, yes, separating the DB layer is a good idea. But if your ACS 
deployment isn't that large, co-locating the database with management should 
(and does) work fine. 



- Si 


 

From: Paul Angus  

Sent: Monday, February 29, 2016 1:20 PM 

To: users@cloudstack.apache.org 

Subject: RE: Management server + MySQL server requirements 


Hi All, 


I'd suggest that outside of a lab environment, the MySQL database(s) should 
never be in the same vm as any of the management services. The most critical 
reason being that if you wish to restart the management server which the MySQL 
master happens to be on, it will require the MySQL services to also be 
shutdown. If they are separated, then secondary management servers can continue 
to service requests and updates while the other mgmt. server is restarted. 





[ShapeBlue] 

Paul Angus 

VP Technology   ,   ShapeBlue 



d:  +44 203 617 0528 | s: +44 203 603 
0540 |  
m:  +44 7711 418784 


e:  paul.an...@shapeblue.com | t: @cloudyangus< 
mailto:paul.an...@shapeblue.com%20|%20t:%20@cloudyangus>  |  w:  
www.shapeblue.com< http://www.shapeblue.com> 


a:  53 Chandos Place, Covent Garden London WC2N 4HS UK 



[cid:imageae9a7f.png@77afc97c.49946570] 



Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services 
India LLP is a company incorporated in India and is operated under license from 
Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in 
Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd 
is a company registered by The Republic of South Africa and is traded under 
license from Shape Blue Ltd. ShapeBlue is a registered trademark. 

This email and any attachments to it may be confidential and are intended 
solely for the use of the individual to whom it is addressed. Any views or 
opinions expressed are solely those of the author and do not necessarily 
represent those of Shape Blue Ltd or related companies. If you are not the 
intended recipient of this email, you must neither take any action based upon 
its contents, nor copy or show it to anyone. Please contact the sender if you 
believe you have received this email in error. 





-Original Message- 

From: Stavros Konstantaras [ mailto:s.konstanta...@uva.nl] 

Sent: 29 February 2016 11:16 

To: users@cloudstack.apache.org 

Subject: Re: Management server + MySQL server requirements 


Hi Simon, 


Your proposal is correct,I currently have the recommended setup: 2 machines 
with nice amount of cores and RAM, with management server and mysql installed. 
Usage server is not currently used, BUT we do use MySQL replication for some 
form of HA. 


However, the drawback that I see is that the management server on the second 
head node must be down otherwise it causes the replication to fail pretty 
quickly. So in case of failure of the first head node the admin needs to login 
to the second head node and initiate the management server (or maybe you can 
script it and automate this). 


Last requirement needed is a script that automates MySQL backups (crontab can 
be used for that). 


Kind Regards 

Stavros 


> On 28 Feb 2016, at 00:06, Simon Weller  wrote: 

> 

> Josh, 

> 

> Unless you plan to create a massive cloud, there is probably no reason to 
> separate MySQL from the management server. It would actually be better to 
> deploy two management servers and then replicate MySQL over to the second 
> server for some form of HA. 

> 

> You don't really need SSDs. A couple of 10/15K SAS/SATA drives will be fine. 
> Most of the space allocate is for the MySQL databases. If you plan to use the 
> usage service, the stats collection will

Re: Management server + MySQL server requirements

[cloudstackhelp]

Hi Simon,


What about with usage enabled? How much hard disk space do the management 
servers use in total?






On Tue, Mar 1, 2016 at 6:30 AM -0800, "Simon Weller"  wrote:





One of our lab clusters is a similar size, with no usage enabled.
The cloud database is about 100MB.

This cluster goes back about 5 years, so there's a fair bit of historical data 
stored.

- Si


From: cloudstackh...@outlook.com 
Sent: Tuesday, March 1, 2016 8:13 AM
To: users@cloudstack.apache.org; users@cloudstack.apache.org
Subject: Re: Management server + MySQL server requirements

Hi Simon,


Looking at a 6-8 24core host cluster which will eventually be doubled in size



From: Simon Weller

Sent: Tuesday, March 1, 21:15

Subject: Re: Management server + MySQL server requirements

To: users@cloudstack.apache.org



Josh,


Can you give us an idea of the size of your deployment? How many hosts?





From: cloudstackh...@outlook.com 

Sent: Tuesday, March 1, 2016 6:09 AM

To: users@cloudstack.apache.org; users@cloudstack.apache.org

Subject: Re: Management server + MySQL server requirements


Hi Simon,



Is there any way to estimate the size of the DB? Doesn't seem to be any 
documents on how much space to provision based on the expected size.



Josh







On Mon, Feb 29, 2016 at 11:48 AM -0800, "Simon Weller"  wrote:






Paul,



You could argue the same thing with your MySQL master. If you need to restart 
the server due to kernel updates et al, it's still going to require a failover 
to your backup MySQL server instance for all management servers.  Any CS 
management design should be built to deal with this and all management 
instances should be able to use a secondary synced database source.



In an ideal world, yes, separating the DB layer is a good idea. But if your ACS 
deployment isn't that large, co-locating the database with management should 
(and does) work fine.



- Si




From: Paul Angus 

Sent: Monday, February 29, 2016 1:20 PM

To: users@cloudstack.apache.org

Subject: RE: Management server + MySQL server requirements


Hi All,


I'd suggest that outside of a lab environment, the MySQL database(s) should 
never be in the same vm as any of the management services. The most critical 
reason being that if you wish to restart the management server which the MySQL 
master happens to be on, it will require the MySQL services to also be 
shutdown. If they are separated, then secondary management servers can continue 
to service requests and updates while the other mgmt. server is restarted.





[ShapeBlue]

Paul Angus

VP Technology   ,   ShapeBlue



d:  +44 203 617 0528 | s: +44 203 603 
0540 |  
m:  +44 7711 418784


e:  paul.an...@shapeblue.com | t: @cloudyangus< 
mailto:paul.an...@shapeblue.com%20|%20t:%20@cloudyangus>  |  w:  
www.shapeblue.com< http://www.shapeblue.com>


a:  53 Chandos Place, Covent Garden London WC2N 4HS UK



[cid:imageae9a7f.png@77afc97c.49946570]



Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services 
India LLP is a company incorporated in India and is operated under license from 
Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in 
Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd 
is a company registered by The Republic of South Africa and is traded under 
license from Shape Blue Ltd. ShapeBlue is a registered trademark.

This email and any attachments to it may be confidential and are intended 
solely for the use of the individual to whom it is addressed. Any views or 
opinions expressed are solely those of the author and do not necessarily 
represent those of Shape Blue Ltd or related companies. If you are not the 
intended recipient of this email, you must neither take any action based upon 
its contents, nor copy or show it to anyone. Please contact the sender if you 
believe you have received this email in error.





-Original Message-

From: Stavros Konstantaras [ mailto:s.konstanta...@uva.nl]

Sent: 29 February 2016 11:16

To: users@cloudstack.apache.org

Subject: Re: Management server + MySQL server requirements


Hi Simon,


Your proposal is correct,I currently have the recommended setup: 2 machines 
with nice amount of cores and RAM, with management server and mysql installed. 
Usage server is not currently used, BUT we do use MySQL replication for some 
form of HA.


However, the drawback that I see is that the management server on the second 
head node must be down otherwise it causes the replication to fail pretty 
quickly. So in case of failure of the first head node the admin needs to login 
to the second head node and initiate the management server (or maybe you can 
script it and automate this).


Last requirement needed is a script that automates MySQL backups (crontab can 
be used for tha

Re: Management server + MySQL server requirements

[cloudstackhelp]

Thanks for the reply Simon.


It would seem that the 250GB suggested by the installation documents is 
somewhat of an overkill. Would it be possible to simply use the smallest sized 
10k rpm drives out there?


Also, will there be high IOPs on the secondary storage? I'm using a zfs volume 
with normal 7.2K rpm SATA drives with L2ARC and ZIL caches but I'm thinking if 
these are redundant because of the functions of secondary storage.


Thanks

Josh






On Tue, Mar 1, 2016 at 6:45 AM -0800, "Simon Weller"  wrote:





To be honest, we haven't utilized the usage service as of yet. We're looking at 
it for a new project though.

I'll have to defer to others in terms of real world disk space usage.


From: cloudstackh...@outlook.com 
Sent: Tuesday, March 1, 2016 8:32 AM
To: users@cloudstack.apache.org; users@cloudstack.apache.org
Subject: Re: Management server + MySQL server requirements

Hi Simon,


What about with usage enabled? How much hard disk space do the management 
servers use in total?






On Tue, Mar 1, 2016 at 6:30 AM -0800, "Simon Weller"  wrote:





One of our lab clusters is a similar size, with no usage enabled.
The cloud database is about 100MB.

This cluster goes back about 5 years, so there's a fair bit of historical data 
stored.

- Si


From: cloudstackh...@outlook.com 
Sent: Tuesday, March 1, 2016 8:13 AM
To: users@cloudstack.apache.org; users@cloudstack.apache.org
Subject: Re: Management server + MySQL server requirements

Hi Simon,


Looking at a 6-8 24core host cluster which will eventually be doubled in size



From: Simon Weller

Sent: Tuesday, March 1, 21:15

Subject: Re: Management server + MySQL server requirements

To: users@cloudstack.apache.org



Josh,


Can you give us an idea of the size of your deployment? How many hosts?





From: cloudstackh...@outlook.com 

Sent: Tuesday, March 1, 2016 6:09 AM

To: users@cloudstack.apache.org; users@cloudstack.apache.org

Subject: Re: Management server + MySQL server requirements


Hi Simon,



Is there any way to estimate the size of the DB? Doesn't seem to be any 
documents on how much space to provision based on the expected size.



Josh







On Mon, Feb 29, 2016 at 11:48 AM -0800, "Simon Weller"  wrote:






Paul,



You could argue the same thing with your MySQL master. If you need to restart 
the server due to kernel updates et al, it's still going to require a failover 
to your backup MySQL server instance for all management servers.  Any CS 
management design should be built to deal with this and all management 
instances should be able to use a secondary synced database source.



In an ideal world, yes, separating the DB layer is a good idea. But if your ACS 
deployment isn't that large, co-locating the database with management should 
(and does) work fine.



- Si




From: Paul Angus 

Sent: Monday, February 29, 2016 1:20 PM

To: users@cloudstack.apache.org

Subject: RE: Management server + MySQL server requirements


Hi All,


I'd suggest that outside of a lab environment, the MySQL database(s) should 
never be in the same vm as any of the management services. The most critical 
reason being that if you wish to restart the management server which the MySQL 
master happens to be on, it will require the MySQL services to also be 
shutdown. If they are separated, then secondary management servers can continue 
to service requests and updates while the other mgmt. server is restarted.





[ShapeBlue]

Paul Angus

VP Technology   ,   ShapeBlue



d:  +44 203 617 0528 | s: +44 203 603 
0540 |  
m:  +44 7711 418784


e:  paul.an...@shapeblue.com | t: @cloudyangus< 
mailto:paul.an...@shapeblue.com%20|%20t:%20@cloudyangus>  |  w:  
www.shapeblue.com< http://www.shapeblue.com>


a:  53 Chandos Place, Covent Garden London WC2N 4HS UK



[cid:imageae9a7f.png@77afc97c.49946570]



Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services 
India LLP is a company incorporated in India and is operated under license from 
Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in 
Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd 
is a company registered by The Republic of South Africa and is traded under 
license from Shape Blue Ltd. ShapeBlue is a registered trademark.

This email and any attachments to it may be confidential and are intended 
solely for the use of the individual to whom it is addressed. Any views or 
opinions expressed are solely those of the author and do not necessarily 
represent those of Shape Blue Ltd or related companies. If you are not the 
intended recipient of this email, you must neither take any action based upon 
its contents, nor copy or show it to anyone. Please contact the sender if you 
believe you have recei

System VMs keeps failing to start

[cloudstackhelp]

Hi Ron and all,



You mentioned that SVMs need to be started. I'm finding that my installation 
keeps looping the command "Creating system VMs (this may take a while)". Right 
now, it's done its 70th cycle (s-70-VM) and seems to want to keep going on 
until it crashes.



I'm thinking I should just kill the process but I'm worried I can't start the 
process again later. Is there a way to re-run this again later on?



Why is it failing to start the VMs? Why is everything null? My networks are 
starting fine. Apologies for the lack of formating. Sending this via phone.


Console proxy up in zone: Public Cloud, proxy: v-72-VM, public IP: null, 
private IP: N/A1004 Mar 2016 04:27:04

Console proxy creation failure. zone: Public Cloud, error details: null1004 Mar 
2016 04:27:04

Secondary Storage Vm creation failure. zone: Public Cloud, error details: 
null1904 Mar 2016 04:27:00

Console proxy up in zone: Public Cloud, proxy: v-72-VM, public IP: null, 
private IP: N/A1004 Mar 2016 04:26:34

Console proxy creation failure. zone: Public Cloud, error details: null1004 Mar 
2016 04:26:34


Thanks in advance!

Josh






On Thu, Mar 3, 2016 at 11:02 AM -0800, "Ron Wheeler" 
 wrote:





I have been using Linux and the Internet since the mid 1990s.
There are still 3 consecutively numbered C class registered to me for
different clients back in the days when  c-class networks were given out
from massive ranges of free numbers.
I have set up small ISP operations for clients with multiple domains
including web sites, e-mail servers, fileservers, etc.
I have done this on SCO , Mandrake, CentOS 4 to 7.

I should not have to struggle to figure out how set up Cloudstack in a
small configuration with a few servers and a single public IP.

The documentation on networking is jumbled about and so unclear that I
can only point out why it is not clear but can not figure out the truth
sufficiently well to actually fix it.
I still don't know where the sources for the drawings are kept even
though I have asked several times.

It needs a team approach with someone who knows the truth and someone
who can write it down so that someone who did not write the code can
figure out what to do.

The biggest problem with programmers writing the user documentation is
that they are so caught up in the exceptions and special cases.
They spent a lot of time figuring out how to handle these oddball cases
that they feel that these triumphs must be on the front page.
They forget to explain the 95% case and lace the description of the main
flow with notes about these interesting exceptions.

That is not just true for Cloudstack but is a general problem with
documentation just because we are all human.

They also forget that the user does not want to be an expert in the
topic but wants to know enough to get the thing running.
The user has a lot of other problems and does not to become a developer
in order to get this to work.

In my case, I really need to get some internal applications (accounting,
SCM, issue tracking, Maven repo, 20 web sites etc.) running on virtual
machines in an environment that is easy to manage.  I want to support
clients who I am supporting as users of other systems - just want simple
low volume services to support my supporting of their users.

I only expect to have 4 servers, one NIC per machine to support 1
transaction per second on a busy day
I may get down to 2 servers  if Cloudstack works well and allows me to
manage test servers and run docker nicely.

I do not want to know enough to be the network administrator at Google
or Amazon.

This should not be hard to implement and from what I have seen it is not
but the networking docs are a major barrier to acceptance by mid-market
companies - 300-1000 users with 1 or 2 System Admins who have to support
all of the operations requirements and help developers and application
support teams test and keep production systems running.

Ron


On 03/03/2016 6:22 AM, Mario Giammarco wrote:
> Simon Weller  writes:
>
>> I do agree that the docs are confusing, especially if you have a limited
> knowledge of networking concepts.
>> In terms of the complexity, a lot of that has to do with the fact that
> every company has different service
>> requirements and ACS needs to be flexible enough to accommodate very
> different underlying needs.
> Not agree. Even with good knowledge documentation is confusing because:
>
> - it assumes  you are always in the use case of "I have plenty of routable 
> ips"
> - it forgets to say that two system vms are create to manage routing and
> secondary storage
> - it does not say that cloudstack manager can rewrite your host configuration
>
>
>
>> It's always best to start with a basic zone, unless you REALLY need some
> functionality within an advanced
>> zone. As soon as you move into advanced zone networking, you need to have
> a good understanding of layer 2/3
>> networking.
>>
> I was able to make my cloudstack network working only when I skipped basic
>

Re: System VMs keeps failing to start

[cloudstackhelp]

Nothing's being spun up on the HVs. I'm using separate networks for each 
component (public, management, guest, storage). They all have a dedicated NIC 
each. On the HVs it seems like CS created its own cloud link local network but 
the link status is 


Thanks

Josh






On Thu, Mar 3, 2016 at 12:39 PM -0800, "Ahmad Emneina"  
wrote:





Hey Josh,

Are you seeing the VM's being spun up on the backend (hypervisor)? If so,
I'd imagine its a communication issue between the management server and the
public interface on the system vm. If you use VLAN tagging for your public
network, make sure the VLAN is trunked to your hypervisors in the cloud. I
recommend you stop the management service. Once restarted CloudStack will
try to recycle those vm's and spin them up again (so no worries should be
had there). If you're able to time it correctly, you can stop the
management service before the system vm's get shut down and log into
them... make sure the respective interfaces can reach their next hops...
that would be a good first step.

On Thu, Mar 3, 2016 at 12:32 PM,  wrote:

>
>
> Hi Ron and all,
>
>
>
> You mentioned that SVMs need to be started. I'm finding that my
> installation keeps looping the command "Creating system VMs (this may take
> a while)". Right now, it's done its 70th cycle (s-70-VM) and seems to want
> to keep going on until it crashes.
>
>
>
> I'm thinking I should just kill the process but I'm worried I can't start
> the process again later. Is there a way to re-run this again later on?
>
>
>
> Why is it failing to start the VMs? Why is everything null? My networks
> are starting fine. Apologies for the lack of formating. Sending this via
> phone.
>
>
> Console proxy up in zone: Public Cloud, proxy: v-72-VM, public IP: null,
> private IP: N/A1004 Mar 2016 04:27:04
>
> Console proxy creation failure. zone: Public Cloud, error details:
> null1004 Mar 2016 04:27:04
>
> Secondary Storage Vm creation failure. zone: Public Cloud, error details:
> null1904 Mar 2016 04:27:00
>
> Console proxy up in zone: Public Cloud, proxy: v-72-VM, public IP: null,
> private IP: N/A1004 Mar 2016 04:26:34
>
> Console proxy creation failure. zone: Public Cloud, error details:
> null1004 Mar 2016 04:26:34
>
>
> Thanks in advance!
>
> Josh
>
>
>
>
>
>
> On Thu, Mar 3, 2016 at 11:02 AM -0800, "Ron Wheeler" <
> rwhee...@artifact-software.com> wrote:
>
>
>
>
>
> I have been using Linux and the Internet since the mid 1990s.
> There are still 3 consecutively numbered C class registered to me for
> different clients back in the days when  c-class networks were given out
> from massive ranges of free numbers.
> I have set up small ISP operations for clients with multiple domains
> including web sites, e-mail servers, fileservers, etc.
> I have done this on SCO , Mandrake, CentOS 4 to 7.
>
> I should not have to struggle to figure out how set up Cloudstack in a
> small configuration with a few servers and a single public IP.
>
> The documentation on networking is jumbled about and so unclear that I
> can only point out why it is not clear but can not figure out the truth
> sufficiently well to actually fix it.
> I still don't know where the sources for the drawings are kept even
> though I have asked several times.
>
> It needs a team approach with someone who knows the truth and someone
> who can write it down so that someone who did not write the code can
> figure out what to do.
>
> The biggest problem with programmers writing the user documentation is
> that they are so caught up in the exceptions and special cases.
> They spent a lot of time figuring out how to handle these oddball cases
> that they feel that these triumphs must be on the front page.
> They forget to explain the 95% case and lace the description of the main
> flow with notes about these interesting exceptions.
>
> That is not just true for Cloudstack but is a general problem with
> documentation just because we are all human.
>
> They also forget that the user does not want to be an expert in the
> topic but wants to know enough to get the thing running.
> The user has a lot of other problems and does not to become a developer
> in order to get this to work.
>
> In my case, I really need to get some internal applications (accounting,
> SCM, issue tracking, Maven repo, 20 web sites etc.) running on virtual
> machines in an environment that is easy to manage.  I want to support
> clients who I am supporting as users of other systems - just want simple
> low volume services to support my supporting of their users.
>
> I only expect to have 4 servers, one NIC per machine to support 1
> transaction per second on a busy day
> I may get down to 2 servers  if Cloudstack works well and allows me to
> manage test servers and run docker nicely.
>
> I do not want to know enough to be the network administrator at Google
> or Amazon.
>
> This should not be hard to implement and from what I have seen it is not
> but the networking docs are a major barrier to acceptanc

Re: System VMs keeps failing to start

[cloudstackhelp]

It's really huge. Which part am I looking for exactly?






On Thu, Mar 3, 2016 at 1:38 PM -0800, "Ahmad Emneina"  
wrote:





Josh, can you share the logs off the management server. Namely: 
/var/log/cloudstack/management/management-server.log
Post as much as you can to pastebin or similar. That'll help identify what part 
of the process is failing...

Ahmad E

> On Mar 3, 2016, at 12:44 PM,  
>  wrote:
>
>
>
> Nothing's being spun up on the HVs. I'm using separate networks for each 
> component (public, management, guest, storage). They all have a dedicated NIC 
> each. On the HVs it seems like CS created its own cloud link local network 
> but the link status is 
>
>
> Thanks
>
> Josh
>
>
>
>
>
>
> On Thu, Mar 3, 2016 at 12:39 PM -0800, "Ahmad Emneina"  
> wrote:
>
>
>
>
>
> Hey Josh,
>
> Are you seeing the VM's being spun up on the backend (hypervisor)? If so,
> I'd imagine its a communication issue between the management server and the
> public interface on the system vm. If you use VLAN tagging for your public
> network, make sure the VLAN is trunked to your hypervisors in the cloud. I
> recommend you stop the management service. Once restarted CloudStack will
> try to recycle those vm's and spin them up again (so no worries should be
> had there). If you're able to time it correctly, you can stop the
> management service before the system vm's get shut down and log into
> them... make sure the respective interfaces can reach their next hops...
> that would be a good first step.
>
>> On Thu, Mar 3, 2016 at 12:32 PM,  wrote:
>>
>>
>>
>> Hi Ron and all,
>>
>>
>>
>> You mentioned that SVMs need to be started. I'm finding that my
>> installation keeps looping the command "Creating system VMs (this may take
>> a while)". Right now, it's done its 70th cycle (s-70-VM) and seems to want
>> to keep going on until it crashes.
>>
>>
>>
>> I'm thinking I should just kill the process but I'm worried I can't start
>> the process again later. Is there a way to re-run this again later on?
>>
>>
>>
>> Why is it failing to start the VMs? Why is everything null? My networks
>> are starting fine. Apologies for the lack of formating. Sending this via
>> phone.
>>
>>
>> Console proxy up in zone: Public Cloud, proxy: v-72-VM, public IP: null,
>> private IP: N/A1004 Mar 2016 04:27:04
>>
>> Console proxy creation failure. zone: Public Cloud, error details:
>> null1004 Mar 2016 04:27:04
>>
>> Secondary Storage Vm creation failure. zone: Public Cloud, error details:
>> null1904 Mar 2016 04:27:00
>>
>> Console proxy up in zone: Public Cloud, proxy: v-72-VM, public IP: null,
>> private IP: N/A1004 Mar 2016 04:26:34
>>
>> Console proxy creation failure. zone: Public Cloud, error details:
>> null1004 Mar 2016 04:26:34
>>
>>
>> Thanks in advance!
>>
>> Josh
>>
>>
>>
>>
>>
>>
>> On Thu, Mar 3, 2016 at 11:02 AM -0800, "Ron Wheeler" <
>> rwhee...@artifact-software.com> wrote:
>>
>>
>>
>>
>>
>> I have been using Linux and the Internet since the mid 1990s.
>> There are still 3 consecutively numbered C class registered to me for
>> different clients back in the days when  c-class networks were given out
>> from massive ranges of free numbers.
>> I have set up small ISP operations for clients with multiple domains
>> including web sites, e-mail servers, fileservers, etc.
>> I have done this on SCO , Mandrake, CentOS 4 to 7.
>>
>> I should not have to struggle to figure out how set up Cloudstack in a
>> small configuration with a few servers and a single public IP.
>>
>> The documentation on networking is jumbled about and so unclear that I
>> can only point out why it is not clear but can not figure out the truth
>> sufficiently well to actually fix it.
>> I still don't know where the sources for the drawings are kept even
>> though I have asked several times.
>>
>> It needs a team approach with someone who knows the truth and someone
>> who can write it down so that someone who did not write the code can
>> figure out what to do.
>>
>> The biggest problem with programmers writing the user documentation is
>> that they are so caught up in the exceptions and special cases.
>> They spent a lot of time figuring out how to handle these oddball cases
>> that they feel that these triumphs must be on the front page.
>> They forget to explain the 95% case and lace the description of the main
>> flow with notes about these interesting exceptions.
>>
>> That is not just true for Cloudstack but is a general problem with
>> documentation just because we are all human.
>>
>> They also forget that the user does not want to be an expert in the
>> topic but wants to know enough to get the thing running.
>> The user has a lot of other problems and does not to become a developer
>> in order to get this to work.
>>
>> In my case, I really need to get some internal applications (accounting,
>> SCM, issue tracking, Maven repo, 20 web sites etc.) running on virtual
>> machines in an environment that is easy to manage.  I want to support
>> clients who I am

Re: Management server + MySQL server requirements

[cloudstackhelp]

HVs will be running XS and the primary storage is an EQL SAN via iSCSI.


Is it advisable to have two different NFS shares, one with a SATA array for 
snapshots and one with a faster array for template deployment? Or is it a 
complete waste of resources?


The storage network runs on 10GbE.






On Wed, Mar 2, 2016 at 12:12 PM -0800, "Simon Weller"  wrote:





So I've taken the same lab and I enabled usage on it. Resulting database is 
about 200MB total (both cloud and cloud_usage).

To address your other questions ...




>It would seem that the 250GB suggested by the installation documents is 
>somewhat of an overkill. Would it be possible to simply >use the smallest 
>sized 10k rpm drives out there?

The 250GB is to allow for growth. You can always move your DB to another server 
later.


>Also, will there be high IOPs on the secondary storage? I'm using a zfs volume 
>with normal 7.2K rpm SATA drives with L2ARC and >ZIL caches but I'm thinking 
>if these are redundant because of the functions of secondary storage.

This is one of those questions where the answer is "It depends".

I say that, because different storage back ends support different snapshot 
functionality and ultimately, that's what will probably drive the IOPS.

What are you planning in terms of hypervisor and storage backends?

- Si


>Thanks
>Josh






On Tue, Mar 1, 2016 at 6:45 AM -0800, "Simon Weller"  wrote:





To be honest, we haven't utilized the usage service as of yet. We're looking at 
it for a new project though.

I'll have to defer to others in terms of real world disk space usage.


From: cloudstackh...@outlook.com 
Sent: Tuesday, March 1, 2016 8:32 AM
To: users@cloudstack.apache.org; users@cloudstack.apache.org
Subject: Re: Management server + MySQL server requirements

Hi Simon,


What about with usage enabled? How much hard disk space do the management 
servers use in total?






On Tue, Mar 1, 2016 at 6:30 AM -0800, "Simon Weller"  wrote:





One of our lab clusters is a similar size, with no usage enabled.
The cloud database is about 100MB.

This cluster goes back about 5 years, so there's a fair bit of historical data 
stored.

- Si


From: cloudstackh...@outlook.com 
Sent: Tuesday, March 1, 2016 8:13 AM
To: users@cloudstack.apache.org; users@cloudstack.apache.org
Subject: Re: Management server + MySQL server requirements

Hi Simon,


Looking at a 6-8 24core host cluster which will eventually be doubled in size



From: Simon Weller

Sent: Tuesday, March 1, 21:15

Subject: Re: Management server + MySQL server requirements

To: users@cloudstack.apache.org



Josh,


Can you give us an idea of the size of your deployment? How many hosts?





From: cloudstackh...@outlook.com 

Sent: Tuesday, March 1, 2016 6:09 AM

To: users@cloudstack.apache.org; users@cloudstack.apache.org

Subject: Re: Management server + MySQL server requirements


Hi Simon,



Is there any way to estimate the size of the DB? Doesn't seem to be any 
documents on how much space to provision based on the expected size.



Josh







On Mon, Feb 29, 2016 at 11:48 AM -0800, "Simon Weller"  wrote:






Paul,



You could argue the same thing with your MySQL master. If you need to restart 
the server due to kernel updates et al, it's still going to require a failover 
to your backup MySQL server instance for all management servers.  Any CS 
management design should be built to deal with this and all management 
instances should be able to use a secondary synced database source.



In an ideal world, yes, separating the DB layer is a good idea. But if your ACS 
deployment isn't that large, co-locating the database with management should 
(and does) work fine.



- Si




From: Paul Angus 

Sent: Monday, February 29, 2016 1:20 PM

To: users@cloudstack.apache.org

Subject: RE: Management server + MySQL server requirements


Hi All,


I'd suggest that outside of a lab environment, the MySQL database(s) should 
never be in the same vm as any of the management services. The most critical 
reason being that if you wish to restart the management server which the MySQL 
master happens to be on, it will require the MySQL services to also be 
shutdown. If they are separated, then secondary management servers can continue 
to service requests and updates while the other mgmt. server is restarted.





[ShapeBlue]

Paul Angus

VP Technology   ,   ShapeBlue



d:  +44 203 617 0528 | s: +44 203 603 
0540 |  
m:  +44 7711 418784


e:  paul.an...@shapeblue.com | t: @cloudyangus< 
mailto:paul.an...@shapeblue.com%20|%20t:%20@cloudyangus>  |  w:  
www.shapeblue.com< http://www.shapeblue.com>


a:  53 Chandos Place, Covent Garden London WC2N 4HS UK



[cid:imageae9a7f.png@77afc97c.49946570]



Shape Blue Ltd is a company incorporated in England & Wales.

Re: System VMs keeps failing to start

[cloudstackhelp]

Hi,


Before I dig through that I was just wondering if maybe it's really just a 
networking issue. Here's how my network is setup right now:


a. Management server cluster running galera sitting behind a gateway that NATs 
port 8080 to a HAproxy load balancer. All public traffic that is a result from 
MS requests get allowed through. Everything else is rejected.


b. Xenserver HVs with 4 NICs connected to 4 different switches:

1. L3 switch with connection to internet (public subnet)

2. L2 switch for management network which is connected to the MS cluster and 
the secondary NFS share (192.168.2.0/24)

3. L2 switch for storage network where the EQL SAN sits on (192.168.10.0/24)

4. L2 switch for the guest network (10.10.1.0/16)


I'm not too sure if I'm doing stuff wrongly.


Josh






On Thu, Mar 3, 2016 at 2:07 PM -0800, "Ahmad Emneina"  
wrote:





If you see any exceptions, I'd ideally like to see a few hundred lines
above and below. It might be easiest to stop the management service, rename
the log file. Restart the service, observe the system vm's go through their
life cycle... stop the management server and post that. Whatever works best
for you.

On Thu, Mar 3, 2016 at 1:43 PM,  wrote:

>
>
> It's really huge. Which part am I looking for exactly?
>
>
>
>
>
>
> On Thu, Mar 3, 2016 at 1:38 PM -0800, "Ahmad Emneina" 
> wrote:
>
>
>
>
>
> Josh, can you share the logs off the management server. Namely:
> /var/log/cloudstack/management/management-server.log
> Post as much as you can to pastebin or similar. That'll help identify what
> part of the process is failing...
>
> Ahmad E
>
> > On Mar 3, 2016, at 12:44 PM,  <
> cloudstackh...@outlook.com> wrote:
> >
> >
> >
> > Nothing's being spun up on the HVs. I'm using separate networks for each
> component (public, management, guest, storage). They all have a dedicated
> NIC each. On the HVs it seems like CS created its own cloud link local
> network but the link status is 
> >
> >
> > Thanks
> >
> > Josh
> >
> >
> >
> >
> >
> >
> > On Thu, Mar 3, 2016 at 12:39 PM -0800, "Ahmad Emneina" <
> aemne...@gmail.com> wrote:
> >
> >
> >
> >
> >
> > Hey Josh,
> >
> > Are you seeing the VM's being spun up on the backend (hypervisor)? If so,
> > I'd imagine its a communication issue between the management server and
> the
> > public interface on the system vm. If you use VLAN tagging for your
> public
> > network, make sure the VLAN is trunked to your hypervisors in the cloud.
> I
> > recommend you stop the management service. Once restarted CloudStack will
> > try to recycle those vm's and spin them up again (so no worries should be
> > had there). If you're able to time it correctly, you can stop the
> > management service before the system vm's get shut down and log into
> > them... make sure the respective interfaces can reach their next hops...
> > that would be a good first step.
> >
> >> On Thu, Mar 3, 2016 at 12:32 PM,  wrote:
> >>
> >>
> >>
> >> Hi Ron and all,
> >>
> >>
> >>
> >> You mentioned that SVMs need to be started. I'm finding that my
> >> installation keeps looping the command "Creating system VMs (this may
> take
> >> a while)". Right now, it's done its 70th cycle (s-70-VM) and seems to
> want
> >> to keep going on until it crashes.
> >>
> >>
> >>
> >> I'm thinking I should just kill the process but I'm worried I can't
> start
> >> the process again later. Is there a way to re-run this again later on?
> >>
> >>
> >>
> >> Why is it failing to start the VMs? Why is everything null? My networks
> >> are starting fine. Apologies for the lack of formating. Sending this via
> >> phone.
> >>
> >>
> >> Console proxy up in zone: Public Cloud, proxy: v-72-VM, public IP: null,
> >> private IP: N/A1004 Mar 2016 04:27:04
> >>
> >> Console proxy creation failure. zone: Public Cloud, error details:
> >> null1004 Mar 2016 04:27:04
> >>
> >> Secondary Storage Vm creation failure. zone: Public Cloud, error
> details:
> >> null1904 Mar 2016 04:27:00
> >>
> >> Console proxy up in zone: Public Cloud, proxy: v-72-VM, public IP: null,
> >> private IP: N/A1004 Mar 2016 04:26:34
> >>
> >> Console proxy creation failure. zone: Public Cloud, error details:
> >> null1004 Mar 2016 04:26:34
> >>
> >>
> >> Thanks in advance!
> >>
> >> Josh
> >>
> >>
> >>
> >>
> >>
> >>
> >> On Thu, Mar 3, 2016 at 11:02 AM -0800, "Ron Wheeler" <
> >> rwhee...@artifact-software.com> wrote:
> >>
> >>
> >>
> >>
> >>
> >> I have been using Linux and the Internet since the mid 1990s.
> >> There are still 3 consecutively numbered C class registered to me for
> >> different clients back in the days when  c-class networks were given out
> >> from massive ranges of free numbers.
> >> I have set up small ISP operations for clients with multiple domains
> >> including web sites, e-mail servers, fileservers, etc.
> >> I have done this on SCO , Mandrake, CentOS 4 to 7.
> >>
> >> I should not have to struggle to figure out how set up Cloudstack in a
> >> small configuration with a few servers and a single 

No public network on zone

[cloudstackhelp]

Hi all,


Apologies for flooding. I feel like I've made new progress with understanding 
CS. I have run into a bit more problems but I think I understand most of it.


It seems that I have setup my zone incorrectly. I accidentally clicked the 
security groups isolation under advanced network and as a result I did not have 
the Public network tag under the physical network setup screen. I didn't think 
much about it up and went about setting up everything including adding a couple 
of XS hosts. Everything is nice except I have 0/0 public IP addresses.


Now I'm trying to add a public subnet to the zone but I can't select the Public 
network because I don't have it set up. I go to the Zone page and there is no 
option to add physical network. I go to add a new zone, this time not selecting 
the security group isolation option and I see the Public tag on the next page.


Surely there is a way to add the public network to the zone without creating a 
new zone? I don't want to clear everything and start all over again.


Thanks

Josh

RE: No public network on zone

[cloudstackhelp]

Is there a way to convert the zone type after creation and add the Public 
network or do I have to start with a fresh zone?


What do you mean by routable public IPs? How do I add public IPs to the zone 
with security groups?


Thanks

Josh



From: Sanjeev Neelarapu

Sent: Monday, March 7, 13:30

Subject: RE: No public network on zone

To: users@cloudstack.apache.org



Hi Josh, 


In Advanced zone with Security Groups public traffic is not supported. 
Assumption is guest vms will have a routable public IPs. That's why we don't 
see the option to add public traffic. 


We can use updatePhysicalNetwork and updateTrafficType APIs for updating zone 
and traffic types if it is supported. 


Thanks, 

Sanjeev N 


-Original Message- 

From: cloudstackh...@outlook.com [ mailto:cloudstackh...@outlook.com] 

Sent: Sunday, March 06, 2016 11:11 PM 

To: users@cloudstack.apache.org 

Subject: No public network on zone 




Hi all, 



Apologies for flooding. I feel like I've made new progress with understanding 
CS. I have run into a bit more problems but I think I understand most of it. 



It seems that I have setup my zone incorrectly. I accidentally clicked the 
security groups isolation under advanced network and as a result I did not have 
the Public network tag under the physical network setup screen. I didn't think 
much about it up and went about setting up everything including adding a couple 
of XS hosts. Everything is nice except I have 0/0 public IP addresses. 



Now I'm trying to add a public subnet to the zone but I can't select the Public 
network because I don't have it set up. I go to the Zone page and there is no 
option to add physical network. I go to add a new zone, this time not selecting 
the security group isolation option and I see the Public tag on the next page. 



Surely there is a way to add the public network to the zone without creating a 
new zone? I don't want to clear everything and start all over again. 



Thanks 


Josh 






DISCLAIMER 

== 

This e-mail may contain privileged and confidential information which is the 
property of Accelerite, a Persistent Systems business. It is intended only for 
the use of the individual or entity to which it is addressed. If you are not 
the intended recipient, you are not authorized to read, retain, copy, print, 
distribute or use this message. If you have received this communication in 
error, please notify the sender and delete all copies of this message. 
Accelerite, a Persistent Systems business does not accept any liability for 
virus infected mails. 

RE: No public network on zone

[cloudstackhelp]

Hi Sanjeev


How does this traffic reach the VMs without a public network? How do I assign 
public IPs to the VMs without being able to add them in the guest network form 
if I can't select the NIC they should be routed via?


Thanks






On Mon, Mar 7, 2016 at 12:04 AM -0800, "Sanjeev Neelarapu" 
 wrote:





There is no way we can convert the zone type.

Routable IPs means, any IPs reachable without any NAT devices in between.

-Original Message-
From: cloudstackh...@outlook.com [mailto:cloudstackh...@outlook.com]
Sent: Monday, March 07, 2016 1:27 PM
To: users@cloudstack.apache.org; users@cloudstack.apache.org
Subject: RE: No public network on zone



Is there a way to convert the zone type after creation and add the Public 
network or do I have to start with a fresh zone?


What do you mean by routable public IPs? How do I add public IPs to the zone 
with security groups?


Thanks

Josh



From: Sanjeev Neelarapu

Sent: Monday, March 7, 13:30

Subject: RE: No public network on zone

To: users@cloudstack.apache.org



Hi Josh,


In Advanced zone with Security Groups public traffic is not supported. 
Assumption is guest vms will have a routable public IPs. That's why we don't 
see the option to add public traffic.


We can use updatePhysicalNetwork and updateTrafficType APIs for updating zone 
and traffic types if it is supported.


Thanks,

Sanjeev N


-Original Message-

From: cloudstackh...@outlook.com [ mailto:cloudstackh...@outlook.com]

Sent: Sunday, March 06, 2016 11:11 PM

To: users@cloudstack.apache.org

Subject: No public network on zone




Hi all,



Apologies for flooding. I feel like I've made new progress with understanding 
CS. I have run into a bit more problems but I think I understand most of it.



It seems that I have setup my zone incorrectly. I accidentally clicked the 
security groups isolation under advanced network and as a result I did not have 
the Public network tag under the physical network setup screen. I didn't think 
much about it up and went about setting up everything including adding a couple 
of XS hosts. Everything is nice except I have 0/0 public IP addresses.



Now I'm trying to add a public subnet to the zone but I can't select the Public 
network because I don't have it set up. I go to the Zone page and there is no 
option to add physical network. I go to add a new zone, this time not selecting 
the security group isolation option and I see the Public tag on the next page.



Surely there is a way to add the public network to the zone without creating a 
new zone? I don't want to clear everything and start all over again.



Thanks


Josh






DISCLAIMER

==

This e-mail may contain privileged and confidential information which is the 
property of Accelerite, a Persistent Systems business. It is intended only for 
the use of the individual or entity to which it is addressed. If you are not 
the intended recipient, you are not authorized to read, retain, copy, print, 
distribute or use this message. If you have received this communication in 
error, please notify the sender and delete all copies of this message. 
Accelerite, a Persistent Systems business does not accept any liability for 
virus infected mails.





DISCLAIMER
==
This e-mail may contain privileged and confidential information which is the 
property of Accelerite, a Persistent Systems business. It is intended only for 
the use of the individual or entity to which it is addressed. If you are not 
the intended recipient, you are not authorized to read, retain, copy, print, 
distribute or use this message. If you have received this communication in 
error, please notify the sender and delete all copies of this message. 
Accelerite, a Persistent Systems business does not accept any liability for 
virus infected mails.

Default gateway for SSVM

[cloudstackhelp]

Is there a way to permanently force the SSVM to choose a particular NIC for 
external traffic? I tried adding a line in /etc/network/interfaces but this 
gets rewritten on reboot.

RE: No public network on zone

[cloudstackhelp]

Hi all,



I've played around more with the system. Am I correct to say that the following 
setup would not be possible?



1. Advanced group with security group isolation


2. Two separate NICs as Guest networks but only one with a public routable 
subnet



The only way would be to bond the dual NICs, trunk both subnets and hope that 
either network doesn't overload the interface?



I tried setting up a fresh zone with two physical NICs tagged as Guest traffic 
and it throws the error "failed to create a guest network for basic zone. 
Error: More than one physical networks exist in zone id=11 and no tags are 
specified in order to make a choice". The problem is I selected the Advanced 
zone. Is there something wrong with the UI?



For the record, this is what I am trying to achieve:



1. System VMs that are able to take on both public and private IPs


2. Bandwidth throttling/limiting/control for public network but none for guest 
network


3. Users can control guest traffic isolation by putting up security group 
isolations instead of starting separate guest VLANs as my switch can only trunk 
VLANs individually instead of by block


4. Ability to create an entire private network fronted by a single public IP 
for VPN purposes to extend a physical network



Help is greatly appreciated. I feel like I am almost getting what I require.



Thanks


Josh




On Mon, Mar 7, 2016 at 12:08 AM -0800,  wrote:







Hi Sanjeev


How does this traffic reach the VMs without a public network? How do I assign 
public IPs to the VMs without being able to add them in the guest network form 
if I can't select the NIC they should be routed via?


Thanks






On Mon, Mar 7, 2016 at 12:04 AM -0800, "Sanjeev Neelarapu" 
 wrote:





There is no way we can convert the zone type.

Routable IPs means, any IPs reachable without any NAT devices in between.

-Original Message-
From: cloudstackh...@outlook.com [mailto:cloudstackh...@outlook.com]
Sent: Monday, March 07, 2016 1:27 PM
To: users@cloudstack.apache.org; users@cloudstack.apache.org
Subject: RE: No public network on zone



Is there a way to convert the zone type after creation and add the Public 
network or do I have to start with a fresh zone?


What do you mean by routable public IPs? How do I add public IPs to the zone 
with security groups?


Thanks

Josh



From: Sanjeev Neelarapu

Sent: Monday, March 7, 13:30

Subject: RE: No public network on zone

To: users@cloudstack.apache.org



Hi Josh,


In Advanced zone with Security Groups public traffic is not supported. 
Assumption is guest vms will have a routable public IPs. That's why we don't 
see the option to add public traffic.


We can use updatePhysicalNetwork and updateTrafficType APIs for updating zone 
and traffic types if it is supported.


Thanks,

Sanjeev N


-Original Message-

From: cloudstackh...@outlook.com [ mailto:cloudstackh...@outlook.com]

Sent: Sunday, March 06, 2016 11:11 PM

To: users@cloudstack.apache.org

Subject: No public network on zone




Hi all,



Apologies for flooding. I feel like I've made new progress with understanding 
CS. I have run into a bit more problems but I think I understand most of it.



It seems that I have setup my zone incorrectly. I accidentally clicked the 
security groups isolation under advanced network and as a result I did not have 
the Public network tag under the physical network setup screen. I didn't think 
much about it up and went about setting up everything including adding a couple 
of XS hosts. Everything is nice except I have 0/0 public IP addresses.



Now I'm trying to add a public subnet to the zone but I can't select the Public 
network because I don't have it set up. I go to the Zone page and there is no 
option to add physical network. I go to add a new zone, this time not selecting 
the security group isolation option and I see the Public tag on the next page.



Surely there is a way to add the public network to the zone without creating a 
new zone? I don't want to clear everything and start all over again.



Thanks


Josh






DISCLAIMER

==

This e-mail may contain privileged and confidential information which is the 
property of Accelerite, a Persistent Systems business. It is intended only for 
the use of the individual or entity to which it is addressed. If you are not 
the intended recipient, you are not authorized to read, retain, copy, print, 
distribute or use this message. If you have received this communication in 
error, please notify the sender and delete all copies of this message. 
Accelerite, a Persistent Systems business does not accept any liability for 
virus infected mails.





DISCLAIMER
==
This e-mail may contain privileged and confidential information which is the 
property of Accelerite, a Persistent Systems business. It is intended only for 
the use of the individual or entity to which it is addressed. If you are not 
the intended recipient, you are not authorized to read, reta

Re: Default gateway for SSVM

[cloudstackhelp]

I'm missing all route information for public traffic. I think this is because I 
don't have a public interface because I selected security group isolation. I 
tried manually adding the gateway but everytime I restart it to try to trigger 
the template download it just removes the gateway info. All the other 
interfaces have no internet gateway.



From: Jayapal Reddy

Sent: Tuesday, March 8, 12:55

Subject: Re: Default gateway for SSVM

To: users@cloudstack.apache.org



When SSVM is up there will be default gateway on the public interface. Is 

that missed in your ssvm ? or Do you want to change this to another 

interface ? 



On Mon, Mar 7, 2016 at 4:52 PM,  wrote: 


> 

> 

> 

> 

> Is there a way to permanently force the SSVM to choose a particular NIC 

> for external traffic? I tried adding a line in /etc/network/interfaces but 

> this gets rewritten on reboot. 

> 

Re: Default gateway for SSVM

[cloudstackhelp]

Is there a way to specify the gateway in the DB? Or rather specify which NIC 
public traffic goes through.






On Mon, Mar 7, 2016 at 10:55 PM -0800, "Makrand"  wrote:





Hi,

System VMs are stateless VMs which CS will create on fly by reading values
from DB. So changes won't persist across reboots. There has to be NIC for
routing public traffic.

--
Best,
Makrand


On Tue, Mar 8, 2016 at 10:29 AM,  wrote:

>
>
> I'm missing all route information for public traffic. I think this is
> because I don't have a public interface because I selected security group
> isolation. I tried manually adding the gateway but everytime I restart it
> to try to trigger the template download it just removes the gateway info.
> All the other interfaces have no internet gateway.
>
>
>
> From: Jayapal Reddy
>
> Sent: Tuesday, March 8, 12:55
>
> Subject: Re: Default gateway for SSVM
>
> To: users@cloudstack.apache.org
>
>
>
> When SSVM is up there will be default gateway on the public interface. Is
>
> that missed in your ssvm ? or Do you want to change this to another
>
> interface ?
>
>
>
> On Mon, Mar 7, 2016 at 4:52 PM,  wrote:
>
>
> >
>
> >
>
> >
>
> >
>
> > Is there a way to permanently force the SSVM to choose a particular NIC
>
> > for external traffic? I tried adding a line in /etc/network/interfaces
> but
>
> > this gets rewritten on reboot.
>
> >
>
>
>

RE: No public network on zone

[cloudstackhelp]

Hi Sanjeev


Does it mean that if I have two guest NICs I tag them Guest1 and Guest2? 
Because the last time I tried to have two guest NICs the setup gave an error 
about not knowing which label to use.


Also, is VPC only available without security groups isolation? I can't seem to 
find the network in the drop down list if I'm using sg isolation.


Also, do I need to use GRE isolation for guest network for VPC?


Thanks

Josh


From: Sanjeev Neelarapu

Sent: Tuesday, March 8, 15:03

Subject: RE: No public network on zone

To: users@cloudstack.apache.org



Hi Josh, 


If you are using advanced zone with vlan isolation you can't use security 
groups for guest traffic isolation, whereas if you use advanced zone with 
security groups enabled(instead of vlan isolation) you can use security groups. 


If we are using more than one physical network and wants to have guest traffic 
in all the physical network, we have to specify tags on the physical network, 
and traffic labels for each traffic type in all the physical networks. 

These traffic lables should match with the nic names on the hypervisor. 


Please refer to traffic labels in apache cloudstack admin guide. 


Thanks, 

Sanjeev 


-Original Message- 

From: cloudstackh...@outlook.com [ mailto:cloudstackh...@outlook.com] 

Sent: Monday, March 07, 2016 7:08 PM 

To: users@cloudstack.apache.org 

Subject: RE: No public network on zone 




Hi all, 




I've played around more with the system. Am I correct to say that the following 
setup would not be possible? 




1. Advanced group with security group isolation 



2. Two separate NICs as Guest networks but only one with a public routable 
subnet 




The only way would be to bond the dual NICs, trunk both subnets and hope that 
either network doesn't overload the interface? 




I tried setting up a fresh zone with two physical NICs tagged as Guest traffic 
and it throws the error "failed to create a guest network for basic zone. 
Error: More than one physical networks exist in zone id=11 and no tags are 
specified in order to make a choice". The problem is I selected the Advanced 
zone. Is there something wrong with the UI? 




For the record, this is what I am trying to achieve: 




1. System VMs that are able to take on both public and private IPs 



2. Bandwidth throttling/limiting/control for public network but none for guest 
network 



3. Users can control guest traffic isolation by putting up security group 
isolations instead of starting separate guest VLANs as my switch can only trunk 
VLANs individually instead of by block 



4. Ability to create an entire private network fronted by a single public IP 
for VPN purposes to extend a physical network 




Help is greatly appreciated. I feel like I am almost getting what I require. 




Thanks 



Josh 





On Mon, Mar 7, 2016 at 12:08 AM -0800,  wrote: 








Hi Sanjeev 



How does this traffic reach the VMs without a public network? How do I assign 
public IPs to the VMs without being able to add them in the guest network form 
if I can't select the NIC they should be routed via? 



Thanks 







On Mon, Mar 7, 2016 at 12:04 AM -0800, "Sanjeev Neelarapu" 
 wrote: 






There is no way we can convert the zone type. 


Routable IPs means, any IPs reachable without any NAT devices in between. 


-Original Message- 

From: cloudstackh...@outlook.com [ mailto:cloudstackh...@outlook.com] 

Sent: Monday, March 07, 2016 1:27 PM 

To: users@cloudstack.apache.org; users@cloudstack.apache.org 

Subject: RE: No public network on zone 




Is there a way to convert the zone type after creation and add the Public 
network or do I have to start with a fresh zone? 



What do you mean by routable public IPs? How do I add public IPs to the zone 
with security groups? 



Thanks 


Josh 




From: Sanjeev Neelarapu 


Sent: Monday, March 7, 13:30 


Subject: RE: No public network on zone 


To: users@cloudstack.apache.org 




Hi Josh, 



In Advanced zone with Security Groups public traffic is not supported. 
Assumption is guest vms will have a routable public IPs. That's why we don't 
see the option to add public traffic. 



We can use updatePhysicalNetwork and updateTrafficType APIs for updating zone 
and traffic types if it is supported. 



Thanks, 


Sanjeev N 



-Original Message- 


From: cloudstackh...@outlook.com [ mailto:cloudstackh...@outlook.com] 


Sent: Sunday, March 06, 2016 11:11 PM 


To: users@cloudstack.apache.org 


Subject: No public network on zone 





Hi all, 




Apologies for flooding. I feel like I've made new progress with understanding 
CS. I have run into a bit more problems but I think I understand most of it. 




It seems that I have setup my zone incorrectly. I accidentally clicked the 
security groups isolation under advanced network and as a result I did not have 
the Public network tag under the physical network setup screen. I didn't think 
much about it up and went about setting u

RE: No public network on zone

[cloudstackhelp]

I tried tagging them differently but it gives me an error about more than one 
networks with no tags specified to make a choice even though I tagged them all.






On Tue, Mar 8, 2016 at 3:42 AM -0800, "Sanjeev Neelarapu" 
 wrote:





Josh,

You are right, we should specifiy traffic lables if we want to use multiple 
nics.
VPC is not supported with security groupd. We don't need to use GRE isolation 
for guest networks in VPC. It works only with VLAN isolation.

Thanks,
Sanjeev

-Original Message-
From: cloudstackh...@outlook.com [mailto:cloudstackh...@outlook.com]
Sent: Tuesday, March 08, 2016 3:10 PM
To: users@cloudstack.apache.org
Subject: RE: No public network on zone



Hi Sanjeev


Does it mean that if I have two guest NICs I tag them Guest1 and Guest2? 
Because the last time I tried to have two guest NICs the setup gave an error 
about not knowing which label to use.


Also, is VPC only available without security groups isolation? I can't seem to 
find the network in the drop down list if I'm using sg isolation.


Also, do I need to use GRE isolation for guest network for VPC?


Thanks

Josh


From: Sanjeev Neelarapu

Sent: Tuesday, March 8, 15:03

Subject: RE: No public network on zone

To: users@cloudstack.apache.org



Hi Josh,


If you are using advanced zone with vlan isolation you can't use security 
groups for guest traffic isolation, whereas if you use advanced zone with 
security groups enabled(instead of vlan isolation) you can use security groups.


If we are using more than one physical network and wants to have guest traffic 
in all the physical network, we have to specify tags on the physical network, 
and traffic labels for each traffic type in all the physical networks.

These traffic lables should match with the nic names on the hypervisor.


Please refer to traffic labels in apache cloudstack admin guide.


Thanks,

Sanjeev


-Original Message-

From: cloudstackh...@outlook.com [ mailto:cloudstackh...@outlook.com]

Sent: Monday, March 07, 2016 7:08 PM

To: users@cloudstack.apache.org

Subject: RE: No public network on zone




Hi all,




I've played around more with the system. Am I correct to say that the following 
setup would not be possible?




1. Advanced group with security group isolation



2. Two separate NICs as Guest networks but only one with a public routable 
subnet




The only way would be to bond the dual NICs, trunk both subnets and hope that 
either network doesn't overload the interface?




I tried setting up a fresh zone with two physical NICs tagged as Guest traffic 
and it throws the error "failed to create a guest network for basic zone. 
Error: More than one physical networks exist in zone id=11 and no tags are 
specified in order to make a choice". The problem is I selected the Advanced 
zone. Is there something wrong with the UI?




For the record, this is what I am trying to achieve:




1. System VMs that are able to take on both public and private IPs



2. Bandwidth throttling/limiting/control for public network but none for guest 
network



3. Users can control guest traffic isolation by putting up security group 
isolations instead of starting separate guest VLANs as my switch can only trunk 
VLANs individually instead of by block



4. Ability to create an entire private network fronted by a single public IP 
for VPN purposes to extend a physical network




Help is greatly appreciated. I feel like I am almost getting what I require.




Thanks



Josh





On Mon, Mar 7, 2016 at 12:08 AM -0800,  wrote:








Hi Sanjeev



How does this traffic reach the VMs without a public network? How do I assign 
public IPs to the VMs without being able to add them in the guest network form 
if I can't select the NIC they should be routed via?



Thanks







On Mon, Mar 7, 2016 at 12:04 AM -0800, "Sanjeev Neelarapu" 
 wrote:






There is no way we can convert the zone type.


Routable IPs means, any IPs reachable without any NAT devices in between.


-Original Message-

From: cloudstackh...@outlook.com [ mailto:cloudstackh...@outlook.com]

Sent: Monday, March 07, 2016 1:27 PM

To: users@cloudstack.apache.org; users@cloudstack.apache.org

Subject: RE: No public network on zone




Is there a way to convert the zone type after creation and add the Public 
network or do I have to start with a fresh zone?



What do you mean by routable public IPs? How do I add public IPs to the zone 
with security groups?



Thanks


Josh




From: Sanjeev Neelarapu


Sent: Monday, March 7, 13:30


Subject: RE: No public network on zone


To: users@cloudstack.apache.org




Hi Josh,



In Advanced zone with Security Groups public traffic is not supported. 
Assumption is guest vms will have a routable public IPs. That's why we don't 
see the option to add public traffic.



We can use updatePhysicalNetwork and updateTrafficType APIs for updating zone 
and traffic types if it is supported.



Thanks,


Sanjeev N



-Original Message-

Re: Default gateway for SSVM

[cloudstackhelp]

I've already destroyed the zone because it's not what I want to achieve. I will 
try to recreate the zone again. Why is it that it insists on having a gateway 
for the storage network when I setup the zone?


Is there a way to make VPC work with advanced network with security group 
isolation?






On Tue, Mar 8, 2016 at 10:29 PM -0800, "Jayapal Reddy" 
 wrote:





In basic zone (security group) ssvm will have the guest nic (guest ip is
publicly reachable). So it should have default route on this interface.
Can you please send following:
1. /var/cache/cloud/cmdline
2. route -n
3. ip addr show

Thanks,
Jayapal

On Tue, Mar 8, 2016 at 3:02 PM,  wrote:

>
>
> Is there a way to specify the gateway in the DB? Or rather specify which
> NIC public traffic goes through.
>
>
>
>
>
>
> On Mon, Mar 7, 2016 at 10:55 PM -0800, "Makrand" 
> wrote:
>
>
>
>
>
> Hi,
>
> System VMs are stateless VMs which CS will create on fly by reading values
> from DB. So changes won't persist across reboots. There has to be NIC for
> routing public traffic.
>
> --
> Best,
> Makrand
>
>
> On Tue, Mar 8, 2016 at 10:29 AM,  wrote:
>
> >
> >
> > I'm missing all route information for public traffic. I think this is
> > because I don't have a public interface because I selected security group
> > isolation. I tried manually adding the gateway but everytime I restart it
> > to try to trigger the template download it just removes the gateway info.
> > All the other interfaces have no internet gateway.
> >
> >
> >
> > From: Jayapal Reddy
> >
> > Sent: Tuesday, March 8, 12:55
> >
> > Subject: Re: Default gateway for SSVM
> >
> > To: users@cloudstack.apache.org
> >
> >
> >
> > When SSVM is up there will be default gateway on the public interface. Is
> >
> > that missed in your ssvm ? or Do you want to change this to another
> >
> > interface ?
> >
> >
> >
> > On Mon, Mar 7, 2016 at 4:52 PM,  wrote:
> >
> >
> > >
> >
> > >
> >
> > >
> >
> > >
> >
> > > Is there a way to permanently force the SSVM to choose a particular NIC
> >
> > > for external traffic? I tried adding a line in /etc/network/interfaces
> > but
> >
> > > this gets rewritten on reboot.
> >
> > >
> >
> >
> >
>