Re: Understanding and usage of management-server-secret-key

[vas...@gmx.de]

Let me thankyou for the informations! Really interesting to read about the
security-aspects of CloudStack!

Am Mo., 1. März 2021 um 13:33 Uhr schrieb Andrija Panic <
andrija.pa...@gmail.com>:

> /etc/cloudstack/management/key (the file-based approach) contains a
> "password" that is used to DECRYPT (every time mgmt server boots) the value
> of the " db.cloud.encrypt.secret" from the db.properties file - and then
> this decrypted value (kept in memory)  is used to decrypt other various
> values from the DB.
> The one-time-ever-encryption of "db.cloud.encrypt.secret" raw value,
> obviously, happens when you run the   cloudstack-setup-databases
> cloud:@ -i 
> -m  -kcommand (it's encrypted
> using the value of the "key" file)
>
> I haven't played with a web-based solution, nor I have seen anyone using
> this approach - either way, whoever logs into the mgmt server (e.g. an
> intruder) will be reading the "key" (or web-based value) and then use it
> further - so no need to complicate with web-based approach, I guess.
>
> An interesting thing to know - is how to decrypt one using the other
> (useful during i.e. parallel upgrades etc):
>
> java -classpath /usr/share/cloudstack-common/lib/jasypt-1.9.3.jar
> org.jasypt.intf.cli.JasyptPBEStringDecryptionCLI decrypt.sh
> input=
> password= verbose=true
>
> The same way you can use  to decrypt some
> values from the DB (not that you will probably need it any time soon...)
>
> Best,
>
>
> On Sun, 28 Feb 2021 at 02:36, Christopher Brown  wrote:
>
> > Hello everyone,
> >
> > I am currently making my first steps with cloudstack and therefore
> stumble
> > into some problems and understanding issues.
> > My first topic is regarding the usage of the Management Server secret
> key.
> >
> > As in the official installation guide, this key ist provided for en- and
> > decryption of the databasekey. So this should take place everytime the
> > server / the service is started. However i am facing some trouble in how
> > the key is passed from the administrator to the system.
> >
> > One way of providing the key is via the parameter file and then with an
> > file containg the password in plain text.
> > Which can be dealt with.
> > However the "web" option gives me some headache. When and how is the
> > administrator going to give the password to system?
> > I was looking through the guides and goodle, but sadly i didn't find an
> > proper explanaition.
> > Maybe someone can give me some glimpse or referral to additional sources?
> >
> > With kind regards,
> > Christopher Brown
> >
>
>
> --
>
> Andrija Panić
>

Storage and storage network setups

[vas...@gmx.de]

Hi,

as I am taking a closer look into cloudstack, i wanted to ask some
questions regarding storage and storage networks.

First my understanding of different setups - please correct me if my
understanding was wrong.

As far as I understand (until now ;-) ) there are several ways of
providing dedicated storage networks for the use of primary and
secondary storage.
In the "basic" setup, storage traffic and management traffic would be
transfert via the same interface (in the docs named "cloudbr0").
The next way of configuring storage / a storage network would be to
give the secondary storage it's own physical network - usully named
storage nework in the docs - which can be configured during a
zone-setup and using a own Tag. Still management traffic and primary
storage traffic would share the same interface.
The third possible setup regarding storage / storage network would be
to provide the hosts an dedicated nic for primary storage. This
physical network won't need a dedicated traffic label as the
hypervisor on the hosts would be able to connect to the
storage-targets /-shares directly via the dedicated interface and
IP-Address.
This way only on the management labeled physical network only
management would be transfered . The traffic for primary / secondary
storage would be separated (combining storage-labeled physical network
and direct attached storage network for the hosts).

Another point i would need some information are in regards of
changeing the above mentionend setups.
So that in an small-scale setup i would start with the "minimal"
approach using one interface for management and primary- / secondary
storage and when needed e.g. separate the primary storage from
management traffic?

Last but not least can anybody suggest a suitable bandwith for a
primary storage network or can provide reallife experience for example
how 50 vms are running while using an 10Gb/s network for primary
storage? (I know there are several other factors beside the actural
network bandwith. This is just to get an impression about the
performance of the system).

Thanks in advance!
Chris

Re: Need Help Setting simple Cloudstack Environment Up

[vas...@gmx.de]

Hi Logan W,

heads up mate, I am in kind of the same situation - but maybe i can
help out a bit. I was reading through your installation-doc (good
work!).
So looking at your pastebin - i could guess that u will face some
troubel with the libvirtd.
As far as i know, centOS7 is also using systemd.
The configuration in the install guide, imho, can't work. This is due
to the usage of systemd. (reading through the
/etc/libvirt/libvirtd.conf will will give some hint of that).
I just started to take a look in how to proper configure the
hypervisor-hosts with the usage of systemd.
As you have a prober setup you maybe should try to do a prober setup -
not the one of the Quick Installation Guide. At least for me it was
easier to make things run smoothly (up till the libvirt thing).

Regards
Chris

Am Do., 4. März 2021 um 05:19 Uhr schrieb Logan W :
>
> I have reinstalled this a dozen times and I just can't seem to get it to 
> work. I can get the management server up and running, but the agent just 
> refuses to connect with anything. I want to just do the simple setup, nothing 
> special. I am extremely embarrassed as I have been working on this for a 
> month now and I have notihng to show for it. Please help me figure out what 
> is wrong. I believe the issue lies within my networking or setup environment. 
> I am running this on a CentOS 7 virtual machine on top of a Windows Server 
> 2016 host using Hyper V. I have detailed everything I have done with regards 
> to setting it up here:
>
> https://pastebin.com/Tky2eV7r
>
> I have thousands of searches trying to fix issues but none have worked yet. 
> Ubuntu keeps crashing when I reboot it for some reason so maybe its an issue 
> with hyper-v? I will be trying vmware tomorrow. I made a thread on github. I 
> am hoping someone else here can help.
>
> https://github.com/apache/cloudstack/issues/4700
>
> Thank you

Several Problems joining inital host to first zone

[vas...@gmx.de]

Hello everyone,

so I am taking a few more looks into CloudStack but facing some
problems where i would be thankfull for some advice / thought /
informations.

As said above, i have a management-server up and running and now want
to go on with my first zone.
For the host I am currently working with Ubuntu Server 20.04 LTS.
I perform the basic configuration and then install the
cloudstack-agent. As of now i faced several problems (firewall not
properly configured after agent installation - or not running, some
bogus SSL certificate problems which i was able to solve with the
suggestions form here https://www.talkend.net/post/52285.html#r66143 )
which i was able to figure out.
But now i have some trouble with joining the host to the zone.

Here is the "last" log from the join to of the host.

2021-03-10 00:29:38,217 DEBUG [c.c.a.t.Request]
(AgentConnectTaskPool-8:ctx-544f3de1) (logid:3e10059e) Seq 0-0:
Processing the first command  { Cmd , MgmtId: -1, via: 0, Ver: v1,
Flags: 1, 
[{"com.cloud.agent.api.StartupRoutingCommand":{"cpuSockets":"2","cpus":"2","speed":"2112","memory":"3024039936","dom0MinMemory":"1073741824","poolSync":"false","supportsClonedVolumes":"false","caps":"hvm,snapshot","pool":"/root","hypervisorType":"KVM","hostDetails":{"Host.OS.Kernel.Version":"5.4.0-66-generic","com.cloud.network.Networks.RouterPrivateIpStrategy":"HostLocal","Host.OS.Version":"20.04","secured":"false","Host.OS":"Ubuntu"},"hostTags":[],"groupDetails":{},"type":"Routing","dataCenter":"default","pod":"default","cluster":"default","guid":"-LibvirtComputingResource","name":"compute2.cloud.priv","id":"0","version":"4.15.0.0","iqn":"iqn.1993-08.org.debian:01:4efdaa48c143","privateIpAddress":"172.16.1.4","privateMacAddress":"00:0c:29:80:04:9e","privateNetmask":"255.255.255.0","storageIpAddress":"172.16.1.4","storageNetmask":"255.255.255.0","storageMacAddress":"00:0c:29:80:04:9e","resourceName":"LibvirtComputingResource","gatewayIpAddress":"172.16.1.3","msHostList":"172.16.1.1","wait":"0"}}]
}
2021-03-10 00:29:38,221 DEBUG [c.c.r.ResourceManagerImpl]
(AgentConnectTaskPool-8:ctx-544f3de1) (logid:3e10059e) Cannot parse
default into Long.
2021-03-10 00:29:38,222 DEBUG [c.c.a.m.AgentManagerImpl]
(AgentConnectTaskPool-8:ctx-544f3de1) (logid:3e10059e) Failed to
handle host connection:
java.lang.IllegalArgumentException: Host 172.16.1.4 sent incorrect
data center: default

As far as i understand the logs, the good thing is that there are
several informations of the host transfered - so actually a basic
connectivity seems to be there.
What i don't get at the moment is the following:

"dataCenter":"default","pod":"default","cluster":"default","guid":"-

If my understanding is correct, the host sends his default values to
the management server (which are stored in the agent.properties if i
am correct).
It is completely understandable, that this host-join wont work, cause
the default values aren't matching with the values of the inital zone
on the management server.

So my questions are:
Of cause how to solve this issue?
How is the process of joining a new host to the cluster? ( short
guess: Management-server connects to agent -> provides the agent with
needed parameters -> Agent tries to establish connection to
management-server --> provides data of the host machine and
status-messages)
Do i have to configure the values manualy in the actual host?

Thanks in advance

Re: Several Problems joining inital host to first zone

[vas...@gmx.de]

Hi Andrija,

sadly i can't give you the log with the DEBUG option as i played
around a bit more before reading your mail.
Nevertheless I uploaded the "last" sequences of the agent.log

https://pastebin.com/jjKPzGqM

as well as the management-server log

https://pastebin.com/3ht00jyq

from the actual time-frame.

I was able to join the host at least, as i provided the required
"default"-values in the agent.properties manually.
At the moment I am a bit puzzled as i just relie on the configuration
done by the cloudstack-agent during installation and the installation
guide. Same goes for the management-server. So no special
configuration or anything done.

Thanks in advance!

Provisioning of management functions for end-users

[vas...@gmx.de]

Hello everyone!

Today i would need some advise or suggestions on how to provide access
to the cloud management for endusers.
>From what I understand so far, the management services / Web-GUI is
hosted on the mamagement server.

When a provider is provisioning a cloud for some costumers, the
administration will take place through the GUI and on the management
server (or via CLI).
>From an End-User (costumer) side, to manage my cloud-environment i
will need acces to the Web-GUI or CLI to make my configurations and
manage the cloud.

Now i would need an advise / best practises on how to realise the
access to the management station for End-Users.

Is there away to make the web - gui availeable form "inside" the cloud
(from the public traffic / end-user traffic networks) out of the box?
Would you suggest a 2nd management instance with an "dedicated" NIC /
Birdge setup in an DMZ?

I am thankfull for your suggestions and ideas!

With regards,
Chris

Services of management server listening on IPv6 Ports

[vas...@gmx.de]

Hi everyone,

I was setting up an test-environment with an IPv4 network beneath.
OS of the server is Ubuntu 20.04.02-live-server.

After performing the installation like descriped in the installation
guide, the server seems fine.
One thing i noticed is, that the sockets for the services of
cloudstack / listening ports are all IPv6 based:

root@management:~# lsof -i -P -n | grep cloud | grep LISTEN
java  1184   cloud   12u  IPv6  48210  0t0  TCP *:35947 (LISTEN)
java  1184   cloud   21u  IPv6  50162  0t0  TCP *:9090 (LISTEN)
java  1184   cloud   22u  IPv6  48825  0t0  TCP *:35627 (LISTEN)
java  1184   cloud   26u  IPv6  51204  0t0  TCP *:8250 (LISTEN)
java  1184   cloud   30u  IPv6  52307  0t0  TCP *:8080 (LISTEN)

Shouldn't these services also listening on IPv4 addresses of the
management interface?

Thanks in advance!
Chris

Re: Services of management server listening on IPv6 Ports

[vas...@gmx.de]

Hi Darin,

well from a "technical" point of view, i currently have problems
getting the ssvm running. I have to admit that i need to take a closer
look into the logs myself to see what is happening. First messages i
read stated some problems with primary / secondary storage and the
given uuids. Might be a problem as i joyned the compute host in an
unusal(?) or not described way...
Which leads to my next problem:
Understanding the process of joining hosts.
Described in the documentation are more or less always the same way.
Log in to the management server gui - add host - give the requiered
data - and then the host will join (given the agent on the host is
installed properly). However, in non of my installation-trials this
worked out of the box (even if ubuntu 20.04 is expicit named in the
compability matrix).
Problems have been (using ubuntu server 20.04):
- ssh keys not working because of mangement server settings
- usage of older SSH algorithms...
- connections couldn't be established as the agent.conf had no
IP-addresses for the management-server (which is from my understanding
"normal" - the host can't know anything about the management server
till the connection from the management server is initialized).
however the agent is all the time lookining for an management server.
- missing uuid entrys
- missing rights for users (as root isn't allowed connect via ssh out
of the box)
Nothing of this is part of the latest integration guide / mentioned in
the docs - beside the SSH algorithms in the release notes for 4.15
(shame on me for reading them to late).

Don't get me wrong i am not blameing it on cloudstack at all- but
without all the background information it is hard to solve occuring
problems.

I really like many of the appoaches CloudStack is useing and
following. But from an "installation" point of view the installation
of OpenStack was more successfull and more "straight-forward" then the
installation of CloudStack.

with regards
Chris

Am Fr., 9. Apr. 2021 um 08:35 Uhr schrieb Darrin Hüsselmann
:
>
> Great,
>
> What other issues are you facing?
>
> Regards
> Darrin
>
> darrin.husselm...@shapeblue.com
> www.shapeblue.com
> @shapeblue
>
>
>
>
> 
> From: vas...@gmx.de 
> Sent: Thursday, April 8, 2021 9:08 PM
> To: Darrin Hüsselmann 
> Subject: Re: Services of management server listening on IPv6 Ports
>
> Hi Darrin,
>
> thanks for the information provided! Was interesting to read this.
>
> even if i am still faceing some other issues at the moment.
>
> Am Do., 8. Apr. 2021 um 09:24 Uhr schrieb Darrin Hüsselmann
> :
> >
> > Hi Chris,
> >
> > I think this link might shed some light on your findings.
> >
> > https://unix.stackexchange.com/questions/573456/why-does-lsof-indicate-my-ipv4-socket-is-ipv6
> >
> > Cheers
> > Darrin
> >
> > darrin.husselm...@shapeblue.com
> > www.shapeblue.com
> > @shapeblue
> >
> >
> >
> >
> > 
> > From: vas...@gmx.de 
> > Sent: Thursday, March 25, 2021 12:26 PM
> > To: users@cloudstack.apache.org 
> > Subject: Services of management server listening on IPv6 Ports
> >
> > Hi everyone,
> >
> > I was setting up an test-environment with an IPv4 network beneath.
> > OS of the server is Ubuntu 20.04.02-live-server.
> >
> > After performing the installation like descriped in the installation
> > guide, the server seems fine.
> > One thing i noticed is, that the sockets for the services of
> > cloudstack / listening ports are all IPv6 based:
> >
> > root@management:~# lsof -i -P -n | grep cloud | grep LISTEN
> > java  1184   cloud   12u  IPv6  48210  0t0  TCP *:35947 
> > (LISTEN)
> > java  1184   cloud   21u  IPv6  50162  0t0  TCP *:9090 
> > (LISTEN)
> > java  1184   cloud   22u  IPv6  48825  0t0  TCP *:35627 
> > (LISTEN)
> > java  1184   cloud   26u  IPv6  51204  0t0  TCP *:8250 
> > (LISTEN)
> > java  1184   cloud   30u  IPv6  52307  0t0  TCP *:8080 
> > (LISTEN)
> >
> > Shouldn't these services also listening on IPv4 addresses of the
> > management interface?
> >
> > Thanks in advance!
> > Chris

Re: Services of management server listening on IPv6 Ports

[vas...@gmx.de]

Hi Darrin,

thanks for your response.
the topic in regarding isn't stirctly related to ssh.
It's about "adding a KVM-Host manually"

https://github.com/apache/cloudstack/issues/3067#issuecomment-444076352

 I "stumbled" over the solution for this bye searching. In the
official docs there was no hint in the installationguide for KVM
Hosts.

> -  connections couldn't be established as the agent.conf had no IP-addresses 
> for the management-server
> This will be remedied when the agent is added from the management server 
> successfully.
>
Which is quite logical - at least as long as you are able to add the
host in a fresh setting right out of the box - in accordance with the
installation guide.
Until now that was not the case for me.

Same goes with your other points:
If the setup is correct everything should work fine.
As descriped in various guides and docs, while installing cloudstack
management server packages as well as the cloud-stack agent, all
needed packages for supported environments and installations should be
done with the actual installation (besides network and hostname) - at
least that is my information reading through github and some of the
guides

Example:
https://github.com/apache/cloudstack/issues/4754#issuecomment-793542173

But some things are there during installtion - others won't.
Remote-Access via ssh for root-users on a host as an example. There is
no indication in the docs at the moment, that there is a need to
change some settings for this - ev en on an officially supported OS
for the host.
So I often end in looking through various logs and files, which
configurtation actually is done while installing the cloudstack-agent
for example.

i contributed to the setup guides already some of the things.
But contributing while not exactly knowing the process can be
problematic... As the processes how and what is happening aren't in
the docs at the moment. I can only try to read through the scripts on
github. But as I am not very keen with programming at all, there are
some gaps for me.
Would love to see some kind of activity-diagramms or configurtation charts.

Nevertheless let me once again thank you for your time and patience,
with regards,

chris

Am Mi., 14. Apr. 2021 um 09:54 Uhr schrieb Darrin Hüsselmann
:
>
> Hi Chris,
>
> Please elaborate on:
> - ssh keys not working because of mangement server settings
> I'm not sure what you mean here.
>
> -  connections couldn't be established as the agent.conf had no IP-addresses 
> for the management-server
> This will be remedied when the agent is added from the management server 
> successfully.
>
> If your host is set up correctly the management server will be able to talk 
> to the agent over the network interface cloudbr0, qemu-kvm would be set up 
> correctly and the agent would be able to read and write to primary and 
> secondary storages.
>
> Before you can create an instance :
>
> Your hosts must be up
> Primary and secondary storages must be added
> Your zone must be enabled.
> CPVM and SSVM agents must be up and connected
> The default template should be done downloading
>
>
> After the zone is enabled with hosts up and primary and secondary storage 
> added, Cloudstack will try to start the system VMs. The system VMs are 
> created from the systemVM template, which should have already been uploaded 
> manually to secondary storage. Once the SSVM is up and connected, it will 
> start to download the built-in template. When this is done you will be able 
> to start an instance from the built-in template.
>
> If there are some missing steps in the setup guide feel free to make an 
> addition to the docs by raising a PR on 
> https://github.com/apache/cloudstack-documentation or logging an issue.
>
> Cheers
> Darrin
>
>
>
>
>
> darrin.husselm...@shapeblue.com
> www.shapeblue.com
> @shapeblue
>
>
>
>
> 
> From: vas...@gmx.de 
> Sent: Friday, April 9, 2021 8:56 PM
> To: users@cloudstack.apache.org 
> Subject: Re: Services of management server listening on IPv6 Ports
>
> Hi Darin,
>
> well from a "technical" point of view, i currently have problems
> getting the ssvm running. I have to admit that i need to take a closer
> look into the logs myself to see what is happening. First messages i
> read stated some problems with primary / secondary storage and the
> given uuids. Might be a problem as i joyned the compute host in an
> unusal(?) or not described way...
> Which leads to my next problem:
> Understanding the process of joining hosts.
> Described in the documentation are more or less always the same way.
> Log in to the management server gui - add host - give the requiered
> data - and then the host will join 

Re: Provisioning of management functions for end-users

[vas...@gmx.de]

Hi Daan,

thank you for your provided information and guidance. So I will take a
closer look into the whole matter; guess will try go with the
dedicated MS - GUI approach.
With regards,

Chris

Am Sa., 17. Apr. 2021 um 09:00 Uhr schrieb Daan Hoogland
:
>
> I see you have no reply yet to this, Chris.
> I think it is possible to run only the UI on a separate machine if you wish 
> and have it configured to speak to the MS. If you wish the end users access 
> to the API, you'll have to expose the MS. Some public offerings do this, some 
> have written their own proxy service.
> regards,
>
> On Sun, Mar 21, 2021 at 3:23 PM vas...@gmx.de  wrote:
>>
>> Hello everyone!
>>
>> Today i would need some advise or suggestions on how to provide access
>> to the cloud management for endusers.
>> From what I understand so far, the management services / Web-GUI is
>> hosted on the mamagement server.
>>
>> When a provider is provisioning a cloud for some costumers, the
>> administration will take place through the GUI and on the management
>> server (or via CLI).
>> From an End-User (costumer) side, to manage my cloud-environment i
>> will need acces to the Web-GUI or CLI to make my configurations and
>> manage the cloud.
>>
>> Now i would need an advise / best practises on how to realise the
>> access to the management station for End-Users.
>>
>> Is there away to make the web - gui availeable form "inside" the cloud
>> (from the public traffic / end-user traffic networks) out of the box?
>> Would you suggest a 2nd management instance with an "dedicated" NIC /
>> Birdge setup in an DMZ?
>>
>> I am thankfull for your suggestions and ideas!
>>
>> With regards,
>> Chris
>
>
>
> --
> Daan

Re: I need Help with Networking

[vas...@gmx.de]

Hi Serge,

to be honest, it's hard for me to understand you current network setup
/ deployment at the moment.
Taking a look at the log you've provided, there seems to be an
adressing issue with the nfs-server-address (as long as 255.255.255.0
isn't the correct address of your nfs server ;-) ).
Regarding the questioned connectivitiy:
The connection of the ssvm to the management server seems to be
working. I am kind of troubled if the console proxy is able to start /
work correctly as long as the ssvm is having trouble with the provided
nfs-shares.

with regards,
chris

Am So., 23. Mai 2021 um 15:01 Uhr schrieb Serge Byishimo
:
>
> Management Server can not ping System VM Console Proxy IP address
>
> root@v-2-VM:~#
> root@v-2-VM:~#
> root@v-2-VM:~# /usr/local/cloud/systemvm/ssvm-check.sh
> 
> First DNS server is  8.8.8.8
> PING 8.8.8.8 (8.8.8.8): 56 data bytes
> 64 bytes from 8.8.8.8: icmp_seq=0 ttl=113 time=29.581 ms
> 64 bytes from 8.8.8.8: icmp_seq=1 ttl=113 time=30.140 ms
> --- 8.8.8.8 ping statistics ---
> 2 packets transmitted, 2 packets received, 0% packet loss
> round-trip min/avg/max/stddev = 29.581/29.861/30.140/0.280 ms
> Good: Can ping DNS server
> 
> Good: DNS resolves cloudstack.apache.org
> 
> ERROR: NFS is not currently mounted
> Try manually mounting from inside the VM
> NFS server is  255.255.255.0
> PING 255.255.255.0 (255.255.255.0): 56 data bytes
> --- 255.255.255.0 ping statistics ---
> 2 packets transmitted, 0 packets received, 100% packet loss
> WARNING: cannot ping nfs server
> routing table follows
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric RefUse
> Iface
> 0.0.0.0 192.168.1.1 0.0.0.0 UG0  00 eth2
> 8.8.4.4 192.168.1.1 255.255.255.255 UGH   0  00 eth1
> 8.8.8.8 192.168.1.1 255.255.255.255 UGH   0  00 eth1
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0  00 eth0
> 192.168.1.0 0.0.0.0 255.255.255.0   U 0  00 eth1
> 192.168.1.0 0.0.0.0 255.255.255.0   U 0  00 eth2
> 
> Management server is 192.168.1.8. Checking connectivity.
> Good: Can connect to management server 192.168.1.8 port 8250
> 
> Good: Java process is running
> 
> Tests Complete. Look for ERROR or WARNING above.
> root@v-2-VM:~#

Best practises and ideas for power outtake scenarios

[vas...@gmx.de]

Hello everyone,

i would like to ask for some ideas / bestpractises for dealing with
power outtake scenarios involving the the cloudstack infrastructure.
So the usecase would be a power outtake at a datacenter where all
components of cloudstack (management server, hosts, storage) are
hosted, which can't be repaired in a given time.

so the "simple" target process would be something like this:

1.Power outtake detected bei UPS
2. UPS is giving notification to CS Management
3. CS management is sending information to all vm's as well as hosts
4. vm's and hosts performing gracefull shutdown
5. management server performs gracefull shutdown
6. afterwards shutdown of storage and further components

Are there any included "workflows" or mechanics which can be used out
of the box? Any real-life best practices how to implement this kind of
workflow?

with regards,
Chris

Re: Issue uploading templates/isos

[vas...@gmx.de]

I has some issues with this, too - which have been related to the
certificate / SSL issue as the local upload requires https conectivity .
There ist an "open"  issue at github

https://github.com/apache/cloudstack/issues/4169

The workaround is also explained there. Could be worth trying.
Regards,

Chris

Am Fr., 4. Juni 2021 um 11:14 Uhr schrieb Jeremy Hansen :

>
> The event log makes it look as if it was successful:
>
>
>
> But it definitely fails with these errors.  I don’t really see anything in
> the manager logs.
>
>
> Network Error
> Unable to reach the management server or a browser extension may be
> blocking the network request.
> Upload Failed
> Failed to upload ISO - Error: Network Error
>

Usage of "Tags" for Network Offerings

[vas...@gmx.de]

Hi everyone,

just a short question regarding the creation / usage of network offerings.
When adding a network offering there is the optional field to give the
network offering a "Tag".
After reading the docs, the acutal usage is to map the offering to a
specific physical network.

So the tag would need to be same as the traffic label for the physical network?

For example i would like to use a dedicated fiber-network for some
hosts. So during the zone creation i would specify a "second" physical
network for Guest-Traffic with the traffic label "fiber".
After creation of the zone, i would add a new network offering and
specify "fiber" as a tag for the service offering to make this
dedicated physical network availeable for hosts ?

With regards,

Chris

Re: Issue uploading templates/isos

[vas...@gmx.de]

Hi Andrija,

thanks for additional information and clearification.
My wording was indeed not the best.
I didn't want to suggest to "workaround" the useage of SSL or disable it at all.

Out of the box the ssvm already supports SSL usage as far as i
understand? Problem is the included expiered / not valid certificate?
Guess the most users will change the certificates to one custume when
going towards productive environment (via the process of setting up
Domain/SSL for the CPVM).
But i don't think that this is something you will do while evaluating
CS in early stages thats why i suggested the "way" descriped in the
issue github.

Regards,
Chris

Am Fr., 4. Juni 2021 um 11:26 Uhr schrieb Yordan Kostov :
>
> Hello Jeremy,
>
>
>
> Uploading option does not work unless TLS is enabled.
>
> https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/
>
>
>
> https://docs.cloudstack.apache.org/en/latest/adminguide/templates.html#uploading-templates-and-isos-from-a-local-computer
>
>
>
> Best regards,
>
> Jordan
>
>
>
> From: Jeremy Hansen 
> Sent: Friday, June 4, 2021 12:14 PM
> To: users@cloudstack.apache.org
> Subject: Issue uploading templates/isos
>
>
>
>
>
> The event log makes it look as if it was successful:
>
>
>
>
>
>
>
> But it definitely fails with these errors.  I don’t really see anything in 
> the manager logs.
>
>
>
>
>
> Network Error
>
> Unable to reach the management server or a browser extension may be blocking 
> the network request.
>
> Upload Failed
>
> Failed to upload ISO - Error: Network Error

Re: Usage of "Tags" for Network Offerings

[vas...@gmx.de]

Hi Andrija,

thanks alot - again! Good to have your knowledge around :-)
Sorry for spamming - wasn't intended the hassle of doing things
"beside" actual work

Regards
Chris

Am Di., 8. Juni 2021 um 10:59 Uhr schrieb Andrija Panic
:
>
> Crhistopher Brown or vas...@gmx.de - please do not "spam" from different 
> email addresses - that will not get you the answer sooner than normal - but 
> just creates spam and people are more likely to ignore such emails :)
>
> Best,
>
> On Tue, 8 Jun 2021 at 10:55, Andrija Panic  wrote:
>>
>> you are almost right - but leave alone "traffic labels" which should be == 
>> to the name of your network/bridge/vSwitch - that has nothing to do with 
>> network TAGs.
>>
>> On physical network, you can set "tag" - you also set the same tag on a 
>> specific network offering - then ACS will say "let me created a network from 
>> this offering based on tags - and find a physical network that has the same 
>> TAG as the TAG defined on the network offering"
>>
>> This used in cases when you have "guest" traffic on more than one Physical 
>> network (i.e. in KVM world, you might be using VXLAN as the isolation method 
>> on Physical Network1, but you also want to use e.g. Private Gateway which 
>> supports only VLAN (not VXLAN) as the isolation method - thus you would need 
>> to create another/2nd Physical network and give it appropriate tags.
>>
>> Keep in mind the general tagging requirements - you you do NOT tag you (e.g. 
>> other) network offerings, but you do tag Physical networks - this is the 
>> same as if the Physical networks are NOT tagged - i.e. the network will can 
>> be created on either 1st or 2nd Physical networks, since offering is not 
>> requiring any TAG on it's own.
>>
>> Best,
>>
>> On Tue, 8 Jun 2021 at 08:44, Christopher Brown 
>>  wrote:
>>>
>>> Hi everyone,
>>>
>>> just a short question regarding the creation / usage of network offerings.
>>> When adding a network offering there is the optional field to give the
>>> network offering a "Tag".
>>> After reading the docs, the acutal usage is to map the offering to a
>>> specific physical network.
>>>
>>> So the tag would need to be same as the traffic label for the physical 
>>> network?
>>>
>>> For example i would like to use a dedicated fiber-network for some
>>> hosts. So during the zone creation i would specify a "second" physical
>>> network for Guest-Traffic with the traffic label "fiber".
>>> After creation of the zone, i would add a new network offering and
>>> specify "fiber" as a tag for the service offering to make this
>>> dedicated physical network availeable for hosts ?
>>>
>>> With regards,
>>>
>>> Chris
>>
>>
>>
>> --
>>
>> Andrija Panić
>
>
>
> --
>
> Andrija Panić

Problems setting up HTTPS on CS Managementserver GUI / recommadations relizing

[vas...@gmx.de]

Hi,

at the moment I am trying to setting up https - access for the management
server with my own certificates. Sadly i wasn't successfull until now.
OS: Ubuntu 20.04
Standard Cloudstack
Basically i was following the documentation (
http://docs.cloudstack.apache.org/en/latest/installguide/optional_installation.html#ssl-optional)
as well as following guide from shapeblue (
https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/) for
setting up https for the GUI.

At the moment i am stuck, as i didn't really have clue where and how to
proceed onwards, as i am not finding any problems, warinings or errors in
the cloudstack log's.
Usage of netstat shows, that currently no service is listening on port 8443.

Which leads me to a assumption that i maybe messed up access-priviledges
for the actual keystore-file, as the server.properties noted sais, that the
https configuration will  only be used when the keystorefile exists and is
readable by the managementserver.
Therefore  which permissions are normally used for the keystore to be
accessed by the management server?

As the documentation states, that more or less every site has it's own
practices on providing webservices to actual users,
i would like to ask for some experiences with different appoaches?
Till now i "stumbled" over some ways the set up a reverseproxy based on
nginx / apache "in front" of the actual CS-Management WebServer, which
shall take care of the certificate handling. Another idea i have read on a
side would be to "by pass" the CS-Management Webserver, targetting directly
to the "root"-volume. Which seems to be a aventures appoach...

So i am highly interested in your approaches and experiences regardning
this topic.

Thanks in advance!

Re: Problems setting up HTTPS on CS Managementserver GUI / recommadations relizing

[vas...@gmx.de]

Thank you for your findings and sharing experiences!

So what i got from your post is that

a) you didn't got the native ssl encryption up either up till now (limited
time)
b) you are using a set up with an resverse proxy beforehand which is taking
care of the ssl - encyption
c) you are actually facing challenges with the console proxy as you didn't
had time to configure encryption for the CPVM - and i gues SSVM, too

Which is quiet a 'bummer' as we were planning to get cloudstack into an
productive environment.
Maybe one of the other readers here may add something regarding the
natively provided solution of cloudstack for using ssl - connections... ?

Am Mi., 15. Sept. 2021 um 23:41 Uhr schrieb Darren Cole
:

> I have two cloudstack clusters I installed and manage.
> One is my personal two node cluster, and the other is an experimental 5
> node cluster for work.
> These are both side projects, so time configuring and managing them is
> limited.
>
> In both cases I configured an Apache proxy in front of cloudstack's
> webinterface on 443.
> My personal cluster is using a letsencrypt.com cert loaded into Apache.
> The work cluster is using a self-signed cert load into Apache for now
> (when not experimental a real cert of some sort will be used).
> I have configured Clodustack management to only listen on loopback (except
> when I need consoleproxy access)
>
> The problem with that is then consoleproxy default configuration breaks.
> Consoleproxy default to non-ssl and ajax loading of non-ssl connections in
> an ssl connection is...well problematic.
> Since both Cloudstack's are side projects I have not gotten around to
> configuring consoleproxy to use ssl yet, but it is on the list.
> Until I get time to get consoleproxy using ssl, I've changed Cloudstack's
> management configuration to listen beyond just the loop back address when
> consoleproxy access is actually required.
>
> I tried loading various certs into Cloudstack management to get the
> webinterface to use ssl but it never worked.
> I ran out of time to figure out what I was missing, so I put an Apache
> proxy in front of it.
>
> Darren
> --
> This e-mail is confidential. Any distribution, use or copying of this
> e-mail or the information it contains other than by the intended recipient
> is forbidden. If you are not the intended recipient, please advise the
> sender (by return e-mail or otherwise) immediately and delete this e-mail.
>
> - Original Message -
> From: "Vash X" 
> To: "users" 
> Sent: Tuesday, September 14, 2021 10:18:32 AM
> Subject: Problems setting up HTTPS on CS Managementserver GUI /
> recommadations relizing
>
> Hi,
>
> at the moment I am trying to setting up https - access for the management
> server with my own certificates. Sadly i wasn't successfull until now.
> OS: Ubuntu 20.04
> Standard Cloudstack
> Basically i was following the documentation (
>
> http://docs.cloudstack.apache.org/en/latest/installguide/optional_installation.html#ssl-optional
> )
> as well as following guide from shapeblue (
> https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/) for
> setting up https for the GUI.
>
> At the moment i am stuck, as i didn't really have clue where and how to
> proceed onwards, as i am not finding any problems, warinings or errors in
> the cloudstack log's.
> Usage of netstat shows, that currently no service is listening on port
> 8443.
>
> Which leads me to a assumption that i maybe messed up access-priviledges
> for the actual keystore-file, as the server.properties noted sais, that the
> https configuration will  only be used when the keystorefile exists and is
> readable by the managementserver.
> Therefore  which permissions are normally used for the keystore to be
> accessed by the management server?
>
> As the documentation states, that more or less every site has it's own
> practices on providing webservices to actual users,
> i would like to ask for some experiences with different appoaches?
> Till now i "stumbled" over some ways the set up a reverseproxy based on
> nginx / apache "in front" of the actual CS-Management WebServer, which
> shall take care of the certificate handling. Another idea i have read on a
> side would be to "by pass" the CS-Management Webserver, targetting directly
> to the "root"-volume. Which seems to be a aventures appoach...
>
> So i am highly interested in your approaches and experiences regardning
> this topic.
>
> Thanks in advance!
>

Re: Problems setting up HTTPS on CS Managementserver GUI / recommadations relizing

[vas...@gmx.de]

Hi everyone, sorry for getting back with quiet a delay.

Short update:
Seems i got at least as far to secure SSVM and CPVM with the certificates
needed. But thats another topic :-D

@wei
Thanks for your advice, as said above i am currently "done" with points 1 &
3 of your setup list. will take a look into a suitable nginx configuration
i guess. My last attemps ended with a "to many redirects" error - i am not
to much into the webserver business at all

@Yordan
Thanks for sharing this. I took a look into that, but sadly i didn't found
a different approach in all the things i have tried until now.
I guess i will take a look into the certificates again, as i could imagine
that something went wrong while writing them into the keystore... Will keep
you updated.

Am Fr., 17. Sept. 2021 um 14:33 Uhr schrieb Yordan Kostov <
yord...@nsogroup.com>:

> Hi,
>
> I do remember having issues with the steps in Shapeblue guide.
> Eventually I threw some notes for a future guide you can check
> here ->
> https://github.com/dredknight/cloud_scripts/blob/master/CloudStack-Xen/ACS-ssl-gui-guide.sh
> I hope that helps.
>
> Best regards,
> Jordan
>
> -Original Message-
> From: Wei ZHOU 
> Sent: Thursday, September 16, 2021 10:20 PM
> To: users ; vas...@gmx.de
> Subject: Re: Problems setting up HTTPS on CS Managementserver GUI /
> recommadations relizing
>
>
> [X] This message came from outside your organization
>
>
> Hi,
>
> afaik the most common setup is
> (1) start (multiple) cloudstack management server with port 8080
> (2) setup a reverse proxy (nginx/pfsense/haproxy, etc) which supports SSL
> termination and transparent LB.
> (3) upload ssl certificate in cloudstack GUI, and enable SSL for cloudsack
> console proxy and secondary storage.
>
> -Wei
>
>
> On Tue, 14 Sept 2021 at 19:19, vas...@gmx.de  wrote:
>
> > Hi,
> >
> > at the moment I am trying to setting up https - access for the
> > management server with my own certificates. Sadly i wasn't successfull
> until now.
> > OS: Ubuntu 20.04
> > Standard Cloudstack
> > Basically i was following the documentation (
> >
> > https://urldefense.com/v3/__http://docs.cloudstack.apache.org/en/lates
> > t/installguide/optional_installation.html*ssl-optional__;Iw!!A6UyJA!0d
> > TT8fqOaTGELyheFRnbrYw22T34WaEoPMbmxwezYicKr808oddMvJAwxkY7LIC7IuZy3pTq
> > DCm-$
> > )
> > as well as following guide from shapeblue (
> > https://urldefense.com/v3/__https://www.shapeblue.com/securing-cloudst
> >
> ack-4-11-with-https-tls/__;!!A6UyJA!0dTT8fqOaTGELyheFRnbrYw22T34WaEoPMbmxwezYicKr808oddMvJAwxkY7LIC7IuZy3n-PQYEK$
> ) for setting up https for the GUI.
> >
> > At the moment i am stuck, as i didn't really have clue where and how
> > to proceed onwards, as i am not finding any problems, warinings or
> > errors in the cloudstack log's.
> > Usage of netstat shows, that currently no service is listening on port
> > 8443.
> >
> > Which leads me to a assumption that i maybe messed up
> > access-priviledges for the actual keystore-file, as the
> > server.properties noted sais, that the https configuration will  only
> > be used when the keystorefile exists and is readable by the
> managementserver.
> > Therefore  which permissions are normally used for the keystore to be
> > accessed by the management server?
> >
> > As the documentation states, that more or less every site has it's own
> > practices on providing webservices to actual users, i would like to
> > ask for some experiences with different appoaches?
> > Till now i "stumbled" over some ways the set up a reverseproxy based
> > on nginx / apache "in front" of the actual CS-Management WebServer,
> > which shall take care of the certificate handling. Another idea i have
> > read on a side would be to "by pass" the CS-Management Webserver,
> > targetting directly to the "root"-volume. Which seems to be a aventures
> appoach...
> >
> > So i am highly interested in your approaches and experiences
> > regardning this topic.
> >
> > Thanks in advance!
> >
>

Re: Problems setting up HTTPS on CS Managementserver GUI / recommadations relizing

[vas...@gmx.de]

UPDATE:

@yordan
Sir - you made my day!
It is working.

What i've done:
- Checking the initial certificates for additonal blanks (even if this
shouldn't bother - but safety first :-D)
- Stick to the nameing convention for the keystore.pkcs12  - literally

I scipped the automatic redirect part, as this is currently handled by my
firewall. Also i didn't changend port-numbers. Nevertheless it works!
So thank you once again

Am Mo., 20. Sept. 2021 um 20:55 Uhr schrieb vas...@gmx.de :

> Hi everyone, sorry for getting back with quiet a delay.
>
> Short update:
> Seems i got at least as far to secure SSVM and CPVM with the certificates
> needed. But thats another topic :-D
>
> @wei
> Thanks for your advice, as said above i am currently "done" with points 1
> & 3 of your setup list. will take a look into a suitable nginx
> configuration  i guess. My last attemps ended with a "to many redirects"
> error - i am not to much into the webserver business at all
>
> @Yordan
> Thanks for sharing this. I took a look into that, but sadly i didn't found
> a different approach in all the things i have tried until now.
> I guess i will take a look into the certificates again, as i could imagine
> that something went wrong while writing them into the keystore... Will keep
> you updated.
>
> Am Fr., 17. Sept. 2021 um 14:33 Uhr schrieb Yordan Kostov <
> yord...@nsogroup.com>:
>
>> Hi,
>>
>> I do remember having issues with the steps in Shapeblue guide.
>> Eventually I threw some notes for a future guide you can check
>> here ->
>> https://github.com/dredknight/cloud_scripts/blob/master/CloudStack-Xen/ACS-ssl-gui-guide.sh
>> I hope that helps.
>>
>> Best regards,
>> Jordan
>>
>> -Original Message-
>> From: Wei ZHOU 
>> Sent: Thursday, September 16, 2021 10:20 PM
>> To: users ; vas...@gmx.de
>> Subject: Re: Problems setting up HTTPS on CS Managementserver GUI /
>> recommadations relizing
>>
>>
>> [X] This message came from outside your organization
>>
>>
>> Hi,
>>
>> afaik the most common setup is
>> (1) start (multiple) cloudstack management server with port 8080
>> (2) setup a reverse proxy (nginx/pfsense/haproxy, etc) which supports SSL
>> termination and transparent LB.
>> (3) upload ssl certificate in cloudstack GUI, and enable SSL for
>> cloudsack console proxy and secondary storage.
>>
>> -Wei
>>
>>
>> On Tue, 14 Sept 2021 at 19:19, vas...@gmx.de  wrote:
>>
>> > Hi,
>> >
>> > at the moment I am trying to setting up https - access for the
>> > management server with my own certificates. Sadly i wasn't successfull
>> until now.
>> > OS: Ubuntu 20.04
>> > Standard Cloudstack
>> > Basically i was following the documentation (
>> >
>> > https://urldefense.com/v3/__http://docs.cloudstack.apache.org/en/lates
>> > t/installguide/optional_installation.html*ssl-optional__;Iw!!A6UyJA!0d
>> > TT8fqOaTGELyheFRnbrYw22T34WaEoPMbmxwezYicKr808oddMvJAwxkY7LIC7IuZy3pTq
>> > DCm-$
>> > )
>> > as well as following guide from shapeblue (
>> > https://urldefense.com/v3/__https://www.shapeblue.com/securing-cloudst
>> >
>> ack-4-11-with-https-tls/__;!!A6UyJA!0dTT8fqOaTGELyheFRnbrYw22T34WaEoPMbmxwezYicKr808oddMvJAwxkY7LIC7IuZy3n-PQYEK$
>> ) for setting up https for the GUI.
>> >
>> > At the moment i am stuck, as i didn't really have clue where and how
>> > to proceed onwards, as i am not finding any problems, warinings or
>> > errors in the cloudstack log's.
>> > Usage of netstat shows, that currently no service is listening on port
>> > 8443.
>> >
>> > Which leads me to a assumption that i maybe messed up
>> > access-priviledges for the actual keystore-file, as the
>> > server.properties noted sais, that the https configuration will  only
>> > be used when the keystorefile exists and is readable by the
>> managementserver.
>> > Therefore  which permissions are normally used for the keystore to be
>> > accessed by the management server?
>> >
>> > As the documentation states, that more or less every site has it's own
>> > practices on providing webservices to actual users, i would like to
>> > ask for some experiences with different appoaches?
>> > Till now i "stumbled" over some ways the set up a reverseproxy based
>> > on nginx / apache "in front" of the actual CS-Management WebServer,
>> > which shall take care of the certificate handling. Another idea i have
>> > read on a side would be to "by pass" the CS-Management Webserver,
>> > targetting directly to the "root"-volume. Which seems to be a aventures
>> appoach...
>> >
>> > So i am highly interested in your approaches and experiences
>> > regardning this topic.
>> >
>> > Thanks in advance!
>> >
>>
>

SSCM and CSVM status starting till abort / libvirt: invalid connection pointer in virConnectGetVersion

[vas...@gmx.de]

Hi,

i am running into problems within my new setup - and i currently don't know
where to look for to debug this.
Environment:
Newly installed
CS 4.15.2
Ubuntu 20.04 + KVM
1x Management Server + 1 Host
Deploying Advanced Networking Zone

Up to this point everything is running fine. Didn't found errors in the log
files.
However: When enabling the zone the SSVM and CSVM are changeing to started
but never reach "running".

Taking a look into the agent.log i stumbled upon this ("..." =  repetion of
entries):

2021-09-24 01:01:55,311 INFO  [utils.nio.NioClient] (main:null) (logid:)
SSL: Handshake done
2021-09-24 01:01:55,311 INFO  [utils.nio.NioClient] (main:null) (logid:)
Connected to 172.17.1.2:8250
2021-09-24 01:01:55,373 INFO  [kvm.storage.LibvirtStorageAdaptor]
(Agent-Handler-1:null) (logid:) Attempting to create storage pool
8362564e-11fd-4dd8-bae1-f90d53e52dab (Filesystem) in libvirt
2021-09-24 01:01:55,379 ERROR [kvm.resource.LibvirtConnection]
(Agent-Handler-1:null) (logid:) Connection with libvirtd is broken: invalid
connection pointer in virConnectGetVersion
2021-09-24 01:01:55,381 WARN  [kvm.storage.LibvirtStorageAdaptor]
(Agent-Handler-1:null) (logid:) Storage pool
8362564e-11fd-4dd8-bae1-f90d53e52dab was not found running in libvirt. Need
to create it.
2021-09-24 01:01:55,381 INFO  [kvm.storage.LibvirtStorageAdaptor]
(Agent-Handler-1:null) (logid:) Didn't find an existing storage pool
8362564e-11fd-4dd8-bae1-f90d53e52dab by UUID, checking for pools with
duplicate paths
2021-09-24 01:01:55,383 INFO  [kvm.storage.LibvirtStorageAdaptor]
(Agent-Handler-1:null) (logid:) Trying to fetch storage pool
8362564e-11fd-4dd8-bae1-f90d53e52dab from libvirt
2021-09-24 01:01:55,424 INFO  [cloud.serializer.GsonHelper]
(Agent-Handler-1:null) (logid:) Default Builder inited.
2021-09-24 01:01:55,470 INFO  [cloud.agent.Agent] (Agent-Handler-2:null)
(logid:) Proccess agent startup answer, agent id = 0
2021-09-24 01:01:55,471 INFO  [cloud.agent.Agent] (Agent-Handler-2:null)
(logid:) Set agent id 0
2021-09-24 01:01:55,476 INFO  [cloud.agent.Agent] (Agent-Handler-2:null)
(logid:) Startup Response Received: agent id = 0
2021-09-24 01:01:55,701 INFO  [cloud.agent.Agent]
(agentRequest-Handler-3:null) (logid:9e52178e) Processing agent ready
command, agent id = 1
2021-09-24 01:01:55,702 INFO  [cloud.agent.Agent]
(agentRequest-Handler-3:null) (logid:9e52178e) Set agent id 1
2021-09-24 01:01:55,707 INFO  [cloud.agent.Agent]
(agentRequest-Handler-3:null) (logid:9e52178e) Ready command is processed
for agent id = 1
2021-09-24 01:01:55,807 INFO  [cloud.agent.Agent]
(agentRequest-Handler-4:null) (logid:9e52178e) Processing agent ready
command, agent id = 1
2021-09-24 01:01:55,807 INFO  [cloud.agent.Agent]
(agentRequest-Handler-4:null) (logid:9e52178e) Set agent id 1
2021-09-24 01:01:55,808 INFO  [cloud.agent.Agent]
(agentRequest-Handler-4:null) (logid:9e52178e) Processed new management
server list: 172.17.1.2@static
2021-09-24 01:01:55,809 INFO  [cloud.agent.Agent]
(agentRequest-Handler-4:null) (logid:9e52178e) Ready command is processed
for agent id = 1
2021-09-24 01:02:24,490 INFO  [kvm.storage.LibvirtStorageAdaptor]
(agentRequest-Handler-5:null) (logid:b81c6af6) Attempting to create storage
pool 8bc1feaa-a099-3590-aa2b-2d12df0e242b (NetworkFilesystem) in libvirt
2021-09-24 01:02:24,510 WARN  [kvm.storage.LibvirtStorageAdaptor]
(agentRequest-Handler-5:null) (logid:b81c6af6) Storage pool
8bc1feaa-a099-3590-aa2b-2d12df0e242b was not found running in libvirt. Need
to create it.
2021-09-24 01:02:24,510 INFO  [kvm.storage.LibvirtStorageAdaptor]
(agentRequest-Handler-5:null) (logid:b81c6af6) Didn't find an existing
storage pool 8bc1feaa-a099-3590-aa2b-2d12df0e242b by UUID, checking for
pools with duplicate paths
2021-09-24 01:02:24,708 INFO  [kvm.storage.LibvirtStorageAdaptor]
(agentRequest-Handler-5:null) (logid:b81c6af6) Trying to fetch storage pool
8bc1feaa-a099-3590-aa2b-2d12df0e242b from libvirt
2021-09-24 01:02:40,975 INFO  [kvm.storage.LibvirtStorageAdaptor]
(agentRequest-Handler-3:null) (logid:74acba6b) Trying to fetch storage pool
8bc1feaa-a099-3590-aa2b-2d12df0e242b from libvirt
2021-09-24 01:02:41,001 INFO  [kvm.storage.LibvirtStorageAdaptor]
(agentRequest-Handler-3:null) (logid:74acba6b) Asking libvirt to refresh
storage pool 8bc1feaa-a099-3590-aa2b-2d12df0e242b
...
2021-09-24 01:08:41,382 INFO  [kvm.storage.LibvirtStorageAdaptor]
(agentRequest-Handler-1:null) (logid:94789a51) Trying to fetch storage pool
8bc1feaa-a099-3590-aa2b-2d12df0e242b from libvirt
2021-09-24 01:08:41,405 INFO  [kvm.storage.LibvirtStorageAdaptor]
(agentRequest-Handler-1:null) (logid:94789a51) Asking libvirt to refresh
storage pool 8bc1feaa-a099-3590-aa2b-2d12df0e242b
2021-09-24 01:08:52,046 INFO  [kvm.storage.LibvirtStorageAdaptor]
(agentRequest-Handler-5:null) (logid:3da47ae9) Attempting to create storage
pool a93ac95f-6a93-30b3-b4ee-822203da20bb (NetworkFilesystem) in libvirt
2021-09-24 01:08:52,066 WARN  [kvm.storage.LibvirtStorageAdaptor]
(agentReq

Re: SSCM and CSVM status starting till abort / libvirt: invalid connection pointer in virConnectGetVersion

[vas...@gmx.de]

Update

@Wei ZHOU

virsh list  = empty
virsh pool-list = 3 entrys
 - UID of Primary-Storage
 - Guess the other 2 should be the once from the new system vm's - (is
there a way to verify?)

@christian.c
Will do so and post updates

Am Fr., 24. Sept. 2021 um 12:58 Uhr schrieb Wei ZHOU :

> Hi,
>
> Please make sure libvirt is working well. for example,
>
> virsh list
> virsh pool-list
>
>
> -Wei
>
> On Fri, 24 Sept 2021 at 11:07, vas...@gmx.de  wrote:
>
>> Hi,
>>
>> i am running into problems within my new setup - and i currently don't
>> know
>> where to look for to debug this.
>> Environment:
>> Newly installed
>> CS 4.15.2
>> Ubuntu 20.04 + KVM
>> 1x Management Server + 1 Host
>> Deploying Advanced Networking Zone
>>
>> Up to this point everything is running fine. Didn't found errors in the
>> log
>> files.
>> However: When enabling the zone the SSVM and CSVM are changeing to started
>> but never reach "running".
>>
>> Taking a look into the agent.log i stumbled upon this ("..." =  repetion
>> of
>> entries):
>>
>> 2021-09-24 01:01:55,311 INFO  [utils.nio.NioClient] (main:null) (logid:)
>> SSL: Handshake done
>> 2021-09-24 01:01:55,311 INFO  [utils.nio.NioClient] (main:null) (logid:)
>> Connected to 172.17.1.2:8250
>> 2021-09-24 01:01:55,373 INFO  [kvm.storage.LibvirtStorageAdaptor]
>> (Agent-Handler-1:null) (logid:) Attempting to create storage pool
>> 8362564e-11fd-4dd8-bae1-f90d53e52dab (Filesystem) in libvirt
>> 2021-09-24 01:01:55,379 ERROR [kvm.resource.LibvirtConnection]
>> (Agent-Handler-1:null) (logid:) Connection with libvirtd is broken:
>> invalid
>> connection pointer in virConnectGetVersion
>> 2021-09-24 01:01:55,381 WARN  [kvm.storage.LibvirtStorageAdaptor]
>> (Agent-Handler-1:null) (logid:) Storage pool
>> 8362564e-11fd-4dd8-bae1-f90d53e52dab was not found running in libvirt.
>> Need
>> to create it.
>> 2021-09-24 01:01:55,381 INFO  [kvm.storage.LibvirtStorageAdaptor]
>> (Agent-Handler-1:null) (logid:) Didn't find an existing storage pool
>> 8362564e-11fd-4dd8-bae1-f90d53e52dab by UUID, checking for pools with
>> duplicate paths
>> 2021-09-24 01:01:55,383 INFO  [kvm.storage.LibvirtStorageAdaptor]
>> (Agent-Handler-1:null) (logid:) Trying to fetch storage pool
>> 8362564e-11fd-4dd8-bae1-f90d53e52dab from libvirt
>> 2021-09-24 01:01:55,424 INFO  [cloud.serializer.GsonHelper]
>> (Agent-Handler-1:null) (logid:) Default Builder inited.
>> 2021-09-24 01:01:55,470 INFO  [cloud.agent.Agent] (Agent-Handler-2:null)
>> (logid:) Proccess agent startup answer, agent id = 0
>> 2021-09-24 01:01:55,471 INFO  [cloud.agent.Agent] (Agent-Handler-2:null)
>> (logid:) Set agent id 0
>> 2021-09-24 01:01:55,476 INFO  [cloud.agent.Agent] (Agent-Handler-2:null)
>> (logid:) Startup Response Received: agent id = 0
>> 2021-09-24 01:01:55,701 INFO  [cloud.agent.Agent]
>> (agentRequest-Handler-3:null) (logid:9e52178e) Processing agent ready
>> command, agent id = 1
>> 2021-09-24 01:01:55,702 INFO  [cloud.agent.Agent]
>> (agentRequest-Handler-3:null) (logid:9e52178e) Set agent id 1
>> 2021-09-24 01:01:55,707 INFO  [cloud.agent.Agent]
>> (agentRequest-Handler-3:null) (logid:9e52178e) Ready command is processed
>> for agent id = 1
>> 2021-09-24 01:01:55,807 INFO  [cloud.agent.Agent]
>> (agentRequest-Handler-4:null) (logid:9e52178e) Processing agent ready
>> command, agent id = 1
>> 2021-09-24 01:01:55,807 INFO  [cloud.agent.Agent]
>> (agentRequest-Handler-4:null) (logid:9e52178e) Set agent id 1
>> 2021-09-24 01:01:55,808 INFO  [cloud.agent.Agent]
>> (agentRequest-Handler-4:null) (logid:9e52178e) Processed new management
>> server list: 172.17.1.2@static
>> 2021-09-24 01:01:55,809 INFO  [cloud.agent.Agent]
>> (agentRequest-Handler-4:null) (logid:9e52178e) Ready command is processed
>> for agent id = 1
>> 2021-09-24 01:02:24,490 INFO  [kvm.storage.LibvirtStorageAdaptor]
>> (agentRequest-Handler-5:null) (logid:b81c6af6) Attempting to create
>> storage
>> pool 8bc1feaa-a099-3590-aa2b-2d12df0e242b (NetworkFilesystem) in libvirt
>> 2021-09-24 01:02:24,510 WARN  [kvm.storage.LibvirtStorageAdaptor]
>> (agentRequest-Handler-5:null) (logid:b81c6af6) Storage pool
>> 8bc1feaa-a099-3590-aa2b-2d12df0e242b was not found running in libvirt.
>> Need
>> to create it.
>> 2021-09-24 01:02:24,510 INFO  [kvm.storage.LibvirtStorageAdaptor]
>> (agentRequest-Handler-5:null) (logid:b81c6af6) Didn't find an existing
>> storage pool 8bc1feaa-a099-3590-aa2b-2d12df0e242b by UUID,

Re: SSCM and CSVM status starting till abort / libvirt: invalid connection pointer in virConnectGetVersion

[vas...@gmx.de]

here we are with some more inforamtion:

Started the agent in debug mode and performed the process of zone creation
/ adding a host with the same results as beforehand. For this purpose i
needed to use a different server. result is the same - constantly starting
system VMs.

Debug - resultet:

(each 2 times)
2021-09-24 14:09:38,072 ERROR [kvm.resource.LibvirtComputingResource]
(main:null) (logid:) uefi properties file not found due to: Unable to find
file uefi.properties.
2021-09-24 14:09:38,637 ERROR [kvm.resource.LibvirtConnection]
(Agent-Handler-1:null) (logid:) Connection with libvirtd is broken: invalid
connection pointer in virConnectGetVersion

one warning
2021-09-24 14:09:56,356 WARN  [kvm.storage.LibvirtStorageAdaptor]
(agentRequest-Handler-5:null) (logid:4f2b6925) Storage pool
a93ac95f-6a93-30b3-b4ee-822203da20bb was not found running in libvirt. Need
to create it.
which is then created and
2021-09-24 14:09:56,388 DEBUG [kvm.storage.LibvirtStorageAdaptor]
(agentRequest-Handler-5:null) (logid:4f2b6925) Succesfully refreshed pool
a93ac95f-6a93-30b3-b4ee-822203da20bb Capacity: (1.7380 TB) 1910912974848
Used: (375.13 MB) 393347072 Available: (1.7376 TB) 1910519627776

Everything else is looking neatly.
i posted the complete log at pastebin

https://pastebin.com/Q5XGMnaz

Currently my workflow for Hosts is:
-install os
-basic configuration (fqdn, ntp, networking & repositrories, )
-install os updates
-cloudstack agent installation
- adding to host

I installed all packages via the cloudstack ubuntu repository (
http://download.cloudstack.org/ubuntu ) and use just all packages which
will come with the cloudstack agent. - are they maybe outdated?




Am Fr., 24. Sept. 2021 um 14:12 Uhr schrieb vas...@gmx.de :

> Update
>
> @Wei ZHOU
>
> virsh list  = empty
> virsh pool-list = 3 entrys
>  - UID of Primary-Storage
>  - Guess the other 2 should be the once from the new system vm's - (is
> there a way to verify?)
>
> @christian.c
> Will do so and post updates
>
> Am Fr., 24. Sept. 2021 um 12:58 Uhr schrieb Wei ZHOU <
> ustcweiz...@gmail.com>:
>
>> Hi,
>>
>> Please make sure libvirt is working well. for example,
>>
>> virsh list
>> virsh pool-list
>>
>>
>> -Wei
>>
>> On Fri, 24 Sept 2021 at 11:07, vas...@gmx.de  wrote:
>>
>>> Hi,
>>>
>>> i am running into problems within my new setup - and i currently don't
>>> know
>>> where to look for to debug this.
>>> Environment:
>>> Newly installed
>>> CS 4.15.2
>>> Ubuntu 20.04 + KVM
>>> 1x Management Server + 1 Host
>>> Deploying Advanced Networking Zone
>>>
>>> Up to this point everything is running fine. Didn't found errors in the
>>> log
>>> files.
>>> However: When enabling the zone the SSVM and CSVM are changeing to
>>> started
>>> but never reach "running".
>>>
>>> Taking a look into the agent.log i stumbled upon this ("..." =  repetion
>>> of
>>> entries):
>>>
>>> 2021-09-24 01:01:55,311 INFO  [utils.nio.NioClient] (main:null) (logid:)
>>> SSL: Handshake done
>>> 2021-09-24 01:01:55,311 INFO  [utils.nio.NioClient] (main:null) (logid:)
>>> Connected to 172.17.1.2:8250
>>> 2021-09-24 01:01:55,373 INFO  [kvm.storage.LibvirtStorageAdaptor]
>>> (Agent-Handler-1:null) (logid:) Attempting to create storage pool
>>> 8362564e-11fd-4dd8-bae1-f90d53e52dab (Filesystem) in libvirt
>>> 2021-09-24 01:01:55,379 ERROR [kvm.resource.LibvirtConnection]
>>> (Agent-Handler-1:null) (logid:) Connection with libvirtd is broken:
>>> invalid
>>> connection pointer in virConnectGetVersion
>>> 2021-09-24 01:01:55,381 WARN  [kvm.storage.LibvirtStorageAdaptor]
>>> (Agent-Handler-1:null) (logid:) Storage pool
>>> 8362564e-11fd-4dd8-bae1-f90d53e52dab was not found running in libvirt.
>>> Need
>>> to create it.
>>> 2021-09-24 01:01:55,381 INFO  [kvm.storage.LibvirtStorageAdaptor]
>>> (Agent-Handler-1:null) (logid:) Didn't find an existing storage pool
>>> 8362564e-11fd-4dd8-bae1-f90d53e52dab by UUID, checking for pools with
>>> duplicate paths
>>> 2021-09-24 01:01:55,383 INFO  [kvm.storage.LibvirtStorageAdaptor]
>>> (Agent-Handler-1:null) (logid:) Trying to fetch storage pool
>>> 8362564e-11fd-4dd8-bae1-f90d53e52dab from libvirt
>>> 2021-09-24 01:01:55,424 INFO  [cloud.serializer.GsonHelper]
>>> (Agent-Handler-1:null) (logid:) Default Builder inited.
>>> 2021-09-24 01:01:55,470 INFO  [cloud.agent.Agent] (Agent-Handler-2:null)
>>> (logid:) Proccess agent startup answer, agent id = 0

Re: SSCM and CSVM status starting till abort / libvirt: invalid connection pointer in virConnectGetVersion

[vas...@gmx.de]

Found my mistake. and well i am ashamed that it was a firewalling
issue on the nfs server - never trust in description of services
anymore But now it works like expected!

Just for referrance how i was pointed twards looking at the network setup
again:
While googeling i came accross some quiet old issue-notices at the ACS
github referring the virConnectGetVersion, which where more or less
indirect related to my "problem". Thats why i started again looking into
the network.

Thanks for your supportt!

Am Fr., 24. Sept. 2021 um 15:09 Uhr schrieb vas...@gmx.de :

> here we are with some more inforamtion:
>
> Started the agent in debug mode and performed the process of zone creation
> / adding a host with the same results as beforehand. For this purpose i
> needed to use a different server. result is the same - constantly starting
> system VMs.
>
> Debug - resultet:
>
> (each 2 times)
> 2021-09-24 14:09:38,072 ERROR [kvm.resource.LibvirtComputingResource]
> (main:null) (logid:) uefi properties file not found due to: Unable to find
> file uefi.properties.
> 2021-09-24 14:09:38,637 ERROR [kvm.resource.LibvirtConnection]
> (Agent-Handler-1:null) (logid:) Connection with libvirtd is broken: invalid
> connection pointer in virConnectGetVersion
>
> one warning
> 2021-09-24 14:09:56,356 WARN  [kvm.storage.LibvirtStorageAdaptor]
> (agentRequest-Handler-5:null) (logid:4f2b6925) Storage pool
> a93ac95f-6a93-30b3-b4ee-822203da20bb was not found running in libvirt. Need
> to create it.
> which is then created and
> 2021-09-24 14:09:56,388 DEBUG [kvm.storage.LibvirtStorageAdaptor]
> (agentRequest-Handler-5:null) (logid:4f2b6925) Succesfully refreshed pool
> a93ac95f-6a93-30b3-b4ee-822203da20bb Capacity: (1.7380 TB) 1910912974848
> Used: (375.13 MB) 393347072 Available: (1.7376 TB) 1910519627776
>
> Everything else is looking neatly.
> i posted the complete log at pastebin
>
> https://pastebin.com/Q5XGMnaz
>
> Currently my workflow for Hosts is:
> -install os
> -basic configuration (fqdn, ntp, networking & repositrories, )
> -install os updates
> -cloudstack agent installation
> - adding to host
>
> I installed all packages via the cloudstack ubuntu repository (
> http://download.cloudstack.org/ubuntu ) and use just all packages which
> will come with the cloudstack agent. - are they maybe outdated?
>
>
>
>
> Am Fr., 24. Sept. 2021 um 14:12 Uhr schrieb vas...@gmx.de :
>
>> Update
>>
>> @Wei ZHOU
>>
>> virsh list  = empty
>> virsh pool-list = 3 entrys
>>  - UID of Primary-Storage
>>  - Guess the other 2 should be the once from the new system vm's - (is
>> there a way to verify?)
>>
>> @christian.c
>> Will do so and post updates
>>
>> Am Fr., 24. Sept. 2021 um 12:58 Uhr schrieb Wei ZHOU <
>> ustcweiz...@gmail.com>:
>>
>>> Hi,
>>>
>>> Please make sure libvirt is working well. for example,
>>>
>>> virsh list
>>> virsh pool-list
>>>
>>>
>>> -Wei
>>>
>>> On Fri, 24 Sept 2021 at 11:07, vas...@gmx.de  wrote:
>>>
>>>> Hi,
>>>>
>>>> i am running into problems within my new setup - and i currently don't
>>>> know
>>>> where to look for to debug this.
>>>> Environment:
>>>> Newly installed
>>>> CS 4.15.2
>>>> Ubuntu 20.04 + KVM
>>>> 1x Management Server + 1 Host
>>>> Deploying Advanced Networking Zone
>>>>
>>>> Up to this point everything is running fine. Didn't found errors in the
>>>> log
>>>> files.
>>>> However: When enabling the zone the SSVM and CSVM are changeing to
>>>> started
>>>> but never reach "running".
>>>>
>>>> Taking a look into the agent.log i stumbled upon this ("..." =
>>>> repetion of
>>>> entries):
>>>>
>>>> 2021-09-24 01:01:55,311 INFO  [utils.nio.NioClient] (main:null) (logid:)
>>>> SSL: Handshake done
>>>> 2021-09-24 01:01:55,311 INFO  [utils.nio.NioClient] (main:null) (logid:)
>>>> Connected to 172.17.1.2:8250
>>>> 2021-09-24 01:01:55,373 INFO  [kvm.storage.LibvirtStorageAdaptor]
>>>> (Agent-Handler-1:null) (logid:) Attempting to create storage pool
>>>> 8362564e-11fd-4dd8-bae1-f90d53e52dab (Filesystem) in libvirt
>>>> 2021-09-24 01:01:55,379 ERROR [kvm.resource.LibvirtConnection]
>>>> (Agent-Handler-1:null) (logid:) Connection with libvirtd is broken:
>>>> invalid
>>>> connection pointer in virConn

Re: kvm host gets wrong IP address in host= at agent.properties

[vas...@gmx.de]

Hi Jay, i would suggest the following approach:
- set IPs manually for the all hosts you wont't to use OR use a different
dhcp server (not the Cloudstack Managementserver) and work with static
leases for the hosts
- only the system vm's (instances of systemvm's, console proxys and later
on virtural routers) using dhcp
- while creating the zone, you then double check that you didn't use the
whole managametn ip range in dhcp. You can specify parts of your management
network for ip leaese - not the whole network.
   For example when using the wizzard and enter the informations for your
"Pod Network"
  Name: Pod 1
  Reserved System Gateway: Address of your Gateway
  Reserved System Netmask: Subnetmask of the whole Pod-Network
  Start / End IP Reserved System IP: IP Range used for leases to the
system vms's - not the whole pod / management network





Am Di., 28. Sept. 2021 um 08:16 Uhr schrieb jay hs <
jhahn-steic...@whatcom.edu>:

> Hi all:
> I must be doing something wrong.
> I am installing 4.15 from the apt repositories on ubuntu 16.04
> deb http://download.cloudstack.org/ubuntu xenial 4.15
>
> Everything goes grandly, except that when cloudstack-agent starts up, it
> puts a seemingly random IP address (from the correct subnet) in host= at
> agent.properties.
>
> It should be
> host=172.16.10.2
> but it picks up
> host=172.16.10.246@static
>
> Evidently, it passes this *.246 value on to the ssvm -- which makes it
> very mad.
>
> I've redone my management server and first kvm host a second time, and it
> got *.234 instead of *.246.
>
> I am doing these on a test network that is NATed off from the main
> network.  That NAT network did have its own DHCP active.  I've switched
> that off -- and will do another try (tomorrow).
>
> But does this sound like I've got a configuration missing -- or am I
> picking up a bum copy of the cloudstack-agent from the repo?  or... ideas?
>
> thanks.
> --jay
>

Virtual Router failing health check - webserver.service

[vas...@gmx.de]

 Hi everyone,

I am setting up a redundant VPC.
Therefore i created a custome service offering with the following Service
provided by the virtual Router:
- Portforwarding
- Network ACL
- SourceNAT
- VPN
- StaticNat

I now getting alerts, that the router couldn't pass all health checks. The
one failing at the moment is "webserver.service".
As far as i got reading the log files, the apache service on the router is
shutting down, as know valid / correct ssl - certificate is availeable.

So now i am looking for some support on how to get rid of the errors and
some information, why a webserver is running on the router?
I found some articel in the wiki about the integrated Load Balancer. But i
didn't have the service in the vpc service offering as well it wasn't
selected for the (custome) service offering for the tier-networks for the
vpc.

Hope someone can help me out!
Regards!

Re: Virtual Router failing health chek - webserver.service

[vas...@gmx.de]

Hi Wei,

thanks for your effort,

I will open an issue. In the mean time, i also get several errors - even
more then of the failing healthserver check.

it seams, that in an redundant setup, there are several things broken at
the moment.
i now get additionally several errors on the master-router.
Failing healthchecks:
  - dhcp_chck.py
  - dns_chck.py (here i get some information, that die instance has no
entry of the hostname in the /etc/hosts)

Nevertheless my offering for the cloud doesn't have this services specified
as well as the tier networks don't offer dhcp or dns services. 


Am Mi., 29. Sept. 2021 um 09:29 Uhr schrieb Wei ZHOU :

> I confirm that the health check on `webserver` checks the process
> `apache2` in VR.
>
> {"id":"0","service":"webserver","processname":"apache2","serviceName":"apache2","servicePath":"/var/run/apache2/apache2.pid","pidFile":"/var/run/apache2/apache2.pid","isDefault":"true"}
>
> Christopher, could you please file an issue on github ?
> https://github.com/apache/cloudstack/issues
>
> -Wei
>
>
> On Wed, 29 Sept 2021 at 09:21, Wei ZHOU  wrote:
>
>> Hi Christopher,
>>
>> There is no such service 'webserver.service' in cloudstack VR. Do you
>> mean apache2 ? It is set up in VR for 'Userdata' service.
>> Considering your custom vpc offering does not support 'Userdata',
>> the health check on it should not be performed. it might be a bug (please
>> provide more info).
>>
>> You can exclude a health check (effectively on all VRs) by setting global
>> configuration `router.health.checks.to.exclude`.
>>
>> -Wei
>>
>>
>>
>> On Wed, 29 Sept 2021 at 09:11, Christopher Brown <
>> mail2christopher.br...@gmail.com> wrote:
>>
>>> Hi everyone,
>>>
>>> I am setting up a redundant VPC.
>>> Therefore i created a custome service offering with the following Service
>>> provided by the virtual Router:
>>> - Portforwarding
>>> - Network ACL
>>> - SourceNAT
>>> - VPN
>>> - StaticNat
>>>
>>> I now getting alerts, that the router couldn't pass all health checks.
>>> The
>>> one failing at the moment is "webserver.service".
>>> As far as i got reading the log files, the apache service on the router
>>> is
>>> shutting down, as know valid / correct ssl - certificate is availeable.
>>>
>>> So now i am looking for some support on how to get rid of the errors and
>>> some information, why a webserver is running on the router?
>>> I found some articel in the wiki about the integrated Load Balancer. But
>>> i
>>> didn't have the service in the vpc service offering as well it wasn't
>>> selected for the (custome) service offering for the tier-networks for the
>>> vpc.
>>>
>>> Hope someone can help me out!
>>> Regards!
>>>
>>

Re: Virtual Router failing health chek - webserver.service

[vas...@gmx.de]

Okay, just thought for a second.
I guess the dhcp.service will be needed for handling the additionally
needed IP adresses for the NICS of the gateway (1-"Shared" IP and 2x
individual IPs for each Master / Backup ). As these can't be specified, the
routers need to choose one randomely or via dhcp.
However is there a way to actually see / configure IP leases in the GUI?
Same question would be regarding dns services though.


Am Mi., 29. Sept. 2021 um 10:57 Uhr schrieb vas...@gmx.de :

> Hi Wei,
>
> thanks for your effort,
>
> I will open an issue. In the mean time, i also get several errors - even
> more then of the failing healthserver check.
>
> it seams, that in an redundant setup, there are several things broken at
> the moment.
> i now get additionally several errors on the master-router.
> Failing healthchecks:
>   - dhcp_chck.py
>   - dns_chck.py (here i get some information, that die instance has no
> entry of the hostname in the /etc/hosts)
>
> Nevertheless my offering for the cloud doesn't have this services
> specified as well as the tier networks don't offer dhcp or dns services.
> 
>
>
> Am Mi., 29. Sept. 2021 um 09:29 Uhr schrieb Wei ZHOU <
> ustcweiz...@gmail.com>:
>
>> I confirm that the health check on `webserver` checks the process
>> `apache2` in VR.
>>
>> {"id":"0","service":"webserver","processname":"apache2","serviceName":"apache2","servicePath":"/var/run/apache2/apache2.pid","pidFile":"/var/run/apache2/apache2.pid","isDefault":"true"}
>>
>> Christopher, could you please file an issue on github ?
>> https://github.com/apache/cloudstack/issues
>>
>> -Wei
>>
>>
>> On Wed, 29 Sept 2021 at 09:21, Wei ZHOU  wrote:
>>
>>> Hi Christopher,
>>>
>>> There is no such service 'webserver.service' in cloudstack VR. Do you
>>> mean apache2 ? It is set up in VR for 'Userdata' service.
>>> Considering your custom vpc offering does not support 'Userdata',
>>> the health check on it should not be performed. it might be a bug (please
>>> provide more info).
>>>
>>> You can exclude a health check (effectively on all VRs) by setting
>>> global configuration `router.health.checks.to.exclude`.
>>>
>>> -Wei
>>>
>>>
>>>
>>> On Wed, 29 Sept 2021 at 09:11, Christopher Brown <
>>> mail2christopher.br...@gmail.com> wrote:
>>>
>>>> Hi everyone,
>>>>
>>>> I am setting up a redundant VPC.
>>>> Therefore i created a custome service offering with the following
>>>> Service
>>>> provided by the virtual Router:
>>>> - Portforwarding
>>>> - Network ACL
>>>> - SourceNAT
>>>> - VPN
>>>> - StaticNat
>>>>
>>>> I now getting alerts, that the router couldn't pass all health checks.
>>>> The
>>>> one failing at the moment is "webserver.service".
>>>> As far as i got reading the log files, the apache service on the router
>>>> is
>>>> shutting down, as know valid / correct ssl - certificate is availeable.
>>>>
>>>> So now i am looking for some support on how to get rid of the errors and
>>>> some information, why a webserver is running on the router?
>>>> I found some articel in the wiki about the integrated Load Balancer.
>>>> But i
>>>> didn't have the service in the vpc service offering as well it wasn't
>>>> selected for the (custome) service offering for the tier-networks for
>>>> the
>>>> vpc.
>>>>
>>>> Hope someone can help me out!
>>>> Regards!
>>>>
>>>

Understanding of network ACLs - looking for "egress" ACL items on virtual routers

[vas...@gmx.de]

Hi everyone,

i currently am looking into the ACL implemention used in VPCs.

However i was not able to locate any of my created "egress" - entries in
any of the chains / tables  on the router.
Tried several things like deny / allow egress traffic for one client or the
whole tier, but i wasn't able to locate the changes on the router.

Might one of you can give some where to look / locate egress related rules
in iptables?

In this context, maybe someone can give me an idea if my understanding of
the documentation regarding egress ACL items is correct.
>From the docs:
" ... once you add an ACL rule for outgoing traffic, then only outgoing
traffic specified in this ACL rule is allowed, the rest is blocked."
so adding an "eggress + allow" for an instance in the tier shall result in
changeing the "default"  of the whole acl to "egress + deny" for the rest
of the network automatically.
is that correct?

Thanks in advance!

Re: Understanding of network ACLs - looking for "egress" ACL items on virtual routers

[vas...@gmx.de]

I can do. But before raising "issues" I normally try to confirm that my
issue is to some degree valid. As my knowledge on how and where Cloudstack
is working with the configured ACLs is at the moment quiet shallow, i will
need to try out some things beforehand I guess

Wei ZHOU  schrieb am Sa., 2. Okt. 2021, 08:50:

> Hi,
>
> Could you create an issue on github and provide more details ?
>
> -Wei
>
> On Sat, 2 Oct 2021 at 02:31, vas...@gmx.de  wrote:
>
> > Hi everyone,
> >
> > i currently am looking into the ACL implemention used in VPCs.
> >
> > However i was not able to locate any of my created "egress" - entries in
> > any of the chains / tables  on the router.
> > Tried several things like deny / allow egress traffic for one client or
> the
> > whole tier, but i wasn't able to locate the changes on the router.
> >
> > Might one of you can give some where to look / locate egress related
> rules
> > in iptables?
> >
> > In this context, maybe someone can give me an idea if my understanding of
> > the documentation regarding egress ACL items is correct.
> > From the docs:
> > " ... once you add an ACL rule for outgoing traffic, then only outgoing
> > traffic specified in this ACL rule is allowed, the rest is blocked."
> > so adding an "eggress + allow" for an instance in the tier shall result
> in
> > changeing the "default"  of the whole acl to "egress + deny" for the rest
> > of the network automatically.
> > is that correct?
> >
> > Thanks in advance!
> >
>

Re: Understanding of network ACLs - looking for "egress" ACL items on virtual routers

[vas...@gmx.de]

Thanks for this Wei,
thant helped me out!

I will share my findings - maybe someone googling for some more information
regarding the ACLs will find it useful.


- You need to set an "egress deny  destionation>" to work with
further "egress allow" rules. So i missunderstand the docs regarding this
point.
- keep in mind that ACL have limitations and are not the same as an
firewall
- Referenced iptables Tables for the ACL items (and then in the separate
chain of the ACL-List)
 - Egress Items are found in the "mangle" - Table
 - Ingress Items are found in the "forward" - Table

Another intersting thing to mention:
ACLs are statefull (!) - which is quiet convenient but not allways default.
And for some applications additonal actions might be needed or concidered
during Nw-planning.

Also Egress and Ingress rules are not related with each other even if they
are displayed in one List (or say that it are 2 virtual lists)
Example ACL-List of an tier:
 Pos. 1 egress deny all to 0.0.0.0/0
 Pos. 2 ingress allow 22 from 0.0.0.0/0

will give you an ssh connection from 0.0.0.0/0 to the network of the tier.
something one might want to keep in mind.

Another thing i noticed:
For me to use the "drag&drop" of ACL-items was quiet a mixed back.
the "rule numbers" often were not consistent displayes or updated.
for example i had something like
nr 1-Item A
nr 2-Item B
nr 4-Item D
nr 3-Item C
Which can be a bit cumbersome as on the virtual router sorted the items
correctly in the iptable chains meaning
nr 1- item A
nr 2 - item B
nr 3 - item C
nr 4 - item D

if you are new to this - one can spend some time to find the mistake he
made. ;-)



Am Sa., 2. Okt. 2021 um 15:45 Uhr schrieb Wei ZHOU :

> Hi,
>
> The network acl feature is implemented through iptables and ipset. If you
> have related knowledge and like to investigate the issue, it would be nice.
>
> Wei
>
> On Saturday, 2 October 2021, vas...@gmx.de  wrote:
>
>> I can do. But before raising "issues" I normally try to confirm that my
>> issue is to some degree valid. As my knowledge on how and where Cloudstack
>> is working with the configured ACLs is at the moment quiet shallow, i will
>> need to try out some things beforehand I guess
>>
>> Wei ZHOU  schrieb am Sa., 2. Okt. 2021, 08:50:
>>
>> > Hi,
>> >
>> > Could you create an issue on github and provide more details ?
>> >
>> > -Wei
>> >
>> > On Sat, 2 Oct 2021 at 02:31, vas...@gmx.de  wrote:
>> >
>> > > Hi everyone,
>> > >
>> > > i currently am looking into the ACL implemention used in VPCs.
>> > >
>> > > However i was not able to locate any of my created "egress" - entries
>> in
>> > > any of the chains / tables  on the router.
>> > > Tried several things like deny / allow egress traffic for one client
>> or
>> > the
>> > > whole tier, but i wasn't able to locate the changes on the router.
>> > >
>> > > Might one of you can give some where to look / locate egress related
>> > rules
>> > > in iptables?
>> > >
>> > > In this context, maybe someone can give me an idea if my
>> understanding of
>> > > the documentation regarding egress ACL items is correct.
>> > > From the docs:
>> > > " ... once you add an ACL rule for outgoing traffic, then only
>> outgoing
>> > > traffic specified in this ACL rule is allowed, the rest is blocked."
>> > > so adding an "eggress + allow" for an instance in the tier shall
>> result
>> > in
>> > > changeing the "default"  of the whole acl to "egress + deny" for the
>> rest
>> > > of the network automatically.
>> > > is that correct?
>> > >
>> > > Thanks in advance!
>> > >
>> >
>>
>

Re: Understanding of network ACLs - looking for "egress" ACL items on virtual routers

[vas...@gmx.de]

With this level of knowledge i can say yes, works like expected.

Overall i have to admitt, that this kind of implementation is something i
will have to get used to :-D
Untill now I have been working with the "stateless" ACL approach. Also the
"mixing" of in- and egress rule can be a bit overwhelming in one big
table-view. Also i might like to see the exicting ACL Items in the GUI. We
are often talking about an "empty" ACL - which it isn't. Something you
constantly will have to keep in mind (If i find a bit of time maybe writing
some things to the docs, at least the statefulle approach / need of an
edeggress deny all).
it "feels" somewhat like the middel between classic network ACL and and
statefull packet firewall.
Will have to keep that in mind for security architecture as well as
documentation of the whole setup i am actually building (especially when
this infrastructure might face a audit in several months).

regards


Am Mo., 4. Okt. 2021 um 11:49 Uhr schrieb Wei ZHOU :

> Hi,
>
> Good findings. Thanks for sharing.
>
> Do you think it works as what you expected?
>
> -Wei
>
> On Sat, 2 Oct 2021 at 23:41, vas...@gmx.de  wrote:
>
>> Thanks for this Wei,
>> thant helped me out!
>>
>> I will share my findings - maybe someone googling for some more
>> information
>> regarding the ACLs will find it useful.
>>
>>
>> - You need to set an "egress deny  destionation>" to work with
>> further "egress allow" rules. So i missunderstand the docs regarding this
>> point.
>> - keep in mind that ACL have limitations and are not the same as an
>> firewall
>> - Referenced iptables Tables for the ACL items (and then in the separate
>> chain of the ACL-List)
>>  - Egress Items are found in the "mangle" - Table
>>  - Ingress Items are found in the "forward" - Table
>>
>> Another intersting thing to mention:
>> ACLs are statefull (!) - which is quiet convenient but not allways
>> default.
>> And for some applications additonal actions might be needed or concidered
>> during Nw-planning.
>>
>> Also Egress and Ingress rules are not related with each other even if they
>> are displayed in one List (or say that it are 2 virtual lists)
>> Example ACL-List of an tier:
>>  Pos. 1 egress deny all to 0.0.0.0/0
>>  Pos. 2 ingress allow 22 from 0.0.0.0/0
>>
>> will give you an ssh connection from 0.0.0.0/0 to the network of the
>> tier.
>> something one might want to keep in mind.
>>
>> Another thing i noticed:
>> For me to use the "drag&drop" of ACL-items was quiet a mixed back.
>> the "rule numbers" often were not consistent displayes or updated.
>> for example i had something like
>> nr 1-Item A
>> nr 2-Item B
>> nr 4-Item D
>> nr 3-Item C
>> Which can be a bit cumbersome as on the virtual router sorted the items
>> correctly in the iptable chains meaning
>> nr 1- item A
>> nr 2 - item B
>> nr 3 - item C
>> nr 4 - item D
>>
>> if you are new to this - one can spend some time to find the mistake he
>> made. ;-)
>>
>>
>>
>> Am Sa., 2. Okt. 2021 um 15:45 Uhr schrieb Wei ZHOU > >:
>>
>> > Hi,
>> >
>> > The network acl feature is implemented through iptables and ipset. If
>> you
>> > have related knowledge and like to investigate the issue, it would be
>> nice.
>> >
>> > Wei
>> >
>> > On Saturday, 2 October 2021, vas...@gmx.de  wrote:
>> >
>> >> I can do. But before raising "issues" I normally try to confirm that my
>> >> issue is to some degree valid. As my knowledge on how and where
>> Cloudstack
>> >> is working with the configured ACLs is at the moment quiet shallow, i
>> will
>> >> need to try out some things beforehand I guess
>> >>
>> >> Wei ZHOU  schrieb am Sa., 2. Okt. 2021, 08:50:
>> >>
>> >> > Hi,
>> >> >
>> >> > Could you create an issue on github and provide more details ?
>> >> >
>> >> > -Wei
>> >> >
>> >> > On Sat, 2 Oct 2021 at 02:31, vas...@gmx.de  wrote:
>> >> >
>> >> > > Hi everyone,
>> >> > >
>> >> > > i currently am looking into the ACL implemention used in VPCs.
>> >> > >
>> >> > > However i was not able to locate any of my created "egress" -
>> entries
>> >> in
>> &g

One Account accessing multiple public networks in zone

[vas...@gmx.de]

Hi everyone,

today i would need some ideas on how to provide several (in my case two)
public networks to a account.
my "customer"  would like to see a kind of dual - wan from his point of
view.
Currently i am working with one physical public network where i use vlans
for logical separation.
How ever, now my customer would like to have access via both public
networks to the wan.

Now I am looking for an solution for this.
What i tried (and i am quiet shure i missed something):
- keep it small and simple and provide ip-ranges from both public networks
to the account. how ever i wasn't able to find a way to get ips (vlans) out
of each net into a virtural router. They showed up as intended and the
account was able to lease ips out of both networks.
- next approach was to play around with private gateways. As the docs said
they are of course working well with guest networks. How ever, during
configuration i was offered to use the physical public network for
creation. which worked like a charm and without any errors in the gui.
Sadly  the corresponding bridge for the vlan wasn't created on the correct
physical network. Instead of useing my physical network the bridge was
created on my physical management network.

At the moment i am a bit out of ideas - maybe some has / had kind of a
similar usecase for this.
Guess i just missed some configuration to get everything up and running.

Thanks in advance!

Re: Multiple Network labels - custom

[vas...@gmx.de]

just my thoughts.

if i am understanding your intention correctly, you want to use a dedicated
physical network on the hosts  for "customized" guest traffic, correct?

You will need to add a "new" physical network to the zone with the
networklabel, assaign the traffic type "guest" and start to use tags for
the physical networks.
Afterwards you would need to implement a dedicated network service offering
for this network - by using a tag to associate the network offering to the
physical network.

Your idea would currently not work cause the "physical network" in a zone
is a 1:1 representation of the physical network on the hosts. afterwards
you have some like
 a 1:m (one CS physical network - many various traffic types possible) but
not n:1 (many physical networks : one traffic type - even "worse" you would
have different "flavours" of one traffic type).

Maybe another way to display the relation (physical Network on host -
phyical network in a zone - traffic type):
Currently used in CS:  1 - 1 - m

Not supported in in CS: 1 - n - m

what i understand you are looking for: 2 - 1 - 1 (while the traffic type
guest would be segmentet into "default" and "custome")

Hope that someone can imagine what i mean :-D




Am Do., 7. Okt. 2021 um 08:37 Uhr schrieb :

> Hello,
>
>
>
> Is there a way to use multiple network labels for the same network
> type?
> for example; I have Guest traffic with network label "vSwitch1, but I also
> want to have a vSwitch0 or anything else.  If this is not possible, is
> there
> a way to create custom networks traffic types using the same type of
> network
> offering but create under a different network.
>
> label?
>
>
>
>I want to have 2 traffic types for Guest, (Guest And GuestCustom)
>  using
> the same network offering but create the under the different network label.
> The idea is to have the possibility to create/duplicate same type of
> traffic
> but deploy under different network label (vSwitchX).
>
>
>
>
>
>
>
> Regards,
>
> Cristian
>
>

Re: Multiple Network labels - custom

[vas...@gmx.de]

it should work , as i am am using this for providing some "special"
networks myself in my environment.

maybe for a better understanding you can take a look at the following
https://www.shapeblue.com/understanding-cloudstacks-physical-networking-architecture/
and there the section "advanced network traffic". there you'll find a
diagramm of a scenario, where they provide an mpls network for guest
traffic.

what i had done to achieve this is (it works but i don't know if this is
all best practice):

WARNING: When introducing another physical network for e.g guest traffic,
the "default" network offerings won't work anymore. CS has no
default-allocation to an specified network - At least this is my experience.
You will need to implement tags and create "custome" default network
offerings for further usage!

- create a new physical network in the zone
- add traffic type "guest"
- set the networklabel for matching purpose with the nics on the host
- define tags for ALL physical networks (at least i needed to. if i am
correct if you start tagging, you will have to implement it for all
physical networks)
- create 2 network offerings each using one of the tags of the physical
networks - traffic type guest

Then you can create networks, using the new network offerings, which will
use the "tagged" physical network --> use the the matching nics on your
hosts


Am Do., 7. Okt. 2021 um 16:38 Uhr schrieb Cristian Ciobanu
:

> Hi,
>
>In a much simpler way.
>
>I have 2 networks, 1 shared and 1 isolated, the problem i have here,
> both are using the same guest traffic label, because of this, I'm not able
> to use these on different labels/nics, both are using the same traffic
> type. Even if I add an additional physical network i will have only one
> type of guest traffic...
>
>I would like to specify a custom traffic type ( guest x) and use for
> specific network, shared or isolated.
>
>   I'm not sure if I can replicate this by using tags, will this work?
>
>
> Regards
> Cristian
>
> On Thu, Oct 7, 2021, 15:22 vas...@gmx.de  wrote:
>
>> just my thoughts.
>>
>> if i am understanding your intention correctly, you want to use a
>> dedicated
>> physical network on the hosts  for "customized" guest traffic, correct?
>>
>> You will need to add a "new" physical network to the zone with the
>> networklabel, assaign the traffic type "guest" and start to use tags for
>> the physical networks.
>> Afterwards you would need to implement a dedicated network service
>> offering
>> for this network - by using a tag to associate the network offering to the
>> physical network.
>>
>> Your idea would currently not work cause the "physical network" in a zone
>> is a 1:1 representation of the physical network on the hosts. afterwards
>> you have some like
>>  a 1:m (one CS physical network - many various traffic types possible) but
>> not n:1 (many physical networks : one traffic type - even "worse" you
>> would
>> have different "flavours" of one traffic type).
>>
>> Maybe another way to display the relation (physical Network on host -
>> phyical network in a zone - traffic type):
>> Currently used in CS:  1 - 1 - m
>>
>> Not supported in in CS: 1 - n - m
>>
>> what i understand you are looking for: 2 - 1 - 1 (while the traffic type
>> guest would be segmentet into "default" and "custome")
>>
>> Hope that someone can imagine what i mean :-D
>>
>>
>>
>>
>> Am Do., 7. Okt. 2021 um 08:37 Uhr schrieb :
>>
>> > Hello,
>> >
>> >
>> >
>> > Is there a way to use multiple network labels for the same network
>> > type?
>> > for example; I have Guest traffic with network label "vSwitch1, but I
>> also
>> > want to have a vSwitch0 or anything else.  If this is not possible, is
>> > there
>> > a way to create custom networks traffic types using the same type of
>> > network
>> > offering but create under a different network.
>> >
>> > label?
>> >
>> >
>> >
>> >I want to have 2 traffic types for Guest, (Guest And GuestCustom)
>> >  using
>> > the same network offering but create the under the different network
>> label.
>> > The idea is to have the possibility to create/duplicate same type of
>> > traffic
>> > but deploy under different network label (vSwitchX).
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> > Regards,
>> >
>> > Cristian
>> >
>> >
>>
>

Re: SystemVm failling from possible libvirtd issue

[vas...@gmx.de]

reading the agent.log you have trouble mounting the storage properly.
Does your nfs-server for providing secondary storage provide nfs4 ?



Am Do., 7. Okt. 2021 um 15:33 Uhr schrieb Peter Stine <
petrus.st...@gmail.com>:

> Hey everyone,
>
> I had to rework my network and reinstall cloudstack. While I am getting
> the hosts to appear, they will not start any system VMs. They keep failing
> and iterating. It looks like there is an error in libvirtd (I am also using
> systemd for my networking), but I can't quite seem to figure out what is
> causing this issue.
> I am using KVM as my hypervisor base and am running everything on Ubuntu
> 20.04. (The controller is in a VM if that makes a difference.)
>
> The main part that I have not seen in my error before is this: 2021-10-07
> 08:59:37,558 WARN  [kvm.resource.LibvirtConnection]
> (agentRequest-Handler-4:null) (logid:e381c0f1) Can not find a connection
> for Instance s-1539-VM. Assuming the default connection.
> 2021-10-07 08:59:37,727 WARN  [kvm.resource.LibvirtKvmAgentHook]
> (agentRequest-Handler-4:null) (logid:e381c0f1) Groovy script
> '/etc/cloudstack/agent/hooks/libvirt-vm-state-change.groovy' is not
> available. Transformations will not be applied.
> 2021-10-07 08:59:37,727 WARN  [kvm.resource.LibvirtKvmAgentHook]
> (agentRequest-Handler-4:null) (logid:e381c0f1) Groovy scripting engine is
> not initialized. Data transformation skipped.
>
>
> It also appears that libvirt is trying to connect to my primary storage
> (which is Ceph), but cannot access the cloudstack key. I haven't seen this
> error before and cannot find a solution for it. Storage is showing up in
> the cloudstack management interface.
>
> Oct 07 09:31:25 gd-cs01-clst01-compute01 libvirtd[47830]:
> 2021-10-07T09:31:25.780-0400 7f2836766700 -1 auth: unable to find a keyring
> on
> /etc/ceph/..keyring,/etc/ceph/.keyring,/etc/ceph/keyring,/etc/ceph/keyring.>
> Oct 07 09:31:25 gd-cs01-clst01-compute01 libvirtd[47830]:
> 2021-10-07T09:31:25.780-0400 7f2836766700 -1 auth: unable to find a keyring
> on
> /etc/ceph/..keyring,/etc/ceph/.keyring,/etc/ceph/keyring,/etc/ceph/keyring.>
> Oct 07 09:31:31 gd-cs01-clst01-compute01 libvirtd[47830]: Failed to
> connect socket to '/var/run/libvirt/virtlxcd-sock': No such file or
> directory
> Oct 07 09:31:31 gd-cs01-clst01-compute01 libvirtd[47830]: End of file
> while reading data: Input/output error
> Oct 07 09:31:33 gd-cs01-clst01-compute01 libvirtd[47830]: Failed to
> connect socket to '/var/run/libvirt/virtlxcd-sock': No such file or
> directory
> Oct 07 09:31:33 gd-cs01-clst01-compute01 libvirtd[47830]: End of file
> while reading data: Input/output error
> Oct 07 09:32:26 gd-cs01-clst01-compute01 libvirtd[47830]:
> 2021-10-07T09:32:26.062-0400 7f2835764700 -1 auth: unable to find a keyring
> on
> /etc/ceph/..keyring,/etc/ceph/.keyring,/etc/ceph/keyring,/etc/ceph/keyring.>
> Oct 07 09:32:26 gd-cs01-clst01-compute01 libvirtd[47830]:
> 2021-10-07T09:32:26.062-0400 7f2835764700 -1 auth: unable to find a keyring
> on
> /etc/ceph/..keyring,/etc/ceph/.keyring,/etc/ceph/keyring,/etc/ceph/keyring.>
> Oct 07 09:32:26 gd-cs01-clst01-compute01 libvirtd[47830]:
> 2021-10-07T09:32:26.062-0400 7f2835764700 -1 auth: unable to find a keyring
> on
> /etc/ceph/..keyring,/etc/ceph/.keyring,/etc/ceph/keyring,/etc/ceph/keyring.>
> Oct 07 09:32:26 gd-cs01-clst01-compute01 libvirtd[47830]:
> 2021-10-07T09:32:26.066-0400 7f280dffb700 -1 auth: unable to find a keyring
> on
> /etc/ceph/.client.cloudstack.keyring,/etc/ceph/.keyring,/etc/ceph/keyring,/>
>
>
> Here is the log from the agent;
> https://gist.github.com/PeterS-gd/2d930b3317ea7b25ddf950e0e1cb167c
>
> Here is the log from the management server:
> https://gist.github.com/PeterS-gd/75c0f507c96803a053df37caf3b25181
>

Re: SystemVm failling from possible libvirtd issue

[vas...@gmx.de]

The error you are seeing in you agent.log seems for me like an "old friend".
Take a look into this:
https://github.com/apache/cloudstack/issues/5491#issue-1003559121

You can check it quiet fast.
Connect to one of the hosts and try to mount the nfs-share manually to an
temp-folder.
suggest to use the -v option of mount.
if it fails you could try to pass the option manually.
Should be all in the linked issue above

Am Do., 7. Okt. 2021 um 22:33 Uhr schrieb Peter Stine <
petrus.st...@gmail.com>:

> It appears that it has the capability to use nfs4 (It's using Ceph
> Octopus), but it is not clear whether it is using nfs3 or nfs4. I *think*
> it is using nfs4
>
> On 2021/10/07 16:14:36, "vas...@gmx.de"  wrote:
> > reading the agent.log you have trouble mounting the storage properly.
> > Does your nfs-server for providing secondary storage provide nfs4 ?
> >
> >
> >
> > Am Do., 7. Okt. 2021 um 15:33 Uhr schrieb Peter Stine <
> > petrus.st...@gmail.com>:
> >
> > > Hey everyone,
> > >
> > > I had to rework my network and reinstall cloudstack. While I am getting
> > > the hosts to appear, they will not start any system VMs. They keep
> failing
> > > and iterating. It looks like there is an error in libvirtd (I am also
> using
> > > systemd for my networking), but I can't quite seem to figure out what
> is
> > > causing this issue.
> > > I am using KVM as my hypervisor base and am running everything on
> Ubuntu
> > > 20.04. (The controller is in a VM if that makes a difference.)
> > >
> > > The main part that I have not seen in my error before is this:
> 2021-10-07
> > > 08:59:37,558 WARN  [kvm.resource.LibvirtConnection]
> > > (agentRequest-Handler-4:null) (logid:e381c0f1) Can not find a
> connection
> > > for Instance s-1539-VM. Assuming the default connection.
> > > 2021-10-07 08:59:37,727 WARN  [kvm.resource.LibvirtKvmAgentHook]
> > > (agentRequest-Handler-4:null) (logid:e381c0f1) Groovy script
> > > '/etc/cloudstack/agent/hooks/libvirt-vm-state-change.groovy' is not
> > > available. Transformations will not be applied.
> > > 2021-10-07 08:59:37,727 WARN  [kvm.resource.LibvirtKvmAgentHook]
> > > (agentRequest-Handler-4:null) (logid:e381c0f1) Groovy scripting engine
> is
> > > not initialized. Data transformation skipped.
> > >
> > >
> > > It also appears that libvirt is trying to connect to my primary storage
> > > (which is Ceph), but cannot access the cloudstack key. I haven't seen
> this
> > > error before and cannot find a solution for it. Storage is showing up
> in
> > > the cloudstack management interface.
> > >
> > > Oct 07 09:31:25 gd-cs01-clst01-compute01 libvirtd[47830]:
> > > 2021-10-07T09:31:25.780-0400 7f2836766700 -1 auth: unable to find a
> keyring
> > > on
> > >
> /etc/ceph/..keyring,/etc/ceph/.keyring,/etc/ceph/keyring,/etc/ceph/keyring.>
> > > Oct 07 09:31:25 gd-cs01-clst01-compute01 libvirtd[47830]:
> > > 2021-10-07T09:31:25.780-0400 7f2836766700 -1 auth: unable to find a
> keyring
> > > on
> > >
> /etc/ceph/..keyring,/etc/ceph/.keyring,/etc/ceph/keyring,/etc/ceph/keyring.>
> > > Oct 07 09:31:31 gd-cs01-clst01-compute01 libvirtd[47830]: Failed to
> > > connect socket to '/var/run/libvirt/virtlxcd-sock': No such file or
> > > directory
> > > Oct 07 09:31:31 gd-cs01-clst01-compute01 libvirtd[47830]: End of file
> > > while reading data: Input/output error
> > > Oct 07 09:31:33 gd-cs01-clst01-compute01 libvirtd[47830]: Failed to
> > > connect socket to '/var/run/libvirt/virtlxcd-sock': No such file or
> > > directory
> > > Oct 07 09:31:33 gd-cs01-clst01-compute01 libvirtd[47830]: End of file
> > > while reading data: Input/output error
> > > Oct 07 09:32:26 gd-cs01-clst01-compute01 libvirtd[47830]:
> > > 2021-10-07T09:32:26.062-0400 7f2835764700 -1 auth: unable to find a
> keyring
> > > on
> > >
> /etc/ceph/..keyring,/etc/ceph/.keyring,/etc/ceph/keyring,/etc/ceph/keyring.>
> > > Oct 07 09:32:26 gd-cs01-clst01-compute01 libvirtd[47830]:
> > > 2021-10-07T09:32:26.062-0400 7f2835764700 -1 auth: unable to find a
> keyring
> > > on
> > >
> /etc/ceph/..keyring,/etc/ceph/.keyring,/etc/ceph/keyring,/etc/ceph/keyring.>
> > > Oct 07 09:32:26 gd-cs01-clst01-compute01 libvirtd[47830]:
> > > 2021-10-07T09:32:26.062-0400 7f2835764700 -1 auth: unable to find a
> keyring
> > > on
> > >
> /etc/ceph/..keyring,/etc/ceph/.keyring,/etc/ceph/keyring,/etc/ceph/keyring.>
> > > Oct 07 09:32:26 gd-cs01-clst01-compute01 libvirtd[47830]:
> > > 2021-10-07T09:32:26.066-0400 7f280dffb700 -1 auth: unable to find a
> keyring
> > > on
> > >
> /etc/ceph/.client.cloudstack.keyring,/etc/ceph/.keyring,/etc/ceph/keyring,/>
> > >
> > >
> > > Here is the log from the agent;
> > > https://gist.github.com/PeterS-gd/2d930b3317ea7b25ddf950e0e1cb167c
> > >
> > > Here is the log from the management server:
> > > https://gist.github.com/PeterS-gd/75c0f507c96803a053df37caf3b25181
> > >
> >
>

Re: Multiple Network labels - custom

[vas...@gmx.de]

Does the offering "default a" work as expected - meaning Cloudstack is
deploying the network as expected?
I can remember that i had some struggle with this, too.
Maybe, just for verification
a) Check that the service offering is enabled ( :-) )
b) that the "offering access" is configured correct

Maybe just create a test-account und give this account direct access to the
offerings instead provide it public?

regarding the log you provided: Guess it looks good under the hood.
As written above, when the offering is not showing for a account it was in
my case normaly that the account had no acccess rights for the offering.

Am Fr., 8. Okt. 2021 um 10:13 Uhr schrieb :

> Hi,
>
> Right now I have added a second Physical network for Guest traffic
> with tag "DefaultB" and added "DefaultA" to the one which was already
> present, I have created new 2 network offering, one for each tag.  When I
> try to create a new Guest network in 4.15.1, I see the offering for tag
> Default A but not for B when I select the second physical network, nothing
> visible, I deleted the network, offering, created again, same thing.
>
> "Found physical network id=203 based on requested tags DefaultB
> 2021-10-08 08:12:32,178 DEBUG [c.c.a.ApiServlet]
> (qtp182531396-17:ctx-ecf8c295 ctx-1af2acec) (logid:5a80a500) ===END===
> 86.125.230.37 -- GET
> zoneid=c3b5e5fa-c3e8-49f0-8094-573456a45c00&state=Enabled&tags=DefaultB&guestiptype=Shared&command=listNetworkOfferings&response=json"
>
> I'm doing something wrong?
>
>
> Regards,
> Cristian
>
> -Original Message-
> From: vas...@gmx.de 
> Sent: Thursday, October 7, 2021 6:37 PM
> To: users@cloudstack.apache.org
> Subject: Re: Multiple Network labels - custom
>
> it should work , as i am am using this for providing some "special"
> networks myself in my environment.
>
> maybe for a better understanding you can take a look at the following
> https://www.shapeblue.com/understanding-cloudstacks-physical-networking-architecture/
> and there the section "advanced network traffic". there you'll find a
> diagramm of a scenario, where they provide an mpls network for guest
> traffic.
>
> what i had done to achieve this is (it works but i don't know if this is
> all best practice):
>
> WARNING: When introducing another physical network for e.g guest traffic,
> the "default" network offerings won't work anymore. CS has no
> default-allocation to an specified network - At least this is my experience.
> You will need to implement tags and create "custome" default network
> offerings for further usage!
>
> - create a new physical network in the zone
> - add traffic type "guest"
> - set the networklabel for matching purpose with the nics on the host
> - define tags for ALL physical networks (at least i needed to. if i am
> correct if you start tagging, you will have to implement it for all
> physical networks)
> - create 2 network offerings each using one of the tags of the physical
> networks - traffic type guest
>
> Then you can create networks, using the new network offerings, which will
> use the "tagged" physical network --> use the the matching nics on your
> hosts
>
>
> Am Do., 7. Okt. 2021 um 16:38 Uhr schrieb Cristian Ciobanu
> :
>
> > Hi,
> >
> >In a much simpler way.
> >
> >I have 2 networks, 1 shared and 1 isolated, the problem i have
> > here, both are using the same guest traffic label, because of this,
> > I'm not able to use these on different labels/nics, both are using the
> > same traffic type. Even if I add an additional physical network i will
> > have only one type of guest traffic...
> >
> >I would like to specify a custom traffic type ( guest x) and use
> > for specific network, shared or isolated.
> >
> >   I'm not sure if I can replicate this by using tags, will this work?
> >
> >
> > Regards
> > Cristian
> >
> > On Thu, Oct 7, 2021, 15:22 vas...@gmx.de  wrote:
> >
> >> just my thoughts.
> >>
> >> if i am understanding your intention correctly, you want to use a
> >> dedicated physical network on the hosts  for "customized" guest
> >> traffic, correct?
> >>
> >> You will need to add a "new" physical network to the zone with the
> >> networklabel, assaign the traffic type "guest" and start to use tags
> >> for the physical networks.
> >> Afterwards you would need to implement a dedicated network service
> >> offering for this network - by using a tag to associate 

Access rights for service offerings / deploying service offerings for different domains and accounts

[vas...@gmx.de]

hi everyone,

currently i am struggeling with granting access -rights on custome network
offerings in my cloudstack environment.
short view on my CS-structure:
   -subdomain  1a
Zone A -- domain 1 --|
   - subdomain 1b

i have one zone (zone A) with a domain (domain1) and two subdomains
(subdomain 1a & 1b).
according to the domain structure, i have setup some accounts: a
domain-admin for domain 1 and user accounts for each subdomain.

Now i want - as the root account - to provide a network offering for
further usage to the whole domain 1.
Reading the docs i shall create a new offering / change a existing and edit
the offering access settings.
here is where my struggels beginn... basically changeing the access rights
to an service offering has nearly no effect.
i tryed various settings:
- enable "pulice" and choose value "all" --> offering
not visible to all accounts in the zonecbrow
- enable "public" and add the offering to the zone A  --> offering not
visible to all accounts in the zone
- specify domain with  "domain 1",  zone = Zone A   ---> offering not
visible to account for that domain neither for any other
- specify domain with  "subdomain 1a",  zone = Zone A   ---> offering not
visible to account for that domain

I was successfull when i created a new offering and set the access rights
directly in the wizzard. So from my understanding i have trouble to edit
the access rights afterwards.
Do i miss something here / is my setup suitable for deploying offerings?
Can someone share his workflow that works as expected for changeing access
rights to an service?

Thanks in advance

Re: Multiple Network labels - custom

[vas...@gmx.de]

> >
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:55)
> >
> > at
> >
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:102)
> >
> > at
> >
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:52)
> >
> > at
> >
> org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:45)
> >
> > at
> >
> org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.run(AsyncJobManagerImpl.java:568)
> >
> > at
> >
> java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
> >
> > at
> > java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
> >
> > at
> >
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
> >
> > at
> >
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
> >
> > at java.base/java.lang.Thread.run(Thread.java:829)
> >
> > "
> >
> >
> >
> > I do not understand what is wrong, doesn't make any sense..
> >
> >
> >
> > 1. I add a second network with the name "Physical Network 2" with
> traffic
> > Guest.
> >
> > 2. I enable the network and providers from DB
> >
> > 3. I add tag to the Physical Network 1 and Physical Network 2
> >
> > 4. I create a share network offering with tag for both networks.
> >
> > 5. Enable the new created network offering
> >
> > 6. Create a network with any of the network offering with tag
> >
> > 7. Deploy VM, restart network, clean network = fail with the same error.
> >
> >
> >
> > This issue is happening only when I use tags.
> >
> >
> >
> >
> >
> > Any suggestions?
> >
> >
> >
> >
> >
> > Thank you,
> >
> > Cristian
> >
> >
> >
> >
> >
> > -Original Message-
> > From: vas...@gmx.de 
> > Sent: Friday, October 8, 2021 12:36 PM
> > To: users@cloudstack.apache.org
> > Subject: Re: Multiple Network labels - custom
> >
> >
> >
> > Does the offering "default a" work as expected - meaning Cloudstack is
> > deploying the network as expected?
> >
> > I can remember that i had some struggle with this, too.
> >
> > Maybe, just for verification
> >
> > a) Check that the service offering is enabled ( :-) )
> >
> > b) that the "offering access" is configured correct
> >
> >
> >
> > Maybe just create a test-account und give this account direct access to
> > the offerings instead provide it public?
> >
> >
> >
> > regarding the log you provided: Guess it looks good under the hood.
> >
> > As written above, when the offering is not showing for a account it was
> in
> > my case normaly that the account had no acccess rights for the offering.
> >
> >
> >
> > Am Fr., 8. Okt. 2021 um 10:13 Uhr schrieb <  > cristian.c@istream.today> cristian.c@istream.today>:
> >
> >
> >
> > > Hi,
> >
> > >
> >
> > > Right now I have added a second Physical network for Guest traffic
> >
> > > with tag "DefaultB" and added "DefaultA" to the one which was already
> >
> > > present, I have created new 2 network offering, one for each tag.
> >
> > > When I try to create a new Guest network in 4.15.1, I see the offering
> >
> > > for tag Default A but not for B when I select the second physical
> >
> > > network, nothing visible, I deleted the network, offering, created
> > again, same thing.
> >
> > >
> >
> > > "Found physical network id=203 based on requested tags DefaultB
> >
> > > 2021-10-08 08:12:32,178 DEBUG [c.c.a.ApiServlet]
> >
> > > (qtp182531396-17:ctx-ecf8c295 ctx-1af2acec) (logid:5a80a500) ===END===
> >
> > > 86.125.230.37 -- GET
> >
> > >
> >
> zoneid=c3b5e5fa-c3e8-49f0-8094-573456a45c00&state=Enabled&tags=DefaultB&guestiptype=Shared&command=listNetworkOfferings&response=json"
> >
> > >
> >
> > > I'm doing something wrong?
> >
> > >
> >
> > >
> >
> 

Re: Multiple Network labels - custom

[vas...@gmx.de]

e/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeM
> > ethodAccessorImpl.java:62)
> >
> > at
> > java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Del
> > egatingMethodAccessorImpl.java:43)
> >
> > at java.base/java.lang.reflect.Method.invoke(Method.java:566)
> >
> > at
> > com.cloud.vm.VmWorkJobHandlerProxy.handleVmWorkJob(VmWorkJobHandlerPro
> > xy.java:107)
> >
> > at
> > com.cloud.vm.VirtualMachineManagerImpl.handleVmWorkJob(VirtualMachineM
> > anagerImpl.java:5669)
> >
> > at
> > com.cloud.vm.VmWorkJobDispatcher.runJob(VmWorkJobDispatcher.java:102)
> >
> > at
> > org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.runInC
> > ontext(AsyncJobManagerImpl.java:620)
> >
> > at
> > org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(Man
> > agedContextRunnable.java:48)
> >
> > at
> > org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.cal
> > l(DefaultManagedContext.java:55)
> >
> > at
> > org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callW
> > ithContext(DefaultManagedContext.java:102)
> >
> > at
> > org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWi
> > thContext(DefaultManagedContext.java:52)
> >
> > at
> > org.apache.cloudstack.managed.context.ManagedContextRunnable.run(Manag
> > edContextRunnable.java:45)
> >
> > at
> > org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.run(As
> > yncJobManagerImpl.java:568)
> >
> > at
> > java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executor
> > s.java:515)
> >
> > at
> > java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
> >
> > at
> > java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool
> > Executor.java:1128)
> >
> > at
> > java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo
> > lExecutor.java:628)
> >
> > at java.base/java.lang.Thread.run(Thread.java:829)
> >
> > "
> >
> >
> >
> > I do not understand what is wrong, doesn't make any sense..
> >
> >
> >
> > 1. I add a second network with the name "Physical Network 2" with
> > traffic Guest.
> >
> > 2. I enable the network and providers from DB
> >
> > 3. I add tag to the Physical Network 1 and Physical Network 2
> >
> > 4. I create a share network offering with tag for both networks.
> >
> > 5. Enable the new created network offering
> >
> > 6. Create a network with any of the network offering with tag
> >
> > 7. Deploy VM, restart network, clean network = fail with the same error.
> >
> >
> >
> > This issue is happening only when I use tags.
> >
> >
> >
> >
> >
> > Any suggestions?
> >
> >
> >
> >
> >
> > Thank you,
> >
> > Cristian
> >
> >
> >
> >
> >
> > -Original Message-
> > From: vas...@gmx.de 
> > Sent: Friday, October 8, 2021 12:36 PM
> > To: users@cloudstack.apache.org
> > Subject: Re: Multiple Network labels - custom
> >
> >
> >
> > Does the offering "default a" work as expected - meaning Cloudstack is
> > deploying the network as expected?
> >
> > I can remember that i had some struggle with this, too.
> >
> > Maybe, just for verification
> >
> > a) Check that the service offering is enabled ( :-) )
> >
> > b) that the "offering access" is configured correct
> >
> >
> >
> > Maybe just create a test-account und give this account direct access
> > to the offerings instead provide it public?
> >
> >
> >
> > regarding the log you provided: Guess it looks good under the hood.
> >
> > As written above, when the offering is not showing for a account it
> > was in my case normaly that the account had no acccess rights for the
> offering.
> >
> >
> >
> > Am Fr., 8. Okt. 2021 um 10:13 Uhr schrieb <  > cristian.c@istream.today> cristian.c@istream.today>:
> >
> >
> >
> > > Hi,
> >
> > >
> >
> > > Right now I have added a second Physical network for Guest
> > > traffic
> >
> > > with tag "DefaultB" and added "DefaultA" to

Re: Multiple Network labels - custom

[vas...@gmx.de]

okay - haven't thought of this kind of setup before :-D
i started all my trials - even the virtulized ones - with dedicated
networks for guest / public / management. and even splitting things up
further now.
but nevertheless i dont't see why your setup shouldn't work. --> at least i
seems to work with kvm as you wrote before

regarding your questions / error with VMware:
i would start and check with the kvmnetworklabel in the new physical
network you've added. maybe a typo or something?

Am Di., 12. Okt. 2021 um 14:02 Uhr schrieb :

> I have only 1 network by default :
>
>  1. Management / Storage / Public / Guest   - Tag A
>  2. Guest  - Tag B
>
> Now, if I understand right, this is not working in this way? I should have
> separated network for guest from the beginning?
>
> 1 . Management / Storage /Public  - Tag A
> 2. Guest - Tag B
> 3. Guest - Tag C
>
>
> Regarding running networks, I will try to rebuild after I have the current
> issue fixed.
>
> Zone, I think the same, but not sure yet....
>
> Thank you,
> Cristian
>
> -Original Message-
> From: vas...@gmx.de 
> Sent: Tuesday, October 12, 2021 2:51 PM
> To: users@cloudstack.apache.org
> Subject: Re: Multiple Network labels - custom
>
> Maybe some kind of misunderstanding
> - with "networks" i was also referring to all entries under zone - your
> zone-  physical networks. From that i got from your descriptions you
> should have at least 3 networks there:
> 1. Management / Storage / Public
> 2. Guest I
> 3. Guest II
> 
> and each would be equipped with an tag.
>
> hmmm as far as the networks are up and running fine i would think you
> can "upgrade" the underlying serviceoffering under the details menue
> (pencil)
>
> dont't think you will need to delete them. when someone tries to use them,
> the creation likely will fail and he / she will be in contact with you :-D
>
> - as i have just one zone running, can't give you real-life experience
> here. From my overall thinking - no you don't need to as the other zones
> are't aware of the additional network (it is not listed under zone - zone
> name - physical networks)
>
> Am Di., 12. Okt. 2021 um 13:07 Uhr schrieb :
>
> > Hi,
> >
> >   1. Thank you
> >   2. I have only 2 networks (after I added the second network I added
> > a tag also to the first one) both are with tags.
> >
> >   - Do I have do delete any other network which was already created
> > under networks without tags? I didn't delete because I want to re-create
> after.
> >
> >   - Do I have to delete any other network offering which has not tags,
> > no matter if I do not use them?
> >
> >   - If I have multiple zones in 1 setup do I have to do this for all
> zones?
> >
> > Regards,
> > Cristian
> >
> >
> >
> >
> > -Original Message-
> > From: Wei ZHOU 
> > Sent: Tuesday, October 12, 2021 1:21 PM
> > To: users 
> > Subject: Re: Multiple Network labels - custom
> >
> > 1. you can enable the providers via cloudmonkey, not by db.
> > 2. all physical networks and network offerings should have tags 3. You
> > should see other exceptions than InsufficientServerCapacityException
> > in management-server.log
> >
> > -Wei
> >
> > On Tue, 12 Oct 2021 at 11:09,  wrote:
> >
> > > Hi,
> > >
> > >
> > >
> > >I have found the issue but not I have a different one 😊
> > >
> > >
> > >
> > >   When I add the network, if I check the enable providers, there a
> > > no providers enabled.. if I enabled the providers from DB, then I
> > > see the networking offering with tag also for second physical network.
> > >
> > >
> > >
> > > Right now if I try to deploy a guest network under the physical
> > > network 1
> > > (guestA) or 2(guestb) I get a general error :
> > >
> > >
> > >
> > > "2021-10-12 04:46:52,357 INFO  [c.c.v.VirtualMachineManagerImpl]
> > > (Work-Job-Executor-11:ctx-79d80dc9 job-67381/job-67382 ctx-5a1daca5)
> > > (logid:395eb51a) Insufficient capacity
> > >
> > > com.cloud.exception.InsufficientServerCapacityException: Unable to
> > > create a deployment for VM[DomainRouter|r-4559-VM]Scope=interface
> > > com.cloud.dc.DataCenter; id=7
> > >
> > > at
> > > com.cloud.vm.VirtualMachineManagerImpl.orchestrateStart(VirtualMachi
> > > ne
> > > ManagerImpl.java:1119)
> > >
> > &g

Re: Multiple Network labels - custom

[vas...@gmx.de]

Regarding 2.  * I also saw that you can update the tags for default
network offering.*

If you trie it would be nice to know if everything was working afterwards
:-)

Am Di., 12. Okt. 2021 um 14:40 Uhr schrieb :

> Hi Wei,
>
>
>
>   Yes, of course  😊
>
>
>
>   I'm able to create the network with any of the network offering, which
> are with tags, the problem is when the router is starting to deploy, I get
> the same error without to many details, tested in 2 cloudstack environment
> 4.15.1 and 4.15.2, in 1 I have multiple zones and in the test one I have
> only 1 zone with 2 hosts KVM and VMware.
>
>
>
> For me is pretty simple:
>
>
>
> Zone X:
>
>
>
> 1 . Assign a tag to each physical network, for the default 1 and for any
> additional network.
>
> 2. Create a network offering with the corresponding tags, I also saw that
> you can update the tags for default network offering.
>
> 3. Create network with any of those offerings
>
>
>
> Here I attached screenshots : https://imgur.com/a/VtvYsvSI do not see
> any issue in my configuration.
>
>
>
> Regards,
>
> Cristian
>
>
>
> -Original Message-
> From: Wei ZHOU 
> Sent: Tuesday, October 12, 2021 3:21 PM
> To: users 
> Subject: Re: Multiple Network labels - custom
>
>
>
> Hi Cristian,
>
>
>
> I think it is good. You do not need to change the physical networks.
>
>
>
> Have you created a new "network offering" with a tag (A or B) ?
>
>
>
> -Wei
>
>
>
> On Tue, 12 Oct 2021 at 14:02, < 
> cristian.c@istream.today> wrote:
>
>
>
> > I have only 1 network by default :
>
> >
>
> >  1. Management / Storage / Public / Guest   - Tag A
>
> >  2. Guest  - Tag B
>
> >
>
> > Now, if I understand right, this is not working in this way? I should
>
> > have separated network for guest from the beginning?
>
> >
>
> > 1 . Management / Storage /Public  - Tag A 2. Guest - Tag B 3. Guest -
>
> > Tag C
>
> >
>
> >
>
> > Regarding running networks, I will try to rebuild after I have the
>
> > current issue fixed.
>
> >
>
> > Zone, I think the same, but not sure yet
>
> >
>
> > Thank you,
>
> > Cristian
>
> >
>
> >
>
>

Re: [!!Mass Mail]Exception : Can not find network: cloudbr0

[vas...@gmx.de]

Hi Serge,

i really don't see the point in bonding those two interfaces, as they are
meant to be used for different taffic.
Therefore i guess you should at the moment remain on your inital
configuration.

As far as i have read through all of this you would like to "clone" the
setup from the host which is already working:
Bridge: cloudbr0 <--- here ip configuration
 interface: eno1 <--- no ip configuration / disable dhcp just to be save

Bridge: cloudbr1 <--- no ip configuration / disable dhcp just to be save
 interface: eno4 <--- no ip configuration / disable dhcp just to be save

that should at least give you a basic connectivity again.
Afterwards, reading through you provided log agent.log i would check
connectivity from the host to the management server as well as to the
storage server - even try mounting a nfs-share.
As war as i read the log correctly the communication twards the
managementserver has worked out well but there where some trouble with the
connection to the storage provider.

regards


Am Fr., 15. Okt. 2021 um 13:28 Uhr schrieb Bs Serge :

> I appreciate the help,
>
> I tried the above, created a bond and combined eno1 and eno4 but when I
> rebooted neither of the interfaces or the bond or bridges were showing up
> in ifconfig, which meant I couldn't even SSH, so I had to set them back
> manually.
>
> I'd like to mention that another host works perfectly with the same network
> configuration, It has 2 NICs interfaces enp0s25 and enp3s0 and two bridges
> cloudbr0 and cloudbr1.  cloudbr0 has an IP but the child interface
> (enp0s25) does not. cloudbr1 does not have IP coz it is used for public
> traffic and its child interface is enp3s0.
>
> When I was configuring the first host this was a reply email I got from
> Andrija Panic after showing the same configuration.
>
>
> Hi Serge,
> >
> > that configuration looks OK - cloudbr0 has to has an IP as you want to be
> > able to have your host on the management network (and you removed the IP
> > from the child-interface).
> > cloudbr1 is use for public traffic, so that is also ok - NO IP should be
> > there, as you do NOT want your host to be reachable via L3 on it's public
> > IP address - only L2, pass through the traffic to the VMs.
> >
> > In short, yes, it looks good.
> >
> > When in ACS, make sure to set "cloudbr0" as KVM traffic label for
> > management/storage/guest traffic type, while  "cloudbr1" (no quotes) will
> > be the traffic label for public traffic.
> >
> > After all these changes, make sure to destroy SSVM/CPVM, and restart any
> > networks/VPC with  "cleanup" which will create new VRs attached to the
> > correct bridges, etc.
> >
> >
> > Good luck!
> >
>
>
> The traffic labelled in ACS are still set like mentioned above, that's why
> the management server is trying to look for "cloudbr0" on the host.
>
> On the host which works fine, you can see that the cloudbr0 has an IP and
> its child interface enp0s25 does not, which I think is how it is supposed
> to be also on the new host.
>
> https://ibb.co/XbwkRVH
>
> So I guess that's where my problem lies on this new host, the cloudbr0
> bridge is taking the IP as well as the child interface eno1.
>
> Again any help or guidance would be appreciated.
>
> Best Regards,
>
> On Fri, Oct 15, 2021 at 11:51 AM Дикевич Евгений Александрович <
> evgeniy.dikev...@becloud.by> wrote:
>
> > Mb better combine eno1 and eno4 in bond and then create bridge on this
> > bond:
> >
> > Smth like this:
> >
> > cat /etc/sysconfig/network-scripts/ifcfg-eno1
> > TYPE=Ethernet
> > BOOTPROTO=none
> > NAME=eno1
> > DEVICE=eno1
> > ONBOOT=yes
> > MASTER=bond0
> > SLAVE=yes
> > NM_CONTROLLED=no
> >
> > cat /etc/sysconfig/network-scripts/ifcfg-eno2
> > TYPE=Ethernet
> > BOOTPROTO=none
> > NAME=eno2
> > DEVICE=eno2
> > ONBOOT=yes
> > MASTER=bond0
> > SLAVE=yes
> > NM_CONTROLLED=no
> >
> > cat /etc/sysconfig/network-scripts/ifcfg-bond0
> > NAME=bond0
> > DEVICE=bond0
> > NM_CONTROLLED=no
> > TYPE=Bond
> > BRIDGE=cloudbr0
> > ONBOOT=yes
> > NM_CONTOLLED=no
> > BONDING_OPTS="mode=802.3ad miimon=100 lacp_rate=fast
> > xmit_hash_policy=layer2+3"
> >
> > cat /etc/sysconfig/network-scripts/ifcfg-cloudbr0
> > NAME=cloudbr0
> > DEVICE=cloudbr0
> > TYPE=Bridge
> > ONBOOT=yes
> > NM_CONTROLLED=no
> > IPADDR=XXX.XXX.XXX.XXX
> > PREFIX=YY
> >
> > Or better read this:
> >
> >
> >
> https://www.shapeblue.com/networking-kvm-for-cloudstack-2018-revisit-for-centos7-and-ubuntu-18-04/
> >
> > -Original Message-
> > From: Bs Serge [mailto:sergeb...@gmail.com]
> > Sent: Friday, October 15, 2021 12:44 PM
> > To: users@cloudstack.apache.org
> > Subject: Re: [!!Mass Mail]Exception : Can not find network: cloudbr0
> >
> > Yes, I just realized that
> >
> > On the host both the bridge cloudbr0 and the interface eno1 have the same
> > IP : 192.168.1.10  which is the IP of the host server. the management
> > server IP is 192.168.1.8
> >
> > I tried to reboot the host but the issue was not resolved
> >
> > This is my bridge con

Re: All cluster reboot when a Primary storage fails

[vas...@gmx.de]

Hi Mauro,

that is really intresting to hear - i am not so long dealing with
cloudstack. so this is quiet new to me.
how ever: reading through the admin guide
http://docs.cloudstack.apache.org/en/latest/adminguide/reliability.html?highlight=Storage%20Outage#primary-storage-outage-and-data-loss
The described behaviour seems not "normal" for the hosts.

Did you already take a look into the isues on github?
Restarting all hosts of the cluster sounds like a bug to me - so might be
worth opening a new issue for further investigation?

Am Sa., 16. Okt. 2021 um 01:43 Uhr schrieb Mauro Ferraro - G2K Hosting <
mferr...@g2khosting.com>:

> Hi guys, how are you?.
>
> We are having this problems with ACS when a primary storages fails.
>
> We have several primary storage with Linux and NFS server serving KVM
> images. So every hosts have been mounted all the NFS servers because in
> one Host can be running VMs from different storages. The main problem of
> this, is when some storage fails because any reason all the cluster gets
> crazy and start rebooting the hosts to reconnect with this storage and
> all the VMs on the cluster, (including the VMs that were working good)
> goes down becuase the conection to one storage fails.
> If the problem with storage is permanent, the cluster never start again
> and hosts will reboot indefinitely.
>
> When this problem appears, the logs say this:
>
> host heartbeat: kvmheartbeat.sh will reboot system because it was unable
> to write the heartbeat to the storage.
>
> Many users, edit the script kvmheartbeat.shto avoid the hosts reboot or
> restart the agent on the host but i really not be sure that this is the
> real solution.
>
> Can someone help to propose a best solution at this high risk problem?.
>
> Regards,
>
> Mauro
>
>
>

Re: All cluster reboot when a Primary storage fails

[vas...@gmx.de]

really an interesting challange...

I am not sure if you will actually get to a point where an VM will survive
this "undamaged". My experiences with other technologies are normally the
same as yours. At least something like an "fsck" is needed to get things
back running - still with the problem that you often have some kind of
"undefined" data.
So the workflow i was used to was something like:
- get the effected volume
- check filesystem
- try to run the old vm / create a new one
- try to see if data can be safed
- revert to the last backup / snapshot (valid known working state)
- revert the backed up data (and even here to concider if it really is
needed depending on the kind of application the data is used for)

I can see why you might try a different setup for the storage system.
questions would be how fast has an fail-over to work - so that:
-the nfs mount will concidered as availeable
-nfs client is able to "cache" data that needs to be transmitted to the
storage server and write i after the nfs-mount is availeable again
imho quiet many obstacles to get to this point though

would be nice to kept updated with your findings!


Am Mi., 20. Okt. 2021 um 15:09 Uhr schrieb Mauro Ferraro - G2K Hosting <
mferr...@g2khosting.com>:

> Thanks to all guys for your feedback.
>
> We think that the problem is hard to solve without damage a VM. We were
> trying with Gluster+NFS Ganesha+PaceMaker+Corosync and when the NFS goes
> down de IP floats to other node but it takes few seconds, and all VMs
> goes down and in this scenario the VM be Damaged. And the performance
> with gluster is not really good.
>
> Now we want to test with ACS 4.16 and linstor, have someone any
> references about this?.
>
> Regards
>
> Mauro
>
>
> El 20/10/2021 a las 05:44, Piotr Pisz escribió:
> > Hi,
> > I experienced this problem myself, in the KVM, Ceph, NFS-Ganesha
> environment at full Ceph load, the Ganesha NFS server was able to hang.
> > Servers were able to randomly restart due to lack of NFS access.
> > Which magnified the problem and there was a cascade and restart of the
> entire environment.
> > We currently have the restart line removed in kvmheartbeat, instead we
> report the restart attempt via prometheus.
> >
> > Regards,
> > Piotr
> >
> >
> > -Original Message-
> > From: Sina Kashipazha 
> > Sent: Wednesday, October 20, 2021 10:35 AM
> > To: users@cloudstack.apache.org
> > Subject: Re: All cluster reboot when a Primary storage fails
> >
> > Hey Daniel,
> >
> > PR #4586 (https://github.com/apache/cloudstack/pull/4586) addressed
> your issue, as well. I'm currently working on it. Could you share with me
> how I can reproduce your reboot problem?
> >
> > Kind regards,
> > Sina
> >
> > ‐‐‐ Original Message ‐‐‐
> >
> > On Saturday, October 16th, 2021 at 05:40, Daniel Augusto Veronezi
> Salvador  wrote:
> >
> >> Hi Mauro,
> >>
> >> On KVM's monitor, when there is an inconsistency on the heartbeat's file
> >>
> >> or heartbeat timeout is extrapolated several times, by default, the host
> >>
> >> is restarted.
> >>
> >> The PR 4586 (https://github.com/apache/cloudstack/pull/4586) already
> >>
> >> addressed this issue by externalizing a property, which allows the
> >>
> >> operator to decide if the host must be restarted or not (default is
> >>
> >> 'true', meaning that the host will be restarted). However, this feature
> >>
> >> will be available only after release 4.16.
> >>
> >> Best regards,
> >>
> >> Daniel Salvador
> >>
> >> On 15/10/2021 20:43, Mauro Ferraro - G2K Hosting wrote:
> >>
> >>> Hi guys, how are you?.
> >>>
> >>> We are having this problems with ACS when a primary storages fails.
> >>>
> >>> We have several primary storage with Linux and NFS server serving KVM
> >>>
> >>> images. So every hosts have been mounted all the NFS servers because
> >>>
> >>> in one Host can be running VMs from different storages. The main
> >>>
> >>> problem of this, is when some storage fails because any reason all the
> >>>
> >>> cluster gets crazy and start rebooting the hosts to reconnect with
> >>>
> >>> this storage and all the VMs on the cluster, (including the VMs that
> >>>
> >>> were working good) goes down becuase the conection to one storage
> fails.
> >>>
> >>> If the problem with storage is permanent, the cluster never start
> >>>
> >>> again and hosts will reboot indefinitely.
> >>>
> >>> When this problem appears, the logs say this:
> >>>
> >>> host heartbeat: kvmheartbeat.sh will reboot system because it was
> >>>
> >>> unable to write the heartbeat to the storage.
> >>>
> >>> Many users, edit the script kvmheartbeat.shto avoid the hosts reboot
> >>>
> >>> or restart the agent on the host but i really not be sure that this is
> >>>
> >>> the real solution.
> >>>
> >>> Can someone help to propose a best solution at this high risk problem?.
> >>>
> >>> Regards,
> >>>
> >>> Mauro
>

Re: Unable to add host

[vas...@gmx.de]

which kind of useraccount are you using to add the host?

had similar problems adding a host with an "sudo"- enabled account as the
commands performed while performing the generation of an keystore-file
weren't working correctly.

Am Mi., 27. Okt. 2021 um 12:53 Uhr schrieb Nazmul Parvej <
nazmul.par...@bol-online.com>:

> Hi There,
>
> Please see my WARNING log, I can't understand why not added host on my
> Advanced
> zone. All servers are Ubuntu 20.04 LTS
>
> Management Server:
> In Web Portal Global Settings
>
> |ca.plugin.root.auth.strictness|is set to|false
>
>
> for ssh setting below config
>
> PubkeyAcceptedKeyTypes=+ssh-dss
> HostKeyAlgorithms=+ssh-dss
> KexAlgorithms=+diffie-hellman-group1-sha1
>
>
> In Host Server:
> Host as KVM Server Installation
> ==
>
> apt-get install qemu-kvm cloudstack-agent
> sed -i -e 's/\#vnc_listen.*$/vnc_listen = "0.0.0.0"/g'
> /etc/libvirt/qemu.conf
> sed -i -e 's/.*libvirtd_opts.*/env libvirtd_opts="-l"/'
> /etc/default/libvirtd
> echo 'listen_tls=0' >> /etc/libvirt/libvirtd.conf
> echo 'listen_tcp=1' >> /etc/libvirt/libvirtd.conf
> echo 'tcp_port = "16509"' >> /etc/libvirt/libvirtd.conf
> echo 'mdns_adv = 0' >> /etc/libvirt/libvirtd.conf
> echo 'auth_tcp = "none"' >> /etc/libvirt/libvirtd.conf
>
> systemctl restart libvirtd
>
> apt-get install uuid
> UUID=$(uuid)
> echo host_uuid = \"$UUID\" >> /etc/libvirt/libvirtd.conf
> systemctl restart libvirtd
>
> vi /etc/ssh/sshd_config
> PubkeyAcceptedKeyTypes=+ssh-dss
> HostKeyAlgorithms=+ssh-dss
> KexAlgorithms=+diffie-hellman-group1-sha1
>
> systemctl restart ssh
> systemctl restart sshd
>
>
>
>
> Please see my log error from ACS mgmt server
>
>
>
> 021-10-27 15:59:16,063 WARN  [c.c.u.n.Link]
> (AgentManager-SSLHandshakeHandler-1:null) (logid:) This SSL engine was
> forced to close inbound due to end of stream.
> 2021-10-27 15:59:16,959 WARN  [c.c.a.d.ParamGenericValidationWorker]
> (qtp1074389766-290:ctx-827d2286 ctx-57d77cbc) (logid:8809eb47) Received
> unknown parameters for command addHost. Unknown parameters : clustertype
> 2021-10-27 15:59:30,870 WARN  [c.c.h.k.d.LibvirtServerDiscoverer]
> (qtp1074389766-290:ctx-827d2286 ctx-57d77cbc) (logid:8809eb47)  can't setup
> agent, due to com.cloud.utils.exception.CloudRuntimeException: Failed to
> setup keystore on the KVM host: 10.10.9.51 - Failed to setup keystore on
> the KVM host: 10.10.9.51
> 2021-10-27 15:59:30,871 WARN  [c.c.r.ResourceManagerImpl]
> (qtp1074389766-290:ctx-827d2286 ctx-57d77cbc) (logid:8809eb47) Unable to
> find the server resources at http://10.10.9.51
> 2021-10-27 15:59:30,872 WARN  [o.a.c.a.c.a.h.AddHostCmd]
> (qtp1074389766-290:ctx-827d2286 ctx-57d77cbc) (logid:8809eb47) Exception:
> 2021-10-27 16:00:09,415 WARN  [c.c.a.d.ParamGenericValidationWorker]
> (qtp1074389766-291:ctx-32254b38 ctx-81598c92) (logid:276372ee) Received
> unknown parameters for command addHost. Unknown parameters : clustertype
> 2021-10-27 16:00:23,404 WARN  [c.c.h.k.d.LibvirtServerDiscoverer]
> (qtp1074389766-291:ctx-32254b38 ctx-81598c92) (logid:276372ee)  can't setup
> agent, due to com.cloud.utils.exception.CloudRuntimeException: Failed to
> setup keystore on the KVM host: 10.10.9.51 - Failed to setup keystore on
> the KVM host: 10.10.9.51
> 2021-10-27 16:00:23,405 WARN  [c.c.r.ResourceManagerImpl]
> (qtp1074389766-291:ctx-32254b38 ctx-81598c92) (logid:276372ee) Unable to
> find the server resources at http://10.10.9.51
> 2021-10-27 16:00:23,408 WARN  [o.a.c.a.c.a.h.AddHostCmd]
> (qtp1074389766-291:ctx-32254b38 ctx-81598c92) (logid:276372ee) Exception:
> 2021-10-27 16:00:27,313 WARN  [c.c.u.n.Link]
> (AgentManager-SSLHandshakeHandler-1:null) (logid:) This SSL engine was
> forced to close inbound due to end of stream.
>
>
>
> Yours sincerely,
>
> Nazmul Parvej
>

Re: Unable to add host

[vas...@gmx.de]

Hi Nazmul,

okay sounds good.

Any Error-Logs from the host / agent.log availeable?

regards

Am Do., 28. Okt. 2021 um 14:59 Uhr schrieb Nazmul Parvej <
nazmul.par...@bol-online.com>:

> I am using the root account for adding host.
>
>
> Yours sincerely,
>
>
> Nazmul Parvej
>
>
> On Wed, Oct 27, 2021 at 5:30 PM vas...@gmx.de  wrote:
>
> > which kind of useraccount are you using to add the host?
> >
> > had similar problems adding a host with an "sudo"- enabled account as the
> > commands performed while performing the generation of an keystore-file
> > weren't working correctly.
> >
> > Am Mi., 27. Okt. 2021 um 12:53 Uhr schrieb Nazmul Parvej <
> > nazmul.par...@bol-online.com>:
> >
> > > Hi There,
> > >
> > > Please see my WARNING log, I can't understand why not added host on my
> > > Advanced
> > > zone. All servers are Ubuntu 20.04 LTS
> > >
> > > Management Server:
> > > In Web Portal Global Settings
> > >
> > > |ca.plugin.root.auth.strictness|is set to|false
> > >
> > >
> > > for ssh setting below config
> > >
> > > PubkeyAcceptedKeyTypes=+ssh-dss
> > > HostKeyAlgorithms=+ssh-dss
> > > KexAlgorithms=+diffie-hellman-group1-sha1
> > >
> > >
> > > In Host Server:
> > > Host as KVM Server Installation
> > > ==
> > >
> > > apt-get install qemu-kvm cloudstack-agent
> > > sed -i -e 's/\#vnc_listen.*$/vnc_listen = "0.0.0.0"/g'
> > > /etc/libvirt/qemu.conf
> > > sed -i -e 's/.*libvirtd_opts.*/env libvirtd_opts="-l"/'
> > > /etc/default/libvirtd
> > > echo 'listen_tls=0' >> /etc/libvirt/libvirtd.conf
> > > echo 'listen_tcp=1' >> /etc/libvirt/libvirtd.conf
> > > echo 'tcp_port = "16509"' >> /etc/libvirt/libvirtd.conf
> > > echo 'mdns_adv = 0' >> /etc/libvirt/libvirtd.conf
> > > echo 'auth_tcp = "none"' >> /etc/libvirt/libvirtd.conf
> > >
> > > systemctl restart libvirtd
> > >
> > > apt-get install uuid
> > > UUID=$(uuid)
> > > echo host_uuid = \"$UUID\" >> /etc/libvirt/libvirtd.conf
> > > systemctl restart libvirtd
> > >
> > > vi /etc/ssh/sshd_config
> > > PubkeyAcceptedKeyTypes=+ssh-dss
> > > HostKeyAlgorithms=+ssh-dss
> > > KexAlgorithms=+diffie-hellman-group1-sha1
> > >
> > > systemctl restart ssh
> > > systemctl restart sshd
> > >
> > >
> > >
> > >
> > > Please see my log error from ACS mgmt server
> > >
> > >
> > >
> > > 021-10-27 15:59:16,063 WARN  [c.c.u.n.Link]
> > > (AgentManager-SSLHandshakeHandler-1:null) (logid:) This SSL engine was
> > > forced to close inbound due to end of stream.
> > > 2021-10-27 15:59:16,959 WARN  [c.c.a.d.ParamGenericValidationWorker]
> > > (qtp1074389766-290:ctx-827d2286 ctx-57d77cbc) (logid:8809eb47) Received
> > > unknown parameters for command addHost. Unknown parameters :
> clustertype
> > > 2021-10-27 15:59:30,870 WARN  [c.c.h.k.d.LibvirtServerDiscoverer]
> > > (qtp1074389766-290:ctx-827d2286 ctx-57d77cbc) (logid:8809eb47)  can't
> > setup
> > > agent, due to com.cloud.utils.exception.CloudRuntimeException: Failed
> to
> > > setup keystore on the KVM host: 10.10.9.51 - Failed to setup keystore
> on
> > > the KVM host: 10.10.9.51
> > > 2021-10-27 15:59:30,871 WARN  [c.c.r.ResourceManagerImpl]
> > > (qtp1074389766-290:ctx-827d2286 ctx-57d77cbc) (logid:8809eb47) Unable
> to
> > > find the server resources at http://10.10.9.51
> > > 2021-10-27 15:59:30,872 WARN  [o.a.c.a.c.a.h.AddHostCmd]
> > > (qtp1074389766-290:ctx-827d2286 ctx-57d77cbc) (logid:8809eb47)
> Exception:
> > > 2021-10-27 16:00:09,415 WARN  [c.c.a.d.ParamGenericValidationWorker]
> > > (qtp1074389766-291:ctx-32254b38 ctx-81598c92) (logid:276372ee) Received
> > > unknown parameters for command addHost. Unknown parameters :
> clustertype
> > > 2021-10-27 16:00:23,404 WARN  [c.c.h.k.d.LibvirtServerDiscoverer]
> > > (qtp1074389766-291:ctx-32254b38 ctx-81598c92) (logid:276372ee)  can't
> > setup
> > > agent, due to com.cloud.utils.exception.CloudRuntimeException: Failed
> to
> > > setup keystore on the KVM host: 10.10.9.51 - Failed to setup keystore
> on
> > > the KVM host: 10.10.9.51
> > > 2021-10-27 16:00:23,405 WARN  [c.c.r.ResourceManagerImpl]
> > > (qtp1074389766-291:ctx-32254b38 ctx-81598c92) (logid:276372ee) Unable
> to
> > > find the server resources at http://10.10.9.51
> > > 2021-10-27 16:00:23,408 WARN  [o.a.c.a.c.a.h.AddHostCmd]
> > > (qtp1074389766-291:ctx-32254b38 ctx-81598c92) (logid:276372ee)
> Exception:
> > > 2021-10-27 16:00:27,313 WARN  [c.c.u.n.Link]
> > > (AgentManager-SSLHandshakeHandler-1:null) (logid:) This SSL engine was
> > > forced to close inbound due to end of stream.
> > >
> > >
> > >
> > > Yours sincerely,
> > >
> > > Nazmul Parvej
> > >
> >
>

Questions regarding config-files during upgrade to CS4.16

[vas...@gmx.de]

Hi everyone,

currently I am trying myself on upgrading my cloudstack environment from
4.15.2 to 4.16.

I am a bit puzzeled as, while upgrading via repositorys i get the
notification / question, if i want to use my "old" configuration files on
the Management Server. Or use the newly provided from the maintainer.
As the "newly" provided seem to inherit the values from the old config
files, i currently choose to keep and use the old ones.
Is this the correct way for upgrading=? Didn't found something mentioned in
the upgrade-guide regarding this.

Regards,
Chris

Re: Questions regarding config-files during upgrade to CS4.16

[vas...@gmx.de]

Thank you Rohit for your answer, will keep that in mind for further
upgrades ahead!
Regards,

Chris

Am Mi., 17. Nov. 2021 um 11:04 Uhr schrieb Rohit Yadav <
rohit.ya...@shapeblue.com>:

> Hi Chris,
>
> That's typical of a Linux package manager to ask questions when during an
> upgrade the config files change. You most likely want to keep the original
> config than package maintainers, esp for db.properties, server.properties.
> It's a good idea to backup them before upgrading, and then manually
> reconcile the config files if necessary.
>
>
> Regards.
>
> ____
> From: vas...@gmx.de 
> Sent: Wednesday, November 17, 2021 02:00
> To: users@cloudstack.apache.org 
> Subject: Questions regarding config-files during upgrade to CS4.16
>
> Hi everyone,
>
> currently I am trying myself on upgrading my cloudstack environment from
> 4.15.2 to 4.16.
>
> I am a bit puzzeled as, while upgrading via repositorys i get the
> notification / question, if i want to use my "old" configuration files on
> the Management Server. Or use the newly provided from the maintainer.
> As the "newly" provided seem to inherit the values from the old config
> files, i currently choose to keep and use the old ones.
> Is this the correct way for upgrading=? Didn't found something mentioned in
> the upgrade-guide regarding this.
>
> Regards,
> Chris
>
>
>
>

Missing "CPU Core"-Graph on Dashboard after upgrading to CS4.16

[vas...@gmx.de]

Hi everyone,

so far the upgrade to 4.16 worked well and everything seems working fine.
What i noticed is, that for my root - admin the Dashboard doesn't show the
CPU-Cores Graph anymore.
Is there a way to display this again at the Dashboard?

Regards,
Chris

Re: Questions regarding config-files during upgrade to CS4.16

[vas...@gmx.de]

Hi Wei,

thanks for your suggestions.
Regarding the database - that's what i did (in addition to the usual
back-up of the dabase during normal operation). And this "step" is explicit
mentioned in the upgrade instructions.
How ever regarding the configuration files, there i was a bit "suprised".
It seems there have been quiet some changes regarding the actual values /
nameing inside the configurations.
Not that there have  been  changes, but that this topic wasn't mentioned in
the upgrade guide or some recommadations on how to deal with it.

As far as i understand - and please correct me here if i am wrong - the
workflow would be to backup the current config, install the new version of
the config files during upgrade and then go through the configs and try to
merge the settings / values by hand?

Regards,
Chris

Am Mi., 17. Nov. 2021 um 12:23 Uhr schrieb Wei ZHOU :

> Hi Chris,
>
> It would be good to backup all the folder /etc/cloudstack/management/ and
> database before upgrade.
>
> -Wei
>
> On Wed, 17 Nov 2021 at 11:54, vas...@gmx.de  wrote:
>
>> Thank you Rohit for your answer, will keep that in mind for further
>> upgrades ahead!
>> Regards,
>>
>> Chris
>>
>> Am Mi., 17. Nov. 2021 um 11:04 Uhr schrieb Rohit Yadav <
>> rohit.ya...@shapeblue.com>:
>>
>> > Hi Chris,
>> >
>> > That's typical of a Linux package manager to ask questions when during
>> an
>> > upgrade the config files change. You most likely want to keep the
>> original
>> > config than package maintainers, esp for db.properties,
>> server.properties.
>> > It's a good idea to backup them before upgrading, and then manually
>> > reconcile the config files if necessary.
>> >
>> >
>> > Regards.
>> >
>> > 
>> > From: vas...@gmx.de 
>> > Sent: Wednesday, November 17, 2021 02:00
>> > To: users@cloudstack.apache.org 
>> > Subject: Questions regarding config-files during upgrade to CS4.16
>> >
>> > Hi everyone,
>> >
>> > currently I am trying myself on upgrading my cloudstack environment from
>> > 4.15.2 to 4.16.
>> >
>> > I am a bit puzzeled as, while upgrading via repositorys i get the
>> > notification / question, if i want to use my "old" configuration files
>> on
>> > the Management Server. Or use the newly provided from the maintainer.
>> > As the "newly" provided seem to inherit the values from the old config
>> > files, i currently choose to keep and use the old ones.
>> > Is this the correct way for upgrading=? Didn't found something
>> mentioned in
>> > the upgrade-guide regarding this.
>> >
>> > Regards,
>> > Chris
>> >
>> >
>> >
>> >
>>
>

Re: Missing "CPU Core"-Graph on Dashboard after upgrading to CS4.16

[vas...@gmx.de]

 Sadly: Nothing at all. Not even a error.

Am Mi., 17. Nov. 2021 um 13:10 Uhr schrieb Wei ZHOU :

> I do not have this issue.
>
> If you use cmk/cloudmonkey, can you share the result of the following
> command ?
>
> cmk list capacity type=90
>
> -Wei
>
>
> On Wed, 17 Nov 2021 at 12:01, vas...@gmx.de  wrote:
>
>> Hi everyone,
>>
>> so far the upgrade to 4.16 worked well and everything seems working fine.
>> What i noticed is, that for my root - admin the Dashboard doesn't show the
>> CPU-Cores Graph anymore.
>> Is there a way to display this again at the Dashboard?
>>
>> Regards,
>> Chris
>>
>

Re: Questions regarding config-files during upgrade to CS4.16

[vas...@gmx.de]

Thanks Wei - don't be worried - i kept my old config files and indeed it
works out well. Sometimes "lazyness" might have it's benefits ;-)
Beside the topic from the other letter regarding my cpu-core count isn't
present at the dashboard anymore.

Am Mi., 17. Nov. 2021 um 13:04 Uhr schrieb Wei ZHOU :

> Hi Chris,
>
> When you upgrade, do NOT overwrite existing configuration files. Normally
> it should work with the new version as well.
>
> The backup of configs and databases are used only when you face some
> issues in upgrading (for example config files are overwritten by mistake,
> some DB exceptions) , then you have to rollback to the older version or
> recover the config files.
>
> -Wei
>
> On Wed, 17 Nov 2021 at 12:51, vas...@gmx.de  wrote:
>
>> Hi Wei,
>>
>> thanks for your suggestions.
>> Regarding the database - that's what i did (in addition to the usual
>> back-up of the dabase during normal operation). And this "step" is
>> explicit
>> mentioned in the upgrade instructions.
>> How ever regarding the configuration files, there i was a bit "suprised".
>> It seems there have been quiet some changes regarding the actual values /
>> nameing inside the configurations.
>> Not that there have  been  changes, but that this topic wasn't mentioned
>> in
>> the upgrade guide or some recommadations on how to deal with it.
>>
>> As far as i understand - and please correct me here if i am wrong - the
>> workflow would be to backup the current config, install the new version of
>> the config files during upgrade and then go through the configs and try to
>> merge the settings / values by hand?
>>
>> Regards,
>> Chris
>>
>> Am Mi., 17. Nov. 2021 um 12:23 Uhr schrieb Wei ZHOU <
>> ustcweiz...@gmail.com>:
>>
>> > Hi Chris,
>> >
>> > It would be good to backup all the folder /etc/cloudstack/management/
>> and
>> > database before upgrade.
>> >
>> > -Wei
>> >
>> > On Wed, 17 Nov 2021 at 11:54, vas...@gmx.de  wrote:
>> >
>> >> Thank you Rohit for your answer, will keep that in mind for further
>> >> upgrades ahead!
>> >> Regards,
>> >>
>> >> Chris
>> >>
>> >> Am Mi., 17. Nov. 2021 um 11:04 Uhr schrieb Rohit Yadav <
>> >> rohit.ya...@shapeblue.com>:
>> >>
>> >> > Hi Chris,
>> >> >
>> >> > That's typical of a Linux package manager to ask questions when
>> during
>> >> an
>> >> > upgrade the config files change. You most likely want to keep the
>> >> original
>> >> > config than package maintainers, esp for db.properties,
>> >> server.properties.
>> >> > It's a good idea to backup them before upgrading, and then manually
>> >> > reconcile the config files if necessary.
>> >> >
>> >> >
>> >> > Regards.
>> >> >
>> >> > 
>> >> > From: vas...@gmx.de 
>> >> > Sent: Wednesday, November 17, 2021 02:00
>> >> > To: users@cloudstack.apache.org 
>> >> > Subject: Questions regarding config-files during upgrade to CS4.16
>> >> >
>> >> > Hi everyone,
>> >> >
>> >> > currently I am trying myself on upgrading my cloudstack environment
>> from
>> >> > 4.15.2 to 4.16.
>> >> >
>> >> > I am a bit puzzeled as, while upgrading via repositorys i get the
>> >> > notification / question, if i want to use my "old" configuration
>> files
>> >> on
>> >> > the Management Server. Or use the newly provided from the maintainer.
>> >> > As the "newly" provided seem to inherit the values from the old
>> config
>> >> > files, i currently choose to keep and use the old ones.
>> >> > Is this the correct way for upgrading=? Didn't found something
>> >> mentioned in
>> >> > the upgrade-guide regarding this.
>> >> >
>> >> > Regards,
>> >> > Chris
>> >> >
>> >> >
>> >> >
>> >> >
>> >>
>> >
>>
>

Re: Missing "CPU Core"-Graph on Dashboard after upgrading to CS4.16

[vas...@gmx.de]

In the DB the records are there, entrys / values are correct BUT
"capacity_state" is "Disabled".

Which is a bit odd to understand, as i didn't made any further changes.
My process was to put them into maintenance-mode, perform the upgrade to
4.16, restart the agent and then got them out of maintenance-mode again.
Did i made a mistake here?

Any idea on how to get the values "Enabled" again?

Am Mi., 17. Nov. 2021 um 15:40 Uhr schrieb Wei ZHOU :

> any record in DB ?
>
> select * from op_host_capacity where capacity_type =90;
>
> -Wei
>
> On Wed, 17 Nov 2021 at 14:14, vas...@gmx.de  wrote:
>
>> Sadly: Nothing at all. Not even a error.
>>
>>
>> Am Mi., 17. Nov. 2021 um 13:10 Uhr schrieb Wei ZHOU <
>> ustcweiz...@gmail.com>:
>>
>>> I do not have this issue.
>>>
>>> If you use cmk/cloudmonkey, can you share the result of the following
>>> command ?
>>>
>>> cmk list capacity type=90
>>>
>>> -Wei
>>>
>>>
>>> On Wed, 17 Nov 2021 at 12:01, vas...@gmx.de  wrote:
>>>
>>>> Hi everyone,
>>>>
>>>> so far the upgrade to 4.16 worked well and everything seems working
>>>> fine.
>>>> What i noticed is, that for my root - admin the Dashboard doesn't show
>>>> the
>>>> CPU-Cores Graph anymore.
>>>> Is there a way to display this again at the Dashboard?
>>>>
>>>> Regards,
>>>> Chris
>>>>
>>>

Re: Missing "CPU Core"-Graph on Dashboard after upgrading to CS4.16

[vas...@gmx.de]

hi,

all hosts are enabled and running fine.

Am Mi., 17. Nov. 2021 um 19:59 Uhr schrieb Wei ZHOU :

> Hi,
>
> Are the hosts Disabled or Enabled ?
>
> -Wei
>
> On Wed, 17 Nov 2021 at 16:54, vas...@gmx.de  wrote:
>
>> In the DB the records are there, entrys / values are correct BUT
>> "capacity_state" is "Disabled".
>>
>> Which is a bit odd to understand, as i didn't made any further changes.
>> My process was to put them into maintenance-mode, perform the upgrade to
>> 4.16, restart the agent and then got them out of maintenance-mode again.
>> Did i made a mistake here?
>>
>> Any idea on how to get the values "Enabled" again?
>>
>> Am Mi., 17. Nov. 2021 um 15:40 Uhr schrieb Wei ZHOU <
>> ustcweiz...@gmail.com>:
>>
>> > any record in DB ?
>> >
>> > select * from op_host_capacity where capacity_type =90;
>> >
>> > -Wei
>> >
>> > On Wed, 17 Nov 2021 at 14:14, vas...@gmx.de  wrote:
>> >
>> >> Sadly: Nothing at all. Not even a error.
>> >>
>> >>
>> >> Am Mi., 17. Nov. 2021 um 13:10 Uhr schrieb Wei ZHOU <
>> >> ustcweiz...@gmail.com>:
>> >>
>> >>> I do not have this issue.
>> >>>
>> >>> If you use cmk/cloudmonkey, can you share the result of the following
>> >>> command ?
>> >>>
>> >>> cmk list capacity type=90
>> >>>
>> >>> -Wei
>> >>>
>> >>>
>> >>> On Wed, 17 Nov 2021 at 12:01, vas...@gmx.de  wrote:
>> >>>
>> >>>> Hi everyone,
>> >>>>
>> >>>> so far the upgrade to 4.16 worked well and everything seems working
>> >>>> fine.
>> >>>> What i noticed is, that for my root - admin the Dashboard doesn't
>> show
>> >>>> the
>> >>>> CPU-Cores Graph anymore.
>> >>>> Is there a way to display this again at the Dashboard?
>> >>>>
>> >>>> Regards,
>> >>>> Chris
>> >>>>
>> >>>
>>
>

Re: Missing "CPU Core"-Graph on Dashboard after upgrading to CS4.16

[vas...@gmx.de]

Hi  Wei,

thanks again for your support.
As I have not worked with the CS DB beforehand:
Which table are you referring to with "hosts table"? Taking a look into my
DB I am not finding a table of the name "hosts".

Thanks in advance,
Christ

Am Do., 18. Nov. 2021 um 09:12 Uhr schrieb Wei ZHOU :

> Hi,
>
> If you are sure that all hosts are enabled (resource_state='Enabled' in
> hosts table), you can update the capacity_state to "Enabled" by manual db
> change.
>
> -Wei
>
> On Wed, 17 Nov 2021 at 20:32, vas...@gmx.de  wrote:
>
> > hi,
> >
> > all hosts are enabled and running fine.
> >
> > Am Mi., 17. Nov. 2021 um 19:59 Uhr schrieb Wei ZHOU <
> ustcweiz...@gmail.com
> > >:
> >
> > > Hi,
> > >
> > > Are the hosts Disabled or Enabled ?
> > >
> > > -Wei
> > >
> > > On Wed, 17 Nov 2021 at 16:54, vas...@gmx.de  wrote:
> > >
> > >> In the DB the records are there, entrys / values are correct BUT
> > >> "capacity_state" is "Disabled".
> > >>
> > >> Which is a bit odd to understand, as i didn't made any further
> changes.
> > >> My process was to put them into maintenance-mode, perform the upgrade
> to
> > >> 4.16, restart the agent and then got them out of maintenance-mode
> again.
> > >> Did i made a mistake here?
> > >>
> > >> Any idea on how to get the values "Enabled" again?
> > >>
> > >> Am Mi., 17. Nov. 2021 um 15:40 Uhr schrieb Wei ZHOU <
> > >> ustcweiz...@gmail.com>:
> > >>
> > >> > any record in DB ?
> > >> >
> > >> > select * from op_host_capacity where capacity_type =90;
> > >> >
> > >> > -Wei
> > >> >
> > >> > On Wed, 17 Nov 2021 at 14:14, vas...@gmx.de  wrote:
> > >> >
> > >> >> Sadly: Nothing at all. Not even a error.
> > >> >>
> > >> >>
> > >> >> Am Mi., 17. Nov. 2021 um 13:10 Uhr schrieb Wei ZHOU <
> > >> >> ustcweiz...@gmail.com>:
> > >> >>
> > >> >>> I do not have this issue.
> > >> >>>
> > >> >>> If you use cmk/cloudmonkey, can you share the result of the
> > following
> > >> >>> command ?
> > >> >>>
> > >> >>> cmk list capacity type=90
> > >> >>>
> > >> >>> -Wei
> > >> >>>
> > >> >>>
> > >> >>> On Wed, 17 Nov 2021 at 12:01, vas...@gmx.de 
> wrote:
> > >> >>>
> > >> >>>> Hi everyone,
> > >> >>>>
> > >> >>>> so far the upgrade to 4.16 worked well and everything seems
> working
> > >> >>>> fine.
> > >> >>>> What i noticed is, that for my root - admin the Dashboard doesn't
> > >> show
> > >> >>>> the
> > >> >>>> CPU-Cores Graph anymore.
> > >> >>>> Is there a way to display this again at the Dashboard?
> > >> >>>>
> > >> >>>> Regards,
> > >> >>>> Chris
> > >> >>>>
> > >> >>>
> > >>
> > >
> >
>

Re: Missing "CPU Core"-Graph on Dashboard after upgrading to CS4.16

[vas...@gmx.de]

 No problem at all - looking at my last 'signature' i am prone to typo's,
too. 😉
How ever: Found the table as well as the entries stateing
"resource_state=Enabled" for all hosts.

Will then try this evening to change the values in 'op_host_capacity' to
'Enabled' (of course perfoming backup's and stuff beforehand) and report
back how things where going.

Regards
Chris

Am Do., 18. Nov. 2021 um 12:31 Uhr schrieb Wei ZHOU :

> Hi Christ,
>
> The table name is `host`,  not `hosts`. Sorry for the typo
>
> -Wei
>
> On Thu, 18 Nov 2021 at 11:47, vas...@gmx.de  wrote:
>
>> Hi  Wei,
>>
>> thanks again for your support.
>> As I have not worked with the CS DB beforehand:
>> Which table are you referring to with "hosts table"? Taking a look into my
>> DB I am not finding a table of the name "hosts".
>>
>> Thanks in advance,
>> Christ
>>
>> Am Do., 18. Nov. 2021 um 09:12 Uhr schrieb Wei ZHOU <
>> ustcweiz...@gmail.com>:
>>
>> > Hi,
>> >
>> > If you are sure that all hosts are enabled (resource_state='Enabled' in
>> > hosts table), you can update the capacity_state to "Enabled" by manual
>> db
>> > change.
>> >
>> > -Wei
>> >
>> > On Wed, 17 Nov 2021 at 20:32, vas...@gmx.de  wrote:
>> >
>> > > hi,
>> > >
>> > > all hosts are enabled and running fine.
>> > >
>> > > Am Mi., 17. Nov. 2021 um 19:59 Uhr schrieb Wei ZHOU <
>> > ustcweiz...@gmail.com
>> > > >:
>> > >
>> > > > Hi,
>> > > >
>> > > > Are the hosts Disabled or Enabled ?
>> > > >
>> > > > -Wei
>> > > >
>> > > > On Wed, 17 Nov 2021 at 16:54, vas...@gmx.de  wrote:
>> > > >
>> > > >> In the DB the records are there, entrys / values are correct BUT
>> > > >> "capacity_state" is "Disabled".
>> > > >>
>> > > >> Which is a bit odd to understand, as i didn't made any further
>> > changes.
>> > > >> My process was to put them into maintenance-mode, perform the
>> upgrade
>> > to
>> > > >> 4.16, restart the agent and then got them out of maintenance-mode
>> > again.
>> > > >> Did i made a mistake here?
>> > > >>
>> > > >> Any idea on how to get the values "Enabled" again?
>> > > >>
>> > > >> Am Mi., 17. Nov. 2021 um 15:40 Uhr schrieb Wei ZHOU <
>> > > >> ustcweiz...@gmail.com>:
>> > > >>
>> > > >> > any record in DB ?
>> > > >> >
>> > > >> > select * from op_host_capacity where capacity_type =90;
>> > > >> >
>> > > >> > -Wei
>> > > >> >
>> > > >> > On Wed, 17 Nov 2021 at 14:14, vas...@gmx.de 
>> wrote:
>> > > >> >
>> > > >> >> Sadly: Nothing at all. Not even a error.
>> > > >> >>
>> > > >> >>
>> > > >> >> Am Mi., 17. Nov. 2021 um 13:10 Uhr schrieb Wei ZHOU <
>> > > >> >> ustcweiz...@gmail.com>:
>> > > >> >>
>> > > >> >>> I do not have this issue.
>> > > >> >>>
>> > > >> >>> If you use cmk/cloudmonkey, can you share the result of the
>> > > following
>> > > >> >>> command ?
>> > > >> >>>
>> > > >> >>> cmk list capacity type=90
>> > > >> >>>
>> > > >> >>> -Wei
>> > > >> >>>
>> > > >> >>>
>> > > >> >>> On Wed, 17 Nov 2021 at 12:01, vas...@gmx.de 
>> > wrote:
>> > > >> >>>
>> > > >> >>>> Hi everyone,
>> > > >> >>>>
>> > > >> >>>> so far the upgrade to 4.16 worked well and everything seems
>> > working
>> > > >> >>>> fine.
>> > > >> >>>> What i noticed is, that for my root - admin the Dashboard
>> doesn't
>> > > >> show
>> > > >> >>>> the
>> > > >> >>>> CPU-Cores Graph anymore.
>> > > >> >>>> Is there a way to display this again at the Dashboard?
>> > > >> >>>>
>> > > >> >>>> Regards,
>> > > >> >>>> Chris
>> > > >> >>>>
>> > > >> >>>
>> > > >>
>> > > >
>> > >
>> >
>>
>

Re: Missing "CPU Core"-Graph on Dashboard after upgrading to CS4.16

[vas...@gmx.de]

Hi again,

just wanted to inform you that changeing the values in the database was
successfull.
The Core-Count is visible in the dash-board again.

That reminded me, that while adding hosts in one of my previous trials i
was facing kind of a similar problem with the graph. That time there just 2
out of 4 hosts had displayed theire values.
Anyway, it is back to normal and up till know 4.16 is working like expected
and performaning well.

Regards,
Chris

Am Do., 18. Nov. 2021 um 12:47 Uhr schrieb vas...@gmx.de :

> No problem at all - looking at my last 'signature' i am prone to typo's,
> too. 😉
> How ever: Found the table as well as the entries stateing
> "resource_state=Enabled" for all hosts.
>
> Will then try this evening to change the values in 'op_host_capacity' to
> 'Enabled' (of course perfoming backup's and stuff beforehand) and report
> back how things where going.
>
> Regards
> Chris
>
> Am Do., 18. Nov. 2021 um 12:31 Uhr schrieb Wei ZHOU  >:
>
>> Hi Christ,
>>
>> The table name is `host`,  not `hosts`. Sorry for the typo
>>
>> -Wei
>>
>> On Thu, 18 Nov 2021 at 11:47, vas...@gmx.de  wrote:
>>
>>> Hi  Wei,
>>>
>>> thanks again for your support.
>>> As I have not worked with the CS DB beforehand:
>>> Which table are you referring to with "hosts table"? Taking a look into
>>> my
>>> DB I am not finding a table of the name "hosts".
>>>
>>> Thanks in advance,
>>> Christ
>>>
>>> Am Do., 18. Nov. 2021 um 09:12 Uhr schrieb Wei ZHOU <
>>> ustcweiz...@gmail.com>:
>>>
>>> > Hi,
>>> >
>>> > If you are sure that all hosts are enabled (resource_state='Enabled' in
>>> > hosts table), you can update the capacity_state to "Enabled" by manual
>>> db
>>> > change.
>>> >
>>> > -Wei
>>> >
>>> > On Wed, 17 Nov 2021 at 20:32, vas...@gmx.de  wrote:
>>> >
>>> > > hi,
>>> > >
>>> > > all hosts are enabled and running fine.
>>> > >
>>> > > Am Mi., 17. Nov. 2021 um 19:59 Uhr schrieb Wei ZHOU <
>>> > ustcweiz...@gmail.com
>>> > > >:
>>> > >
>>> > > > Hi,
>>> > > >
>>> > > > Are the hosts Disabled or Enabled ?
>>> > > >
>>> > > > -Wei
>>> > > >
>>> > > > On Wed, 17 Nov 2021 at 16:54, vas...@gmx.de  wrote:
>>> > > >
>>> > > >> In the DB the records are there, entrys / values are correct BUT
>>> > > >> "capacity_state" is "Disabled".
>>> > > >>
>>> > > >> Which is a bit odd to understand, as i didn't made any further
>>> > changes.
>>> > > >> My process was to put them into maintenance-mode, perform the
>>> upgrade
>>> > to
>>> > > >> 4.16, restart the agent and then got them out of maintenance-mode
>>> > again.
>>> > > >> Did i made a mistake here?
>>> > > >>
>>> > > >> Any idea on how to get the values "Enabled" again?
>>> > > >>
>>> > > >> Am Mi., 17. Nov. 2021 um 15:40 Uhr schrieb Wei ZHOU <
>>> > > >> ustcweiz...@gmail.com>:
>>> > > >>
>>> > > >> > any record in DB ?
>>> > > >> >
>>> > > >> > select * from op_host_capacity where capacity_type =90;
>>> > > >> >
>>> > > >> > -Wei
>>> > > >> >
>>> > > >> > On Wed, 17 Nov 2021 at 14:14, vas...@gmx.de 
>>> wrote:
>>> > > >> >
>>> > > >> >> Sadly: Nothing at all. Not even a error.
>>> > > >> >>
>>> > > >> >>
>>> > > >> >> Am Mi., 17. Nov. 2021 um 13:10 Uhr schrieb Wei ZHOU <
>>> > > >> >> ustcweiz...@gmail.com>:
>>> > > >> >>
>>> > > >> >>> I do not have this issue.
>>> > > >> >>>
>>> > > >> >>> If you use cmk/cloudmonkey, can you share the result of the
>>> > > following
>>> > > >> >>> command ?
>>> > > >> >>>
>>> > > >> >>> cmk list capacity type=90
>>> > > >> >>>
>>> > > >> >>> -Wei
>>> > > >> >>>
>>> > > >> >>>
>>> > > >> >>> On Wed, 17 Nov 2021 at 12:01, vas...@gmx.de 
>>> > wrote:
>>> > > >> >>>
>>> > > >> >>>> Hi everyone,
>>> > > >> >>>>
>>> > > >> >>>> so far the upgrade to 4.16 worked well and everything seems
>>> > working
>>> > > >> >>>> fine.
>>> > > >> >>>> What i noticed is, that for my root - admin the Dashboard
>>> doesn't
>>> > > >> show
>>> > > >> >>>> the
>>> > > >> >>>> CPU-Cores Graph anymore.
>>> > > >> >>>> Is there a way to display this again at the Dashboard?
>>> > > >> >>>>
>>> > > >> >>>> Regards,
>>> > > >> >>>> Chris
>>> > > >> >>>>
>>> > > >> >>>
>>> > > >>
>>> > > >
>>> > >
>>> >
>>>
>>

Re: Missing "CPU Core"-Graph on Dashboard after upgrading to CS4.16

[vas...@gmx.de]

hi wei,

nice to see that my "problem" leads to some further improvement - thanks
for your efforts!

Regards,
Chris

Am Fr., 19. Nov. 2021 um 11:11 Uhr schrieb Wei ZHOU :

> Hi Chris,
>
> I have created a pull request for this issue
> https://github.com/apache/cloudstack/pull/5701
>
> -Wei
>
> On Thu, 18 Nov 2021 at 23:36, vas...@gmx.de  wrote:
>
>> Hi again,
>>
>> just wanted to inform you that changeing the values in the database was
>> successfull.
>> The Core-Count is visible in the dash-board again.
>>
>> That reminded me, that while adding hosts in one of my previous trials i
>> was facing kind of a similar problem with the graph. That time there just
>> 2
>> out of 4 hosts had displayed theire values.
>> Anyway, it is back to normal and up till know 4.16 is working like
>> expected
>> and performaning well.
>>
>> Regards,
>> Chris
>>
>> Am Do., 18. Nov. 2021 um 12:47 Uhr schrieb vas...@gmx.de :
>>
>> > No problem at all - looking at my last 'signature' i am prone to typo's,
>> > too. 😉
>> > How ever: Found the table as well as the entries stateing
>> > "resource_state=Enabled" for all hosts.
>> >
>> > Will then try this evening to change the values in 'op_host_capacity' to
>> > 'Enabled' (of course perfoming backup's and stuff beforehand) and report
>> > back how things where going.
>> >
>> > Regards
>> > Chris
>> >
>> > Am Do., 18. Nov. 2021 um 12:31 Uhr schrieb Wei ZHOU <
>> ustcweiz...@gmail.com
>> > >:
>> >
>> >> Hi Christ,
>> >>
>> >> The table name is `host`,  not `hosts`. Sorry for the typo
>> >>
>> >> -Wei
>> >>
>> >> On Thu, 18 Nov 2021 at 11:47, vas...@gmx.de  wrote:
>> >>
>> >>> Hi  Wei,
>> >>>
>> >>> thanks again for your support.
>> >>> As I have not worked with the CS DB beforehand:
>> >>> Which table are you referring to with "hosts table"? Taking a look
>> into
>> >>> my
>> >>> DB I am not finding a table of the name "hosts".
>> >>>
>> >>> Thanks in advance,
>> >>> Christ
>> >>>
>> >>> Am Do., 18. Nov. 2021 um 09:12 Uhr schrieb Wei ZHOU <
>> >>> ustcweiz...@gmail.com>:
>> >>>
>> >>> > Hi,
>> >>> >
>> >>> > If you are sure that all hosts are enabled
>> (resource_state='Enabled' in
>> >>> > hosts table), you can update the capacity_state to "Enabled" by
>> manual
>> >>> db
>> >>> > change.
>> >>> >
>> >>> > -Wei
>> >>> >
>> >>> > On Wed, 17 Nov 2021 at 20:32, vas...@gmx.de  wrote:
>> >>> >
>> >>> > > hi,
>> >>> > >
>> >>> > > all hosts are enabled and running fine.
>> >>> > >
>> >>> > > Am Mi., 17. Nov. 2021 um 19:59 Uhr schrieb Wei ZHOU <
>> >>> > ustcweiz...@gmail.com
>> >>> > > >:
>> >>> > >
>> >>> > > > Hi,
>> >>> > > >
>> >>> > > > Are the hosts Disabled or Enabled ?
>> >>> > > >
>> >>> > > > -Wei
>> >>> > > >
>> >>> > > > On Wed, 17 Nov 2021 at 16:54, vas...@gmx.de 
>> wrote:
>> >>> > > >
>> >>> > > >> In the DB the records are there, entrys / values are correct
>> BUT
>> >>> > > >> "capacity_state" is "Disabled".
>> >>> > > >>
>> >>> > > >> Which is a bit odd to understand, as i didn't made any further
>> >>> > changes.
>> >>> > > >> My process was to put them into maintenance-mode, perform the
>> >>> upgrade
>> >>> > to
>> >>> > > >> 4.16, restart the agent and then got them out of
>> maintenance-mode
>> >>> > again.
>> >>> > > >> Did i made a mistake here?
>> >>> > > >>
>> >>> > > >> Any idea on how to get the values "Enabled" again?
>> >>> > > >>
>> >>> > > >> Am Mi., 17. Nov. 2021 um 15:40 Uhr schrieb Wei ZHOU <
>> >>> > > >> ustcweiz...@gmail.com>:
>> >>> > > >>
>> >>> > > >> > any record in DB ?
>> >>> > > >> >
>> >>> > > >> > select * from op_host_capacity where capacity_type =90;
>> >>> > > >> >
>> >>> > > >> > -Wei
>> >>> > > >> >
>> >>> > > >> > On Wed, 17 Nov 2021 at 14:14, vas...@gmx.de 
>> >>> wrote:
>> >>> > > >> >
>> >>> > > >> >> Sadly: Nothing at all. Not even a error.
>> >>> > > >> >>
>> >>> > > >> >>
>> >>> > > >> >> Am Mi., 17. Nov. 2021 um 13:10 Uhr schrieb Wei ZHOU <
>> >>> > > >> >> ustcweiz...@gmail.com>:
>> >>> > > >> >>
>> >>> > > >> >>> I do not have this issue.
>> >>> > > >> >>>
>> >>> > > >> >>> If you use cmk/cloudmonkey, can you share the result of the
>> >>> > > following
>> >>> > > >> >>> command ?
>> >>> > > >> >>>
>> >>> > > >> >>> cmk list capacity type=90
>> >>> > > >> >>>
>> >>> > > >> >>> -Wei
>> >>> > > >> >>>
>> >>> > > >> >>>
>> >>> > > >> >>> On Wed, 17 Nov 2021 at 12:01, vas...@gmx.de > >
>> >>> > wrote:
>> >>> > > >> >>>
>> >>> > > >> >>>> Hi everyone,
>> >>> > > >> >>>>
>> >>> > > >> >>>> so far the upgrade to 4.16 worked well and everything
>> seems
>> >>> > working
>> >>> > > >> >>>> fine.
>> >>> > > >> >>>> What i noticed is, that for my root - admin the Dashboard
>> >>> doesn't
>> >>> > > >> show
>> >>> > > >> >>>> the
>> >>> > > >> >>>> CPU-Cores Graph anymore.
>> >>> > > >> >>>> Is there a way to display this again at the Dashboard?
>> >>> > > >> >>>>
>> >>> > > >> >>>> Regards,
>> >>> > > >> >>>> Chris
>> >>> > > >> >>>>
>> >>> > > >> >>>
>> >>> > > >>
>> >>> > > >
>> >>> > >
>> >>> >
>> >>>
>> >>
>>
>

Re: [DISCUSS] 2FA framework and plugins for CloudStack

[vas...@gmx.de]

Hi Rohit,

this sounds awesome and for me it is a absolute +1, as in my organization
this is a major concern with cloudstack atm.

Regarding the puprosed " general-purpose 2FA plugins":
I would suggest to exchange the PIN - option against another type of
factor, as as far i am aware a user genarated PIN would also "count" as a
"knowledge" factor.
Maybe one could use the already implemented functions for generating
ssh-keypairs to create kind of a "token" which a user needs to present on
login (simply saining generate an dedicated key-pair for login purposes to
the web-ui / cmk).
The admins then could choose on how to provide the token for the users  or
where to store them.
Instead of using "ssh-keys" maybe a certificate / pki approach would also
be usefull, as many of using organizations have already some kind of PKI
environment running. So Admins could deploy a root-cert for the domain and
provide user-certs for authentification / validation.

Looking forward to this excitement feature!
Regards,

Chris

Am Mo., 29. Nov. 2021 um 11:49 Uhr schrieb Rohit Yadav <
rohit.ya...@shapeblue.com>:

> All,
>
> During CCC21 hackathon, I explored the feasibility of a 2FA framework and
> a TOTP (time-based OTP) plugin that can be used with Google Authenticator,
> MS Authenticator, Authy etc.
>
> I've used ideas of TOTP based 2FA PoC to put together a design doc for
> discussion:
>
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/2FA+Framework+and+Plugins
>
> Kindly review and share your feedback. Thanks.
>
>
> Regards.
>
>
>
>

Public IP is stucked in state "released" after usage for static nat

[vas...@gmx.de]

hi everyone,

sadly i am encountering some problems in my CS 4.16 set-up.

today i wanted to take a look into static-nat for the routers of my vpc.
Sadly i missed, that the VM i wanted to assaign to the static public ip had
was already targeted by an port forwarding.
As you can imagine i got an error that static can't be applied for this VM
/ default interface.

Thats when strange things happend.
The static NAT configuration was successfully applied.
I wanted to revert everything so i tried to delete the static NAT And i got
the following error:

2022-01-04 00:55:58,394 DEBUG [o.a.c.n.t.AdvancedNetworkTopology]
(API-Job-Executor-98:ctx-90ac5cad job-2135 ctx-2eb15c74) (logid:90c06d44)
APPLYING VPC IP RULES
2022-01-04 00:55:58,399 DEBUG [o.a.c.n.t.BasicNetworkTopology]
(API-Job-Executor-98:ctx-90ac5cad job-2135 ctx-2eb15c74) (logid:90c06d44)
Applying vpc ip association in network Ntwk[246|Guest|30]
2022-01-04 00:55:58,442 DEBUG [c.c.a.t.Request]
(API-Job-Executor-98:ctx-90ac5cad job-2135 ctx-2eb15c74) (logid:90c06d44)
Seq 5-4862198747700030042: Sending  { Cmd , MgmtId: 90520740759984, via:
5(srv-4-comp.dnd-digital.infra), Ver: v1, Flags: 11,
[{"com.cloud.agent.api.routing.IpAssocVpcCommand":{"ipAddresses":[{"accountId":"5","publicIp":"10.129.0.37","sourceNat":"true","add":"false","oneToOneNat":"true","firstIP":"true","broadcastUri":"vlan://2990","vlanGateway":"10.129.0.1","vlanNetmask":"255.255.255.128","vifMacAddress":"1e:00:59:00:00:b2","networkRate":"-1","trafficType":"Public","networkName":"br3_CS_Pub","newNic":"false","isPrivateGateway":"false"}],"accessDetails":{"
router.name":"r-62-VM","router.guest.ip":"10.129.0.42","network.public.last.ip":"false","router.ip":"169.254.1.55","zone.network.type":"Advanced"},"wait":"0","bypassHostMaintenance":"false"}}]
}
2022-01-04 00:55:59,476 DEBUG [c.c.a.t.Request]
(AgentManager-Handler-3:null) (logid:) Seq 5-4862198747700030042:
Processing:  { Ans: , MgmtId: 90520740759984, via: 5, Ver: v1, Flags: 0,
[{"com.cloud.agent.api.routing.GroupAnswer":{"results":["null - success:
Creating file in VR, with ip: 169.254.1.55, file:
ip_associations.json.167dc5ba-c89a-48c8-9b99-81b375e59691","null - success:
Error: Nexthop has invalid gateway.
Error: Nexthop has invalid gateway.
Error: Nexthop has invalid gateway.
Error: Nexthop has invalid gateway.
Error: Nexthop has invalid gateway.
Error: Nexthop has invalid gateway.
Error: Nexthop has invalid gateway.
Error: Nexthop has invalid gateway.
Error: Nexthop has invalid gateway.
Error: Nexthop has invalid gateway.
Error: Nexthop has invalid gateway.
Error: Nexthop has invalid gateway.
Error: Nexthop has invalid gateway.
Error: Nexthop has invalid gateway.
Error: Nexthop has invalid gateway.
Error: Nexthop has invalid gateway.
Error: Nexthop has invalid gateway.
Error: Nexthop has invalid gateway.
Error: Nexthop has invalid gateway.
Error: Nexthop has invalid gateway.
Error: Nexthop has invalid gateway.
Error: Nexthop has invalid gateway.
Error: Nexthop has invalid gateway.
"],"result":"true","wait":"0","bypassHostMaintenance":"false"}}] }
2022-01-04 00:55:59,476 DEBUG [c.c.a.t.Request]
(API-Job-Executor-98:ctx-90ac5cad job-2135 ctx-2eb15c74) (logid:90c06d44)
Seq 5-4862198747700030042: Received:  { Ans: , MgmtId: 90520740759984, via:
5(srv-4-comp.dnd-digital.infra), Ver: v1, Flags: 0, { GroupAnswer } }
2022-01-04 00:55:59,486 ERROR [c.c.a.ApiAsyncJobDispatcher]
(API-Job-Executor-98:ctx-90ac5cad job-2135) (logid:90c06d44) Unexpected
exception while executing
org.apache.cloudstack.api.command.user.nat.DisableStaticNatCmd
com.cloud.exception.UnsupportedServiceException: Service UserData is not
supported in the network id=246
at
com.cloud.network.dao.NetworkServiceMapDaoImpl.getProviderForServiceInNetwork(NetworkServiceMapDaoImpl.java:126)
at jdk.internal.reflect.GeneratedMethodAccessor1754.invoke(Unknown Source)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at
com.cloud.utils.db.TransactionContextInterceptor.invoke(TransactionContextInterceptor.java:34)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
at
org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215)
at com.sun.proxy.$Proxy61.getProviderForServiceInNetwork(Unknown Source)
at
com.cloud.network.NetworkModelImpl.getUserDataUpdatePr

Re: Public IP is stucked in state "released" after usage for static nat

[vas...@gmx.de]

Hi Dan,

Sorry for the misunderstanding.
The VPC was created using a "custome" service offering which is not using /
offering "service user data" . The same goes for the NW-Offering which is
used for creation of the tiers. There is no service user data in this VPC.

The default / out-of-the-box VPC offering has the service "user data"
included. Same goes for the default nework offering for VPC Tiers. So this
service should be supported at all from my understanding.
That's why this error seems a bit "bogus" to me. I was understanding
somethin like "static nat can't be disabled due to missing service "user
data" for the network".

Deleting and building the whole thing from scratch will be the last resort,
yes. Even taking the risk that it won't be deletable as the allocated
ressourcces can't be released properly at the moment, e.g. using the
cloudstack.api.command.user.nat.DisableStaticNatCmd.
Seems like i found a configuration which doesn't work well but can be
created via the GUI. Even if i don't understand the connection between the
service user data and the service stativ nat.



Daan Hoogland  schrieb am Di., 4. Jan. 2022, 09:21:

> Chris, it looks to me like you should delete the VPC and then check if all
> IPs are available before creating a new one.
>
> As for the user data service, the message already says that user data is
> not supported, so why create another offering?
>
> On Tue, Jan 4, 2022 at 2:50 AM vas...@gmx.de  wrote:
>
>> hi everyone,
>>
>> sadly i am encountering some problems in my CS 4.16 set-up.
>>
>> today i wanted to take a look into static-nat for the routers of my vpc.
>> Sadly i missed, that the VM i wanted to assaign to the static public ip
>> had
>> was already targeted by an port forwarding.
>> As you can imagine i got an error that static can't be applied for this VM
>> / default interface.
>>
>> Thats when strange things happend.
>> The static NAT configuration was successfully applied.
>> I wanted to revert everything so i tried to delete the static NAT And i
>> got
>> the following error:
>>
>> 2022-01-04 00:55:58,394 DEBUG [o.a.c.n.t.AdvancedNetworkTopology]
>> (API-Job-Executor-98:ctx-90ac5cad job-2135 ctx-2eb15c74) (logid:90c06d44)
>> APPLYING VPC IP RULES
>> 2022-01-04 00:55:58,399 DEBUG [o.a.c.n.t.BasicNetworkTopology]
>> (API-Job-Executor-98:ctx-90ac5cad job-2135 ctx-2eb15c74) (logid:90c06d44)
>> Applying vpc ip association in network Ntwk[246|Guest|30]
>> 2022-01-04 00:55:58,442 DEBUG [c.c.a.t.Request]
>> (API-Job-Executor-98:ctx-90ac5cad job-2135 ctx-2eb15c74) (logid:90c06d44)
>> Seq 5-4862198747700030042: Sending  { Cmd , MgmtId: 90520740759984, via:
>> 5(srv-4-comp.dnd-digital.infra), Ver: v1, Flags: 11,
>>
>> [{"com.cloud.agent.api.routing.IpAssocVpcCommand":{"ipAddresses":[{"accountId":"5","publicIp":"10.129.0.37","sourceNat":"true","add":"false","oneToOneNat":"true","firstIP":"true","broadcastUri":"vlan://2990","vlanGateway":"10.129.0.1","vlanNetmask":"255.255.255.128","vifMacAddress":"1e:00:59:00:00:b2","networkRate":"-1","trafficType":"Public","networkName":"br3_CS_Pub","newNic":"false","isPrivateGateway":"false"}],"accessDetails":{"
>> router.name
>> ":"r-62-VM","router.guest.ip":"10.129.0.42","network.public.last.ip":"false","router.ip":"169.254.1.55","zone.network.type":"Advanced"},"wait":"0","bypassHostMaintenance":"false"}}]
>> }
>> 2022-01-04 00:55:59,476 DEBUG [c.c.a.t.Request]
>> (AgentManager-Handler-3:null) (logid:) Seq 5-4862198747700030042:
>> Processing:  { Ans: , MgmtId: 90520740759984, via: 5, Ver: v1, Flags: 0,
>> [{"com.cloud.agent.api.routing.GroupAnswer":{"results":["null - success:
>> Creating file in VR, with ip: 169.254.1.55, file:
>> ip_associations.json.167dc5ba-c89a-48c8-9b99-81b375e59691","null -
>> success:
>> Error: Nexthop has invalid gateway.
>> Error: Nexthop has invalid gateway.
>> Error: Nexthop has invalid gateway.
>> Error: Nexthop has invalid gateway.
>> Error: Nexthop has invalid gateway.
>> Error: Nexthop has invalid gateway.
>> Error: Nexthop has invalid gateway.
>> Error: Nexthop has invalid gateway.
>> Err

Re: Public IP is stucked in state "released" after usage for static nat

[vas...@gmx.de]

Hi Wei,

of course! :-)

https://github.com/apache/cloudstack/issues/5824

Regards,
Chris

Am Di., 4. Jan. 2022 um 11:32 Uhr schrieb Wei ZHOU :

> Hi Chris,
>
> This seems to be a bug. Can you file an issue on
> https://github.com/apache/cloudstack/issues ?
>
> -Wei
>
> On Tue, 4 Jan 2022 at 11:16, vas...@gmx.de  wrote:
>
>> Hi Dan,
>>
>> Sorry for the misunderstanding.
>> The VPC was created using a "custome" service offering which is not using
>> /
>> offering "service user data" . The same goes for the NW-Offering which is
>> used for creation of the tiers. There is no service user data in this VPC.
>>
>> The default / out-of-the-box VPC offering has the service "user data"
>> included. Same goes for the default nework offering for VPC Tiers. So this
>> service should be supported at all from my understanding.
>> That's why this error seems a bit "bogus" to me. I was understanding
>> somethin like "static nat can't be disabled due to missing service "user
>> data" for the network".
>>
>> Deleting and building the whole thing from scratch will be the last
>> resort,
>> yes. Even taking the risk that it won't be deletable as the allocated
>> ressourcces can't be released properly at the moment, e.g. using the
>> cloudstack.api.command.user.nat.DisableStaticNatCmd.
>> Seems like i found a configuration which doesn't work well but can be
>> created via the GUI. Even if i don't understand the connection between the
>> service user data and the service stativ nat.
>>
>>
>>
>> Daan Hoogland  schrieb am Di., 4. Jan. 2022,
>> 09:21:
>>
>> > Chris, it looks to me like you should delete the VPC and then check if
>> all
>> > IPs are available before creating a new one.
>> >
>> > As for the user data service, the message already says that user data is
>> > not supported, so why create another offering?
>> >
>> > On Tue, Jan 4, 2022 at 2:50 AM vas...@gmx.de  wrote:
>> >
>> >> hi everyone,
>> >>
>> >> sadly i am encountering some problems in my CS 4.16 set-up.
>> >>
>> >> today i wanted to take a look into static-nat for the routers of my
>> vpc.
>> >> Sadly i missed, that the VM i wanted to assaign to the static public ip
>> >> had
>> >> was already targeted by an port forwarding.
>> >> As you can imagine i got an error that static can't be applied for
>> this VM
>> >> / default interface.
>> >>
>> >> Thats when strange things happend.
>> >> The static NAT configuration was successfully applied.
>> >> I wanted to revert everything so i tried to delete the static NAT And i
>> >> got
>> >> the following error:
>> >>
>> >> 2022-01-04 00:55:58,394 DEBUG [o.a.c.n.t.AdvancedNetworkTopology]
>> >> (API-Job-Executor-98:ctx-90ac5cad job-2135 ctx-2eb15c74)
>> (logid:90c06d44)
>> >> APPLYING VPC IP RULES
>> >> 2022-01-04 00:55:58,399 DEBUG [o.a.c.n.t.BasicNetworkTopology]
>> >> (API-Job-Executor-98:ctx-90ac5cad job-2135 ctx-2eb15c74)
>> (logid:90c06d44)
>> >> Applying vpc ip association in network Ntwk[246|Guest|30]
>> >> 2022-01-04 00:55:58,442 DEBUG [c.c.a.t.Request]
>> >> (API-Job-Executor-98:ctx-90ac5cad job-2135 ctx-2eb15c74)
>> (logid:90c06d44)
>> >> Seq 5-4862198747700030042: Sending  { Cmd , MgmtId: 90520740759984,
>> via:
>> >> 5(srv-4-comp.dnd-digital.infra), Ver: v1, Flags: 11,
>> >>
>> >>
>> [{"com.cloud.agent.api.routing.IpAssocVpcCommand":{"ipAddresses":[{"accountId":"5","publicIp":"10.129.0.37","sourceNat":"true","add":"false","oneToOneNat":"true","firstIP":"true","broadcastUri":"vlan://2990","vlanGateway":"10.129.0.1","vlanNetmask":"255.255.255.128","vifMacAddress":"1e:00:59:00:00:b2","networkRate":"-1","trafficType":"Public","networkName":"br3_CS_Pub","newNic":"false","isPrivateGateway":"false"}],"accessDetails":{"
>> >> router.name
>> >>
>> ":"r-62-VM","router.guest.ip":"10.129.0.42","network.public.last.ip":"false","router.ip":&qu

Re: Public IP is stucked in state "released" after usage for static nat

[vas...@gmx.de]

As i will need to fix this - i guess somewhat during the reset of the week
are there any ideas on how to "remove" this from CS? (BackUP Jobs will be
started for DB and i wouldn't have the chance to perform a binarylog
rollback / recovery)

The "clean" way i guess would be a DB Rollback to a point prior to
enableing static NAT.
Taking a look into the DB itself, i only found one entry in the table
"user_ip_address": Entry with rulestate / state "Releasing" for the ip is
present. one_to_one_nat = 1 and the dnat_vmip is present.
Does anyone has some experience on cleaning this up directly in db?

Regards,
Chris

Am Di., 4. Jan. 2022 um 13:16 Uhr schrieb vas...@gmx.de :

> Hi Wei,
>
> of course! :-)
>
> https://github.com/apache/cloudstack/issues/5824
>
> Regards,
> Chris
>
> Am Di., 4. Jan. 2022 um 11:32 Uhr schrieb Wei ZHOU  >:
>
>> Hi Chris,
>>
>> This seems to be a bug. Can you file an issue on
>> https://github.com/apache/cloudstack/issues ?
>>
>> -Wei
>>
>> On Tue, 4 Jan 2022 at 11:16, vas...@gmx.de  wrote:
>>
>>> Hi Dan,
>>>
>>> Sorry for the misunderstanding.
>>> The VPC was created using a "custome" service offering which is not
>>> using /
>>> offering "service user data" . The same goes for the NW-Offering which is
>>> used for creation of the tiers. There is no service user data in this
>>> VPC.
>>>
>>> The default / out-of-the-box VPC offering has the service "user data"
>>> included. Same goes for the default nework offering for VPC Tiers. So
>>> this
>>> service should be supported at all from my understanding.
>>> That's why this error seems a bit "bogus" to me. I was understanding
>>> somethin like "static nat can't be disabled due to missing service "user
>>> data" for the network".
>>>
>>> Deleting and building the whole thing from scratch will be the last
>>> resort,
>>> yes. Even taking the risk that it won't be deletable as the allocated
>>> ressourcces can't be released properly at the moment, e.g. using the
>>> cloudstack.api.command.user.nat.DisableStaticNatCmd.
>>> Seems like i found a configuration which doesn't work well but can be
>>> created via the GUI. Even if i don't understand the connection between
>>> the
>>> service user data and the service stativ nat.
>>>
>>>
>>>
>>> Daan Hoogland  schrieb am Di., 4. Jan. 2022,
>>> 09:21:
>>>
>>> > Chris, it looks to me like you should delete the VPC and then check if
>>> all
>>> > IPs are available before creating a new one.
>>> >
>>> > As for the user data service, the message already says that user data
>>> is
>>> > not supported, so why create another offering?
>>> >
>>> > On Tue, Jan 4, 2022 at 2:50 AM vas...@gmx.de  wrote:
>>> >
>>> >> hi everyone,
>>> >>
>>> >> sadly i am encountering some problems in my CS 4.16 set-up.
>>> >>
>>> >> today i wanted to take a look into static-nat for the routers of my
>>> vpc.
>>> >> Sadly i missed, that the VM i wanted to assaign to the static public
>>> ip
>>> >> had
>>> >> was already targeted by an port forwarding.
>>> >> As you can imagine i got an error that static can't be applied for
>>> this VM
>>> >> / default interface.
>>> >>
>>> >> Thats when strange things happend.
>>> >> The static NAT configuration was successfully applied.
>>> >> I wanted to revert everything so i tried to delete the static NAT And
>>> i
>>> >> got
>>> >> the following error:
>>> >>
>>> >> 2022-01-04 00:55:58,394 DEBUG [o.a.c.n.t.AdvancedNetworkTopology]
>>> >> (API-Job-Executor-98:ctx-90ac5cad job-2135 ctx-2eb15c74)
>>> (logid:90c06d44)
>>> >> APPLYING VPC IP RULES
>>> >> 2022-01-04 00:55:58,399 DEBUG [o.a.c.n.t.BasicNetworkTopology]
>>> >> (API-Job-Executor-98:ctx-90ac5cad job-2135 ctx-2eb15c74)
>>> (logid:90c06d44)
>>> >> Applying vpc ip association in network Ntwk[246|Guest|30]
>>> >> 2022-01-04 00:55:58,442 DEBUG [c.c.a.t.Request]
>>> >> (API-Job-Executor-98:ctx-90ac5cad job-2135 ctx-2eb15c74)
>>> (logid:90c06d44)
>>> >> Seq 5-4862198747700030042:

Re: Public IP is stucked in state "released" after usage for static nat

[vas...@gmx.de]

Hi Wei,

Will have to think that through as I am not sure if I could revert back an
service offering without Service User data. Also do you guess  It could be
sufficent to only upgrade the effected network (as the error is pointing at
the network id)?
Why not using userdata... Well short: not needed in the current usecase of
the VPC as it is quiet static in regards of deploying vm's.
Also I have to argue such decisions with our compliance team which
basically comes to: If not needed then disable it. Especially in Our
CUrrent usecase.
As the GUI as well as the docs didn't suggested the actual need for this
service we are not deploying it.


Wei ZHOU  schrieb am Di., 4. Jan. 2022, 14:41:

> Hi Chris,
>
> You can try to update the network/vpc tier to an offering with Userdata
> and then disable static nat.
> May I ask why you decided not to use Userdata ?
>
> -Wei
>
>
>
>
> On Tue, 4 Jan 2022 at 14:35, vas...@gmx.de  wrote:
>
>> As i will need to fix this - i guess somewhat during the reset of the week
>> are there any ideas on how to "remove" this from CS? (BackUP Jobs will be
>> started for DB and i wouldn't have the chance to perform a binarylog
>> rollback / recovery)
>>
>> The "clean" way i guess would be a DB Rollback to a point prior to
>> enableing static NAT.
>> Taking a look into the DB itself, i only found one entry in the table
>> "user_ip_address": Entry with rulestate / state "Releasing" for the ip is
>> present. one_to_one_nat = 1 and the dnat_vmip is present.
>> Does anyone has some experience on cleaning this up directly in db?
>>
>> Regards,
>> Chris
>>
>> Am Di., 4. Jan. 2022 um 13:16 Uhr schrieb vas...@gmx.de :
>>
>> > Hi Wei,
>> >
>> > of course! :-)
>> >
>> > https://github.com/apache/cloudstack/issues/5824
>> >
>> > Regards,
>> > Chris
>> >
>> > Am Di., 4. Jan. 2022 um 11:32 Uhr schrieb Wei ZHOU <
>> ustcweiz...@gmail.com
>> > >:
>> >
>> >> Hi Chris,
>> >>
>> >> This seems to be a bug. Can you file an issue on
>> >> https://github.com/apache/cloudstack/issues ?
>> >>
>> >> -Wei
>> >>
>> >> On Tue, 4 Jan 2022 at 11:16, vas...@gmx.de  wrote:
>> >>
>> >>> Hi Dan,
>> >>>
>> >>> Sorry for the misunderstanding.
>> >>> The VPC was created using a "custome" service offering which is not
>> >>> using /
>> >>> offering "service user data" . The same goes for the NW-Offering
>> which is
>> >>> used for creation of the tiers. There is no service user data in this
>> >>> VPC.
>> >>>
>> >>> The default / out-of-the-box VPC offering has the service "user data"
>> >>> included. Same goes for the default nework offering for VPC Tiers. So
>> >>> this
>> >>> service should be supported at all from my understanding.
>> >>> That's why this error seems a bit "bogus" to me. I was understanding
>> >>> somethin like "static nat can't be disabled due to missing service
>> "user
>> >>> data" for the network".
>> >>>
>> >>> Deleting and building the whole thing from scratch will be the last
>> >>> resort,
>> >>> yes. Even taking the risk that it won't be deletable as the allocated
>> >>> ressourcces can't be released properly at the moment, e.g. using the
>> >>> cloudstack.api.command.user.nat.DisableStaticNatCmd.
>> >>> Seems like i found a configuration which doesn't work well but can be
>> >>> created via the GUI. Even if i don't understand the connection between
>> >>> the
>> >>> service user data and the service stativ nat.
>> >>>
>> >>>
>> >>>
>> >>> Daan Hoogland  schrieb am Di., 4. Jan. 2022,
>> >>> 09:21:
>> >>>
>> >>> > Chris, it looks to me like you should delete the VPC and then check
>> if
>> >>> all
>> >>> > IPs are available before creating a new one.
>> >>> >
>> >>> > As for the user data service, the message already says that user
>> data
>> >>> is
>> >>> > not supported, so why create another offering?
>> >>> >
>> >>> > On Tue, Jan 4, 2022 at

Re: UEFI on KVM silently becomes BIOS mode

[vas...@gmx.de]

Hi Piotr,

sadly i don't have a solution for your problem at the moment.
My suggestion is at least to open a issue at github. The last issues
mentioning anything UEFI-related are nearly 18 months old.

Am Mi., 5. Jan. 2022 um 11:08 Uhr schrieb Piotr Pisz :

> Hello,
>
>
>
> Does anyone know a workaround for this problem?
>
> This error prevents any VM from booting from UEFI, this is a serious
> problem.
>
> I have a lot of VMs converted from vSphere, all from UEFI, I can't imagine
> that none of them will be bootable! :-(
>
>
>
> Regards,
>
> Piotr
>
>
>
>
>
> From: Pieter Harvey 
> Sent: Monday, December 20, 2021 10:06 AM
> To: users@cloudstack.apache.org
> Subject: Re: UEFI on KVM silently becomes BIOS mode
>
>
>
> Got it, okay will continue other testing while 4.16.1 is in the works.
>
>
>
> Thank you
>
>
>
> On 20 Dec 2021, at 8:13, Piotr Pisz  pi...@piszki.pl> > wrote:
>
>
>
>
>
> Hey,
>
>
>
> I just wanted to write this, Pieter you are right, in 4.16 it doesn't work
> properly, old UEFI VMs work as is but new ones don't start up properly.
>
>
>
> Regards,
>
> Piotr
>
>
>
>
>
> -Original Message-
>
> From: Slavka Peleva  slav...@storpool.com.INVALID> >
>
> Sent: Monday, December 20, 2021 9:03 AM
>
> To: users@cloudstack.apache.org 
>
> Subject: Re: UEFI on KVM silently becomes BIOS mode
>
>
>
> Hi Pieter,
>
>
>
> This is a known issue in 4.16 with the missing loader tag in the XML
> definition. There is a fix that will get in the 4.16.1.0 release -
>
> https://github.com/apache/cloudstack/pull/5692
>
>
>
> Best regards,
>
> Slavka
>
> 
>
>
>
> On Sat, Dec 18, 2021 at 3:15 PM Piotr Pisz  pi...@piszki.pl> > wrote:
>
>
>
> Hi Pieter,
>
>
>
>
>
>
>
> I run it in CentOS 8:
>
>
>
>
>
>
>
> Cloudstack:
>
>
>
>
>
>
>
> i-4-46-VM
>
>
>
> e9c33f2d-7237-4cc1-b466-5d85a04ed549
>
>
>
> Other PV Virtio-SCSI (64-bit)
>
>
>
> 
> policy='require' name='vmx'/>
> name='vme'/>
> type='smbios'>
>
>
>
> 
>
>
>
> Apache Software Foundation
>
>
>
> CloudStack KVM Hypervisor
>
>
>
> e9c33f2d-7237-4cc1-b466-5d85a04ed549
>
>
>
> 
>
>
>
> 
>
>
>
> 
>
>
>
> hvm
>
>
>
> 
> template='/usr/share/edk2/ovmf/OVMF_VARS.fd'>/var/lib/libvirt/qemu/nvr
>
> am/e9c33f2d-7237-4cc1-b466-5d85a04ed549.fd
> dev='cdrom'/>
>
>
>
> 
>
>
>
> 
>
>
>
> 
>
>
>
>
>
>
>
> Virsh dump:
>
>
>
>
>
>
>
> 
>
>
>
> 
>
>
>
> Apache Software Foundation
>
>
>
> CloudStack KVM Hypervisor
>
>
>
> e9c33f2d-7237-4cc1-b466-5d85a04ed549
>
>
>
> 
>
>
>
> 
>
>
>
> 
>
>
>
> hvm
>
>
>
> 
>
>
>
> 
>
>
>
> 
>
>
>
> 
>
>
>
>
>
>
>
> Regards,
>
>
>
> Piotr
>
>
>
>
>
>
>
>
>
>
>
> From: Pieter Harvey  pieter.har...@icloud.com.INVALID> >
>
> Sent: Friday, December 17, 2021 5:46 PM
>
> To: Pieter Harvey  pieter.har...@icloud.com> >
>
> Cc: "users@cloudstack.apache.org  " <
> users@cloudstack.apache.org  >
>
> Subject: Re: UEFI on KVM silently becomes BIOS mode
>
>
>
>
>
>
>
> Hi Piotr,
>
>
>
>
>
>
>
> Is there any way to get this debug info (or xml dump) from CloudStack,
>
> what it is creating versus what ends up in virsh?
>
>
>
>
>
>
>
> I think I have configured everything correctly
>
>
>
> 1. cloudstack uefi enabled in database for host (host.uefi.enable)
>
>
>
> 2. host agent has uefi.properties with all paths configured (snippet
>
> below based Ubuntu 20.04.3)
>
>
>
> 3. instance is configured for UEFI (tried both legacy and secure boot)
>
>
>
>
>
>
>
> uefi.properties
>
>
>
> ==
>
>
>
> guest.nvram.template.secure=/usr/share/OVMF/OVMF_VARS.fd
>
>
>
> guest.nvram.template.legacy=/usr/share/OVMF/OVMF_VARS.fd
>
>
>
> guest.loader.secure=/usr/share/OVMF/OVMF_CODE.secboot.fd
>
>
>
> guest.loader.legacy=/usr/share/OVMF/OVMF_CODE.fd
>
>
>
> guest.nvram.path=/var/lib/libvirt/qemu/nvram/
>
>
>
>
>
>
>
> sudo ls -lh /usr/share/OVMF/
>
>
>
> 
>
>
>
> -rw-r--r-- 1 root root 1.9M Sep 20 13:11 OVMF_CODE.fd
>
>
>
> lrwxrwxrwx 1 root root 20 Sep 20 13:11 OVMF_CODE.ms.fd ->
>
> OVMF_CODE.secboot.fd
>
>
>
> -rw-r--r-- 1 root root 1.9M Sep 20 13:11 OVMF_CODE.secboot.fd
>
>
>
> -rw-r--r-- 1 root root 128K Sep 20 13:11 OVMF_VARS.fd
>
>
>
> -rw-r--r-- 1 root root 128K Sep 20 13:11 OVMF_VARS.ms.fd
>
>
>
> -rw-r--r-- 1 root root 128K Sep 20 13:11 OVMF_VARS.snakeoil.fd
>
>
>
>
>
>
>
> syslog
>
>
>
> =
>
>
>
> java[47841]: INFO [kvm.resource.LibvirtComputingResource] (main:)
>
> (logid:) uefi.properties file found at
>
> /etc/cloudstack/agent/uefi.properties
>
>
>
> java[47841]: INFO [kvm.resource.LibvirtComputingResource] (main:)
>
> (logid:) guest.nvram.template.legacy = /usr/share/OVMF/OVMF_VARS.fd
>
>
>
> java[47841]: INFO [kvm.resource.LibvirtComputingResource] (main:)
>
> (logid:) guest.loader.legacy = /usr/share/OVMF/OVMF_CODE.fd
>
>
>
> java[47841]: INFO [kvm.resource.LibvirtComputingResource] (main:)
>
> (logid:) guest.nvram.template.secure = /usr/share/OVMF/OVMF_VARS.fd
>
>
>
> java[47841]: INFO [kv

Re: Public IP is stucked in state "released" after usage for static nat

[vas...@gmx.de]

@ Wei

As suggested i wanted to trie to update the network / tier to an offering
with userdata.
Sadly i don't find a way to update the serviceoffering for an existing vpc
in the gui. Updateing the serviceoffering for the network wasn't
successfull as well. Got the error that the serviceprovider (the existing
VPC) doesn't support service user data. Therefore i couldn't update the
network as well.
So this seems to be a dead-lock.

Regards,
Chris

Am Di., 4. Jan. 2022 um 16:41 Uhr schrieb vas...@gmx.de :

> Hi Wei,
>
> Will have to think that through as I am not sure if I could revert back an
> service offering without Service User data. Also do you guess  It could be
> sufficent to only upgrade the effected network (as the error is pointing at
> the network id)?
> Why not using userdata... Well short: not needed in the current usecase of
> the VPC as it is quiet static in regards of deploying vm's.
> Also I have to argue such decisions with our compliance team which
> basically comes to: If not needed then disable it. Especially in Our
> CUrrent usecase.
> As the GUI as well as the docs didn't suggested the actual need for this
> service we are not deploying it.
>
>
> Wei ZHOU  schrieb am Di., 4. Jan. 2022, 14:41:
>
>> Hi Chris,
>>
>> You can try to update the network/vpc tier to an offering with Userdata
>> and then disable static nat.
>> May I ask why you decided not to use Userdata ?
>>
>> -Wei
>>
>>
>>
>>
>> On Tue, 4 Jan 2022 at 14:35, vas...@gmx.de  wrote:
>>
>>> As i will need to fix this - i guess somewhat during the reset of the
>>> week
>>> are there any ideas on how to "remove" this from CS? (BackUP Jobs will be
>>> started for DB and i wouldn't have the chance to perform a binarylog
>>> rollback / recovery)
>>>
>>> The "clean" way i guess would be a DB Rollback to a point prior to
>>> enableing static NAT.
>>> Taking a look into the DB itself, i only found one entry in the table
>>> "user_ip_address": Entry with rulestate / state "Releasing" for the ip is
>>> present. one_to_one_nat = 1 and the dnat_vmip is present.
>>> Does anyone has some experience on cleaning this up directly in db?
>>>
>>> Regards,
>>> Chris
>>>
>>> Am Di., 4. Jan. 2022 um 13:16 Uhr schrieb vas...@gmx.de :
>>>
>>> > Hi Wei,
>>> >
>>> > of course! :-)
>>> >
>>> > https://github.com/apache/cloudstack/issues/5824
>>> >
>>> > Regards,
>>> > Chris
>>> >
>>> > Am Di., 4. Jan. 2022 um 11:32 Uhr schrieb Wei ZHOU <
>>> ustcweiz...@gmail.com
>>> > >:
>>> >
>>> >> Hi Chris,
>>> >>
>>> >> This seems to be a bug. Can you file an issue on
>>> >> https://github.com/apache/cloudstack/issues ?
>>> >>
>>> >> -Wei
>>> >>
>>> >> On Tue, 4 Jan 2022 at 11:16, vas...@gmx.de  wrote:
>>> >>
>>> >>> Hi Dan,
>>> >>>
>>> >>> Sorry for the misunderstanding.
>>> >>> The VPC was created using a "custome" service offering which is not
>>> >>> using /
>>> >>> offering "service user data" . The same goes for the NW-Offering
>>> which is
>>> >>> used for creation of the tiers. There is no service user data in this
>>> >>> VPC.
>>> >>>
>>> >>> The default / out-of-the-box VPC offering has the service "user data"
>>> >>> included. Same goes for the default nework offering for VPC Tiers. So
>>> >>> this
>>> >>> service should be supported at all from my understanding.
>>> >>> That's why this error seems a bit "bogus" to me. I was understanding
>>> >>> somethin like "static nat can't be disabled due to missing service
>>> "user
>>> >>> data" for the network".
>>> >>>
>>> >>> Deleting and building the whole thing from scratch will be the last
>>> >>> resort,
>>> >>> yes. Even taking the risk that it won't be deletable as the allocated
>>> >>> ressourcces can't be released properly at the moment, e.g. using the
>>> >>> cloudstack.api.command.user.nat.DisableStaticNatCmd.
>>> >>> Seems like i found a co

Re: Public IP is stucked in state "released" after usage for static nat

[vas...@gmx.de]

Today, after spending some more time investigating the database for
dependencies as well as looking through the live configuration of the VPC
routers, i decided to change the values in the database directly.
Everything seems back to normal. IP is again availeable, can be aquired and
used for portforwarding and released.

Nevertheless i hope someone more qualified and skilled will find some time
to take a look into this.

Thanks for your help,
regards
Chris

Am Mi., 5. Jan. 2022 um 15:31 Uhr schrieb vas...@gmx.de :

> @ Wei
>
> As suggested i wanted to trie to update the network / tier to an offering
> with userdata.
> Sadly i don't find a way to update the serviceoffering for an existing vpc
> in the gui. Updateing the serviceoffering for the network wasn't
> successfull as well. Got the error that the serviceprovider (the existing
> VPC) doesn't support service user data. Therefore i couldn't update the
> network as well.
> So this seems to be a dead-lock.
>
> Regards,
> Chris
>
> Am Di., 4. Jan. 2022 um 16:41 Uhr schrieb vas...@gmx.de :
>
>> Hi Wei,
>>
>> Will have to think that through as I am not sure if I could revert back
>> an service offering without Service User data. Also do you guess  It could
>> be sufficent to only upgrade the effected network (as the error is pointing
>> at the network id)?
>> Why not using userdata... Well short: not needed in the current usecase
>> of the VPC as it is quiet static in regards of deploying vm's.
>> Also I have to argue such decisions with our compliance team which
>> basically comes to: If not needed then disable it. Especially in Our
>> CUrrent usecase.
>> As the GUI as well as the docs didn't suggested the actual need for this
>> service we are not deploying it.
>>
>>
>> Wei ZHOU  schrieb am Di., 4. Jan. 2022, 14:41:
>>
>>> Hi Chris,
>>>
>>> You can try to update the network/vpc tier to an offering with Userdata
>>> and then disable static nat.
>>> May I ask why you decided not to use Userdata ?
>>>
>>> -Wei
>>>
>>>
>>>
>>>
>>> On Tue, 4 Jan 2022 at 14:35, vas...@gmx.de  wrote:
>>>
>>>> As i will need to fix this - i guess somewhat during the reset of the
>>>> week
>>>> are there any ideas on how to "remove" this from CS? (BackUP Jobs will
>>>> be
>>>> started for DB and i wouldn't have the chance to perform a binarylog
>>>> rollback / recovery)
>>>>
>>>> The "clean" way i guess would be a DB Rollback to a point prior to
>>>> enableing static NAT.
>>>> Taking a look into the DB itself, i only found one entry in the table
>>>> "user_ip_address": Entry with rulestate / state "Releasing" for the ip
>>>> is
>>>> present. one_to_one_nat = 1 and the dnat_vmip is present.
>>>> Does anyone has some experience on cleaning this up directly in db?
>>>>
>>>> Regards,
>>>> Chris
>>>>
>>>> Am Di., 4. Jan. 2022 um 13:16 Uhr schrieb vas...@gmx.de >>> >:
>>>>
>>>> > Hi Wei,
>>>> >
>>>> > of course! :-)
>>>> >
>>>> > https://github.com/apache/cloudstack/issues/5824
>>>> >
>>>> > Regards,
>>>> > Chris
>>>> >
>>>> > Am Di., 4. Jan. 2022 um 11:32 Uhr schrieb Wei ZHOU <
>>>> ustcweiz...@gmail.com
>>>> > >:
>>>> >
>>>> >> Hi Chris,
>>>> >>
>>>> >> This seems to be a bug. Can you file an issue on
>>>> >> https://github.com/apache/cloudstack/issues ?
>>>> >>
>>>> >> -Wei
>>>> >>
>>>> >> On Tue, 4 Jan 2022 at 11:16, vas...@gmx.de  wrote:
>>>> >>
>>>> >>> Hi Dan,
>>>> >>>
>>>> >>> Sorry for the misunderstanding.
>>>> >>> The VPC was created using a "custome" service offering which is not
>>>> >>> using /
>>>> >>> offering "service user data" . The same goes for the NW-Offering
>>>> which is
>>>> >>> used for creation of the tiers. There is no service user data in
>>>> this
>>>> >>> VPC.
>>>> >>>
>>>> >>> The default / out-of-the-box VPC offering has the service "user
>>>> data&qu

Re: CloudStack Integration/Compatibility Matrix

[vas...@gmx.de]

Hi Ivet,

thank you for your effort and getting this matrix together.
I did take a look into the list and i am a bit confuced about the terms
"Compability" and "Integration".
For example the monitoring product "zabbix". From my understanding this
product is compatible, as you can deploy it and get some data about the
hosts, information about deployed VMs and stuff. But you will have to do it
manually as there is not dedicated interface nor a plugin from cloudstack
especially for zabbix (or in that case some "official" zabbix integrations.
The availeable are seem to be a bit outdated, as the last changes have been
made 6 and 10 years ago). Which for me would destinguish "compatible" from
"integrated".
Maybe it would be an ideal to add another "dimension" of information with
colours or something?

Regards
Chris

Am Mi., 2. Feb. 2022 um 14:00 Uhr schrieb Ivet Petrova <
ivet.petr...@shapeblue.com>:

> Hi,
>
> Anybody some comments or suggestions here?
>
> Kind regards,
>
>
>
>
> On 17 Jan 2022, at 14:54, Ivet Petrova  ivet.petr...@shapeblue.com>> wrote:
>
> Hello all,
>
> I thought it might be useful for our community and for CloudStack as a
> technology, that we have an Integration/Compatibility matrix.
> My idea is to collect all active and supported integrations and spread
> them into suitable categories. Also to position technologies, with which we
> are compatible. So that the potential users can have a high-level overview
> how CloudStack integrates with their existing technology stack.
>
> I create a file bellow and would love to hear your comments. The file is
> with comments options, so if someone wants to add or share something, you
> can also write in the file.
>
>
> https://docs.google.com/spreadsheets/d/1kjYDyCkp9k-zzDdeEhwZJZZaNfaiyE_OCt_IzBQcZak/edit?usp=sharing
>
> Hope you can help me!
>
> Kind regards,
>
>
>

Re: dashboard cpu

[vas...@gmx.de]

Hi Piotr,

might be worth to check which values are shown when overprovision=1x. After
all the numer of cores should be correct then, showing you 1344 Cores.
I had some "trouble" with host which weren't recognized properly after
applying updates / usage of maintanace mode. So the numerbers in the
dashboard were shown wrong.

https://lists.apache.org/thread/kj4g1pzdcw3lbhsorllp126866nd9scp

Might be werth checking.
Regards,

Chris

Am Mo., 21. Feb. 2022 um 09:59 Uhr schrieb Piotr Pisz :

> Hi,
>
> I have a question about what the dashboard shows in the cpu core section.
>
>
>
> We have 21 hosts each with 64 core (3.2 GHz), we have cpu overprovisioning
> x2 enabled.
>
> The dashboard shows cpu cores as 1004/1792 which does not match any of the
> calculations.
>
> How is it counted, what does the dashboard really show?
>
>
>
> Regards,
>
> Piotr
>
>

Re: Cloudstack without a router?

[vas...@gmx.de]

 Hi Jeremy,

Public : Accessible / reachable from outside of the CS environment; are not
controlled and managed by CS. Has nothing to do with the usal terminology
regarding "IP-Adresses".
Private: Internal networks within the cloudstack environment - management /
storage / guesttraffic (if not using "L2 Network" ServiceOfferings).

I guess you are trying to set up something like what is called
"small-scale" deployment.
which time of zones did you deploy / use for testing?

The IP adress for system VMs is configured at the zonecreation. you are
providing there a IP address range for systemVMs. This is stored in the CS
- Database. If the machine reboots the system VM will get the ip out the
pool of "assigned" ip adresses.
You should find theses in the networksettings of the zone you have
deployend. There you can configure the range of availeable ips for
systemvms.

Regards
Chris

Am Mo., 28. Feb. 2022 um 10:59 Uhr schrieb Jeremy Hansen
:

> I’m not talking about public as in externally routable IPs. The system vms
> use the terminology of public and private IPs which in my case is just two
> IPs on the same internal subnet so it seems redundant for no real reason.
> In my case public and private is the same network so why have two
> interfaces that are on the same network on each system vm?
>
> I want to control the IPs that get assigned to the system vm’s so I can
> avoid IPs conflicts. I’d like the system vm’s to allocate from the same
> dhcp server the guests vm are pulling from over the L2 network.  If it gets
> its ip from dhcp like everything else, I won’t have to worry about IP
> conflicts when the system vm’s seem to just randomly assign IPs that could
> be the ip of another device on the network. I basically just want
> everything to use the dhcp server I’m running external to Cloudstack.
>
> Thanks
>
>
>
>
>
> On Monday, Feb 28, 2022 at 1:31 AM, Nux!  wrote:
>
>
> What do you mean by "static IPs"?
>
> The system vms will continue to need the usual networks in Cloudstack.
>
> You will need to look at the "management" and "public" (and "secondary
> storage" if you specified that expressly) networks in Cloudstack, see if
> there are any changes you can do to integrate it in your environment.
>
> Don't forget, none of said networks actually need to use "public" IPs,
> you can operate entirely in the realm of RFC 1918, this may help you
> juggle things around.
>
> ---
> Nux!
> www.nux.ro [1]
>
> On 2022-02-28 07:25, Jeremy Hansen wrote:
>
> One more question related to this. I see System VMs are still using
> static IPs. I'm not sure where they're pulled from since I've removed
> the shared network completely and I'm only using L2 now.
>
> Also, the System VMs have a Public and Private IP, but in my case,
> everything is on a flat network and these interfaces are just getting
> two IPs for the same network. Can I disable one of these interfaces to
> simplify things without breaking things?
>
> Thanks
> -jeremy
>
> On Saturday, Feb 26, 2022 at 3:20 AM, Jeremy Hansen 
> wrote:
>
> Figured it out. Thanks again. The L2 network is exactly what I
> needed.
>
> -jeremy
>
> On Saturday, Feb 26, 2022 at 2:38 AM, Jeremy Hansen 
> wrote:
>
> Thank you. I'm working out the L2 config now but it appears to be
> working. My next question, is it possible to transition existing VMs
> to a new guest network? I didn't see anything obvious. Cloudmonkey?
>
> -jeremy
>
> On Saturday, Feb 26, 2022 at 1:07 AM, Wei ZHOU 
> wrote:
> HI Jeremy,
>
> You can use L2 network.
>
> It is not system VMS stealing ip, but might because you set wrong ip
> range
> when you added the pod.
>
> Wei
>
> On Saturday, 26 February 2022, Jeremy Hansen
> 
> wrote:
>
> Is there a way to run Cloudstack without a virtual router? I basically
> want CS to handle the management of vm's but I'd like to use outside
> network services for dhcp/ip allocation. Separate dhcp server not
> managed
> by CS? Is this possible?
>
> How can I dictate the IPs used by infrastructure VMs? I'm running in to
> IP conflicts because system vm's keep stealing IPs that are already
> being
> used.
>
> Thanks
>
>
>
> Links:
> --
> [1] http://www.nux.ro
>
>

Re: extraconfig

[vas...@gmx.de]

@suresh

Just for understanding in this context:
The issue you linked basically stated that if one upgrades to CS 4.16.1 all
VMs created using a custome constrained offering can't
- be updated / migrated to another service offering
- be edited with new settings
- be changed as new values for existing settings can't be changed

So basically the whole functionality of adding & changeing settings as well
as migrateing to "open" service offerings as a "work aroind" is broken for
these kind of VMs?
Sounds like a quiet big issue tbh which might be werth to mention in the
actual release notes?

Am Mo., 21. März 2022 um 10:34 Uhr schrieb Suresh Anaparti <
suresh.anapa...@shapeblue.com>:

> Hi Piotr,
>
> Similar issue was logged here:
> https://github.com/apache/cloudstack/issues/6131 and fixed recently. Is
> it the same issue?
>
>
> Regards,
> Suresh
>
> On 19/03/22, 2:19 PM, "Piotr Pisz"  wrote:
>
> Hi,
>
>
>
> In CS 4.16.1 I am not able to add any additional settings in the VM.
> It ends
> with the following message:
>
>
>
>
>
> Request Failed (530)
>
> Failed to update VM, due to: The cpu speed of this offering
> id:84225c4c-1cbd-4439-ac17-333299e560b2 is not customizable. This is
> predefined in the template.
>
>
>
> The message is independent of the compute profile type.
>
> Could someone check if can add new settings to vm w cs 4.16.1?
>
>
>
>
>
> Regards,
>
> Piotr
>
>
>
>
>
>

Re: Virtual Router /etc/hosts File

[vas...@gmx.de]

Nice idea but that set-up shouldn't survive a reboot of the router or be
available after destroying the router.

mario juliano grande-balletta  schrieb am Mo.,
21. März 2022, 15:27:

> symlink   /etc/hosts  to a static file with read only
> change the read only when you need to make changes to host names & IP
> ---not the correct/best solution; very hack; but OK for temporary testing
>
>
> -Original Message-From: Nux Reply-To:
> users@cloudstack.apache.orgTo: users@cloudstack.apache.orgCc: Serge
> Byishimo Subject: Re: Virtual Router /etc/hosts
> FileDate: Mon, 21 Mar 2022 13:20:27 +
> Your best bet is to use DNS instead, there is no way to make /etc/hosts
> permanent.
> ---Nux!www.nux.ro
> On 2022-03-21 11:27, Serge Byishimo wrote:
> Hi all,
> I would like to know how to make my added IPs in the /etc/hosts
> filepermanent.
> It seems every time cloudstack is restarted for some reason (power
> outage,...) the IPs I added in the /etc/hosts file are lost.
> This is not related to the already existing configurations that exist
> inthat file but instead, there are other IPs I add to that file that
> helpsthe NGINX proxy server I installed in the virtual router.
> Any thoughts or comments would be appreciated!
> Best regards,
>

Re: extraconfig

[vas...@gmx.de]

So it seems we foud your problem ;-)

Have to admitt that i will skip 4.16.1. Tried today to just update ubuntu
20.04. , leaving out the CS packages / repositorys - which in my case left
me this time with - as much as it seems - kind of nonworking setup. Might
be that the database was corrputed. How ever , i wasn't able to deploy
anything afterwards. Even upgrading then to 4.16.1 of the whole environment
didn't help. So i had to roll-back to 4.16.0 and the "old" security patches.
Guess the nect try will be 4.17.0 then.

Am Mo., 21. März 2022 um 12:24 Uhr schrieb Piotr Pisz :

> Yes, that's exactly it.
>
> Only modifying Constrained VM settings doesn't work, the rest work fine.
>
> Regards,
> Piotr
>
>
> -Original Message-
> From: Suresh Anaparti 
> Sent: Monday, March 21, 2022 10:34 AM
> To: users@cloudstack.apache.org; pi...@piszki.pl
> Subject: Re: extraconfig
>
> Hi Piotr,
>
> Similar issue was logged here:
> https://github.com/apache/cloudstack/issues/6131 and fixed recently. Is
> it the same issue?
>
>
> Regards,
> Suresh
>
> On 19/03/22, 2:19 PM, "Piotr Pisz"  wrote:
>
> Hi,
>
>
>
> In CS 4.16.1 I am not able to add any additional settings in the VM.
> It ends
> with the following message:
>
>
>
>
>
> Request Failed (530)
>
> Failed to update VM, due to: The cpu speed of this offering
> id:84225c4c-1cbd-4439-ac17-333299e560b2 is not customizable. This is
> predefined in the template.
>
>
>
> The message is independent of the compute profile type.
>
> Could someone check if can add new settings to vm w cs 4.16.1?
>
>
>
>
>
> Regards,
>
> Piotr
>
>
>
>
>
>
>

Re: extraconfig

[vas...@gmx.de]

Thanks piotr,

i am just a bit confused by what you mean with "compute profile" exactly?`

regards
chris

Am Di., 22. März 2022 um 09:50 Uhr schrieb Piotr Pisz :

> Hello,
>
> There is a workaround for this problem, just change the compute profile to
> fixed and make changes to the vm settings. And then go back to the correct
> profile.
>
> Regards,
> Piotr
>
>
> -Original Message-
> From: vas...@gmx.de 
> Sent: Monday, March 21, 2022 11:08 PM
> To: users@cloudstack.apache.org
> Subject: Re: extraconfig
>
> So it seems we foud your problem ;-)
>
> Have to admitt that i will skip 4.16.1. Tried today to just update ubuntu
> 20.04. , leaving out the CS packages / repositorys - which in my case left
> me this time with - as much as it seems - kind of nonworking setup. Might
> be that the database was corrputed. How ever , i wasn't able to deploy
> anything afterwards. Even upgrading then to 4.16.1 of the whole environment
> didn't help. So i had to roll-back to 4.16.0 and the "old" security patches.
> Guess the nect try will be 4.17.0 then.
>
> Am Mo., 21. März 2022 um 12:24 Uhr schrieb Piotr Pisz :
>
> > Yes, that's exactly it.
> >
> > Only modifying Constrained VM settings doesn't work, the rest work fine.
> >
> > Regards,
> > Piotr
> >
> >
> > -Original Message-
> > From: Suresh Anaparti 
> > Sent: Monday, March 21, 2022 10:34 AM
> > To: users@cloudstack.apache.org; pi...@piszki.pl
> > Subject: Re: extraconfig
> >
> > Hi Piotr,
> >
> > Similar issue was logged here:
> > https://github.com/apache/cloudstack/issues/6131 and fixed recently.
> > Is it the same issue?
> >
> >
> > Regards,
> > Suresh
> >
> > On 19/03/22, 2:19 PM, "Piotr Pisz"  wrote:
> >
> > Hi,
> >
> >
> >
> > In CS 4.16.1 I am not able to add any additional settings in the VM.
> > It ends
> > with the following message:
> >
> >
> >
> >
> >
> > Request Failed (530)
> >
> > Failed to update VM, due to: The cpu speed of this offering
> > id:84225c4c-1cbd-4439-ac17-333299e560b2 is not customizable. This is
> > predefined in the template.
> >
> >
> >
> > The message is independent of the compute profile type.
> >
> > Could someone check if can add new settings to vm w cs 4.16.1?
> >
> >
> >
> >
> >
> > Regards,
> >
> > Piotr
> >
> >
> >
> >
> >
> >
> >
>
>

Boot VM into BIOS after deployment

[vas...@gmx.de]

hi everyone,

currently i am looking for a way to boot a vm into bios / uefi. The
challange for me is, that i would like to enable the actual users to do so
via the GUI / ConsoleProxy GUI.
However using the consoleproxy GUI is kind of challangeing to the actual
booting speed.
I found that there is a option availeable when vmware is used as a
hypervisor...
Is there somthing similar availeable for kvm? How do you manage to boot
into bios / uefi if needed?

regards,
chris

Re: Boot VM into BIOS after deployment

[vas...@gmx.de]

hi piotr,

thanks for your Link - as always high quality stuff.
But the information there is more about on how to enable UEFI at all.

For me it is more the basic task to boot a vm directly into bios mode
without juggeling the console proxy to hit f2 at the right time. There has
been an issue for this
https://github.com/apache/cloudstack/issues/3583

Which lead to an setting, that you can reboot a vm directly to bios from
the gui while using vmware.
Now my question is, if there is something simila availeable for kvm - or
how one can "easily" enter the bios of a deployed VM.

regards,
chris

Am Do., 24. März 2022 um 09:41 Uhr schrieb Piotr Pisz :

> Hello,
>
> Here you will find the information you need:
> https://lab.piszki.pl/cloudstack-vm-with-vtpm-and-secure-boot-uefi/
>
> Regards,
> Piotr
>
>
> -----Original Message-
> From: vas...@gmx.de 
> Sent: Wednesday, March 23, 2022 5:29 PM
> To: users@cloudstack.apache.org
> Subject: Boot VM into BIOS after deployment
>
> hi everyone,
>
> currently i am looking for a way to boot a vm into bios / uefi. The
> challange for me is, that i would like to enable the actual users to do so
> via the GUI / ConsoleProxy GUI.
> However using the consoleproxy GUI is kind of challangeing to the actual
> booting speed.
> I found that there is a option availeable when vmware is used as a
> hypervisor...
> Is there somthing similar availeable for kvm? How do you manage to boot
> into bios / uefi if needed?
>
> regards,
> chris
>
>

Re: Boot VM into BIOS after deployment

[vas...@gmx.de]

hi Nux,

Personally i didn't want to change something 😄 - the question came from
one of our fallow team-members, which been working with vmware indeed.
After some more talks the question came from some testing with uefi
capabilities. As we would need to work with the plattform keys. So this
wasn't really about BIOS-Settings i guess.
Looking at the OMVF-Packages needed for Uefi-Support, it seems that after
installatin / activation you will get some more options to boot into this
environment.

regards,
chris

Am Mo., 28. März 2022 um 14:51 Uhr schrieb Nux :

> There is no BIOS for KVM afaik, same for Xen.
> All the stuff you might want to change in a traditional BIOS interface
> can be done via command line parameters.
> What exactly do you want to change?
>
> ---
> Nux!
> www.nux.ro
>
> On 2022-03-28 13:46, Daan Hoogland wrote:
> > I think the boot into bios option was only implemented for Vmware. Good
> > feature request though. Should be easy to implement (if KVM provides an
> > option for it)
> >
> > On Thu, Mar 24, 2022 at 10:47 AM vas...@gmx.de  wrote:
> >
> >> hi piotr,
> >>
> >> thanks for your Link - as always high quality stuff.
> >> But the information there is more about on how to enable UEFI at all.
> >>
> >> For me it is more the basic task to boot a vm directly into bios mode
> >> without juggeling the console proxy to hit f2 at the right time. There
> >> has
> >> been an issue for this
> >> https://github.com/apache/cloudstack/issues/3583
> >>
> >> Which lead to an setting, that you can reboot a vm directly to bios
> >> from
> >> the gui while using vmware.
> >> Now my question is, if there is something simila availeable for kvm -
> >> or
> >> how one can "easily" enter the bios of a deployed VM.
> >>
> >> regards,
> >> chris
> >>
> >> Am Do., 24. März 2022 um 09:41 Uhr schrieb Piotr Pisz
> >> :
> >>
> >> > Hello,
> >> >
> >> > Here you will find the information you need:
> >> > https://lab.piszki.pl/cloudstack-vm-with-vtpm-and-secure-boot-uefi/
> >> >
> >> > Regards,
> >> > Piotr
> >> >
> >> >
> >> > -Original Message-
> >> > From: vas...@gmx.de 
> >> > Sent: Wednesday, March 23, 2022 5:29 PM
> >> > To: users@cloudstack.apache.org
> >> > Subject: Boot VM into BIOS after deployment
> >> >
> >> > hi everyone,
> >> >
> >> > currently i am looking for a way to boot a vm into bios / uefi. The
> >> > challange for me is, that i would like to enable the actual users to
> do
> >> so
> >> > via the GUI / ConsoleProxy GUI.
> >> > However using the consoleproxy GUI is kind of challangeing to the
> actual
> >> > booting speed.
> >> > I found that there is a option availeable when vmware is used as a
> >> > hypervisor...
> >> > Is there somthing similar availeable for kvm? How do you manage to
> boot
> >> > into bios / uefi if needed?
> >> >
> >> > regards,
> >> > chris
> >> >
> >> >
> >>
>

Re: Boot VM into BIOS after deployment

[vas...@gmx.de]

Hi Nux,

thanks again for your advice. Until know i didn't had to deal with this
myself, too. How ever: We are now getting more and more compliance guides
explecitly stateing the use of UEFI as well as secure boot. Therefor the
topic is getting more and more interesting as well as the whole management
around it.

regards,
Chris

Am Mo., 28. März 2022 um 15:40 Uhr schrieb Nux :

> Yes, indeed. With UEFI you do get some sort of "bios" interface.
> Personally I've never needed UEFI so I've stayed away from the extra
> complications.
>
> ---
> Nux!
> www.nux.ro
>
> On 2022-03-28 14:30, vas...@gmx.de wrote:
> > hi Nux,
> >
> > Personally i didn't want to change something 😄 - the question came from
> > one of our fallow team-members, which been working with vmware indeed.
> > After some more talks the question came from some testing with uefi
> > capabilities. As we would need to work with the plattform keys. So this
> > wasn't really about BIOS-Settings i guess.
> > Looking at the OMVF-Packages needed for Uefi-Support, it seems that
> > after
> > installatin / activation you will get some more options to boot into
> > this
> > environment.
> >
> > regards,
> > chris
> >
> > Am Mo., 28. März 2022 um 14:51 Uhr schrieb Nux :
> >
> >> There is no BIOS for KVM afaik, same for Xen.
> >> All the stuff you might want to change in a traditional BIOS interface
> >> can be done via command line parameters.
> >> What exactly do you want to change?
> >>
> >> ---
> >> Nux!
> >> www.nux.ro
> >>
> >> On 2022-03-28 13:46, Daan Hoogland wrote:
> >> > I think the boot into bios option was only implemented for Vmware.
> Good
> >> > feature request though. Should be easy to implement (if KVM provides
> an
> >> > option for it)
> >> >
> >> > On Thu, Mar 24, 2022 at 10:47 AM vas...@gmx.de  wrote:
> >> >
> >> >> hi piotr,
> >> >>
> >> >> thanks for your Link - as always high quality stuff.
> >> >> But the information there is more about on how to enable UEFI at all.
> >> >>
> >> >> For me it is more the basic task to boot a vm directly into bios mode
> >> >> without juggeling the console proxy to hit f2 at the right time.
> There
> >> >> has
> >> >> been an issue for this
> >> >> https://github.com/apache/cloudstack/issues/3583
> >> >>
> >> >> Which lead to an setting, that you can reboot a vm directly to bios
> >> >> from
> >> >> the gui while using vmware.
> >> >> Now my question is, if there is something simila availeable for kvm -
> >> >> or
> >> >> how one can "easily" enter the bios of a deployed VM.
> >> >>
> >> >> regards,
> >> >> chris
> >> >>
> >> >> Am Do., 24. März 2022 um 09:41 Uhr schrieb Piotr Pisz
> >> >> :
> >> >>
> >> >> > Hello,
> >> >> >
> >> >> > Here you will find the information you need:
> >> >> >
> https://lab.piszki.pl/cloudstack-vm-with-vtpm-and-secure-boot-uefi/
> >> >> >
> >> >> > Regards,
> >> >> > Piotr
> >> >> >
> >> >> >
> >> >> > -Original Message-
> >> >> > From: vas...@gmx.de 
> >> >> > Sent: Wednesday, March 23, 2022 5:29 PM
> >> >> > To: users@cloudstack.apache.org
> >> >> > Subject: Boot VM into BIOS after deployment
> >> >> >
> >> >> > hi everyone,
> >> >> >
> >> >> > currently i am looking for a way to boot a vm into bios / uefi. The
> >> >> > challange for me is, that i would like to enable the actual users
> to
> >> do
> >> >> so
> >> >> > via the GUI / ConsoleProxy GUI.
> >> >> > However using the consoleproxy GUI is kind of challangeing to the
> >> actual
> >> >> > booting speed.
> >> >> > I found that there is a option availeable when vmware is used as a
> >> >> > hypervisor...
> >> >> > Is there somthing similar availeable for kvm? How do you manage to
> >> boot
> >> >> > into bios / uefi if needed?
> >> >> >
> >> >> > regards,
> >> >> > chris
> >> >> >
> >> >> >
> >> >>
> >>
>

Re: Odp: Odp: Cludstack vm backup

[vas...@gmx.de]

Maybe it would be usefull to provide some more information regarding the
different "snapshots" which are availeable.
As far as I am aware we have
 - Volume Snapshots - which can be used with different VMs and can be
planned ahead.

https://docs.cloudstack.apache.org/en/4.16.1.0/adminguide/storage.html#working-with-volume-snapshots
 - VM Snapshots - which I guess is more "synonym" when talking about
snapshots.

https://docs.cloudstack.apache.org/en/4.16.1.0/adminguide/virtual_machines.html#virtual-machine-snapshots

The documentation "only" mentions "Automatic Snapshot Creation" for volumes
/ storage. I am not quiet shure if this feature is also availeable for
VM-Snapshots.

Am Fr., 27. Mai 2022 um 11:57 Uhr schrieb Nux :

> You can have that, it's called "recurrent snapshots", in the UI you will
> find it under the "clock" icon when in the Volume page.
>
>
> https://cloudstack.apache.org/api/apidocs-4.16/apis/createSnapshotPolicy.html
>
> ---
> Nux
> www.nux.ro
>
>
> On 2022-05-27 10:41, Mariusz Wojtarek wrote:
>
> I look for solution with schedule option, as I know snaphost can be done
> only on demand
>
>
>
>
>
> [image: Support Online]
>
>
> *Mariusz Wojtarek*
>
> Administrator iT
>
> *P: *22 335 28 00
>
> *E: *mariusz.wojta...@support-online.pl
>
> www.support-online.pl
>
> Poleczki 23 | 02-822 Warszawa
>
> [image: cidimage005.png@01D77E41.D4CA7110]
>    [image:
> cidimage007.png@01D77E41.D4CA7110]
> 
>
>
>
>
>
>
>
> *Od: *Nux 
> *Data: *piątek, 27 maja 2022 o 11:31
> *Do: *users@cloudstack.apache.org 
> *DW: *Mariusz Wojtarek 
> *Temat: *Re: Odp: Cludstack vm backup
>
> Thers is no backup driver for KVM at this time and there is none in
> development either, afaik.
>
> You could always count on the volume snapshot feature, especially if you
> stick to single-disk/volume VMs.
>
>
>
> HTH
>
> ---
>
> Nux
> www.nux.ro
>
>
>
> On 2022-05-27 09:34, Mariusz Wojtarek wrote:
>
> So there is no backup solution for machines hosted on kvm ?
>
>
>
>
>
> *Błąd! Nie podano nazwy pliku.*
>
>
>
>
>
> *Mariusz Wojtarek*
>
> Administrator iT
>
> *P: *22 335 28 00
>
> *E: *mariusz.wojta...@support-online.pl
>
> www.support-online.pl
>
> Poleczki 23 | 02-822 Warszawa
>
> *Błąd! Nie podano nazwy pliku.*
>    *Błąd! Nie
> podano nazwy pliku.* 
>
>
>
>
>
>
>
> *Od: *Slavka Peleva 
> *Data: *piątek, 27 maja 2022 o 10:24
> *Do: *users@cloudstack.apache.org 
> *Temat: *Re: Cludstack vm backup
>
> Hi Mariusz,
>
> The dummy backup plugin is only for tests. Only the Veeam backup provider
> is supported for now by CS, which works with VMware HW.
>
> Best regards,
> Slavka
>
> On Fri, May 27, 2022 at 11:09 AM Mariusz Wojtarek <
> mariusz.wojta...@support-online.pl> wrote:
>
> > Hi,
> >
> > I am using cloudstack with kvm should dummy backup works with vms host on
> > kvm ? when I try to make backup using dummy it not working, every backup
> > size is 1GB.
> >
> >
> >
> >
> > 
> > Support OnLine Sp. z o.o., ul. Poleczki 23, 02-822 Warszawa, NIP:
> > 951-20-32-692, Regon: 017431965, KRS: 078497,
> > XIII Wydzia? Gospodarczy Krajowego Rejestru S?dowego w Warszawie, Kapita?
> > zak?adowy: 50 000 PLN - op?acony w pe?nej wysoko?ci.
> > W przypadku podania w ramach niniejszej korespondencji Pa?stwa danych
> > osobowych, prosimy zapozna? si? z nast?puj?c? informacj?
> > https://www.support-online.pl/dane-osobowe
> > In case any of your private data was included within this conversation,
> > please consult this website
> https://www.support-online.pl/en/personal-data
> >
>
>

Re: endless starting state

[vas...@gmx.de]

A look into the log-files of the hosts where the router shall be deployed
to might be helpfull as well. Even if it is not "running" on the host - it
might be that the host has some trouble to start the job.
Regards,

Chris

Am Fr., 8. Juli 2022 um 14:30 Uhr schrieb Ricardo Pertuz <
ricardo.per...@kuasar.co>:

> Hi,
>
> Thanks for the quick reply, these would be the answers:
>
> 0. yes, full reboot Management Server and Hosts
>
> 1. MS Servers are UP (we have 2)
> 2. The affected VM is a virtual router, still in starting state, no
> running on any host
> 3. Capacity is less than 10% at the moment
> 4. I am able to launch new instances without error but in other VPC, not
> in the affected one as the VR is in starting state, so not VPC cleanup is
> possible
>
> I have restarted the MS to check if I filter some logs from this VR, none
> so far.
>
> BR,
>
> Ricardo
>
> On 7/07/22, 10:23 PM, "Harikrishna Patnala" <
> harikrishna.patn...@shapeblue.com> wrote:
>
> Hi Ricardo,
>
> I assume the complete reboot means the CloudStack management server
> restart/reboot or is it a KVM host reboot ?
>
> Please check for the following if anything can be found.
>
>   1.  Check for hosts status from CloudStack UI if it is UP
>   2.  Check if these VMs are there and running on the host
>   3.  Check if hosts have enough capacity
>   4.  Check if new VMs can be deployed as well
>
> You can focus on one of the VM's id and look for the last log related
> to the VM wrt any operation, which may give us some hints.
>
> Thanks,
> Harikrishna
> 
> From: Ricardo Pertuz 
> Sent: Friday, July 8, 2022 8:12 AM
> To: users@cloudstack.apache.org 
> Subject: endless starting state
>
> Hi team,
>
> After a complete reboot, many vms are stuck in an endless starting
> state, no error in logs, what else can be checked?
>
> ACS: 4.15.2
> Hyp: KVM
>
> Regards,
>
>
>
>
>
>

VR for VPC won't start anymore

[vas...@gmx.de]

Hi everyone,

faceing currently some challanges regarding my network configuration in CS
4.16.1.

Setup:
VPC with redundant routers and some tiers as well as an private gateway.

Today i wanted to restart the whole VPC - sadly only one vrouter "survived"
 Currently i can't depoly any networks in or outside the VPC. Also the
second router shall be delployed but keeps in the stopped state.
I really dont have a clue where to look at first...

here the  logfile from the Management-Server:

2022-08-03 20:35:48,768 DEBUG [c.c.n.r.NetworkHelperImpl]
(API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) (logid:6b6b9867)
Allocating the VR with id=74 in datacenter Zone {"id": "1", "name":
"xx", "uuid": "48e2e928-3300-43b5-8e3a-d>
2022-08-03 20:35:48,776 DEBUG [c.c.n.r.NetworkHelperImpl]
(API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) (logid:6b6b9867)
Adding nic for Virtual Router in Control network
2022-08-03 20:35:48,781 DEBUG [o.a.c.e.o.NetworkOrchestrator]
(API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) (logid:6b6b9867)
Found existing network configuration for offering [Network Offering
[3-Control-System-Control-Network]: Ntwk[202|>
2022-08-03 20:35:48,781 DEBUG [o.a.c.e.o.NetworkOrchestrator]
(API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) (logid:6b6b9867)
Releasing lock for Acct[60bddbd5-1d8a-11ec-83ce-525400c9c662-system] --
Account {"id": 1, "name": "system", "uuid>
2022-08-03 20:35:48,785 DEBUG [c.c.n.r.NetworkHelperImpl]
(API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) (logid:6b6b9867)
Adding nic for Virtual Router in Public network
2022-08-03 20:35:48,789 DEBUG [o.a.c.e.o.NetworkOrchestrator]
(API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) (logid:6b6b9867)
Found existing network configuration for offering [Network Offering
[1-Public-System-Public-Network]: Ntwk[200|Pu>
2022-08-03 20:35:48,789 DEBUG [o.a.c.e.o.NetworkOrchestrator]
(API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) (logid:6b6b9867)
Releasing lock for Acct[60bddbd5-1d8a-11ec-83ce-525400c9c662-system] --
Account {"id": 1, "name": "system", "uuid>
2022-08-03 20:35:48,793 INFO  [c.c.n.r.NetworkHelperImpl]
(API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) (logid:6b6b9867)
Use same MAC as previous RvR, the MAC is 1e:00:59:00:00:b2
2022-08-03 20:35:48,793 DEBUG [c.c.n.r.NetworkHelperImpl]
(API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) (logid:6b6b9867)
Adding nic for Virtual Router in Guest network Ntwk[249|Guest|30]
2022-08-03 20:35:48,801 DEBUG [c.c.u.d.T.Transaction]
(API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) (logid:6b6b9867)
Rolling back the transaction: Time = 0 Name =  API-Job-Executor-60; called
by -TransactionLegacy.rollback:888-PrivateIpDa>
2022-08-03 20:35:48,808 DEBUG [c.c.n.NetworkModelImpl]
(API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) (logid:6b6b9867)
Service SecurityGroup is not supported in the network id=236
2022-08-03 20:35:48,851 INFO  [c.c.v.VirtualMachineManagerImpl]
(API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) (logid:6b6b9867)
allocating virtual machine from
template:0573ec70-0a30-4e2a-be9e-4675bf755cf2 with hostname:r-74-VM and 12
netw>
2022-08-03 20:35:48,852 DEBUG [c.c.v.VirtualMachineManagerImpl]
(API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) (logid:6b6b9867)
Allocating entries for VM: VM instance {id: "74", name: "r-74-VM", uuid:
"09dc644b-76a2-404a-82fd-aecc8d5799c3">
2022-08-03 20:35:48,857 DEBUG [c.c.v.VirtualMachineManagerImpl]
(API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) (logid:6b6b9867)
Allocating nics for VM instance {id: "74", name: "r-74-VM", uuid:
"09dc644b-76a2-404a-82fd-aecc8d5799c3", type=>
2022-08-03 20:35:48,858 DEBUG [o.a.c.e.o.NetworkOrchestrator]
(API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) (logid:6b6b9867)
Allocating nic for vm VM instance {id: "74", name: "r-74-VM", uuid:
"09dc644b-76a2-404a-82fd-aecc8d5799c3", type=>
2022-08-03 20:35:48,866 DEBUG [o.a.c.e.o.NetworkOrchestrator]
(API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) (logid:6b6b9867)
Allocating nic for vm VM instance {id: "74", name: "r-74-VM", uuid:
"09dc644b-76a2-404a-82fd-aecc8d5799c3", type=>
2022-08-03 20:35:48,886 DEBUG [o.a.c.e.o.NetworkOrchestrator]
(API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) (logid:6b6b9867)
Allocating nic for vm VM instance {id: "74", name: "r-74-VM", uuid:
"09dc644b-76a2-404a-82fd-aecc8d5799c3", type=>
2022-08-03 20:35:48,904 DEBUG [c.c.n.NetworkModelImpl]
(API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) (logid:6b6b9867)
Service SecurityGroup is not supported in the network id=249
2022-08-03 20:35:48,907 DEBUG [o.a.c.e.o.NetworkOrchestrator]
(API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) (logid:6b6b9867)
Allocating nic for vm VM instance {id: "74", name: "r-74-VM", uuid:
"09dc644b-76a2-404a-82fd-aecc8d5799c3", type=>
2022-08-03 20:35:48,917 DEBUG [c.c.n.NetworkModelImpl]
(API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) 

Re: VR for VPC won't start anymore

[vas...@gmx.de]

Wei, seems like you are heading twards the right direction - like always.

i took a look into the "template_store_res" table... and guess: There is a
entry for the current systemvmtemplate-4.16.1. How ever: The field for
"size" ist "null" and "physical_size" is "0".

Might this be the reason for the " java.lang.NullPointerException" ?

Regards,
Chris

Am Mi., 3. Aug. 2022 um 21:56 Uhr schrieb Wei ZHOU :

> It looks there is no entry in template_store_ref table for the systemvm
> template
>
> -Wei
>
> On Wed, 3 Aug 2022 at 21:43, vas...@gmx.de  wrote:
>
> > Hi everyone,
> >
> > faceing currently some challanges regarding my network configuration in
> CS
> > 4.16.1.
> >
> > Setup:
> > VPC with redundant routers and some tiers as well as an private gateway.
> >
> > Today i wanted to restart the whole VPC - sadly only one vrouter
> > "survived"  Currently i can't depoly any networks in or outside the
> > VPC. Also the second router shall be delployed but keeps in the stopped
> > state.
> > I really dont have a clue where to look at first...
> >
> > here the  logfile from the Management-Server:
> >
> > 2022-08-03 20:35:48,768 DEBUG [c.c.n.r.NetworkHelperImpl]
> > (API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) (logid:6b6b9867)
> > Allocating the VR with id=74 in datacenter Zone {"id": "1", "name":
> > "xx", "uuid": "48e2e928-3300-43b5-8e3a-d>
> > 2022-08-03 20:35:48,776 DEBUG [c.c.n.r.NetworkHelperImpl]
> > (API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) (logid:6b6b9867)
> > Adding nic for Virtual Router in Control network
> > 2022-08-03 20:35:48,781 DEBUG [o.a.c.e.o.NetworkOrchestrator]
> > (API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) (logid:6b6b9867)
> > Found existing network configuration for offering [Network Offering
> > [3-Control-System-Control-Network]: Ntwk[202|>
> > 2022-08-03 20:35:48,781 DEBUG [o.a.c.e.o.NetworkOrchestrator]
> > (API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) (logid:6b6b9867)
> > Releasing lock for Acct[60bddbd5-1d8a-11ec-83ce-525400c9c662-system] --
> > Account {"id": 1, "name": "system", "uuid>
> > 2022-08-03 20:35:48,785 DEBUG [c.c.n.r.NetworkHelperImpl]
> > (API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) (logid:6b6b9867)
> > Adding nic for Virtual Router in Public network
> > 2022-08-03 20:35:48,789 DEBUG [o.a.c.e.o.NetworkOrchestrator]
> > (API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) (logid:6b6b9867)
> > Found existing network configuration for offering [Network Offering
> > [1-Public-System-Public-Network]: Ntwk[200|Pu>
> > 2022-08-03 20:35:48,789 DEBUG [o.a.c.e.o.NetworkOrchestrator]
> > (API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) (logid:6b6b9867)
> > Releasing lock for Acct[60bddbd5-1d8a-11ec-83ce-525400c9c662-system] --
> > Account {"id": 1, "name": "system", "uuid>
> > 2022-08-03 20:35:48,793 INFO  [c.c.n.r.NetworkHelperImpl]
> > (API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) (logid:6b6b9867)
> > Use same MAC as previous RvR, the MAC is 1e:00:59:00:00:b2
> > 2022-08-03 20:35:48,793 DEBUG [c.c.n.r.NetworkHelperImpl]
> > (API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) (logid:6b6b9867)
> > Adding nic for Virtual Router in Guest network Ntwk[249|Guest|30]
> > 2022-08-03 20:35:48,801 DEBUG [c.c.u.d.T.Transaction]
> > (API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) (logid:6b6b9867)
> > Rolling back the transaction: Time = 0 Name =  API-Job-Executor-60;
> called
> > by -TransactionLegacy.rollback:888-PrivateIpDa>
> > 2022-08-03 20:35:48,808 DEBUG [c.c.n.NetworkModelImpl]
> > (API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) (logid:6b6b9867)
> > Service SecurityGroup is not supported in the network id=236
> > 2022-08-03 20:35:48,851 INFO  [c.c.v.VirtualMachineManagerImpl]
> > (API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) (logid:6b6b9867)
> > allocating virtual machine from
> > template:0573ec70-0a30-4e2a-be9e-4675bf755cf2 with hostname:r-74-VM and
> 12
> > netw>
> > 2022-08-03 20:35:48,852 DEBUG [c.c.v.VirtualMachineManagerImpl]
> > (API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2) (logid:6b6b9867)
> > Allocating entries for VM: VM instance {id: "74", name: "r-74-VM", uuid:
> > "09dc644b-76a2-404a-82fd-aecc8d5799c3">
> > 2022-08-03 20:35:48,857 DEBUG [c.c.v.VirtualMachineManagerIm

Re: VR for VPC won't start anymore

[vas...@gmx.de]

I forgot to ask - might anyone take a quick look into the database and can
give a hind if the fields are indeed "filled" with values
(template_store_res.size / template_store_res.physical_size)?
Another question for understanding would be the difference of the values -
physical size is the actual amount of data on a datasystemlevel - but what
represents the value of "size"?

Regards,
Christopher

Am Mi., 3. Aug. 2022 um 23:14 Uhr schrieb vas...@gmx.de :

> Wei, seems like you are heading twards the right direction - like always.
>
> i took a look into the "template_store_res" table... and guess: There is a
> entry for the current systemvmtemplate-4.16.1. How ever: The field for
> "size" ist "null" and "physical_size" is "0".
>
> Might this be the reason for the " java.lang.NullPointerException" ?
>
> Regards,
> Chris
>
> Am Mi., 3. Aug. 2022 um 21:56 Uhr schrieb Wei ZHOU  >:
>
>> It looks there is no entry in template_store_ref table for the systemvm
>> template
>>
>> -Wei
>>
>> On Wed, 3 Aug 2022 at 21:43, vas...@gmx.de  wrote:
>>
>> > Hi everyone,
>> >
>> > faceing currently some challanges regarding my network configuration in
>> CS
>> > 4.16.1.
>> >
>> > Setup:
>> > VPC with redundant routers and some tiers as well as an private gateway.
>> >
>> > Today i wanted to restart the whole VPC - sadly only one vrouter
>> > "survived"  Currently i can't depoly any networks in or outside the
>> > VPC. Also the second router shall be delployed but keeps in the stopped
>> > state.
>> > I really dont have a clue where to look at first...
>> >
>> > here the  logfile from the Management-Server:
>> >
>> > 2022-08-03 20:35:48,768 DEBUG [c.c.n.r.NetworkHelperImpl]
>> > (API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2)
>> (logid:6b6b9867)
>> > Allocating the VR with id=74 in datacenter Zone {"id": "1", "name":
>> > "xx", "uuid": "48e2e928-3300-43b5-8e3a-d>
>> > 2022-08-03 20:35:48,776 DEBUG [c.c.n.r.NetworkHelperImpl]
>> > (API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2)
>> (logid:6b6b9867)
>> > Adding nic for Virtual Router in Control network
>> > 2022-08-03 20:35:48,781 DEBUG [o.a.c.e.o.NetworkOrchestrator]
>> > (API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2)
>> (logid:6b6b9867)
>> > Found existing network configuration for offering [Network Offering
>> > [3-Control-System-Control-Network]: Ntwk[202|>
>> > 2022-08-03 20:35:48,781 DEBUG [o.a.c.e.o.NetworkOrchestrator]
>> > (API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2)
>> (logid:6b6b9867)
>> > Releasing lock for Acct[60bddbd5-1d8a-11ec-83ce-525400c9c662-system] --
>> > Account {"id": 1, "name": "system", "uuid>
>> > 2022-08-03 20:35:48,785 DEBUG [c.c.n.r.NetworkHelperImpl]
>> > (API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2)
>> (logid:6b6b9867)
>> > Adding nic for Virtual Router in Public network
>> > 2022-08-03 20:35:48,789 DEBUG [o.a.c.e.o.NetworkOrchestrator]
>> > (API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2)
>> (logid:6b6b9867)
>> > Found existing network configuration for offering [Network Offering
>> > [1-Public-System-Public-Network]: Ntwk[200|Pu>
>> > 2022-08-03 20:35:48,789 DEBUG [o.a.c.e.o.NetworkOrchestrator]
>> > (API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2)
>> (logid:6b6b9867)
>> > Releasing lock for Acct[60bddbd5-1d8a-11ec-83ce-525400c9c662-system] --
>> > Account {"id": 1, "name": "system", "uuid>
>> > 2022-08-03 20:35:48,793 INFO  [c.c.n.r.NetworkHelperImpl]
>> > (API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2)
>> (logid:6b6b9867)
>> > Use same MAC as previous RvR, the MAC is 1e:00:59:00:00:b2
>> > 2022-08-03 20:35:48,793 DEBUG [c.c.n.r.NetworkHelperImpl]
>> > (API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2)
>> (logid:6b6b9867)
>> > Adding nic for Virtual Router in Guest network Ntwk[249|Guest|30]
>> > 2022-08-03 20:35:48,801 DEBUG [c.c.u.d.T.Transaction]
>> > (API-Job-Executor-60:ctx-a9f63190 job-3342 ctx-150e61a2)
>> (logid:6b6b9867)
>> > Rolling back the transaction: Time = 0 Name =  API-Job-Executor-60;
>> called
>> > by -TransactionLegacy.rollback:888-PrivateIpDa>
>> > 2022-08-03 20:35:48,808 DEBU

Re: VR for VPC won't start anymore

[vas...@gmx.de]

Hi everyone -

@Gary
thanks for your input

@Wei ZHOU 
Yes, the image is completely downloaded to the imagestore. I also checked
the availeabilty on the storage beneath - everything seems to be in place
like it should

Following the values out ouf the db you requested:
id= 18
store_id = 1
download_pct = 100
size = "NULL"
store_role = Image
physical_size = 0
download_state = DOWNLOADED
state = READY
install_path =
/template/tmpl/1/212/0573ec70-0a30-4e2a-be9e-4675bf755cf2.qcow2

@Slavka
Following the information of the 'template.properties'

filename=0573ec70-0a30-4e2a-be9e-4675bf755cf2.qcow2
description=SystemVM Template ( kvm )
hvm=false
size=460067328
qcow2=true
id=212
public=true
qcow2.filename=0573ec70-0a30-4e2a-be9e-4675bf755cf2.qcow2
uniquename=routing-212
qcow2.virtualsize=
virtualsize=
qcow2.size=

Regards,
Chris

Am Do., 4. Aug. 2022 um 12:05 Uhr schrieb Slavka Peleva
:

> Hi Christopher,
>
> Can you share the information of the `template.properties` file located on
> your secondary storage, where the template file is downloaded? You can find
> the path in the template_store_ref tabled - install_path.
>
> Best regards,
> Slavka
>
> On Thu, Aug 4, 2022 at 12:41 PM Gary Dixon  .invalid>
> wrote:
>
> > Hi Christopher
> >
> > My values show :
> > size=262144 physical size=375471104 and this is for a 4.15.1 systemVM
> > template
> >
> > BR
> > Gary
> >
> > Gary Dixon​
> > Senior Technical Consultant
> > T:  *0161 537 4980* <0161%20537%204980>
> > W: www.quadris.co.uk
> > The information contained in this e-mail from Quadris may be confidential
> > and privileged for the private use of the named recipient.  The contents
> of
> > this e-mail may not necessarily represent the official views of Quadris.
> > If you have received this information in error you must not copy,
> > distribute or take any action or reliance on its contents.  Please
> destroy
> > any hard copies and delete this message.
> > -Original Message-
> > From: vas...@gmx.de 
> > Sent: 04 August 2022 09:40
> > To: users@cloudstack.apache.org; Wei ZHOU 
> > Subject: Re: VR for VPC won't start anymore
> >
> > I forgot to ask - might anyone take a quick look into the database and
> can
> > give a hind if the fields are indeed "filled" with values
> > (template_store_res.size / template_store_res.physical_size)?
> > Another question for understanding would be the difference of the values
> -
> > physical size is the actual amount of data on a datasystemlevel - but
> what
> > represents the value of "size"?
> >
> > Regards,
> > Christopher
> >
> > Am Mi., 3. Aug. 2022 um 23:14 Uhr schrieb vas...@gmx.de :
> >
> > > Wei, seems like you are heading twards the right direction - like
> always.
> > >
> > > i took a look into the "template_store_res" table... and guess: There
> > > is a entry for the current systemvmtemplate-4.16.1. How ever: The
> > > field for "size" ist "null" and "physical_size" is "0".
> > >
> > > Might this be the reason for the " java.lang.NullPointerException" ?
> > >
> > > Regards,
> > > Chris
> > >
> > > Am Mi., 3. Aug. 2022 um 21:56 Uhr schrieb Wei ZHOU
> > >  > > >:
> > >
> > >> It looks there is no entry in template_store_ref table for the
> > >> systemvm template
> > >>
> > >> -Wei
> > >>
> > >> On Wed, 3 Aug 2022 at 21:43, vas...@gmx.de  wrote:
> > >>
> > >> > Hi everyone,
> > >> >
> > >> > faceing currently some challanges regarding my network
> > >> > configuration in
> > >> CS
> > >> > 4.16.1.
> > >> >
> > >> > Setup:
> > >> > VPC with redundant routers and some tiers as well as an private
> > gateway.
> > >> >
> > >> > Today i wanted to restart the whole VPC - sadly only one vrouter
> > >> > "survived"  Currently i can't depoly any networks in or outside
> > >> > the VPC. Also the second router shall be delployed but keeps in the
> > >> > stopped state.
> > >> > I really dont have a clue where to look at first...
> > >> >
> > >> > here the logfile from the Management-Server:
> > >> >
> > >> > 2022-08-03 20:35:48,768 DEBUG [c.c.n.r.NetworkHelperImpl]
> > >> > (API-Job-Executor-60:ctx-

Re: VR for VPC won't start anymore

[vas...@gmx.de]

hi slavka,
i checked the log and didn't found anything like "failed to read from
template.properties".

Just for understanding:
When deploying a new "systemvm"-template, which i normally would do while
upgardeing mi CS-Environment, the values of the template.properties will be
transfaired into DB. The management server will then make use of the values
which are stored in the DB?

i destroyed the "stopped" router in my installation and triggered a
re-deployment. The term "template" is mentioned inside the logs only for
two reasons:
1. Successfull router health check of the running router (the primary one
of my vpc)
2. In the mentioned error log
" at
org.apache.cloudstack.storage.datastore.db.TemplateDataStoreVO.getSize(TemplateDataStoreVO.java:280)
at
com.cloud.template.TemplateManagerImpl.getTemplateSize(TemplateManagerImpl.java:2009)
"

so the question for me is  - can i manually place the missing values in the
DB, so that the template is useable again? Or will i wait until i upgrade
to 4.17.1 - which might bring a new systemVM template which will then be
seeded again ?

Regards,
Chris

Am Do., 4. Aug. 2022 um 19:10 Uhr schrieb Slavka Peleva <
slav...@storpool.com>:

> Hi Christopher,
>
> For some reason, these fields' values are empty, which probably
> happened while you seed the system VM template.
>
>> qcow2.virtualsize=
>> virtualsize=
>> qcow2.size=
>
>
> From the DB record, the only option for the values of physical_size = 0
> and size=Null, is that CS couldn't read the `template.properties` file. Can
> you search in the management log file for a message like "Failed to read
> from template.properties"? It should contain more detailed information
> about the failure.
>
> Best regards,
> Slavka
>
> On Thu, Aug 4, 2022 at 7:13 PM vas...@gmx.de  wrote:
>
>> Hi everyone -
>>
>> @Gary
>> thanks for your input
>>
>> @Wei ZHOU 
>> Yes, the image is completely downloaded to the imagestore. I also checked
>> the availeabilty on the storage beneath - everything seems to be in place
>> like it should
>>
>> Following the values out ouf the db you requested:
>> id= 18
>> store_id = 1
>> download_pct = 100
>> size = "NULL"
>> store_role = Image
>> physical_size = 0
>> download_state = DOWNLOADED
>> state = READY
>> install_path =
>> /template/tmpl/1/212/0573ec70-0a30-4e2a-be9e-4675bf755cf2.qcow2
>>
>> @Slavka
>> Following the information of the 'template.properties'
>>
>> filename=0573ec70-0a30-4e2a-be9e-4675bf755cf2.qcow2
>> description=SystemVM Template ( kvm )
>> hvm=false
>> size=460067328
>> qcow2=true
>> id=212
>> public=true
>> qcow2.filename=0573ec70-0a30-4e2a-be9e-4675bf755cf2.qcow2
>> uniquename=routing-212
>> qcow2.virtualsize=
>> virtualsize=
>> qcow2.size=
>>
>> Regards,
>> Chris
>>
>> Am Do., 4. Aug. 2022 um 12:05 Uhr schrieb Slavka Peleva
>> :
>>
>> > Hi Christopher,
>> >
>> > Can you share the information of the `template.properties` file located
>> on
>> > your secondary storage, where the template file is downloaded? You can
>> find
>> > the path in the template_store_ref tabled - install_path.
>> >
>> > Best regards,
>> > Slavka
>> >
>> > On Thu, Aug 4, 2022 at 12:41 PM Gary Dixon > > .invalid>
>> > wrote:
>> >
>> > > Hi Christopher
>> > >
>> > > My values show :
>> > > size=262144 physical size=375471104 and this is for a 4.15.1
>> systemVM
>> > > template
>> > >
>> > > BR
>> > > Gary
>> > >
>> > > Gary Dixon​
>> > > Senior Technical Consultant
>> > > T:  *0161 537 4980* <0161%20537%204980>
>> > > W: www.quadris.co.uk
>> > > The information contained in this e-mail from Quadris may be
>> confidential
>> > > and privileged for the private use of the named recipient.  The
>> contents
>> > of
>> > > this e-mail may not necessarily represent the official views of
>> Quadris.
>> > > If you have received this information in error you must not copy,
>> > > distribute or take any action or reliance on its contents.  Please
>> > destroy
>> > > any hard copies and delete this message.
>> > > -Original Message-
>> > > From: vas...@gmx.de 
>> > > Sent: 04 August 2022 09:40
>> > > To: users@cloudstack.apache.org

Re: VR for VPC won't start anymore

[vas...@gmx.de]

Hi Slavka,

thank you for your explanations - really nice to have some insides of this
whole process.
Regarding your questions:

secondary stoage vm, console proxy were created with the same template.

So what has happend - i had som brief discussions with our admin team to
get things together:
Basically it seems that we have these problems since we tried to upgrade
the environment to 4.17 (from the information i have, the team tried to do
this before beeing aware of the advisory - otherwise i would have suggested
to skip 4.17 and wait for 4.17.1 / 4.18). How ever the upgrade process
failed for us and so we rolled back to 4.16.1. It seems that something went
wrong in this process - as the problems occured since then. The guys
responsible for performing the update meant, that some parts of the
upgrade-guide where not quiet clear - especially the part on how to deploy
the new systemvm templates since the changes made in 4.16 / 4.16.1.

The environment itself "was" build up as a testbed - sadly some people
where thinking that you can deploy services and make them useable in daily
work - meaning its now something i would call "semi-productive" So i
can't just throw everything away and build it newly ...
That's why i hope to get around the corner on "fixing" the current
systemVM-Template / database and migrate as fast as possible to 4.17.1 -
making the current systemtemplate "obsolete".

Regards,
Chris

Am Fr., 5. Aug. 2022 um 10:16 Uhr schrieb Slavka Peleva <
slav...@storpool.com>:

> Hi Christopher,
>
> Just for understanding:
>> When deploying a new "systemvm"-template, which i normally would do while
>> upgardeing mi CS-Environment, the values of the template.properties will be
>> transfaired into DB. The management server will then make use of the values
>> which are stored in the DB?
>
>
> Yes. When the system VM template is seeded, CS (or you do it manually)
> executes a script which creates the `template.properties` file and fills it
> with the information you shared. Then it takes from it the data and updates
> the DB. In your `template.properties` file, the `virtualsize` is empty.
> Probably something happened while the `qemu-img info` (from that script)
> was executed.
>
> I can't advise you on how to proceed because I don't know what steps you
> made before. Is this a test setup?
>
> Are the system VMs (secondary storage/console proxy VMs) created with the
> same template? Can you check when they are deployed, and are there any
> updates on this template? You can find the info for the template in the
> template_store_ref table -> created and last_updated columns.
>
> Best regards,
> Slavka
>
> On Thu, Aug 4, 2022 at 9:50 PM vas...@gmx.de  wrote:
>
>> hi slavka,
>> i checked the log and didn't found anything like "failed to read from
>> template.properties".
>>
>> Just for understanding:
>> When deploying a new "systemvm"-template, which i normally would do while
>> upgardeing mi CS-Environment, the values of the template.properties will be
>> transfaired into DB. The management server will then make use of the values
>> which are stored in the DB?
>>
>> i destroyed the "stopped" router in my installation and triggered a
>> re-deployment. The term "template" is mentioned inside the logs only for
>> two reasons:
>> 1. Successfull router health check of the running router (the primary one
>> of my vpc)
>> 2. In the mentioned error log
>> " at
>> org.apache.cloudstack.storage.datastore.db.TemplateDataStoreVO.getSize(TemplateDataStoreVO.java:280)
>> at
>> com.cloud.template.TemplateManagerImpl.getTemplateSize(TemplateManagerImpl.java:2009)
>> "
>>
>> so the question for me is  - can i manually place the missing values in
>> the DB, so that the template is useable again? Or will i wait until i
>> upgrade to 4.17.1 - which might bring a new systemVM template which will
>> then be seeded again ?
>>
>> Regards,
>> Chris
>>
>> Am Do., 4. Aug. 2022 um 19:10 Uhr schrieb Slavka Peleva <
>> slav...@storpool.com>:
>>
>>> Hi Christopher,
>>>
>>> For some reason, these fields' values are empty, which probably
>>> happened while you seed the system VM template.
>>>
>>>> qcow2.virtualsize=
>>>> virtualsize=
>>>> qcow2.size=
>>>
>>>
>>> From the DB record, the only option for the values of physical_size = 0
>>> and size=Null, is that CS couldn't read the `template.properties` file. Can
>>> you search in the management log file for a message l

Re: VR for VPC won't start anymore

[vas...@gmx.de]

Hi Wei,

whatever it was / is - guess i will try this.
I also found another reference for the template size in 'vm_template' -
guess i shall update this one as well manually...

Regards,
Chris

Am Fr., 5. Aug. 2022 um 13:01 Uhr schrieb Wei ZHOU :

> Hi,
>
> It might be because qemu-img is not installed on your management server.
>
> You can update the template.properties and database manually.
>
> -Wei
>
> On Thu, 4 Aug 2022 at 18:13, vas...@gmx.de  wrote:
>
>> Hi everyone -
>>
>> @Gary
>> thanks for your input
>>
>> @Wei ZHOU 
>> Yes, the image is completely downloaded to the imagestore. I also checked
>> the availeabilty on the storage beneath - everything seems to be in place
>> like it should
>>
>> Following the values out ouf the db you requested:
>> id= 18
>> store_id = 1
>> download_pct = 100
>> size = "NULL"
>> store_role = Image
>> physical_size = 0
>> download_state = DOWNLOADED
>> state = READY
>> install_path =
>> /template/tmpl/1/212/0573ec70-0a30-4e2a-be9e-4675bf755cf2.qcow2
>>
>> @Slavka
>> Following the information of the 'template.properties'
>>
>> filename=0573ec70-0a30-4e2a-be9e-4675bf755cf2.qcow2
>> description=SystemVM Template ( kvm )
>> hvm=false
>> size=460067328
>> qcow2=true
>> id=212
>> public=true
>> qcow2.filename=0573ec70-0a30-4e2a-be9e-4675bf755cf2.qcow2
>> uniquename=routing-212
>> qcow2.virtualsize=
>> virtualsize=
>> qcow2.size=
>>
>> Regards,
>> Chris
>>
>> Am Do., 4. Aug. 2022 um 12:05 Uhr schrieb Slavka Peleva
>> :
>>
>>> Hi Christopher,
>>>
>>> Can you share the information of the `template.properties` file located
>>> on
>>> your secondary storage, where the template file is downloaded? You can
>>> find
>>> the path in the template_store_ref tabled - install_path.
>>>
>>> Best regards,
>>> Slavka
>>>
>>> On Thu, Aug 4, 2022 at 12:41 PM Gary Dixon >> .invalid>
>>> wrote:
>>>
>>> > Hi Christopher
>>> >
>>> > My values show :
>>> > size=262144 physical size=375471104 and this is for a 4.15.1
>>> systemVM
>>> > template
>>> >
>>> > BR
>>> > Gary
>>> >
>>> > Gary Dixon​
>>> > Senior Technical Consultant
>>> > T:  *0161 537 4980* <0161%20537%204980>
>>> > W: www.quadris.co.uk
>>> > The information contained in this e-mail from Quadris may be
>>> confidential
>>> > and privileged for the private use of the named recipient.  The
>>> contents of
>>> > this e-mail may not necessarily represent the official views of
>>> Quadris.
>>> > If you have received this information in error you must not copy,
>>> > distribute or take any action or reliance on its contents.  Please
>>> destroy
>>> > any hard copies and delete this message.
>>> > -Original Message-
>>> > From: vas...@gmx.de 
>>> > Sent: 04 August 2022 09:40
>>> > To: users@cloudstack.apache.org; Wei ZHOU 
>>> > Subject: Re: VR for VPC won't start anymore
>>> >
>>> > I forgot to ask - might anyone take a quick look into the database and
>>> can
>>> > give a hind if the fields are indeed "filled" with values
>>> > (template_store_res.size / template_store_res.physical_size)?
>>> > Another question for understanding would be the difference of the
>>> values -
>>> > physical size is the actual amount of data on a datasystemlevel - but
>>> what
>>> > represents the value of "size"?
>>> >
>>> > Regards,
>>> > Christopher
>>> >
>>> > Am Mi., 3. Aug. 2022 um 23:14 Uhr schrieb vas...@gmx.de >> >:
>>> >
>>> > > Wei, seems like you are heading twards the right direction - like
>>> always.
>>> > >
>>> > > i took a look into the "template_store_res" table... and guess: There
>>> > > is a entry for the current systemvmtemplate-4.16.1. How ever: The
>>> > > field for "size" ist "null" and "physical_size" is "0".
>>> > >
>>> > > Might this be the reason for the " java.lang.NullPointerException" ?
>>> > >
>>> > > Regards,
>>

Fwd: VR for VPC won't start anymore

[vas...@gmx.de]

Hi everyone,

@Slavka Peleva 
Thx for your efforts here - i decided to go with the DB-manipulation first
as i wanted to make shure that i don't have any impact on other existing
vms.

@Wei ZHOU 
Inserted the values into template.properties as well as the database.

Result:
Router is deployed again

BUT:

now the newly started router and the old one aren't communicationg properly
which one is prime and which one is second. Leading to the situation where
i have to prime routers for one VPC - which isn't helpful by any means.
Looking in the DB (vpc_gateways), both routers are in Primary state...
So for now i destroyed the old router, hopeing that the HA-Scripts for the
VPC will trigger creation of a new one again

Regards,
Chris

Am Fr., 5. Aug. 2022 um 13:54 Uhr schrieb vas...@gmx.de :

> Hi Wei,
>
> whatever it was / is - guess i will try this.
> I also found another reference for the template size in 'vm_template' -
> guess i shall update this one as well manually...
>
> Regards,
> Chris
>
> Am Fr., 5. Aug. 2022 um 13:01 Uhr schrieb Wei ZHOU  >:
>
>> Hi,
>>
>> It might be because qemu-img is not installed on your management server.
>>
>> You can update the template.properties and database manually.
>>
>> -Wei
>>
>> On Thu, 4 Aug 2022 at 18:13, vas...@gmx.de  wrote:
>>
>>> Hi everyone -
>>>
>>> @Gary
>>> thanks for your input
>>>
>>> @Wei ZHOU 
>>> Yes, the image is completely downloaded to the imagestore. I also
>>> checked the availeabilty on the storage beneath - everything seems to be in
>>> place like it should
>>>
>>> Following the values out ouf the db you requested:
>>> id= 18
>>> store_id = 1
>>> download_pct = 100
>>> size = "NULL"
>>> store_role = Image
>>> physical_size = 0
>>> download_state = DOWNLOADED
>>> state = READY
>>> install_path =
>>> /template/tmpl/1/212/0573ec70-0a30-4e2a-be9e-4675bf755cf2.qcow2
>>>
>>> @Slavka
>>> Following the information of the 'template.properties'
>>>
>>> filename=0573ec70-0a30-4e2a-be9e-4675bf755cf2.qcow2
>>> description=SystemVM Template ( kvm )
>>> hvm=false
>>> size=460067328
>>> qcow2=true
>>> id=212
>>> public=true
>>> qcow2.filename=0573ec70-0a30-4e2a-be9e-4675bf755cf2.qcow2
>>> uniquename=routing-212
>>> qcow2.virtualsize=
>>> virtualsize=
>>> qcow2.size=
>>>
>>> Regards,
>>> Chris
>>>
>>> Am Do., 4. Aug. 2022 um 12:05 Uhr schrieb Slavka Peleva
>>> :
>>>
>>>> Hi Christopher,
>>>>
>>>> Can you share the information of the `template.properties` file located
>>>> on
>>>> your secondary storage, where the template file is downloaded? You can
>>>> find
>>>> the path in the template_store_ref tabled - install_path.
>>>>
>>>> Best regards,
>>>> Slavka
>>>>
>>>> On Thu, Aug 4, 2022 at 12:41 PM Gary Dixon >>> .invalid>
>>>> wrote:
>>>>
>>>> > Hi Christopher
>>>> >
>>>> > My values show :
>>>> > size=262144 physical size=375471104 and this is for a 4.15.1
>>>> systemVM
>>>> > template
>>>> >
>>>> > BR
>>>> > Gary
>>>> >
>>>> > Gary Dixon
>>>> > Senior Technical Consultant
>>>> > T:  *0161 537 4980* <0161%20537%204980>
>>>> > W: www.quadris.co.uk
>>>> > The information contained in this e-mail from Quadris may be
>>>> confidential
>>>> > and privileged for the private use of the named recipient.  The
>>>> contents of
>>>> > this e-mail may not necessarily represent the official views of
>>>> Quadris.
>>>> > If you have received this information in error you must not copy,
>>>> > distribute or take any action or reliance on its contents.  Please
>>>> destroy
>>>> > any hard copies and delete this message.
>>>> > -Original Message-
>>>> > From: vas...@gmx.de 
>>>> > Sent: 04 August 2022 09:40
>>>> > To: users@cloudstack.apache.org; Wei ZHOU 
>>>> > Subject: Re: VR for VPC won't start anymore
>>>> >
>>>> > I forgot to ask - might anyone take a quick look into the database
>>>> and

Re: VR for VPC won't start anymore

[vas...@gmx.de]

Good evening everyone,

got everything working as expected. Resolved this by restarting the VPC
with the clean-up option Could have thought about this before
But everything seems back to normal and working as expected.

Thanks for your support - as always really helpfull! Until the next topic -

Regards,
Chris

Am Fr., 5. Aug. 2022 um 17:45 Uhr schrieb vas...@gmx.de :

>
> Hi everyone,
>
> @Slavka Peleva 
> Thx for your efforts here - i decided to go with the DB-manipulation first
> as i wanted to make shure that i don't have any impact on other existing
> vms.
>
> @Wei ZHOU 
> Inserted the values into template.properties as well as the database.
>
> Result:
> Router is deployed again
>
> BUT:
>
> now the newly started router and the old one aren't communicationg
> properly which one is prime and which one is second. Leading to the
> situation where i have to prime routers for one VPC - which isn't helpful
> by any means.
> Looking in the DB (vpc_gateways), both routers are in Primary state...
> So for now i destroyed the old router, hopeing that the HA-Scripts for the
> VPC will trigger creation of a new one again....
>
> Regards,
> Chris
>
> Am Fr., 5. Aug. 2022 um 13:54 Uhr schrieb vas...@gmx.de :
>
>> Hi Wei,
>>
>> whatever it was / is - guess i will try this.
>> I also found another reference for the template size in 'vm_template' -
>> guess i shall update this one as well manually...
>>
>> Regards,
>> Chris
>>
>> Am Fr., 5. Aug. 2022 um 13:01 Uhr schrieb Wei ZHOU > >:
>>
>>> Hi,
>>>
>>> It might be because qemu-img is not installed on your management server.
>>>
>>> You can update the template.properties and database manually.
>>>
>>> -Wei
>>>
>>> On Thu, 4 Aug 2022 at 18:13, vas...@gmx.de  wrote:
>>>
>>>> Hi everyone -
>>>>
>>>> @Gary
>>>> thanks for your input
>>>>
>>>> @Wei ZHOU 
>>>> Yes, the image is completely downloaded to the imagestore. I also
>>>> checked the availeabilty on the storage beneath - everything seems to be in
>>>> place like it should
>>>>
>>>> Following the values out ouf the db you requested:
>>>> id= 18
>>>> store_id = 1
>>>> download_pct = 100
>>>> size = "NULL"
>>>> store_role = Image
>>>> physical_size = 0
>>>> download_state = DOWNLOADED
>>>> state = READY
>>>> install_path =
>>>> /template/tmpl/1/212/0573ec70-0a30-4e2a-be9e-4675bf755cf2.qcow2
>>>>
>>>> @Slavka
>>>> Following the information of the 'template.properties'
>>>>
>>>> filename=0573ec70-0a30-4e2a-be9e-4675bf755cf2.qcow2
>>>> description=SystemVM Template ( kvm )
>>>> hvm=false
>>>> size=460067328
>>>> qcow2=true
>>>> id=212
>>>> public=true
>>>> qcow2.filename=0573ec70-0a30-4e2a-be9e-4675bf755cf2.qcow2
>>>> uniquename=routing-212
>>>> qcow2.virtualsize=
>>>> virtualsize=
>>>> qcow2.size=
>>>>
>>>> Regards,
>>>> Chris
>>>>
>>>> Am Do., 4. Aug. 2022 um 12:05 Uhr schrieb Slavka Peleva
>>>> :
>>>>
>>>>> Hi Christopher,
>>>>>
>>>>> Can you share the information of the `template.properties` file
>>>>> located on
>>>>> your secondary storage, where the template file is downloaded? You can
>>>>> find
>>>>> the path in the template_store_ref tabled - install_path.
>>>>>
>>>>> Best regards,
>>>>> Slavka
>>>>>
>>>>> On Thu, Aug 4, 2022 at 12:41 PM Gary Dixon >>>> .invalid>
>>>>> wrote:
>>>>>
>>>>> > Hi Christopher
>>>>> >
>>>>> > My values show :
>>>>> > size=262144 physical size=375471104 and this is for a 4.15.1
>>>>> systemVM
>>>>> > template
>>>>> >
>>>>> > BR
>>>>> > Gary
>>>>> >
>>>>> > Gary Dixon
>>>>> > Senior Technical Consultant
>>>>> > T:  *0161 537 4980* <0161%20537%204980>
>>>>> > W: www.quadris.co.uk
>>>>> > The information contained in this e-mail from Quadris may be
>>>>> c

Re: system vms

[vas...@gmx.de]

@Andrey

I don't know if came around the following blockposts:
https://www.shapeblue.com/a-beginners-guide-to-cloudstack-networking/
https://www.shapeblue.com/understanding-cloudstacks-physical-networking-architecture/

They are quite helpfull for understanding what all the different traffic
types are and how things are working together in that regards.

It's true that when starting the topic the flexibility of CS in regards of
physical networks can be a bit troublesome.
You also will have to keep in mind the logical separation of traffic
(Management-, Guest-, Public-, Storagetraffic) from IP-Networks.
On the other hand it really makes things flexible in many ways.




Am Do., 18. Aug. 2022 um 16:16 Uhr schrieb Gary Dixon
:

> Hi Andrey
>
> It is my understanding that the system VM's are assigned the 1st available
> IP address from the IP address range that you assigned to the Pod when you
> created the Pod
>
>
> BR
> Gary
>
>
> Gary Dixon​
> Senior Technical Consultant
> T:  *0161 537 4980* <0161%20537%204980>
> W: www.quadris.co.uk
> The information contained in this e-mail from Quadris may be confidential
> and privileged for the private use of the named recipient.  The contents of
> this e-mail may not necessarily represent the official views of Quadris.
> If you have received this information in error you must not copy,
> distribute or take any action or reliance on its contents.  Please destroy
> any hard copies and delete this message.
> -Original Message-
> From: Andrey Smirnov 
> Sent: 16 August 2022 18:42
> To: users@cloudstack.apache.org
> Subject: system vms
>
> Hi,
>
> Could anyone help with this question?
>
> Which IP address space should be used for system VMs for a zone -- I
> cannot find any documentation related to storage VMs networking, they
> start with two sets of IP addresses -- private and not private -- but I
> cannot find any references -- how Cloudstack decides which IP network to
> use for what and what kind of communications is expected between
> storage/console VMs, management servers and KVM hosts.
>
>
> Sincerely
>
> Andrey
>
>
>
>

Re: Problem creating a VM

[vas...@gmx.de]

HI,

as a quick thought - have you seen the following advisorty
https://blogs.apache.org/cloudstack/entry/advisory-apache-cloudstack-advisory-on

also it would be helpful to see the agent logs from the host where the VM
shall be deployed to.
Regards,
Chris

Am So., 21. Aug. 2022 um 13:09 Uhr schrieb Aufgabe Zwei <
aufgabez...@gmail.com>:

> Hello,
>
> I would be grateful if you can assist or point me in the right direction.
>
> I have tried for almost a month to create a test deployment of cloudstack
> but each time I get to creating a vm instance, I get the error message
>
> Start instance
> > (VM1) Unable to create deployment, no usable volumes found for the VM:
> 1015
> >
>
> I tried to find a fix on my own and have literally done a lot of searching
> and reading around but I just can find the reason.
>
> I have ensured that the host, storage are correctly tagged. I have enabled
> local storage and created local service offerings
>
> I followed these guides:
>
> Quick Installation Guide — Apache CloudStack 4.17.0.0 documentation
> <
> http://docs.cloudstack.apache.org/en/latest/quickinstallationguide/qig.html#setting-up-a-zone
> >
>
> hackerbook/1-user.md at main · shapeblue/hackerbook · GitHub
> 
>
> Thank you
>
> management log:
>
> > 2022-08-21 10:58:58,379 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
> > (API-Job-Executor-8:ctx-a898686b job-3069 ctx-2b5b16cb) (logid:0e77f2bc)
> > Trying to allocate a host and storage pools from dc:1,
> > pod:null,cluster:null, requested cpu: 4500, requested ram: (2.00 GB)
> > 2147483648
> > 2022-08-21 10:58:58,379 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
> > (API-Job-Executor-8:ctx-a898686b job-3069 ctx-2b5b16cb) (logid:0e77f2bc)
> Is
> > ROOT volume READY (pool already allocated)?: No
> > 2022-08-21 10:58:58,381 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
> > (API-Job-Executor-8:ctx-a898686b job-3069 ctx-2b5b16cb) (logid:0e77f2bc)
> > Deploy avoids pods: [], clusters: [], hosts: []
> > 2022-08-21 10:58:58,381 DEBUG [c.c.d.FirstFitPlanner]
> > (API-Job-Executor-8:ctx-a898686b job-3069 ctx-2b5b16cb) (logid:0e77f2bc)
> > Searching all possible resources under this Zone: 1
> > 2022-08-21 10:58:58,382 DEBUG [c.c.d.FirstFitPlanner]
> > (API-Job-Executor-8:ctx-a898686b job-3069 ctx-2b5b16cb) (logid:0e77f2bc)
> > Listing clusters in order of aggregate capacity, that have (at least one
> > host with) enough CPU and RAM capacity under this Zone: 1
> > 2022-08-21 10:58:58,383 DEBUG [c.c.d.FirstFitPlanner]
> > (API-Job-Executor-8:ctx-a898686b job-3069 ctx-2b5b16cb) (logid:0e77f2bc)
> > Removing from the clusterId list these clusters from avoid set: []
> > 2022-08-21 10:58:58,384 DEBUG [c.c.d.FirstFitPlanner]
> > (API-Job-Executor-8:ctx-a898686b job-3069 ctx-2b5b16cb) (logid:0e77f2bc)
> > The clusterId list for the given offering tag: [1]
> > 2022-08-21 10:58:58,385 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
> > (API-Job-Executor-8:ctx-a898686b job-3069 ctx-2b5b16cb) (logid:0e77f2bc)
> > Checking resources in Cluster: 1 under Pod: 1
> > 2022-08-21 10:58:58,386 INFO  [c.c.a.m.a.i.FirstFitAllocator]
> > (API-Job-Executor-8:ctx-a898686b job-3069 ctx-2b5b16cb
> > FirstFitRoutingAllocator) (logid:0e77f2bc)  Guest VM is requested with
> > Custom[UEFI] Boot Type false
> > 2022-08-21 10:58:58,386 DEBUG [c.c.a.m.a.i.FirstFitAllocator]
> > (API-Job-Executor-8:ctx-a898686b job-3069 ctx-2b5b16cb
> > FirstFitRoutingAllocator) (logid:0e77f2bc) Looking for hosts in dc: 1
> >  pod:1  cluster:1
> > 2022-08-21 10:58:58,386 DEBUG [c.c.a.m.a.i.FirstFitAllocator]
> > (API-Job-Executor-8:ctx-a898686b job-3069 ctx-2b5b16cb
> > FirstFitRoutingAllocator) (logid:0e77f2bc) Looking for hosts having tag
> > specified on SvcOffering:local
> > 2022-08-21 10:58:58,386 DEBUG [c.c.a.m.a.i.FirstFitAllocator]
> > (API-Job-Executor-8:ctx-a898686b job-3069 ctx-2b5b16cb
> > FirstFitRoutingAllocator) (logid:0e77f2bc) Hosts with tag 'local'
> are:[Host
> > {"id": "43", "name": "rs2", "uuid":
> "a3c2ef7e-d639-4dba-b727-e7bd0c371e4c",
> > "type"="Routing"}]
> > 2022-08-21 10:58:58,386 DEBUG [c.c.a.m.a.i.FirstFitAllocator]
> > (API-Job-Executor-8:ctx-a898686b job-3069 ctx-2b5b16cb
> > FirstFitRoutingAllocator) (logid:0e77f2bc) FirstFitAllocator has 1 hosts
> to
> > check for allocation: [Host {"id": "43", "name": "rs2", "uuid":
> > "a3c2ef7e-d639-4dba-b727-e7bd0c371e4c", "type"="Routing"}]
> > 2022-08-21 10:58:58,387 DEBUG [c.c.a.m.a.i.FirstFitAllocator]
> > (API-Job-Executor-8:ctx-a898686b job-3069 ctx-2b5b16cb
> > FirstFitRoutingAllocator) (logid:0e77f2bc) Found 1 hosts for allocation
> > after prioritization: [Host {"id": "43", "name": "rs2", "uuid":
> > "a3c2ef7e-d639-4dba-b727-e7bd0c371e4c", "type"="Routing"}]
> > 2022-08-21 10:58:58,387 DEBUG [c.c.a.m.a.i.FirstFitAllocator]
> > (API-Job-Executor-8:ctx-a898686b job-3069 ctx-2b5b16cb
> > FirstFitRoutingAllocator) (logid:0e77f2bc) Looking for speed=4500Mhz,
> > Ram=2048 MB
>
>  2022-08-21 10:58

Error migrate System VMs after upgrageing to 4.17

[vas...@gmx.de]

Hi everyone,

faceing some challanges again after upgradeing to 4.17.
Did as explained in the docs.

Afterwards I am now not able to migrate system VMs to different hosts.
Getting the error
"Exception during migrate: org.libvirt.LibvirtException: Cannot access
storage file '/usr/share/cloudstack-common/vms/systemvm.iso': No such file
or directory"

Checked the exitstence of the file on the servers:
Mangement-Server has a "systemvm.iso.bak"
Hosts - no "systemvm.iso" at all present.

Maybe someone has an idea on how to move on with this?

Regards,
Chris

Agent erros while looking up host ressources after upgrade to 4.17

[vas...@gmx.de]

Hi,

after upgradeing our CS agents to 4.17 we see in our logfiles some errors
and warnings.
Hosts are running ubuntu 20.04 - latest patches applied.
First:
After start / restart of the Agent we are getting errors that the Agent
can't get the CPU values:

2022-08-28 13:36:51,849 INFO  [utils.linux.KVMHostInfo]
(Agent-Handler-1:null) (logid:) Fetching CPU speed from command "lscpu".
2022-08-28 13:36:51,858 ERROR [utils.linux.KVMHostInfo]
(Agent-Handler-1:null) (logid:) Unable to retrieve the CPU speed from lscpu.
java.lang.NullPointerException
at
java.base/jdk.internal.math.FloatingDecimal.readJavaFormatString(FloatingDecimal.java:1838)
at
java.base/jdk.internal.math.FloatingDecimal.parseFloat(FloatingDecimal.java:122)
at java.base/java.lang.Float.parseFloat(Float.java:455)
at
org.apache.cloudstack.utils.linux.KVMHostInfo.getCpuSpeedFromCommandLscpu(KVMHostInfo.java:107)
at
org.apache.cloudstack.utils.linux.KVMHostInfo.getCpuSpeed(KVMHostInfo.java:87)
at
org.apache.cloudstack.utils.linux.KVMHostInfo.getHostInfoFromLibvirt(KVMHostInfo.java:133)
at
org.apache.cloudstack.utils.linux.KVMHostInfo.(KVMHostInfo.java:53)
at
com.cloud.hypervisor.kvm.resource.LibvirtComputingResource.initialize(LibvirtComputingResource.java:3373)
at com.cloud.agent.Agent.sendStartup(Agent.java:441)
at com.cloud.agent.Agent$ServerHandler.doTask(Agent.java:1099)
at com.cloud.utils.nio.Task.call(Task.java:83)
at com.cloud.utils.nio.Task.call(Task.java:29)
at
java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
2022-08-28 13:36:51,859 INFO  [utils.linux.KVMHostInfo]
(Agent-Handler-1:null) (logid:) Fetching CPU speed from file
[/sys/devices/system/cpu/cpu0/cpufreq/base_frequency].
2022-08-28 13:36:51,860 ERROR [utils.linux.KVMHostInfo]
(Agent-Handler-1:null) (logid:) Unable to retrieve the CPU speed from file
[/sys/devices/system/cpu/cpu0/cpufreq/base_frequency]
java.io.FileNotFoundException:
/sys/devices/system/cpu/cpu0/cpufreq/base_frequency (No such file or
directory)
at java.base/java.io.FileInputStream.open0(Native Method)
at java.base/java.io.FileInputStream.open(FileInputStream.java:219)
at
java.base/java.io.FileInputStream.(FileInputStream.java:157)
at
java.base/java.io.FileInputStream.(FileInputStream.java:112)
at java.base/java.io.FileReader.(FileReader.java:60)
at
org.apache.cloudstack.utils.linux.KVMHostInfo.getCpuSpeedFromFile(KVMHostInfo.java:118)
at
org.apache.cloudstack.utils.linux.KVMHostInfo.getCpuSpeed(KVMHostInfo.java:92)
at
org.apache.cloudstack.utils.linux.KVMHostInfo.getHostInfoFromLibvirt(KVMHostInfo.java:133)
at
org.apache.cloudstack.utils.linux.KVMHostInfo.(KVMHostInfo.java:53)
at
com.cloud.hypervisor.kvm.resource.LibvirtComputingResource.initialize(LibvirtComputingResource.java:3373)
at com.cloud.agent.Agent.sendStartup(Agent.java:441)
at com.cloud.agent.Agent$ServerHandler.doTask(Agent.java:1099)
at com.cloud.utils.nio.Task.call(Task.java:83)
at com.cloud.utils.nio.Task.call(Task.java:29)
at
java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
2022-08-28 13:36:51,860 INFO  [utils.linux.KVMHostInfo]
(Agent-Handler-1:null) (logid:) Using the value [1803] provided by Libvirt.

How ever it seems that values from libvirt are provided.
More "concerning" ist the following warnings from the logfiles:

[kvm.resource.LibvirtComputingResource] (agentRequest-Handler-3:null)
(logid:44ab098e) Couldn't retrieve free memory, returning -1.

Some kind on advice / how solve these would be wonderful.
regards,
chris

Re: Agent erros while looking up host ressources after upgrade to 4.17

[vas...@gmx.de]

Okay, seems even worse imapacts

It seems the values for CPU_Speed are now getting wrong and impacting the
overall allocation... i have 4 identical servers here and all are shown
with different CPU Speed in the CS Management.
Seems like the reported CPU speed for the agent is currently the "live"
frequency of the cpu of the host... not the max. possible... which has been
used before...


Am So., 28. Aug. 2022 um 14:04 Uhr schrieb vas...@gmx.de :

> Hi,
>
> after upgradeing our CS agents to 4.17 we see in our logfiles some errors
> and warnings.
> Hosts are running ubuntu 20.04 - latest patches applied.
> First:
> After start / restart of the Agent we are getting errors that the Agent
> can't get the CPU values:
>
> 2022-08-28 13:36:51,849 INFO  [utils.linux.KVMHostInfo]
> (Agent-Handler-1:null) (logid:) Fetching CPU speed from command "lscpu".
> 2022-08-28 13:36:51,858 ERROR [utils.linux.KVMHostInfo]
> (Agent-Handler-1:null) (logid:) Unable to retrieve the CPU speed from lscpu.
> java.lang.NullPointerException
> at
> java.base/jdk.internal.math.FloatingDecimal.readJavaFormatString(FloatingDecimal.java:1838)
> at
> java.base/jdk.internal.math.FloatingDecimal.parseFloat(FloatingDecimal.java:122)
> at java.base/java.lang.Float.parseFloat(Float.java:455)
> at
> org.apache.cloudstack.utils.linux.KVMHostInfo.getCpuSpeedFromCommandLscpu(KVMHostInfo.java:107)
> at
> org.apache.cloudstack.utils.linux.KVMHostInfo.getCpuSpeed(KVMHostInfo.java:87)
> at
> org.apache.cloudstack.utils.linux.KVMHostInfo.getHostInfoFromLibvirt(KVMHostInfo.java:133)
> at
> org.apache.cloudstack.utils.linux.KVMHostInfo.(KVMHostInfo.java:53)
> at
> com.cloud.hypervisor.kvm.resource.LibvirtComputingResource.initialize(LibvirtComputingResource.java:3373)
> at com.cloud.agent.Agent.sendStartup(Agent.java:441)
> at com.cloud.agent.Agent$ServerHandler.doTask(Agent.java:1099)
> at com.cloud.utils.nio.Task.call(Task.java:83)
> at com.cloud.utils.nio.Task.call(Task.java:29)
> at
> java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
> at
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
> at
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
> at java.base/java.lang.Thread.run(Thread.java:829)
> 2022-08-28 13:36:51,859 INFO  [utils.linux.KVMHostInfo]
> (Agent-Handler-1:null) (logid:) Fetching CPU speed from file
> [/sys/devices/system/cpu/cpu0/cpufreq/base_frequency].
> 2022-08-28 13:36:51,860 ERROR [utils.linux.KVMHostInfo]
> (Agent-Handler-1:null) (logid:) Unable to retrieve the CPU speed from file
> [/sys/devices/system/cpu/cpu0/cpufreq/base_frequency]
> java.io.FileNotFoundException:
> /sys/devices/system/cpu/cpu0/cpufreq/base_frequency (No such file or
> directory)
> at java.base/java.io.FileInputStream.open0(Native Method)
> at java.base/java.io.FileInputStream.open(FileInputStream.java:219)
> at
> java.base/java.io.FileInputStream.(FileInputStream.java:157)
> at
> java.base/java.io.FileInputStream.(FileInputStream.java:112)
> at java.base/java.io.FileReader.(FileReader.java:60)
> at
> org.apache.cloudstack.utils.linux.KVMHostInfo.getCpuSpeedFromFile(KVMHostInfo.java:118)
> at
> org.apache.cloudstack.utils.linux.KVMHostInfo.getCpuSpeed(KVMHostInfo.java:92)
> at
> org.apache.cloudstack.utils.linux.KVMHostInfo.getHostInfoFromLibvirt(KVMHostInfo.java:133)
> at
> org.apache.cloudstack.utils.linux.KVMHostInfo.(KVMHostInfo.java:53)
> at
> com.cloud.hypervisor.kvm.resource.LibvirtComputingResource.initialize(LibvirtComputingResource.java:3373)
> at com.cloud.agent.Agent.sendStartup(Agent.java:441)
> at com.cloud.agent.Agent$ServerHandler.doTask(Agent.java:1099)
> at com.cloud.utils.nio.Task.call(Task.java:83)
> at com.cloud.utils.nio.Task.call(Task.java:29)
> at
> java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
> at
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
> at
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
> at java.base/java.lang.Thread.run(Thread.java:829)
> 2022-08-28 13:36:51,860 INFO  [utils.linux.KVMHostInfo]
> (Agent-Handler-1:null) (logid:) Using the value [1803] provided by Libvirt.
>
> How ever it seems that values from libvirt are provided.
> More "concerning" ist the following warnings from the logfiles:
>
> [kvm.resource.LibvirtComputingResource] (agentRequest-Handler-3:null)
> (logid:44ab098e) Couldn't retrieve free memory, returning -1.
>
> Some kind on advice / how solve these would be wonderful.
> regards,
> chris
>

Re: Agent erros while looking up host ressources after upgrade to 4.17

[vas...@gmx.de]

First mitigation was to edit "agent.conf" and add the
host.cpu.manual.speed.mhz - option manually.
So the hosts are availeable for migration purposes.

So actually the warning " [kvm.resource.LibvirtComputingResource]
(agentRequest-Handler-3:null) (logid:44ab098e) Couldn't retrieve free
memory, returning -1. " is left to deal with.
Any help / information is appreciated.

Regards
Chris

Am So., 28. Aug. 2022 um 14:51 Uhr schrieb vas...@gmx.de :

> Okay, seems even worse imapacts
>
> It seems the values for CPU_Speed are now getting wrong and impacting the
> overall allocation... i have 4 identical servers here and all are shown
> with different CPU Speed in the CS Management.
> Seems like the reported CPU speed for the agent is currently the "live"
> frequency of the cpu of the host... not the max. possible... which has been
> used before...
>
>
> Am So., 28. Aug. 2022 um 14:04 Uhr schrieb vas...@gmx.de :
>
>> Hi,
>>
>> after upgradeing our CS agents to 4.17 we see in our logfiles some errors
>> and warnings.
>> Hosts are running ubuntu 20.04 - latest patches applied.
>> First:
>> After start / restart of the Agent we are getting errors that the Agent
>> can't get the CPU values:
>>
>> 2022-08-28 13:36:51,849 INFO  [utils.linux.KVMHostInfo]
>> (Agent-Handler-1:null) (logid:) Fetching CPU speed from command "lscpu".
>> 2022-08-28 13:36:51,858 ERROR [utils.linux.KVMHostInfo]
>> (Agent-Handler-1:null) (logid:) Unable to retrieve the CPU speed from lscpu.
>> java.lang.NullPointerException
>> at
>> java.base/jdk.internal.math.FloatingDecimal.readJavaFormatString(FloatingDecimal.java:1838)
>> at
>> java.base/jdk.internal.math.FloatingDecimal.parseFloat(FloatingDecimal.java:122)
>> at java.base/java.lang.Float.parseFloat(Float.java:455)
>> at
>> org.apache.cloudstack.utils.linux.KVMHostInfo.getCpuSpeedFromCommandLscpu(KVMHostInfo.java:107)
>> at
>> org.apache.cloudstack.utils.linux.KVMHostInfo.getCpuSpeed(KVMHostInfo.java:87)
>> at
>> org.apache.cloudstack.utils.linux.KVMHostInfo.getHostInfoFromLibvirt(KVMHostInfo.java:133)
>> at
>> org.apache.cloudstack.utils.linux.KVMHostInfo.(KVMHostInfo.java:53)
>> at
>> com.cloud.hypervisor.kvm.resource.LibvirtComputingResource.initialize(LibvirtComputingResource.java:3373)
>> at com.cloud.agent.Agent.sendStartup(Agent.java:441)
>> at com.cloud.agent.Agent$ServerHandler.doTask(Agent.java:1099)
>> at com.cloud.utils.nio.Task.call(Task.java:83)
>> at com.cloud.utils.nio.Task.call(Task.java:29)
>> at
>> java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
>> at
>> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
>> at
>> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
>> at java.base/java.lang.Thread.run(Thread.java:829)
>> 2022-08-28 13:36:51,859 INFO  [utils.linux.KVMHostInfo]
>> (Agent-Handler-1:null) (logid:) Fetching CPU speed from file
>> [/sys/devices/system/cpu/cpu0/cpufreq/base_frequency].
>> 2022-08-28 13:36:51,860 ERROR [utils.linux.KVMHostInfo]
>> (Agent-Handler-1:null) (logid:) Unable to retrieve the CPU speed from file
>> [/sys/devices/system/cpu/cpu0/cpufreq/base_frequency]
>> java.io.FileNotFoundException:
>> /sys/devices/system/cpu/cpu0/cpufreq/base_frequency (No such file or
>> directory)
>> at java.base/java.io.FileInputStream.open0(Native Method)
>> at
>> java.base/java.io.FileInputStream.open(FileInputStream.java:219)
>> at
>> java.base/java.io.FileInputStream.(FileInputStream.java:157)
>> at
>> java.base/java.io.FileInputStream.(FileInputStream.java:112)
>> at java.base/java.io.FileReader.(FileReader.java:60)
>> at
>> org.apache.cloudstack.utils.linux.KVMHostInfo.getCpuSpeedFromFile(KVMHostInfo.java:118)
>> at
>> org.apache.cloudstack.utils.linux.KVMHostInfo.getCpuSpeed(KVMHostInfo.java:92)
>> at
>> org.apache.cloudstack.utils.linux.KVMHostInfo.getHostInfoFromLibvirt(KVMHostInfo.java:133)
>> at
>> org.apache.cloudstack.utils.linux.KVMHostInfo.(KVMHostInfo.java:53)
>> at
>> com.cloud.hypervisor.kvm.resource.LibvirtComputingResource.initialize(LibvirtComputingResource.java:3373)
>> at com.cloud.agent.Agent.sendStartup(Agent.java:441)
>> at com.cloud.agent.Agent$ServerHandler.doTask(Agent.java:1099)
>> at com.cloud.utils.nio.Task

Re: Error migrate System VMs after upgrageing to 4.17

[vas...@gmx.de]

gAYcQB-ABlzcQB-AAwCAAAEaHB0ACdqYXZhLnV0aWwuY29uY3VycmVudC5UaHJlYWRQb29sRXhlY3V0b3J0ABdUaHJlYWRQb29sRXhlY3V0b3IuamF2YXQACXJ1bldvcmtlcnEAfgAYcQB-ABlzcQB-AAwCAAACdHB0AC5qYXZhLnV0aWwuY29uY3VycmVudC5UaHJlYWRQb29sRXhlY3V0b3IkV29ya2VycQB-AEJxAH4ALXEAfgAYcQB-ABlzcQB-AAwCAAADPXB0ABBqYXZhLmxhbmcuVGhyZWFkdAALVGhyZWFkLmphdmFxAH4ALXEAfgAYcQB-ABlzcgAfamF2YS51dGlsLkNvbGxlY3Rpb25zJEVtcHR5TGlzdHq4F7Q8p57eAgAAeHB4AAAQmncIAAB4
2022-08-29 10:51:56,264 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
(Work-Job-Executor-58:ctx-dd8fe695 job-3445/job-3539 ctx-073f2751)
(logid:ba10fec5) Publish async job-3539 complete on message bus
2022-08-29 10:51:56,264 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
(Work-Job-Executor-58:ctx-dd8fe695 job-3445/job-3539 ctx-073f2751)
(logid:ba10fec5) Wake up jobs related to job-3539
2022-08-29 10:51:56,264 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
(Work-Job-Executor-58:ctx-dd8fe695 job-3445/job-3539 ctx-073f2751)
(logid:ba10fec5) Update db status for job-3539
2022-08-29 10:51:56,266 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
(Work-Job-Executor-58:ctx-dd8fe695 job-3445/job-3539 ctx-073f2751)
(logid:ba10fec5) Wake up jobs joined with job-3539 and disjoin all subjobs
created from job- 3539
2022-08-29 10:51:56,276 DEBUG [c.c.v.VmWorkJobDispatcher]
(Work-Job-Executor-58:ctx-dd8fe695 job-3445/job-3539) (logid:ba10fec5) Done
with run of VM work job: com.cloud.vm.VmWorkStart for VM 83, job origin:
3445
2022-08-29 10:51:56,276 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
(Work-Job-Executor-58:ctx-dd8fe695 job-3445/job-3539) (logid:ba10fec5) Done
executing com.cloud.vm.VmWorkStart for job-3539
2022-08-29 10:51:56,278 INFO  [o.a.c.f.j.i.AsyncJobMonitor]
(Work-Job-Executor-58:ctx-dd8fe695 job-3445/job-3539) (logid:ba10fec5)
Remove job-3539 from job monitoring
2022-08-29 10:51:56,285 WARN  [c.c.c.ConsoleProxyManagerImpl]
(consoleproxy-1:ctx-88c25b3a) (logid:d39faaa7) Unable to allocate console
proxy standby capacity for zone [1] due to [Unable to orchestrate start VM
instance {id: "83", name: "v-83-VM", uuid:
"b1d1f9c6-eafe-4527-9335-e649c646aab0", type="ConsoleProxy"} due to [Unable
to create deployment, no usable volumes found for the VM: 83].].
com.cloud.utils.exception.CloudRuntimeException: Unable to orchestrate
start VM instance {id: "83", name: "v-83-VM", uuid:
"b1d1f9c6-eafe-4527-9335-e649c646aab0", type="ConsoleProxy"} due to [Unable
to create deployment, no usable volumes found for the VM: 83].
at
com.cloud.vm.VirtualMachineManagerImpl.orchestrateStart(VirtualMachineManagerImpl.java:5319)
at jdk.internal.reflect.GeneratedMethodAccessor945.invoke(Unknown Source)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at
com.cloud.vm.VmWorkJobHandlerProxy.handleVmWorkJob(VmWorkJobHandlerProxy.java:107)
at
com.cloud.vm.VirtualMachineManagerImpl.handleVmWorkJob(VirtualMachineManagerImpl.java:5439)
at com.cloud.vm.VmWorkJobDispatcher.runJob(VmWorkJobDispatcher.java:102)
at
org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.runInContext(AsyncJobManagerImpl.java:620)
at
org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:48)
at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:55)
at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:102)
at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:52)
at
org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:45)
at
org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.run(AsyncJobManagerImpl.java:568)
at
java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
2022-08-29 10:51:56,287 DEBUG [c.c.a.ConsoleProxyAlertAdapter]
(consoleproxy-1:ctx-88c25b3a) (logid:d39faaa7) received console proxy alert
2022-08-29 10:51:56,288 DEBUG [c.c.a.ConsoleProxyAlertAdapter]
(consoleproxy-1:ctx-88c25b3a) (logid:d39faaa7) Console proxy creation
failure, zone: blabla
2022-08-29 10:51:56,289 WARN  [c.c.a.AlertManagerImpl]
(consoleproxy-1:ctx-88c25b3a) (logid:d39faaa7) alertType=[10]
dataCenterId=[1] podId=[null] clusterId=[null] message=[Console proxy
creation failure. zone: blabla, error details: Unable to orchestrate start
VM instance {id: "83", name: "v-83-VM", uuid:
"b1d1f9c6-eafe-4527-9335-e649c646aab0", type="ConsoleProxy"} due to [Unable
to create deployment, no usable volumes found for the VM: 83].].




Am Mo., 29. Aug. 2022 um 09:40 Uhr schrieb Slavka Peleva
:

> Hi Chris,
>
> Did you recreate the system VMs? In the 4.17 version, the `systemvm.iso` is
> deprecated. In its place, you should have the file on agents
> `/usr/share/cloudstack-common/vms/agent.zip`.
> Can you share the complete log if the system VMs are newly created after
> the upgrade?
>
> Best regards,
> Slavka
>
> On Sun, Aug 28, 2022 at 2:16 PM vas...@gmx.de  wrote:
>
> > Hi everyone,
> >
> > faceing some challanges again after upgradeing to 4.17.
> > Did as explained in the docs.
> >
> > Afterwards I am now not able to migrate system VMs to different hosts.
> > Getting the error
> > "Exception during migrate: org.libvirt.LibvirtException: Cannot access
> > storage file '/usr/share/cloudstack-common/vms/systemvm.iso': No such
> file
> > or directory"
> >
> > Checked the exitstence of the file on the servers:
> > Mangement-Server has a "systemvm.iso.bak"
> > Hosts - no "systemvm.iso" at all present.
> >
> > Maybe someone has an idea on how to move on with this?
> >
> > Regards,
> > Chris
> >
>

Re: Error migrate System VMs after upgrageing to 4.17

[vas...@gmx.de]

Hi Slavka,

thats what i did after your suggestion / informatin and where the error
occured.
Deleted / Destroyed the consoleproxy and waited till recreation. Which
didn't worked throwing the error i pasted above.
Sorry for beeing so unspecific.

Regards,
Chris

Am Mo., 29. Aug. 2022 um 12:46 Uhr schrieb Slavka Peleva <
slav...@storpool.com>:

> Hi Chris,
>
> I mean to recreate the system VMs by destroying them.
>
> On Mon, Aug 29, 2022 at 12:38 PM vas...@gmx.de  wrote:
>
>> Hi Slavka,
>>
>> didn't tried to restart the SystemVMs. Reading through the docs i had the
>> impression that "live-patching" would be enough for this
>> Anyway - I tried my luck with the console proxy.
>>
>> Which failed utterly. Not starting as it isn't finding any useable
>> storage pool. - logs at the end of the mail.
>>
>> I tried deploying a VM using the same storage pool which worked
>> wonderfully.
>> There i noticed that all my custome storage-offerings are unuseable at
>> the moment. They are not accepting any custome storage sizes anymore...
>> Throwing failures "VM Creation failed. Volume size: -1GB is out of allowed
>> tange. Max:3072 Min:1"...
>> So this is also currently broken
>>
>> 2022-08-29 10:51:56,189 DEBUG [c.c.v.VmWorkJobDispatcher]
>> (Work-Job-Executor-58:ctx-dd8fe695 job-3445/job-3539) (logid:ba10fec5) Run
>> VM work job: com.cloud.vm.VmWorkStart for VM 83, job origin: 3445
>> 2022-08-29 10:51:56,191 DEBUG [c.c.v.VmWorkJobHandlerProxy]
>> (Work-Job-Executor-58:ctx-dd8fe695 job-3445/job-3539 ctx-073f2751)
>> (logid:ba10fec5) Execute VM work job:
>> com.cloud.vm.VmWorkStart{"dcId":0,"userId":1,"accountId":1,"vmId":83,"handlerName":"VirtualMachineManagerImpl"}
>> 2022-08-29 10:51:56,192 DEBUG [c.c.v.VirtualMachineManagerImpl]
>> (Work-Job-Executor-58:ctx-dd8fe695 job-3445/job-3539 ctx-073f2751)
>> (logid:ba10fec5) orchestrating VM start for 'v-83-VM'
>> com.cloud.vm.VirtualMachineProfile$Param@b66cdd7d set to null
>> 2022-08-29 10:51:56,198 DEBUG [c.c.c.CapacityManagerImpl]
>> (Work-Job-Executor-58:ctx-dd8fe695 job-3445/job-3539 ctx-073f2751)
>> (logid:ba10fec5) VM instance {id: "83", name: "v-83-VM", uuid:
>> "b1d1f9c6-eafe-4527-9335-e649c646aab0", type="ConsoleProxy"} state
>> transited from [Stopped] to [Starting] with event [StartRequested]. VM's
>> original host: null, new host: null, host before state transition: null
>> 2022-08-29 10:51:56,198 DEBUG [c.c.v.VirtualMachineManagerImpl]
>> (Work-Job-Executor-58:ctx-dd8fe695 job-3445/job-3539 ctx-073f2751)
>> (logid:ba10fec5) Successfully transitioned to start state for VM instance
>> {id: "83", name: "v-83-VM", uuid: "b1d1f9c6-eafe-4527-9335-e649c646aab0",
>> type="ConsoleProxy"} reservation id = 6641ccc0-bcef-4b1a-a1f7-8dd8000626ad
>> 2022-08-29 10:51:56,203 DEBUG [c.c.v.VirtualMachineManagerImpl]
>> (Work-Job-Executor-58:ctx-dd8fe695 job-3445/job-3539 ctx-073f2751)
>> (logid:ba10fec5) Deploy avoids pods: null, clusters: null, hosts: null
>> 2022-08-29 10:51:56,206 DEBUG [c.c.v.VirtualMachineManagerImpl]
>> (Work-Job-Executor-58:ctx-dd8fe695 job-3445/job-3539 ctx-073f2751)
>> (logid:ba10fec5) VM start attempt #1
>> 2022-08-29 10:51:56,207 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
>> (Work-Job-Executor-58:ctx-dd8fe695 job-3445/job-3539 ctx-073f2751)
>> (logid:ba10fec5) DeploymentPlanner allocation algorithm: null
>> 2022-08-29 10:51:56,207 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
>> (Work-Job-Executor-58:ctx-dd8fe695 job-3445/job-3539 ctx-073f2751)
>> (logid:ba10fec5) Trying to allocate a host and storage pools from dc:1,
>> pod:null,cluster:null, requested cpu: 500, requested ram: (1.00 GB)
>> 1073741824
>> 2022-08-29 10:51:56,207 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
>> (Work-Job-Executor-58:ctx-dd8fe695 job-3445/job-3539 ctx-073f2751)
>> (logid:ba10fec5) Is ROOT volume READY (pool already allocated)?: No
>> 2022-08-29 10:51:56,214 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
>> (Work-Job-Executor-58:ctx-dd8fe695 job-3445/job-3539 ctx-073f2751)
>> (logid:ba10fec5) Deploy avoids pods: [], clusters: [], hosts: null
>> 2022-08-29 10:51:56,215 DEBUG [c.c.d.FirstFitPlanner]
>> (Work-Job-Executor-58:ctx-dd8fe695 job-3445/job-3539 ctx-073f2751)
>> (logid:ba10fec5) Searching all possible resources under this Zone: 1
>> 2022-08-29 10:51:56,216 DEBUG [c.c.d.FirstFitPlanner]
>> (Work-Job-Executor-58:ctx-dd8fe695 job-3445/job-3539 ctx-073f2751)
>> (l

Re: Error migrate System VMs after upgrageing to 4.17

[vas...@gmx.de]

Hi Slavka,

no, i am not using any kind of custome offerings.

I try to provide a more detailled log this time.
Situation:
v-83-VM was the "broken" consoleproxy. So the following log starts with
it's expunging.
Afterwards the new consoleproxy shall be deployed - v-85-VM.

This first deployment (logid:dcfe0999) fails due to Insufficent address
capacity - which i can't really understand or see in the database, checking
the availeable IPs for systemVMs (given that i might looking up the wrong
tables).
How ever CS is working as expected trying to deploy the console proxy
(logid:440fd101) Sync job-4288).
That job fails with "Unable to create deployment, no usable volumes found
for the VM: 85".
Afterwards i have another try to start the consoleproxy (job-4289) which
fails for the same reason. And thats how things go on in the log file...


2022-08-29 17:01:16,224 DEBUG [c.c.v.VirtualMachineManagerImpl]
(API-Job-Executor-35:ctx-29e06f28 job-4286 ctx-442b1cb2) (logid:5fe8559a)
Cleaning up hypervisor data structures (ex. SRs in XenServer) for managed
storage. Data from VM instance {id: "83", name: "v-83-VM", uuid:
"b1d1f9c6-eafe-4527-9335-e649c646aab0", type="ConsoleProxy"}.
2022-08-29 17:01:16,225 DEBUG [o.a.c.e.o.VolumeOrchestrator]
(API-Job-Executor-35:ctx-29e06f28 job-4286 ctx-442b1cb2) (logid:5fe8559a)
Cleaning storage for vm: 83
2022-08-29 17:01:16,233 DEBUG [c.c.v.VirtualMachineManagerImpl]
(API-Job-Executor-35:ctx-29e06f28 job-4286 ctx-442b1cb2) (logid:5fe8559a)
Expunged VM instance {id: "83", name: "v-83-VM", uuid:
"b1d1f9c6-eafe-4527-9335-e649c646aab0", type="ConsoleProxy"}
2022-08-29 17:01:16,255 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
(API-Job-Executor-35:ctx-29e06f28 job-4286 ctx-442b1cb2) (logid:5fe8559a)
Complete async job-4286, jobStatus: SUCCEEDED, resultCode: 0, result:
org.apache.cloudstack.api.response.SystemVmResponse/systemvm/{"id":"b1d1f9c6-eafe-4527-9335-e649c646aab0","systemvmtype":"consoleproxy","zoneid":"48e2e928-3300-43b5-8e3a-d9b358022502","zonename":"xx","dns1":"10.129.0.4","dns2":"195.10.195.195","name":"v-83-VM","templateid":"c20799e4-a990-449a-aae6-4b67374c7aff","templatename":"systemvm-kvm-4.17.0","created":"2022-08-29T10:38:26+0200","state":"Stopped","isdynamicallyscalable":"false","hasannotations":"false"}
2022-08-29 17:01:16,256 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
(API-Job-Executor-35:ctx-29e06f28 job-4286 ctx-442b1cb2) (logid:5fe8559a)
Publish async job-4286 complete on message bus
2022-08-29 17:01:16,256 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
(API-Job-Executor-35:ctx-29e06f28 job-4286 ctx-442b1cb2) (logid:5fe8559a)
Wake up jobs related to job-4286
2022-08-29 17:01:16,256 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
(API-Job-Executor-35:ctx-29e06f28 job-4286 ctx-442b1cb2) (logid:5fe8559a)
Update db status for job-4286
2022-08-29 17:01:16,256 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
(API-Job-Executor-35:ctx-29e06f28 job-4286 ctx-442b1cb2) (logid:5fe8559a)
Wake up jobs joined with job-4286 and disjoin all subjobs created from job-
4286
2022-08-29 17:01:16,260 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
(API-Job-Executor-35:ctx-29e06f28 job-4286) (logid:5fe8559a) Done executing
org.apache.cloudstack.api.command.admin.systemvm.DestroySystemVmCmd for
job-4286
2022-08-29 17:01:16,260 INFO  [o.a.c.f.j.i.AsyncJobMonitor]
(API-Job-Executor-35:ctx-29e06f28 job-4286) (logid:5fe8559a) Remove
job-4286 from job monitoring
2022-08-29 17:01:17,691 DEBUG [o.a.c.h.HAManagerImpl]
(BackgroundTaskPollManager-6:ctx-6af18142) (logid:fe263a70) HA health check
task is running...

2022-08-29 17:01:21,694 DEBUG [o.a.c.h.HAManagerImpl]
(BackgroundTaskPollManager-6:ctx-89b1442f) (logid:0efc40b2) HA health check
task is running...
2022-08-29 17:01:25,698 DEBUG [o.a.c.h.HAManagerImpl]
(BackgroundTaskPollManager-5:ctx-62313d05) (logid:7073663f) HA health check
task is running...
2022-08-29 17:01:25,767 DEBUG [c.c.s.StatsCollector]
(secstorage-1:ctx-c80e5a6e) (logid:f8e3eb60) Verifying image storage [1].
Capacity: total=[1 TB], used=[828 GB], threshold=[100.0%].
2022-08-29 17:01:25,773 DEBUG [o.a.c.s.SecondaryStorageManagerImpl]
(secstorage-1:ctx-c80e5a6e) (logid:f8e3eb60) Zone [1] is ready to launch
secondary storage VM.
2022-08-29 17:01:26,031 DEBUG [c.c.c.ConsoleProxyManagerImpl]
(consoleproxy-1:ctx-2d236928) (logid:dcfe0999) Zone 1 is ready to launch
console proxy
2022-08-29 17:01:26,031 DEBUG [c.c.c.ConsoleProxyManagerImpl]
(consoleproxy-1:ctx-2d236928) (logid:dcfe0999) Expand console proxy standby
capacity for zone xx
2022-08-29 17:01:26,031 DEBUG [c.c.c.ConsoleProxyManagerImpl]
(consoleproxy-1:ctx-2d236928) (logid:dcfe0999) Allocating console proxy
standby capacity for zone [1].
2022-08-29 17:01:26,032 INFO  [c.c.c.ConsoleProxyManagerImpl]
(consoleproxy-1:ctx-2d236928) (logid:dcfe0999) No stopped console proxy is
available, need to allocate a new console proxy
2022-08-29 17:01:26,033 DEBUG [c.c.c.ConsoleProxyManagerImpl]
(consoleproxy-1:ctx-2d236928) (logid:dcfe0999) Assign console proxy