Return-Path: X-Original-To: apmail-cloudstack-users-archive@www.apache.org Delivered-To: apmail-cloudstack-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id A3706105B4 for ; Thu, 27 Nov 2014 11:57:47 +0000 (UTC) Received: (qmail 23272 invoked by uid 500); 27 Nov 2014 11:57:46 -0000 Delivered-To: apmail-cloudstack-users-archive@cloudstack.apache.org Received: (qmail 23223 invoked by uid 500); 27 Nov 2014 11:57:46 -0000 Mailing-List: contact users-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@cloudstack.apache.org Delivered-To: mailing list users@cloudstack.apache.org Received: (qmail 23207 invoked by uid 99); 27 Nov 2014 11:57:46 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 27 Nov 2014 11:57:46 +0000 X-ASF-Spam-Status: No, hits=-0.1 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of jayapalreddy.uradi@citrix.com designates 103.14.252.240 as permitted sender) Received: from [103.14.252.240] (HELO SMTP.CITRIX.COM.AU) (103.14.252.240) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 27 Nov 2014 11:57:20 +0000 X-IronPort-AV: E=Sophos;i="5.07,469,1413244800"; d="scan'208,217";a="11814657" From: Jayapal Reddy Uradi To: "" Subject: Re: security group and xenserver query Thread-Topic: security group and xenserver query Thread-Index: AQHQCL+Gs3qYThWUckG0SSIC1yqffJxw6dKAgAAD4oCAAAiRAIAA9xWAgAA2QoCAAAJjgIAAAWqAgAAEbYCAAAkLgIAAoH6AgACnNwCAAAnegIAAQWoAgAADbQCAAAsKgIAAArSAgAABpoA= Date: Thu, 27 Nov 2014 11:56:14 +0000 Message-ID: References: <051D2AA5-3B7E-483C-B8AD-94EC985B2629@citrix.com> <1005514299.23189.1416998793310.JavaMail.zimbra@li.nux.ro> <1417033259177.8389@shapeblue.com> <367FB0A1-5CE3-4003-B0EB-15B8A3F09AF5@citrix.com> <66A121DF-9F9F-403C-BB77-5D55815F4D2C@citrix.com> In-Reply-To: <66A121DF-9F9F-403C-BB77-5D55815F4D2C@citrix.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: Content-Type: multipart/alternative; boundary="_000_D75D5B504F334DB6B6DC8F2018321378citrixcom_" MIME-Version: 1.0 X-DLP: SIN1 X-Virus-Checked: Checked by ClamAV on apache.org --_000_D75D5B504F334DB6B6DC8F2018321378citrixcom_ Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable Hi Tejas, If you run the /opt/cloud/bin/copy_vhd_from_secondarystorage.sh script in x= enserver by uncommenting 'set -x' will give the reasons for failure. #/opt/cloud/bin/copy_vhd_from_secondarystorage.sh '10.3.4.40:/ibm/CloudSeco= ndary/template/tmpl/1/1/' '4436b39f-2d6b-d0ab-9074-f56daefd2f70' 'cloud-b25= f990a-a1fc-459b-87d5-faedf0335031' 1. Nov 27 16:18:16 cloud-host1 SM: [4394] ['bash', '/opt/cloud/bin/copy_vhd_fr= om_secondarystorage.sh', '10.3.4.40:/ibm/CloudSecondary/template/tmpl/1/1/'= , '4436b39f-2d6b-d0ab-9074-f56daefd2f70', 'cloud-b25f990a-a1fc-459b-87d5-fa= edf0335031'] 2. Nov 27 16:18:16 cloud-host1 SM: [4394] pread SUCCESS 3. Nov 27 16:18:17 cloud-host1 SM: [4457] ['bash', '/opt/cloud/bin/kill_copy_p= rocess.sh', ''] Thanks, Jayapl On 27-Nov-2014, at 5:20 PM, Jayapal Reddy Uradi > wrote: Hi Tejas, Set executable permission to vhd-util #chmod +x /opt/cloud/bin/vhd-util After this hopefully next spin of ssvm will come up. Thanks, Jayapal On 27-Nov-2014, at 5:10 PM, Tejas Sheth > wrote: Hi Jayapal, kindly find the output from above mention command. both location i have copied vhd-util manually #ls -l /opt/cloud/bin/vhd-util -rw-r--r-- 1 root root 318977 Sep 19 2012 /opt/cloud/bin/vhd-util # find /opt/ -iname vhd-util /opt/cloud/bin/vhd-util /opt/xensource/bin/vhd-util Following is the link for SMlog.log in pastebin.com http://pastebin.com/rzcmSbGJ Thanks and regards, Tejas On Thu, Nov 27, 2014 at 4:31 PM, Jayapal Reddy Uradi < jayapalreddy.uradi@citrix.com> wrote: Hi Tejas, Can also please send the corresponding xenserver logs /var/log/SMLog. When this error is seen in the MS, at the same time take xenserver logs. For this error xenserver logs will help. What is the cloudstack version are you using ? For your reference: #find /opt/ -iname vhd-util /opt/cloud/bin/vhd-util #ls -l /opt/cloud/bin/vhd-util -rwxr-xr-x 1 root root 318977 Sep 19 2012 /opt/cloud/bin/vhd-util Thanks, Jayapal On 27-Nov-2014, at 4:18 PM, Tejas Sheth wrote: Hello Jayapal, kindly find cloudstack-management log link for pastebin.com http://pastebin.com/VAgcfN05 Thanks. Tejas On Thu, Nov 27, 2014 at 12:24 PM, Jayapal Reddy Uradi < jayapalreddy.uradi@citrix.com> wrote: Please share full length of logs in pastebin.com to get the reason for failure of the systemvm. Along with the MS logs also check the host logs (/var/log/SMLog). Check systemvm.iso is present in the host. Thanks, Jayapal On 27-Nov-2014, at 11:49 AM, Tejas Sheth wrote: Hello Guyz, We are facing issue starting system VM. deployment is in production so really need your help. following is the log entry for the error and detail of the issue is defiend in my previous mail trail. 2014-11-26 21:45:31,516 ERROR [c.c.v.VirtualMachineManagerImpl] (secstorage-1:ctx-6761d068) Failed to start instance VM[SecondaryStorageVm|s-10-VM] 2014-11-26 21:46:01,499 ERROR [c.c.v.VirtualMachineManagerImpl] (secstorage-1:ctx-1085a3ab) Failed to start instance VM[SecondaryStorageVm|s-11-VM] Catch Exception com.cloud.utils.exception.CloudRuntimeException for template + due to com.cloud.utils.exception.CloudRuntimeException: can not create vdi in sr 3e1f2113-438a-05e7-1b46-4c9b14d56144 com.cloud.utils.exception.CloudRuntimeException: can not create vdi in sr 3e1f2113-438a-05e7-1b46-4c9b14d56144 2014-11-27 00:00:25,075 INFO [o.a.c.s.v.VolumeServiceImpl] (secstorage-1:ctx-b64088a4) Unable to acquire lock on VMTemplateStoragePool 684 Exception while trying to start secondary storage vm com.cloud.exception.AgentUnavailableException: Resource [Host:2] is unreachable: Host 2: Unable to start instance due to null 2014-11-26 21:43:31,828 INFO [c.c.s.s.SecondaryStorageManagerImpl] (secstorage-1:ctx-be9596e4) Unable to start secondary storage vm for standby capacity, secStorageVm vm Id : 6, will recycle it and start a new one Appriciate an immidiate help for above issue. Thanks, Tejas On Nov 27, 2014 1:51 AM, "Geoff Higginbottom" < geoff.higginbottom@shapeblue.com> wrote: Sorry Nux, but YES there are Customer Specific VLANs in a Security Group enabled Advanced Zone. When you create an Advanced Zone with Security Groups you initially create a 'default guest network' and you allocate a VLAN and IP range to this network. This is then used by System VMs and can also be used by all Accounts. However you can then, as a Root Admin, create additional Guest Networks using the 'Offering for shared security group enabled networks' and dedicate this to a Domain or an Account. When doing so you allocate a different VLAN for each additional Guest Network. The IP range allocated to each network can be either a true Public IP range OR a Private IP range fronted by a Router/Firewall/Load Balancer etc but this will be outside of CloudStack control. So to answer the original question it is possible to allocate a separate VLAN to each Guest Network and if required to front this network with a Load Balancer and Firewall to provide additional services, but you need to manage these devices separately so is not a typical configuration for a Public Cloud, but could be used in a Private Cloud. Kind Regards Geoff Higginbottom CTO / Cloud Architect D: +44 20 3603 0542 | S: +44 20 3603 0540 | M: +447968161581 geoff.higginbottom@shapeblue.com | www.shapeblue.com | Twitter:@shapeblue ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N 4HS ________________________________________ From: Nux! Sent: 26 November 2014 10:46 To: users@cloudstack.apache.org Subject: Re: security group and xenserver query No, in Advanced Zone with SG - just like in Basic zone - there is no per customer VLAN; there are no firewall, load balancer or additional NICs; there is also no IPv6. A VM will just get a public IP via DHCP and that's it, the customers are isolated via "security groups" which is a fancy name for iptables rules. Hope this clears it up. -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro ----- Original Message ----- From: "Tejas Sheth" To: users@cloudstack.apache.org Sent: Wednesday, 26 November, 2014 10:14:11 Subject: Re: security group and xenserver query Thanks for simplification, so it means that each account will have seprate VLAN with its own subnet and those VLANs will be created and configured in physical switch? if architecture is above mentioned way configured then how can we achieve NAT and loadbalancing? Thanks Tejas On Wed, Nov 26, 2014 at 3:28 PM, Geoff Higginbottom < geoff.higginbottom@shapeblue.com> wrote: I like to think of Advanced Network with SG as simply multiple Basic Networks, each on its own VLAN. You have the same features (or rather lack of) as you would with a Basic Zone, but you have multiple Guest Networks. Regards Geoff Higginbottom D: +44 20 3603 0542 | S: +44 20 3603 0540 | M: +447968161581 geoff.higginbottom@shapeblue.com -----Original Message----- From: Tejas Sheth [mailto:tsheth.p@gmail.com] Sent: 26 November 2014 09:53 To: users@cloudstack.apache.org Subject: Re: security group and xenserver query so NAT and loadbalancers are not possible if we use security group? so it meanse there will be no internal and external IPs for VMs. is it correct? On Wed, Nov 26, 2014 at 3:14 PM, Jayapal Reddy Uradi < jayapalreddy.uradi@citrix.com> wrote: For SG networks there is no public network. We configure public ips for the guest network. -Jayapal On 26-Nov-2014, at 12:00 PM, Tejas Sheth wrote: Hello, I have made the bridge configuration, but when i am selecting advance zone. it is not showing public network configuration. only guest and management is availabel. also internal CIDR ip configuration is also not available. i think it is cinverting to basic zone if we select security group and xenserver as hypervisor. Thanks Tejas On Tue, Nov 25, 2014 at 9:16 PM, Jayapal Reddy Uradi < jayapalreddy.uradi@citrix.com> wrote: For 6.2 you no need to install CSP. My typo mistake in last mail. sysctl.conf is fine. Thanks, Jayapal On 25-Nov-2014, at 8:45 PM, Tejas Sheth wrote: Thanks, So can i take it as confirmation and proceed with only following bridge configuration in xenserver 6.2? # xe-switch-network-backend bridge # vi /etc/sysctl.conf net.bridge.bridge-nf-call-iptables =3D 1 net.bridge.bridge-nf-call-ip6tables =3D 0 net.bridge.bridge-nf-call-arptables =3D 1 # sysctl -p /etc/sysctl.conf Require confirmation for sysctl.cnf configuration part. Thanks and regards, Tejas On Tue, Nov 25, 2014 at 8:31 PM, Vadim Kimlaychuk < Vadim.Kimlaychuk@elion.ee wrote: XenServer does not need any package to be expicitly installed. When you add host to CS it copies some files to the host itself and you don't need to bother about them usually. Vadim. -----Original Message----- From: Tejas Sheth [mailto:tsheth.p@gmail.com] Sent: Tuesday, November 25, 2014 4:52 PM To: users@cloudstack.apache.org Subject: security group and xenserver query Hello Jayapal, Thanks for reply, I have understood the bridge configuration part but can you clarify CSP package part. if CSP package comes with xenserver 6.2 then do we need to install it explicitly? It would be really helpful if you can send link to install CSP in xenserver 6.2 because CS 4.3 document do not have description for xenserver 6.2 CSP installation. ---------------------------------------------------------------- Hi Tejas, The network mode set to 'bridge' mode. #xe-switch-network-backend bridge I think Xenserver 6.2 comes with the CSP package, so you need to install it explicitly. Thanks, Jayapal On 25-Nov-2014, at 4:47 PM, Tejas Sheth wrote: Hello, We are configuring advanced zone in cloudstack 4.3 in xenserver 6.2. we want to configure security group in advance zone. do we have to do any special configuration in xenserver 6.2. xenserver has default networking configuration. Thanks and regards, Tejas Find out more about ShapeBlue and our range of CloudStack related services IaaS Cloud Design & Build< http://shapeblue.com/iaas-cloud-design-and-build//> CSForge =96 rapid IaaS deployment framework< http://shapeblue.com/csforge/ CloudStack Consulting CloudStack Software Engineering< http://shapeblue.com/cloudstack-software-engineering/> CloudStack Infrastructure Support< http://shapeblue.com/cloudstack-infrastructure-support/> CloudStack Bootcamp Training Courses< http://shapeblue.com/cloudstack-training/> This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of South Africa and is traded under license from Shape Blue Ltd. ShapeBlue is a registered trademark. Find out more about ShapeBlue and our range of CloudStack related services IaaS Cloud Design & Build< http://shapeblue.com/iaas-cloud-design-and-build//> CSForge =96 rapid IaaS deployment framework< http://shapeblue.com/csforge/ CloudStack Consulting CloudStack Software Engineering< http://shapeblue.com/cloudstack-software-engineering/> CloudStack Infrastructure Support< http://shapeblue.com/cloudstack-infrastructure-support/> CloudStack Bootcamp Training Courses< http://shapeblue.com/cloudstack-training/> This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of South Africa and is traded under license from Shape Blue Ltd. ShapeBlue is a registered trademark. --_000_D75D5B504F334DB6B6DC8F2018321378citrixcom_--