cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrei Mikhailovsky <and...@arhont.com>
Subject Re: Advanced Network Changing Public IP Range
Date Sat, 04 Apr 2015 23:08:37 GMT
Sam, 

I think no one would be able to provide you a clear and 100% accurate answer as what you are
trying to do is very complex and taking into account that some parts of the ACS are less polished
than others, what works for some people might not work for you, even if what you are trying
to do is officially supported by ACS. I've occasionally seen things attempted and successfully
implemented on one infrastructure to completely fail on another ACS setup. 

I had to complete the same task as you were asking about. We had to move the data centre and
our IP range was changing. So I had to migrate the public IP range on a bunch of networks
and VPCs. 

The way I've done this was like this: I have set up several test networks and VPCs with the
old IP range, created a bunch of rules for fw/forwarding/load balancing, etc. After that I've
tried to remove all the rules so that I could free up the old IPs and allocate the stuff from
new range. I've found that it worked for some networks and was completely failing for others.
The management server log was throwing a bunch of different exceptions, telling me that the
IPs are used, that there are still port forwarding rules, etc. None of that was true as i've
removed everything and probably somewhere along the line ACS has failed to properly clean
up. So, I've decided that this is not the right way to go and that if I will migrate around
30-40 different networks, I have estimated that at least 5-7 networks would misbehave at the
most inappropriate moment. So, I had to think of something that would work much better. 

I have spent a few hours tracing various db tables to see how they work and what tables are
used for networking and public IPs. In the end, i've identified a bunch of tables that are
used and I have manually switched the old IPs with the new once. I've tested it on a few test
networks and it worked like a charm. In the end, I don't think I even had to remove the VRs
and system vms, a simple restart worked fine. All the firewall rules, port forwarding, load
balancing and all VPC rules worked like a charm on the new IP range and I didn't have to recreate
anything. Just pointed to the new IPs from the new range and that was it. 

Obviously I have backed up my db before attempting this procedure, but in the end, I personally
think i've saved so much time by doing it the manual way. I would have probably spent at least
twice as long to debug the problem areas just to realise that there is a known issue which
needs to be addressed and the next release is an unknown time away. 

Therefore, I would suggest that you attempt what you are trying to achieve on at least 5-10
test networks with various test rules. If the migration works perfectly well on your test
setup, most likely you will have an easy migration. If not, you might end up the manual db
changing way. 

P.S. email me if you need my notes on what tables i've identified and what things need changing.
I think I still have them somewhere and I am happy to share. But if you do, please double
and triple check that it works on a test setup before attempting it on production. 

Andrei 

----- Original Message -----

> From: "Sam Ceylani" <sam@mistercertified.com>
> To: "<users@cloudstack.apache.org>" <users@cloudstack.apache.org>
> Sent: Saturday, 4 April, 2015 5:04:50 PM
> Subject: Re: Advanced Network Changing Public IP Range

> I understand, when we tried this on a test account we weren't able to
> release IP addresses without deleting user vms before, so what you
> are saying is we shouldn't need to delete any user vms in order to
> destroy router vm right? was it the case for you? because when we
> test to see if we could destroy router vm we weren't able to since
> we also needed to destroy the network and thus we needed to destroy
> all user vms, thats why some people suggested taking templates of
> user vms and destroying user vm destroying network and finally
> destroying router vm, I really need clear answer on this, step by
> step would you explain how you were able to change public IP s
> without impacting user vms? ty sam

> Thanks,

> Sam Ceylani, MBA
> Computer Engineer
> MisterCertified Inc.

> 301 W. Platt St. Suite 447, Tampa, FL
> 33606<x-apple-data-detectors://0/0>
> P 813<tel:813.264.6460>.264.6460<tel:813.264.6460> M
> 813<tel:813.416.7867>.416.7867<tel:813.416.7867>
> F 800<tel:800.553.9520>.553.9520<tel:800.553.9520> E
> sam.ceylani@mistercertified.com<mailto:sam.ceylani@mistercertified.com>

> On Apr 4, 2015, at 11:44 AM, "Praveen B"
> <pbpraveenb@gmail.com<mailto:pbpraveenb@gmail.com>> wrote:

> Hi Sam,

> Please find my inline comments below:
> ........................................................
> I can add a new ip range,disable zone,destroy system vms and I think
> this
> step is fair. But my concern was deployed vms and not being able to
> remove
> user ips.
> [PB] What do you mean by user IPs here? Are they acquired public
> IPs?, they
> can be released from UI without any problem. But still SNAT
> IPs(public IP
> of router VM) need to be deleted in-order to delete existing IP
> range.

> So just changing the status of user ip to "removed" on mysql table
> and
> adding new range for this user would be enough?
> [PB] I am sure on this. But it worked for me sometime back when I had
> similar situation. Theoretically, It should work but you may
> encounter
> mysql foreign constraint issues sometimes as SQL tweaking in one
> table may
> impact other tables with ip address data field as a foreign key.

> So if i shut down all user vms and network router, add new ip range
> for
> this user, restart router and it should assign the new IP address? or
> if
> ips are marked as removed will it give me an option to destroy
> network
> router so newly created router will have new range?
> [PB] Try to see if you can remove SNAT IP of router VM after stopping
> and
> destroying it from UI. If this works, no need to update DB entries.
> New
> range IPs will be taken by router VMs when a new VM is deployed in
> the
> account OR an existing VM is stopped and started again.

> Thanks,
> Praveen

> On Sat, Apr 4, 2015 at 8:09 PM, Sam Ceylani
> <sam@mistercertified.com<mailto:sam@mistercertified.com>> wrote:

> I can add a new ip range,disable zone,destroy system vms and I think
> this
> step is fair. But my concern was deployed vms and not being able to
> remove
> user ips. So just changing the status of user ip to "removed" on
> mysql
> table and adding new range for this user would be enough? So if i
> shut down
> all user vms and network router, add new ip range for this user,
> restart
> router and it should assign the new IP address? or if ips are marked
> as
> removed will it give me an option to destroy network router so newly
> created router will have new range?

> Thanks,

> Sam Ceylani, MBA
> Computer Engineer
> MisterCertified Inc.

> 301 W. Platt St. Suite 447, Tampa, FL
> 33606<x-apple-data-detectors://0/0>
> P 813<tel:813.264.6460>.264.6460<tel:813.264.6460> M
> 813<tel:813.416.7867>.416.7867<tel:813.416.7867>
> F 800<tel:800.553.9520>.553.9520<tel:800.553.9520> E
> sam.ceylani@mistercertified.com<mailto:sam.ceylani@mistercertified.com><mailto:sam.ceylani@mistercertified.com>

> On Apr 4, 2015, at 10:27 AM, "Praveen B"
> <pbpraveenb@gmail.com<mailto:pbpraveenb@gmail.com><mailto:
> pbpraveenb@gmail.com<mailto:pbpraveenb@gmail.com>>> wrote:

> Hi Sam,

> You need to release all the acquired public IPs in-order to delete
> the
> public IP range. Otherwise, CloudStack throws an error while
> attempting to
> delete it. Though you release all acquired public IPs manually,
> destroy
> console proxy and secondary storage VM by disabling the zone, you
> will find
> problem in removing source NAT IP of router VM. There would be no
> option
> available in UI to remove SNAT IP of router VMs.

> Hence, if you have any deployed VMs in your mentioned 4-5 isolated
> networks, you need to mark all the respective public IPs in mysql
> database
> for "user_ip_address" table as removed. Take a backup of cloud
> database
> before you attempt any changes to db.

> Thanks,
> Praveen

> On Sat, Apr 4, 2015 at 6:57 PM, Sam Ceylani
> <sam@mistercertified.com<mailto:sam@mistercertified.com>
> <mailto:sam@mistercertified.com>> wrote:

> We have almost 13 public IP's in an advanced network with 4-5
> isolated
> networks and I couldn't find anything in documentation about changing
> them.
> What is the best way to handle this situation? We are moving to a new
> data
> center and some people suggested creating templates of vms and
> recreating
> them in order to delete old ip ranges, and seems to be some mysql
> tweaking
> involved also which we can do np, any idea where we should be
> starting?
> system vms, routers? We are using CS 4.4.1 with xenserver 6.2

> Thanks,

> Sam Ceylani, MBA
> Computer Engineer
> MisterCertified Inc.

> 301 W. Platt St. Suite 447, Tampa, FL
> 33606<x-apple-data-detectors://0/0>
> P 813<tel:813.264.6460>.264.6460<tel:813.264.6460> M
> 813<tel:813.416.7867>.416.7867<tel:813.416.7867>
> F 800<tel:800.553.9520>.553.9520<tel:800.553.9520> E
> sam.ceylani@mistercertified.com<mailto:sam.ceylani@mistercertified.com><mailto:sam.ceylani@mistercertified.com
> <mailto:sam.ceylani@mistercertified.com>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message