cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Morrow, Gary G II CIV DISA JT (USA)" <gary.g.morrow....@mail.mil.INVALID>
Subject RE: [Non-DoD Source] Re: Cloudstack troubleshooting help and general guidance
Date Wed, 30 Jan 2019 14:45:54 GMT
Hi Dan,

Appreciate the quick response and yes we have looked into the ShapeBlue training (seems like
the only one out there) and unfortunately right now our command won't go for it because the
payment has to be in UK Pounds vs Dollars.  Honestly I think that was just an excuse and not
a good answer so we'll keep pushing for it since it seems like something my team needs to
get more in the weeds with this.

In response to your other question, we are currently planning on running on Centos 7 KVM hypervisor.
 We've gotten the platform up and running with very little issues and are now at the phase
where we need to secure it so that was why I wanted to reach out.

Thank you for the different answers and I will most definitely share the journey and try to
keep it documented for future reference.  

Respectfully,
Gary Morrow

-----Original Message-----
From: Dag Sonstebo <Dag.Sonstebo@shapeblue.com> 
Sent: Wednesday, January 30, 2019 5:19 AM
To: users@cloudstack.apache.org
Subject: [Non-DoD Source] Re: Cloudstack troubleshooting help and general guidance

All active links contained in this email were disabled.  Please verify the identity of the
sender, and confirm the authenticity of all links contained within the message prior to copying
and pasting the address to a Web browser.  




----

Hi Gary,

Welcome to the list - and good luck with your project!

With regards to getting help you've come to the right place. I would suggest maybe splitting
up your queries into more specific ones in separate mail threads, but I'll try to give you
a few lines of advise to get you started.

File permissions		What needs to be set to the cloud user for it all to work
> Nothing in particular as long as you follow general installation advise. I do however
appreciate in your DOD environment you may need additional steps to fully lock down your infrastructure.

Web GUI	How to check if it's running, what to check when it's not working at all.
> Check your management service is running (systemctl status cloudstack-management) and
check with netstat that port 8080 is listening. Check your firewall rules allow traffic to
port 8080. After all this - just try an access the GUI.

Management log grep commands that actually help
> Nothing out of the ordinary, use standard grep / other parsing commands. 
> However learn to look for job numbers and follow these through the logs - e.g. "job-66"
which will be tied to a specific API call or command.

Kinds of logging most people have on/off, do we need debug/info etc 
> You can change logging levels in your /etc/cloudstack/management/log4j* files - but unless
you get really stuck you shouldn't have to increase verbosity. 

Size of the "secondary storage" for a production environment with say max 100 VMs/Instances
> "It depends..."
> You don't plan on number of instances - you plan for number + size of templates and ISOs,
and  number of volume snapshots. If you also patch your templates monthly take into account
every patched template is a new template in the eyes of CloudStack.

Securing the infrastructure - Linux, sql, etc with STIGs	Anyone done this?
> "It depends..."
> CloudStack is secure out of the box, but yes you can take this further applying standard
(and DOD) security practices. The CloudStack community will appreciate it if you share your
findings when going  further into advanced lockdown procedures.

Maintenance mode - Should we put a host in maintenance mode anytime we want to do work on
it or reboot it? I've seen issues where the host never comes back into the fold if we just
reboot it.
> In general yes.
> If it doesn't come back - check your hypervisors. You've not told us which one you use
- but with e.g. KVM you need to check the agent is running - and the agent log will give you
a hint at any problems.


Training - some shameless self promotion - but we (ShapeBlue) do run both EU and US bootcamps
- check Caution-https://www.shapeblue.com/cloudstack-training/ 

Regards,
Dag Sonstebo
Cloud Architect
ShapeBlue
 

On 29/01/2019, 19:26, "Morrow, Gary G II CIV DISA JT (USA)" <gary.g.morrow.civ@mail.mil.INVALID>
wrote:

    So I'm new to the user group, never chatted but been listening for a month or so. 
    
    My work is trying to build a Cloudstack setup, on a DOD network (fully secured), and I'm
trying to do it with very little Linux experience.  We have a couple people I can go to with
experience that can help when I run into trouble and I'm been beefing up my skills for sure,
but I was hoping that someone could give me some help on what they do to troubleshoot when
things go wrong and some of the top issues with that do/can go wrong.  Also looking for good
resources going forward besides a lot of the ShapeBlue or Cloudstack documentation (I've been
to those sites and both are very good for basic setups)
    
    I've looked at the Cloudstack troubleshooting guide and besides doing the grep command
on the management log it's not much help.  Some of the issues I'd like to discuss or have
help with are the:
    
    File permissions		What needs to be set to the cloud user for it all to work
    Web GUI	How to check if it's running, what to check when it's not working at all.
    Management log grep commands that actually help
    Kinds of logging most people have on/off, do we need debug/info etc 
    Size of the "secondary storage" for a production environment with say max 100 VMs/Instances
    Securing the infrastructure - Linux, sql, etc with STIGs	Anyone done this?
    Maintenance mode - Should we put a host in maintenance mode anytime we want to do work
on it or reboot it? I've seen issues where the host never comes back into the fold if we just
reboot it.
    
    
    Any other kind of common issue that may occur setting this up and how to fix it.  Right
now when our test environment when something messes up the environment the normal procedure
if start/stop management server or rebooting doesn't fix the issue is to wipe and reload.
 
    
    Also, I know ShapeBlue offers formal training, but is based in the UK, anywhere else offering
formal type training based I the US or is that the only option for some actual training over
youtube videos of people reading the initial setup.  I've currently been able to get the management
server up and running, with the basic networking, and have 4 different hosts added using NFS
storage on each for the primary and the secondary storage being the management server's internal
storage.   Our final environment is going to be something similar with 6-8 Dell servers (good
ones) so I'm not sure if this is the best setup or not using them all like a HCI like environment
where everything is all in one.  
    
    Appreciate any help and support.
    
    Gary Morrow
    


Dag.Sonstebo@shapeblue.com 
Caution-www.shapeblue.com
Amadeus House, Floral Street, London  WC2E 9DPUK
@shapeblue
  
 

Mime
View raw message