You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Razvan Rosca <ra...@gmail.com> on 2019/05/01 16:28:17 UTC
Restricting IP usage & Upgrading CloudStack & Live storage migration
Hello,
We're thinking about switching from our current Xen+Proxmox setup into
something more "advanced", and we're really considering CloudStack as one
of our best/main candidates.
Right off the bat here are the first questions:
- in our current setup users can freely use each other's IP address,
because the software stack doesn't enforce any limits (or requires us to
manually edit stuff each time a VM is created). Does CloudStack have the
same behavior? What we need is kinda simple: allow a specific VM to use a
specific IP, and only that IP.
- does CloudStack have the same "no-upgrade" policy as OpenStack?
Ugrading OpenStack was/is nearly impossible, so I'm wondering if this is
the case with CloudStack as well.
- does CloudStack support "live-migration" between local storages? Xen
does it, and does it really well. Again, I'm referring to local storage
(local HDD/SSD/NVMe), not a central Ceph/Gluster/NFS store.
Thank you,
Razvan Rosca
Skype: razvan.rosca
Tel: +40 731 059 660
Linkedin: https://www.linkedin.com/in/razvanrosca/
Facebook: https://fb.com/razvanrosca.com
Re: Restricting IP usage & Upgrading CloudStack & Live storage migration
Posted by Andrija Panic <an...@gmail.com>.
https://github.com/apache/cloudstack/commit/bf209405e7d60b6a5abf87677d368c429359d98a
,
for KVM and ROOT volumes only (didn't test it myself).
On Fri, 3 May 2019 at 17:41, Razvan Rosca <ra...@gmail.com> wrote:
> Hey,
>
> Yeah, NFS is specified so I doubdt local storage will work, unfortunately.
>
> Razvan Rosca
>
> Skype: razvan.rosca
> Tel: +40 731 059 660
> Linkedin: https://www.linkedin.com/in/razvanrosca/
> Facebook: https://fb.com/razvanrosca.com
>
>
> On Fri, May 3, 2019 at 6:26 PM Nux! <nu...@li.nux.ro> wrote:
>
> > Hi,
> >
> > All I can find right now is this, which doesn't specifically mention
> local
> > storage, so will need to be tested.
> > https://github.com/apache/cloudstack-documentation/pull/14
> >
> > By the sound of it it leverages underlying libvirt capabilities.
> >
> > HTH
> >
> > --
> > Sent from the Delta quadrant using Borg technology!
> >
> > Nux!
> > www.nux.ro
> >
> > ----- Original Message -----
> > > From: "Razvan Rosca" <ra...@gmail.com>
> > > To: "users" <us...@cloudstack.apache.org>
> > > Sent: Friday, 3 May, 2019 11:23:37
> > > Subject: Re: Restricting IP usage & Upgrading CloudStack & Live storage
> > migration
> >
> > > Hey,
> > >
> > >> you can only connect a VM into one network, so if you want to have a
> 2nd
> > > "private" network, that's not yet possible with Cloudstack
> > > This will not be an issue, the vast majority of users don't need any,
> or
> > if
> > > they need, one will suffice.
> > >
> > >> it was possible to have local live migrations with KVM
> > > I couldn't find any information about that, as most "live migrations"
> are
> > > handled by the hypervisor. Can you please point me in the right
> > direction?
> > >
> > > Thank you,
> > > Razvan Rosca
> > >
> > > Skype: razvan.rosca
> > > Tel: +40 731 059 660
> > > Linkedin: https://www.linkedin.com/in/razvanrosca/
> > > Facebook: https://fb.com/razvanrosca.com
> > >
> > >
> > > On Fri, May 3, 2019 at 1:15 PM Nux! <nu...@li.nux.ro> wrote:
> > >
> > >> Hi,
> > >>
> > >> In Proxmox you could use the "IP Filter" option + "Firewall in"
> options
> > to
> > >> restrict IP address stealing. /offtopic
> > >>
> > >> If you go for a Cloudstack Advanced Zone with Security Groups, then
> your
> > >> VMs can get 1 or more public IP addresses and this is enforced
> > >> automatically via iptables and ebtables; other VMs won't be able to
> use
> > the
> > >> IPs.
> > >> Beware of limitations though, IPv6 support is not really there yet and
> > you
> > >> can only connect a VM into one network, so if you want to have a 2nd
> > >> "private" network, that's not yet possible with Cloudstack.
> > >>
> > >> If you go for a vanilla Advanced Zone then you connect your VMs into a
> > >> network (own VLAN) that is served by a virtual appliance (virtual
> router
> > >> running debian, doing NAT etc basically). IP stealign is also not
> > possible.
> > >> You can connect the VM in as many networks you want, but do bare in
> mind
> > >> you'll likely be dealing with private IPs and NAT a lot, but you have
> > more
> > >> options here.
> > >>
> > >> Last I checked it was possible to have local live migrations with
> KVM, I
> > >> guess that would be your target platform.
> > >>
> > >> Do take your time and test, there is a learning curve to this, more
> than
> > >> with Proxmox, but less than with Openstack.
> > >>
> > >> HTH
> > >>
> > >> --
> > >> Sent from the Delta quadrant using Borg technology!
> > >>
> > >> Nux!
> > >> www.nux.ro
> > >>
> > >> ----- Original Message -----
> > >> > From: "Paul Angus" <pa...@shapeblue.com>
> > >> > To: "users" <us...@cloudstack.apache.org>
> > >> > Sent: Wednesday, 1 May, 2019 20:19:17
> > >> > Subject: RE: Restricting IP usage & Upgrading CloudStack & Live
> > storage
> > >> migration
> > >>
> > >> > - The models are 'native' if you like, definitely not workarounds.
> > >> >
> > >> > - CloudStack is an orchestrator, it largely relies on the abilities
> of
> > >> the
> > >> > hypervisors that it orchestrates. We add a little secret sauce here
> > and
> > >> there,
> > >> > but when it comes to basic hypervisor functions, we leave it up to
> the
> > >> > hypervisor.
> > >> >
> > >> >
> > >> > paul.angus@shapeblue.com
> > >> > www.shapeblue.com
> > >> > Amadeus House, Floral Street, London WC2E 9DPUK
> > >> > @shapeblue
> > >> >
> > >> >
> > >> >
> > >> >
> > >> > -----Original Message-----
> > >> > From: Razvan Rosca <ra...@gmail.com>
> > >> > Sent: 01 May 2019 19:57
> > >> > To: users@cloudstack.apache.org
> > >> > Subject: Re: Restricting IP usage & Upgrading CloudStack & Live
> > storage
> > >> > migration
> > >> >
> > >> > Hey Paul,
> > >> >
> > >> > Thank you for your fast reply!
> > >> >
> > >> >> There are a few different models that you can use.
> > >> > Do any of these models work "by default", or they are "workarounds"
> > >> > (similar to Proxmox / LXC)? Aka is this a native/direct solution
> that
> > >> can be
> > >> > applied in the VM creation flow?
> > >> >
> > >> >> Yes CloudStack does support Xen Live Storage migration
> > >> > I was referring to something *similar* with Xen Live Storage
> > migration,
> > >> not Xen
> > >> > Live Storage "per se". Aka migrate a VM from a CloudStack node to
> > another
> > >> > CloudStack node, natively, live, without using a central storage.
> > >> >
> > >> > Thank you,
> > >> > Razvan Rosca
> > >> >
> > >> > Skype: razvan.rosca
> > >> > Tel: +40 731 059 660
> > >> > Linkedin: https://www.linkedin.com/in/razvanrosca/
> > >> > Facebook: https://fb.com/razvanrosca.com
> > >> >
> > >> >
> > >> > On Wed, May 1, 2019 at 9:50 PM Paul Angus <paul.angus@shapeblue.com
> >
> > >> wrote:
> > >> >
> > >> >> Hi Razvan,
> > >> >>
> > >> >> - There are a few different models that you can use. But in short
> -
> > >> 'yes'
> > >> >> you can have a model where an IP is allocated to a VM and the VM
> > keeps
> > >> it.
> > >> >> - No, we spend a lot of time making sure that upgrades between all
> > >> >> versions work. Our versioning system requires that the API is
> > backward
> > >> >> compatible and we can only break that with a major version upgrade
> > >> >> (say 4.x to 5.x )and that hasn't happened under Apache yet
> > >> >> - Yes CloudStack does support Xen Live Storage migration -
> > >> >>
> > http://docs.cloudstack.apache.org/en/latest/adminguide/storage.html?hi
> > >> >> ghlight=live%20storage#storage-overview
> > >> >>
> > >> >> Cheers
> > >> >>
> > >> >> Paul.
> > >> >>
> > >> >>
> > >> >>
> > >> >> paul.angus@shapeblue.com
> > >> >> www.shapeblue.com
> > >> >> Amadeus House, Floral Street, London WC2E 9DPUK @shapeblue
> > >> >>
> > >> >>
> > >> >>
> > >> >>
> > >> >> -----Original Message-----
> > >> >> From: Razvan Rosca <ra...@gmail.com>
> > >> >> Sent: 01 May 2019 17:28
> > >> >> To: users@cloudstack.apache.org
> > >> >> Subject: Restricting IP usage & Upgrading CloudStack & Live storage
> > >> >> migration
> > >> >>
> > >> >> Hello,
> > >> >>
> > >> >> We're thinking about switching from our current Xen+Proxmox setup
> > into
> > >> >> something more "advanced", and we're really considering CloudStack
> as
> > >> one
> > >> >> of our best/main candidates.
> > >> >>
> > >> >> Right off the bat here are the first questions:
> > >> >>
> > >> >> - in our current setup users can freely use each other's IP
> > address,
> > >> >> because the software stack doesn't enforce any limits (or
> requires
> > >> us to
> > >> >> manually edit stuff each time a VM is created). Does CloudStack
> > have
> > >> the
> > >> >> same behavior? What we need is kinda simple: allow a specific VM
> > to
> > >> use
> > >> >> a
> > >> >> specific IP, and only that IP.
> > >> >> - does CloudStack have the same "no-upgrade" policy as
> OpenStack?
> > >> >> Ugrading OpenStack was/is nearly impossible, so I'm wondering if
> > >> this is
> > >> >> the case with CloudStack as well.
> > >> >> - does CloudStack support "live-migration" between local
> storages?
> > >> Xen
> > >> >> does it, and does it really well. Again, I'm referring to local
> > >> storage
> > >> >> (local HDD/SSD/NVMe), not a central Ceph/Gluster/NFS store.
> > >> >>
> > >> >> Thank you,
> > >> >> Razvan Rosca
> > >> >>
> > >> >> Skype: razvan.rosca
> > >> >> Tel: +40 731 059 660
> > >> >> Linkedin: https://www.linkedin.com/in/razvanrosca/
> > >> >> Facebook: https://fb.com/razvanrosca.com
> >
>
--
Andrija Panić
Re: Restricting IP usage & Upgrading CloudStack & Live storage migration
Posted by Razvan Rosca <ra...@gmail.com>.
Hey,
Yeah, NFS is specified so I doubdt local storage will work, unfortunately.
Razvan Rosca
Skype: razvan.rosca
Tel: +40 731 059 660
Linkedin: https://www.linkedin.com/in/razvanrosca/
Facebook: https://fb.com/razvanrosca.com
On Fri, May 3, 2019 at 6:26 PM Nux! <nu...@li.nux.ro> wrote:
> Hi,
>
> All I can find right now is this, which doesn't specifically mention local
> storage, so will need to be tested.
> https://github.com/apache/cloudstack-documentation/pull/14
>
> By the sound of it it leverages underlying libvirt capabilities.
>
> HTH
>
> --
> Sent from the Delta quadrant using Borg technology!
>
> Nux!
> www.nux.ro
>
> ----- Original Message -----
> > From: "Razvan Rosca" <ra...@gmail.com>
> > To: "users" <us...@cloudstack.apache.org>
> > Sent: Friday, 3 May, 2019 11:23:37
> > Subject: Re: Restricting IP usage & Upgrading CloudStack & Live storage
> migration
>
> > Hey,
> >
> >> you can only connect a VM into one network, so if you want to have a 2nd
> > "private" network, that's not yet possible with Cloudstack
> > This will not be an issue, the vast majority of users don't need any, or
> if
> > they need, one will suffice.
> >
> >> it was possible to have local live migrations with KVM
> > I couldn't find any information about that, as most "live migrations" are
> > handled by the hypervisor. Can you please point me in the right
> direction?
> >
> > Thank you,
> > Razvan Rosca
> >
> > Skype: razvan.rosca
> > Tel: +40 731 059 660
> > Linkedin: https://www.linkedin.com/in/razvanrosca/
> > Facebook: https://fb.com/razvanrosca.com
> >
> >
> > On Fri, May 3, 2019 at 1:15 PM Nux! <nu...@li.nux.ro> wrote:
> >
> >> Hi,
> >>
> >> In Proxmox you could use the "IP Filter" option + "Firewall in" options
> to
> >> restrict IP address stealing. /offtopic
> >>
> >> If you go for a Cloudstack Advanced Zone with Security Groups, then your
> >> VMs can get 1 or more public IP addresses and this is enforced
> >> automatically via iptables and ebtables; other VMs won't be able to use
> the
> >> IPs.
> >> Beware of limitations though, IPv6 support is not really there yet and
> you
> >> can only connect a VM into one network, so if you want to have a 2nd
> >> "private" network, that's not yet possible with Cloudstack.
> >>
> >> If you go for a vanilla Advanced Zone then you connect your VMs into a
> >> network (own VLAN) that is served by a virtual appliance (virtual router
> >> running debian, doing NAT etc basically). IP stealign is also not
> possible.
> >> You can connect the VM in as many networks you want, but do bare in mind
> >> you'll likely be dealing with private IPs and NAT a lot, but you have
> more
> >> options here.
> >>
> >> Last I checked it was possible to have local live migrations with KVM, I
> >> guess that would be your target platform.
> >>
> >> Do take your time and test, there is a learning curve to this, more than
> >> with Proxmox, but less than with Openstack.
> >>
> >> HTH
> >>
> >> --
> >> Sent from the Delta quadrant using Borg technology!
> >>
> >> Nux!
> >> www.nux.ro
> >>
> >> ----- Original Message -----
> >> > From: "Paul Angus" <pa...@shapeblue.com>
> >> > To: "users" <us...@cloudstack.apache.org>
> >> > Sent: Wednesday, 1 May, 2019 20:19:17
> >> > Subject: RE: Restricting IP usage & Upgrading CloudStack & Live
> storage
> >> migration
> >>
> >> > - The models are 'native' if you like, definitely not workarounds.
> >> >
> >> > - CloudStack is an orchestrator, it largely relies on the abilities of
> >> the
> >> > hypervisors that it orchestrates. We add a little secret sauce here
> and
> >> there,
> >> > but when it comes to basic hypervisor functions, we leave it up to the
> >> > hypervisor.
> >> >
> >> >
> >> > paul.angus@shapeblue.com
> >> > www.shapeblue.com
> >> > Amadeus House, Floral Street, London WC2E 9DPUK
> >> > @shapeblue
> >> >
> >> >
> >> >
> >> >
> >> > -----Original Message-----
> >> > From: Razvan Rosca <ra...@gmail.com>
> >> > Sent: 01 May 2019 19:57
> >> > To: users@cloudstack.apache.org
> >> > Subject: Re: Restricting IP usage & Upgrading CloudStack & Live
> storage
> >> > migration
> >> >
> >> > Hey Paul,
> >> >
> >> > Thank you for your fast reply!
> >> >
> >> >> There are a few different models that you can use.
> >> > Do any of these models work "by default", or they are "workarounds"
> >> > (similar to Proxmox / LXC)? Aka is this a native/direct solution that
> >> can be
> >> > applied in the VM creation flow?
> >> >
> >> >> Yes CloudStack does support Xen Live Storage migration
> >> > I was referring to something *similar* with Xen Live Storage
> migration,
> >> not Xen
> >> > Live Storage "per se". Aka migrate a VM from a CloudStack node to
> another
> >> > CloudStack node, natively, live, without using a central storage.
> >> >
> >> > Thank you,
> >> > Razvan Rosca
> >> >
> >> > Skype: razvan.rosca
> >> > Tel: +40 731 059 660
> >> > Linkedin: https://www.linkedin.com/in/razvanrosca/
> >> > Facebook: https://fb.com/razvanrosca.com
> >> >
> >> >
> >> > On Wed, May 1, 2019 at 9:50 PM Paul Angus <pa...@shapeblue.com>
> >> wrote:
> >> >
> >> >> Hi Razvan,
> >> >>
> >> >> - There are a few different models that you can use. But in short -
> >> 'yes'
> >> >> you can have a model where an IP is allocated to a VM and the VM
> keeps
> >> it.
> >> >> - No, we spend a lot of time making sure that upgrades between all
> >> >> versions work. Our versioning system requires that the API is
> backward
> >> >> compatible and we can only break that with a major version upgrade
> >> >> (say 4.x to 5.x )and that hasn't happened under Apache yet
> >> >> - Yes CloudStack does support Xen Live Storage migration -
> >> >>
> http://docs.cloudstack.apache.org/en/latest/adminguide/storage.html?hi
> >> >> ghlight=live%20storage#storage-overview
> >> >>
> >> >> Cheers
> >> >>
> >> >> Paul.
> >> >>
> >> >>
> >> >>
> >> >> paul.angus@shapeblue.com
> >> >> www.shapeblue.com
> >> >> Amadeus House, Floral Street, London WC2E 9DPUK @shapeblue
> >> >>
> >> >>
> >> >>
> >> >>
> >> >> -----Original Message-----
> >> >> From: Razvan Rosca <ra...@gmail.com>
> >> >> Sent: 01 May 2019 17:28
> >> >> To: users@cloudstack.apache.org
> >> >> Subject: Restricting IP usage & Upgrading CloudStack & Live storage
> >> >> migration
> >> >>
> >> >> Hello,
> >> >>
> >> >> We're thinking about switching from our current Xen+Proxmox setup
> into
> >> >> something more "advanced", and we're really considering CloudStack as
> >> one
> >> >> of our best/main candidates.
> >> >>
> >> >> Right off the bat here are the first questions:
> >> >>
> >> >> - in our current setup users can freely use each other's IP
> address,
> >> >> because the software stack doesn't enforce any limits (or requires
> >> us to
> >> >> manually edit stuff each time a VM is created). Does CloudStack
> have
> >> the
> >> >> same behavior? What we need is kinda simple: allow a specific VM
> to
> >> use
> >> >> a
> >> >> specific IP, and only that IP.
> >> >> - does CloudStack have the same "no-upgrade" policy as OpenStack?
> >> >> Ugrading OpenStack was/is nearly impossible, so I'm wondering if
> >> this is
> >> >> the case with CloudStack as well.
> >> >> - does CloudStack support "live-migration" between local storages?
> >> Xen
> >> >> does it, and does it really well. Again, I'm referring to local
> >> storage
> >> >> (local HDD/SSD/NVMe), not a central Ceph/Gluster/NFS store.
> >> >>
> >> >> Thank you,
> >> >> Razvan Rosca
> >> >>
> >> >> Skype: razvan.rosca
> >> >> Tel: +40 731 059 660
> >> >> Linkedin: https://www.linkedin.com/in/razvanrosca/
> >> >> Facebook: https://fb.com/razvanrosca.com
>
Re: Restricting IP usage & Upgrading CloudStack & Live storage
migration
Posted by Nux! <nu...@li.nux.ro>.
Hi,
All I can find right now is this, which doesn't specifically mention local storage, so will need to be tested.
https://github.com/apache/cloudstack-documentation/pull/14
By the sound of it it leverages underlying libvirt capabilities.
HTH
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
----- Original Message -----
> From: "Razvan Rosca" <ra...@gmail.com>
> To: "users" <us...@cloudstack.apache.org>
> Sent: Friday, 3 May, 2019 11:23:37
> Subject: Re: Restricting IP usage & Upgrading CloudStack & Live storage migration
> Hey,
>
>> you can only connect a VM into one network, so if you want to have a 2nd
> "private" network, that's not yet possible with Cloudstack
> This will not be an issue, the vast majority of users don't need any, or if
> they need, one will suffice.
>
>> it was possible to have local live migrations with KVM
> I couldn't find any information about that, as most "live migrations" are
> handled by the hypervisor. Can you please point me in the right direction?
>
> Thank you,
> Razvan Rosca
>
> Skype: razvan.rosca
> Tel: +40 731 059 660
> Linkedin: https://www.linkedin.com/in/razvanrosca/
> Facebook: https://fb.com/razvanrosca.com
>
>
> On Fri, May 3, 2019 at 1:15 PM Nux! <nu...@li.nux.ro> wrote:
>
>> Hi,
>>
>> In Proxmox you could use the "IP Filter" option + "Firewall in" options to
>> restrict IP address stealing. /offtopic
>>
>> If you go for a Cloudstack Advanced Zone with Security Groups, then your
>> VMs can get 1 or more public IP addresses and this is enforced
>> automatically via iptables and ebtables; other VMs won't be able to use the
>> IPs.
>> Beware of limitations though, IPv6 support is not really there yet and you
>> can only connect a VM into one network, so if you want to have a 2nd
>> "private" network, that's not yet possible with Cloudstack.
>>
>> If you go for a vanilla Advanced Zone then you connect your VMs into a
>> network (own VLAN) that is served by a virtual appliance (virtual router
>> running debian, doing NAT etc basically). IP stealign is also not possible.
>> You can connect the VM in as many networks you want, but do bare in mind
>> you'll likely be dealing with private IPs and NAT a lot, but you have more
>> options here.
>>
>> Last I checked it was possible to have local live migrations with KVM, I
>> guess that would be your target platform.
>>
>> Do take your time and test, there is a learning curve to this, more than
>> with Proxmox, but less than with Openstack.
>>
>> HTH
>>
>> --
>> Sent from the Delta quadrant using Borg technology!
>>
>> Nux!
>> www.nux.ro
>>
>> ----- Original Message -----
>> > From: "Paul Angus" <pa...@shapeblue.com>
>> > To: "users" <us...@cloudstack.apache.org>
>> > Sent: Wednesday, 1 May, 2019 20:19:17
>> > Subject: RE: Restricting IP usage & Upgrading CloudStack & Live storage
>> migration
>>
>> > - The models are 'native' if you like, definitely not workarounds.
>> >
>> > - CloudStack is an orchestrator, it largely relies on the abilities of
>> the
>> > hypervisors that it orchestrates. We add a little secret sauce here and
>> there,
>> > but when it comes to basic hypervisor functions, we leave it up to the
>> > hypervisor.
>> >
>> >
>> > paul.angus@shapeblue.com
>> > www.shapeblue.com
>> > Amadeus House, Floral Street, London WC2E 9DPUK
>> > @shapeblue
>> >
>> >
>> >
>> >
>> > -----Original Message-----
>> > From: Razvan Rosca <ra...@gmail.com>
>> > Sent: 01 May 2019 19:57
>> > To: users@cloudstack.apache.org
>> > Subject: Re: Restricting IP usage & Upgrading CloudStack & Live storage
>> > migration
>> >
>> > Hey Paul,
>> >
>> > Thank you for your fast reply!
>> >
>> >> There are a few different models that you can use.
>> > Do any of these models work "by default", or they are "workarounds"
>> > (similar to Proxmox / LXC)? Aka is this a native/direct solution that
>> can be
>> > applied in the VM creation flow?
>> >
>> >> Yes CloudStack does support Xen Live Storage migration
>> > I was referring to something *similar* with Xen Live Storage migration,
>> not Xen
>> > Live Storage "per se". Aka migrate a VM from a CloudStack node to another
>> > CloudStack node, natively, live, without using a central storage.
>> >
>> > Thank you,
>> > Razvan Rosca
>> >
>> > Skype: razvan.rosca
>> > Tel: +40 731 059 660
>> > Linkedin: https://www.linkedin.com/in/razvanrosca/
>> > Facebook: https://fb.com/razvanrosca.com
>> >
>> >
>> > On Wed, May 1, 2019 at 9:50 PM Paul Angus <pa...@shapeblue.com>
>> wrote:
>> >
>> >> Hi Razvan,
>> >>
>> >> - There are a few different models that you can use. But in short -
>> 'yes'
>> >> you can have a model where an IP is allocated to a VM and the VM keeps
>> it.
>> >> - No, we spend a lot of time making sure that upgrades between all
>> >> versions work. Our versioning system requires that the API is backward
>> >> compatible and we can only break that with a major version upgrade
>> >> (say 4.x to 5.x )and that hasn't happened under Apache yet
>> >> - Yes CloudStack does support Xen Live Storage migration -
>> >> http://docs.cloudstack.apache.org/en/latest/adminguide/storage.html?hi
>> >> ghlight=live%20storage#storage-overview
>> >>
>> >> Cheers
>> >>
>> >> Paul.
>> >>
>> >>
>> >>
>> >> paul.angus@shapeblue.com
>> >> www.shapeblue.com
>> >> Amadeus House, Floral Street, London WC2E 9DPUK @shapeblue
>> >>
>> >>
>> >>
>> >>
>> >> -----Original Message-----
>> >> From: Razvan Rosca <ra...@gmail.com>
>> >> Sent: 01 May 2019 17:28
>> >> To: users@cloudstack.apache.org
>> >> Subject: Restricting IP usage & Upgrading CloudStack & Live storage
>> >> migration
>> >>
>> >> Hello,
>> >>
>> >> We're thinking about switching from our current Xen+Proxmox setup into
>> >> something more "advanced", and we're really considering CloudStack as
>> one
>> >> of our best/main candidates.
>> >>
>> >> Right off the bat here are the first questions:
>> >>
>> >> - in our current setup users can freely use each other's IP address,
>> >> because the software stack doesn't enforce any limits (or requires
>> us to
>> >> manually edit stuff each time a VM is created). Does CloudStack have
>> the
>> >> same behavior? What we need is kinda simple: allow a specific VM to
>> use
>> >> a
>> >> specific IP, and only that IP.
>> >> - does CloudStack have the same "no-upgrade" policy as OpenStack?
>> >> Ugrading OpenStack was/is nearly impossible, so I'm wondering if
>> this is
>> >> the case with CloudStack as well.
>> >> - does CloudStack support "live-migration" between local storages?
>> Xen
>> >> does it, and does it really well. Again, I'm referring to local
>> storage
>> >> (local HDD/SSD/NVMe), not a central Ceph/Gluster/NFS store.
>> >>
>> >> Thank you,
>> >> Razvan Rosca
>> >>
>> >> Skype: razvan.rosca
>> >> Tel: +40 731 059 660
>> >> Linkedin: https://www.linkedin.com/in/razvanrosca/
>> >> Facebook: https://fb.com/razvanrosca.com
Re: Restricting IP usage & Upgrading CloudStack & Live storage migration
Posted by Razvan Rosca <ra...@gmail.com>.
Hey,
> you can only connect a VM into one network, so if you want to have a 2nd
"private" network, that's not yet possible with Cloudstack
This will not be an issue, the vast majority of users don't need any, or if
they need, one will suffice.
> it was possible to have local live migrations with KVM
I couldn't find any information about that, as most "live migrations" are
handled by the hypervisor. Can you please point me in the right direction?
Thank you,
Razvan Rosca
Skype: razvan.rosca
Tel: +40 731 059 660
Linkedin: https://www.linkedin.com/in/razvanrosca/
Facebook: https://fb.com/razvanrosca.com
On Fri, May 3, 2019 at 1:15 PM Nux! <nu...@li.nux.ro> wrote:
> Hi,
>
> In Proxmox you could use the "IP Filter" option + "Firewall in" options to
> restrict IP address stealing. /offtopic
>
> If you go for a Cloudstack Advanced Zone with Security Groups, then your
> VMs can get 1 or more public IP addresses and this is enforced
> automatically via iptables and ebtables; other VMs won't be able to use the
> IPs.
> Beware of limitations though, IPv6 support is not really there yet and you
> can only connect a VM into one network, so if you want to have a 2nd
> "private" network, that's not yet possible with Cloudstack.
>
> If you go for a vanilla Advanced Zone then you connect your VMs into a
> network (own VLAN) that is served by a virtual appliance (virtual router
> running debian, doing NAT etc basically). IP stealign is also not possible.
> You can connect the VM in as many networks you want, but do bare in mind
> you'll likely be dealing with private IPs and NAT a lot, but you have more
> options here.
>
> Last I checked it was possible to have local live migrations with KVM, I
> guess that would be your target platform.
>
> Do take your time and test, there is a learning curve to this, more than
> with Proxmox, but less than with Openstack.
>
> HTH
>
> --
> Sent from the Delta quadrant using Borg technology!
>
> Nux!
> www.nux.ro
>
> ----- Original Message -----
> > From: "Paul Angus" <pa...@shapeblue.com>
> > To: "users" <us...@cloudstack.apache.org>
> > Sent: Wednesday, 1 May, 2019 20:19:17
> > Subject: RE: Restricting IP usage & Upgrading CloudStack & Live storage
> migration
>
> > - The models are 'native' if you like, definitely not workarounds.
> >
> > - CloudStack is an orchestrator, it largely relies on the abilities of
> the
> > hypervisors that it orchestrates. We add a little secret sauce here and
> there,
> > but when it comes to basic hypervisor functions, we leave it up to the
> > hypervisor.
> >
> >
> > paul.angus@shapeblue.com
> > www.shapeblue.com
> > Amadeus House, Floral Street, London WC2E 9DPUK
> > @shapeblue
> >
> >
> >
> >
> > -----Original Message-----
> > From: Razvan Rosca <ra...@gmail.com>
> > Sent: 01 May 2019 19:57
> > To: users@cloudstack.apache.org
> > Subject: Re: Restricting IP usage & Upgrading CloudStack & Live storage
> > migration
> >
> > Hey Paul,
> >
> > Thank you for your fast reply!
> >
> >> There are a few different models that you can use.
> > Do any of these models work "by default", or they are "workarounds"
> > (similar to Proxmox / LXC)? Aka is this a native/direct solution that
> can be
> > applied in the VM creation flow?
> >
> >> Yes CloudStack does support Xen Live Storage migration
> > I was referring to something *similar* with Xen Live Storage migration,
> not Xen
> > Live Storage "per se". Aka migrate a VM from a CloudStack node to another
> > CloudStack node, natively, live, without using a central storage.
> >
> > Thank you,
> > Razvan Rosca
> >
> > Skype: razvan.rosca
> > Tel: +40 731 059 660
> > Linkedin: https://www.linkedin.com/in/razvanrosca/
> > Facebook: https://fb.com/razvanrosca.com
> >
> >
> > On Wed, May 1, 2019 at 9:50 PM Paul Angus <pa...@shapeblue.com>
> wrote:
> >
> >> Hi Razvan,
> >>
> >> - There are a few different models that you can use. But in short -
> 'yes'
> >> you can have a model where an IP is allocated to a VM and the VM keeps
> it.
> >> - No, we spend a lot of time making sure that upgrades between all
> >> versions work. Our versioning system requires that the API is backward
> >> compatible and we can only break that with a major version upgrade
> >> (say 4.x to 5.x )and that hasn't happened under Apache yet
> >> - Yes CloudStack does support Xen Live Storage migration -
> >> http://docs.cloudstack.apache.org/en/latest/adminguide/storage.html?hi
> >> ghlight=live%20storage#storage-overview
> >>
> >> Cheers
> >>
> >> Paul.
> >>
> >>
> >>
> >> paul.angus@shapeblue.com
> >> www.shapeblue.com
> >> Amadeus House, Floral Street, London WC2E 9DPUK @shapeblue
> >>
> >>
> >>
> >>
> >> -----Original Message-----
> >> From: Razvan Rosca <ra...@gmail.com>
> >> Sent: 01 May 2019 17:28
> >> To: users@cloudstack.apache.org
> >> Subject: Restricting IP usage & Upgrading CloudStack & Live storage
> >> migration
> >>
> >> Hello,
> >>
> >> We're thinking about switching from our current Xen+Proxmox setup into
> >> something more "advanced", and we're really considering CloudStack as
> one
> >> of our best/main candidates.
> >>
> >> Right off the bat here are the first questions:
> >>
> >> - in our current setup users can freely use each other's IP address,
> >> because the software stack doesn't enforce any limits (or requires
> us to
> >> manually edit stuff each time a VM is created). Does CloudStack have
> the
> >> same behavior? What we need is kinda simple: allow a specific VM to
> use
> >> a
> >> specific IP, and only that IP.
> >> - does CloudStack have the same "no-upgrade" policy as OpenStack?
> >> Ugrading OpenStack was/is nearly impossible, so I'm wondering if
> this is
> >> the case with CloudStack as well.
> >> - does CloudStack support "live-migration" between local storages?
> Xen
> >> does it, and does it really well. Again, I'm referring to local
> storage
> >> (local HDD/SSD/NVMe), not a central Ceph/Gluster/NFS store.
> >>
> >> Thank you,
> >> Razvan Rosca
> >>
> >> Skype: razvan.rosca
> >> Tel: +40 731 059 660
> >> Linkedin: https://www.linkedin.com/in/razvanrosca/
> >> Facebook: https://fb.com/razvanrosca.com
>
Re: Restricting IP usage & Upgrading CloudStack & Live storage
migration
Posted by Nux! <nu...@li.nux.ro>.
Hi,
In Proxmox you could use the "IP Filter" option + "Firewall in" options to restrict IP address stealing. /offtopic
If you go for a Cloudstack Advanced Zone with Security Groups, then your VMs can get 1 or more public IP addresses and this is enforced automatically via iptables and ebtables; other VMs won't be able to use the IPs.
Beware of limitations though, IPv6 support is not really there yet and you can only connect a VM into one network, so if you want to have a 2nd "private" network, that's not yet possible with Cloudstack.
If you go for a vanilla Advanced Zone then you connect your VMs into a network (own VLAN) that is served by a virtual appliance (virtual router running debian, doing NAT etc basically). IP stealign is also not possible.
You can connect the VM in as many networks you want, but do bare in mind you'll likely be dealing with private IPs and NAT a lot, but you have more options here.
Last I checked it was possible to have local live migrations with KVM, I guess that would be your target platform.
Do take your time and test, there is a learning curve to this, more than with Proxmox, but less than with Openstack.
HTH
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
----- Original Message -----
> From: "Paul Angus" <pa...@shapeblue.com>
> To: "users" <us...@cloudstack.apache.org>
> Sent: Wednesday, 1 May, 2019 20:19:17
> Subject: RE: Restricting IP usage & Upgrading CloudStack & Live storage migration
> - The models are 'native' if you like, definitely not workarounds.
>
> - CloudStack is an orchestrator, it largely relies on the abilities of the
> hypervisors that it orchestrates. We add a little secret sauce here and there,
> but when it comes to basic hypervisor functions, we leave it up to the
> hypervisor.
>
>
> paul.angus@shapeblue.com
> www.shapeblue.com
> Amadeus House, Floral Street, London WC2E 9DPUK
> @shapeblue
>
>
>
>
> -----Original Message-----
> From: Razvan Rosca <ra...@gmail.com>
> Sent: 01 May 2019 19:57
> To: users@cloudstack.apache.org
> Subject: Re: Restricting IP usage & Upgrading CloudStack & Live storage
> migration
>
> Hey Paul,
>
> Thank you for your fast reply!
>
>> There are a few different models that you can use.
> Do any of these models work "by default", or they are "workarounds"
> (similar to Proxmox / LXC)? Aka is this a native/direct solution that can be
> applied in the VM creation flow?
>
>> Yes CloudStack does support Xen Live Storage migration
> I was referring to something *similar* with Xen Live Storage migration, not Xen
> Live Storage "per se". Aka migrate a VM from a CloudStack node to another
> CloudStack node, natively, live, without using a central storage.
>
> Thank you,
> Razvan Rosca
>
> Skype: razvan.rosca
> Tel: +40 731 059 660
> Linkedin: https://www.linkedin.com/in/razvanrosca/
> Facebook: https://fb.com/razvanrosca.com
>
>
> On Wed, May 1, 2019 at 9:50 PM Paul Angus <pa...@shapeblue.com> wrote:
>
>> Hi Razvan,
>>
>> - There are a few different models that you can use. But in short - 'yes'
>> you can have a model where an IP is allocated to a VM and the VM keeps it.
>> - No, we spend a lot of time making sure that upgrades between all
>> versions work. Our versioning system requires that the API is backward
>> compatible and we can only break that with a major version upgrade
>> (say 4.x to 5.x )and that hasn't happened under Apache yet
>> - Yes CloudStack does support Xen Live Storage migration -
>> http://docs.cloudstack.apache.org/en/latest/adminguide/storage.html?hi
>> ghlight=live%20storage#storage-overview
>>
>> Cheers
>>
>> Paul.
>>
>>
>>
>> paul.angus@shapeblue.com
>> www.shapeblue.com
>> Amadeus House, Floral Street, London WC2E 9DPUK @shapeblue
>>
>>
>>
>>
>> -----Original Message-----
>> From: Razvan Rosca <ra...@gmail.com>
>> Sent: 01 May 2019 17:28
>> To: users@cloudstack.apache.org
>> Subject: Restricting IP usage & Upgrading CloudStack & Live storage
>> migration
>>
>> Hello,
>>
>> We're thinking about switching from our current Xen+Proxmox setup into
>> something more "advanced", and we're really considering CloudStack as one
>> of our best/main candidates.
>>
>> Right off the bat here are the first questions:
>>
>> - in our current setup users can freely use each other's IP address,
>> because the software stack doesn't enforce any limits (or requires us to
>> manually edit stuff each time a VM is created). Does CloudStack have the
>> same behavior? What we need is kinda simple: allow a specific VM to use
>> a
>> specific IP, and only that IP.
>> - does CloudStack have the same "no-upgrade" policy as OpenStack?
>> Ugrading OpenStack was/is nearly impossible, so I'm wondering if this is
>> the case with CloudStack as well.
>> - does CloudStack support "live-migration" between local storages? Xen
>> does it, and does it really well. Again, I'm referring to local storage
>> (local HDD/SSD/NVMe), not a central Ceph/Gluster/NFS store.
>>
>> Thank you,
>> Razvan Rosca
>>
>> Skype: razvan.rosca
>> Tel: +40 731 059 660
>> Linkedin: https://www.linkedin.com/in/razvanrosca/
>> Facebook: https://fb.com/razvanrosca.com
RE: Restricting IP usage & Upgrading CloudStack & Live
storage migration
Posted by Paul Angus <pa...@shapeblue.com>.
- The models are 'native' if you like, definitely not workarounds.
- CloudStack is an orchestrator, it largely relies on the abilities of the hypervisors that it orchestrates. We add a little secret sauce here and there, but when it comes to basic hypervisor functions, we leave it up to the hypervisor.
paul.angus@shapeblue.com
www.shapeblue.com
Amadeus House, Floral Street, London WC2E 9DPUK
@shapeblue
-----Original Message-----
From: Razvan Rosca <ra...@gmail.com>
Sent: 01 May 2019 19:57
To: users@cloudstack.apache.org
Subject: Re: Restricting IP usage & Upgrading CloudStack & Live storage migration
Hey Paul,
Thank you for your fast reply!
> There are a few different models that you can use.
Do any of these models work "by default", or they are "workarounds"
(similar to Proxmox / LXC)? Aka is this a native/direct solution that can be applied in the VM creation flow?
> Yes CloudStack does support Xen Live Storage migration
I was referring to something *similar* with Xen Live Storage migration, not Xen Live Storage "per se". Aka migrate a VM from a CloudStack node to another CloudStack node, natively, live, without using a central storage.
Thank you,
Razvan Rosca
Skype: razvan.rosca
Tel: +40 731 059 660
Linkedin: https://www.linkedin.com/in/razvanrosca/
Facebook: https://fb.com/razvanrosca.com
On Wed, May 1, 2019 at 9:50 PM Paul Angus <pa...@shapeblue.com> wrote:
> Hi Razvan,
>
> - There are a few different models that you can use. But in short - 'yes'
> you can have a model where an IP is allocated to a VM and the VM keeps it.
> - No, we spend a lot of time making sure that upgrades between all
> versions work. Our versioning system requires that the API is backward
> compatible and we can only break that with a major version upgrade
> (say 4.x to 5.x )and that hasn't happened under Apache yet
> - Yes CloudStack does support Xen Live Storage migration -
> http://docs.cloudstack.apache.org/en/latest/adminguide/storage.html?hi
> ghlight=live%20storage#storage-overview
>
> Cheers
>
> Paul.
>
>
>
> paul.angus@shapeblue.com
> www.shapeblue.com
> Amadeus House, Floral Street, London WC2E 9DPUK @shapeblue
>
>
>
>
> -----Original Message-----
> From: Razvan Rosca <ra...@gmail.com>
> Sent: 01 May 2019 17:28
> To: users@cloudstack.apache.org
> Subject: Restricting IP usage & Upgrading CloudStack & Live storage
> migration
>
> Hello,
>
> We're thinking about switching from our current Xen+Proxmox setup into
> something more "advanced", and we're really considering CloudStack as one
> of our best/main candidates.
>
> Right off the bat here are the first questions:
>
> - in our current setup users can freely use each other's IP address,
> because the software stack doesn't enforce any limits (or requires us to
> manually edit stuff each time a VM is created). Does CloudStack have the
> same behavior? What we need is kinda simple: allow a specific VM to use
> a
> specific IP, and only that IP.
> - does CloudStack have the same "no-upgrade" policy as OpenStack?
> Ugrading OpenStack was/is nearly impossible, so I'm wondering if this is
> the case with CloudStack as well.
> - does CloudStack support "live-migration" between local storages? Xen
> does it, and does it really well. Again, I'm referring to local storage
> (local HDD/SSD/NVMe), not a central Ceph/Gluster/NFS store.
>
> Thank you,
> Razvan Rosca
>
> Skype: razvan.rosca
> Tel: +40 731 059 660
> Linkedin: https://www.linkedin.com/in/razvanrosca/
> Facebook: https://fb.com/razvanrosca.com
>
Re: Restricting IP usage & Upgrading CloudStack & Live storage migration
Posted by Razvan Rosca <ra...@gmail.com>.
Hey Paul,
Thank you for your fast reply!
> There are a few different models that you can use.
Do any of these models work "by default", or they are "workarounds"
(similar to Proxmox / LXC)? Aka is this a native/direct solution that can
be applied in the VM creation flow?
> Yes CloudStack does support Xen Live Storage migration
I was referring to something *similar* with Xen Live Storage migration, not
Xen Live Storage "per se". Aka migrate a VM from a CloudStack node to
another CloudStack node, natively, live, without using a central storage.
Thank you,
Razvan Rosca
Skype: razvan.rosca
Tel: +40 731 059 660
Linkedin: https://www.linkedin.com/in/razvanrosca/
Facebook: https://fb.com/razvanrosca.com
On Wed, May 1, 2019 at 9:50 PM Paul Angus <pa...@shapeblue.com> wrote:
> Hi Razvan,
>
> - There are a few different models that you can use. But in short - 'yes'
> you can have a model where an IP is allocated to a VM and the VM keeps it.
> - No, we spend a lot of time making sure that upgrades between all
> versions work. Our versioning system requires that the API is backward
> compatible and we can only break that with a major version upgrade (say 4.x
> to 5.x )and that hasn't happened under Apache yet
> - Yes CloudStack does support Xen Live Storage migration -
> http://docs.cloudstack.apache.org/en/latest/adminguide/storage.html?highlight=live%20storage#storage-overview
>
> Cheers
>
> Paul.
>
>
>
> paul.angus@shapeblue.com
> www.shapeblue.com
> Amadeus House, Floral Street, London WC2E 9DPUK
> @shapeblue
>
>
>
>
> -----Original Message-----
> From: Razvan Rosca <ra...@gmail.com>
> Sent: 01 May 2019 17:28
> To: users@cloudstack.apache.org
> Subject: Restricting IP usage & Upgrading CloudStack & Live storage
> migration
>
> Hello,
>
> We're thinking about switching from our current Xen+Proxmox setup into
> something more "advanced", and we're really considering CloudStack as one
> of our best/main candidates.
>
> Right off the bat here are the first questions:
>
> - in our current setup users can freely use each other's IP address,
> because the software stack doesn't enforce any limits (or requires us to
> manually edit stuff each time a VM is created). Does CloudStack have the
> same behavior? What we need is kinda simple: allow a specific VM to use
> a
> specific IP, and only that IP.
> - does CloudStack have the same "no-upgrade" policy as OpenStack?
> Ugrading OpenStack was/is nearly impossible, so I'm wondering if this is
> the case with CloudStack as well.
> - does CloudStack support "live-migration" between local storages? Xen
> does it, and does it really well. Again, I'm referring to local storage
> (local HDD/SSD/NVMe), not a central Ceph/Gluster/NFS store.
>
> Thank you,
> Razvan Rosca
>
> Skype: razvan.rosca
> Tel: +40 731 059 660
> Linkedin: https://www.linkedin.com/in/razvanrosca/
> Facebook: https://fb.com/razvanrosca.com
>
RE: Restricting IP usage & Upgrading CloudStack & Live
storage migration
Posted by Paul Angus <pa...@shapeblue.com>.
Hi Razvan,
- There are a few different models that you can use. But in short - 'yes' you can have a model where an IP is allocated to a VM and the VM keeps it.
- No, we spend a lot of time making sure that upgrades between all versions work. Our versioning system requires that the API is backward compatible and we can only break that with a major version upgrade (say 4.x to 5.x )and that hasn't happened under Apache yet
- Yes CloudStack does support Xen Live Storage migration - http://docs.cloudstack.apache.org/en/latest/adminguide/storage.html?highlight=live%20storage#storage-overview
Cheers
Paul.
paul.angus@shapeblue.com
www.shapeblue.com
Amadeus House, Floral Street, London WC2E 9DPUK
@shapeblue
-----Original Message-----
From: Razvan Rosca <ra...@gmail.com>
Sent: 01 May 2019 17:28
To: users@cloudstack.apache.org
Subject: Restricting IP usage & Upgrading CloudStack & Live storage migration
Hello,
We're thinking about switching from our current Xen+Proxmox setup into something more "advanced", and we're really considering CloudStack as one of our best/main candidates.
Right off the bat here are the first questions:
- in our current setup users can freely use each other's IP address,
because the software stack doesn't enforce any limits (or requires us to
manually edit stuff each time a VM is created). Does CloudStack have the
same behavior? What we need is kinda simple: allow a specific VM to use a
specific IP, and only that IP.
- does CloudStack have the same "no-upgrade" policy as OpenStack?
Ugrading OpenStack was/is nearly impossible, so I'm wondering if this is
the case with CloudStack as well.
- does CloudStack support "live-migration" between local storages? Xen
does it, and does it really well. Again, I'm referring to local storage
(local HDD/SSD/NVMe), not a central Ceph/Gluster/NFS store.
Thank you,
Razvan Rosca
Skype: razvan.rosca
Tel: +40 731 059 660
Linkedin: https://www.linkedin.com/in/razvanrosca/
Facebook: https://fb.com/razvanrosca.com