cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nux! <...@li.nux.ro>
Subject Re: Restricting IP usage & Upgrading CloudStack & Live storage migration
Date Fri, 03 May 2019 10:15:10 GMT
Hi,

In Proxmox you could use the "IP Filter" option + "Firewall in" options to restrict IP address
stealing. /offtopic

If you go for a Cloudstack Advanced Zone with Security Groups, then your VMs can get 1 or
more public IP addresses and this is enforced automatically via iptables and ebtables; other
VMs won't be able to use the IPs.
Beware of limitations though, IPv6 support is not really there yet and you can only connect
a VM into one network, so if you want to have a 2nd "private" network, that's not yet possible
with Cloudstack.

If you go for a vanilla Advanced Zone then you connect your VMs into a network (own VLAN)
that is served by a virtual appliance (virtual router running debian, doing NAT etc basically).
IP stealign is also not possible.
You can connect the VM in as many networks you want, but do bare in mind you'll likely be
dealing with private IPs and NAT a lot, but you have more options here.

Last I checked it was possible to have local live migrations with KVM, I guess that would
be your target platform.

Do take your time and test, there is a learning curve to this, more than with Proxmox, but
less than with Openstack.

HTH

--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

----- Original Message -----
> From: "Paul Angus" <paul.angus@shapeblue.com>
> To: "users" <users@cloudstack.apache.org>
> Sent: Wednesday, 1 May, 2019 20:19:17
> Subject: RE: Restricting IP usage & Upgrading CloudStack & Live storage migration

> - The models are 'native' if you like, definitely not workarounds.
> 
> - CloudStack is an orchestrator, it largely relies on the abilities of the
> hypervisors that it orchestrates.  We add a little secret sauce here and there,
> but when it comes to basic hypervisor functions, we leave it up to the
> hypervisor.
> 
> 
> paul.angus@shapeblue.com
> www.shapeblue.com
> Amadeus House, Floral Street, London  WC2E 9DPUK
> @shapeblue
>  
> 
> 
> 
> -----Original Message-----
> From: Razvan Rosca <razvan.rosca@gmail.com>
> Sent: 01 May 2019 19:57
> To: users@cloudstack.apache.org
> Subject: Re: Restricting IP usage & Upgrading CloudStack & Live storage
> migration
> 
> Hey Paul,
> 
> Thank you for your fast reply!
> 
>> There are a few different models that you can use.
> Do any of these models work "by default", or they are "workarounds"
> (similar to Proxmox / LXC)? Aka is this a native/direct solution that can be
> applied in the VM creation flow?
> 
>> Yes CloudStack does support Xen Live Storage migration
> I was referring to something *similar* with Xen Live Storage migration, not Xen
> Live Storage "per se". Aka migrate a VM from a CloudStack node to another
> CloudStack node, natively, live, without using a central storage.
> 
> Thank you,
> Razvan Rosca
> 
> Skype: razvan.rosca
> Tel: +40 731 059 660
> Linkedin: https://www.linkedin.com/in/razvanrosca/
> Facebook: https://fb.com/razvanrosca.com
> 
> 
> On Wed, May 1, 2019 at 9:50 PM Paul Angus <paul.angus@shapeblue.com> wrote:
> 
>> Hi Razvan,
>>
>> - There are a few different models that you can use.  But in short - 'yes'
>> you can have a model where an IP is allocated to a VM and the VM keeps it.
>> - No, we spend a lot of time making sure that upgrades between all
>> versions work. Our versioning system requires that the API is backward
>> compatible and we can only break that with a major version upgrade
>> (say 4.x to 5.x )and that hasn't happened under Apache yet
>> - Yes CloudStack does support Xen Live Storage migration -
>> http://docs.cloudstack.apache.org/en/latest/adminguide/storage.html?hi
>> ghlight=live%20storage#storage-overview
>>
>> Cheers
>>
>> Paul.
>>
>>
>>
>> paul.angus@shapeblue.com
>> www.shapeblue.com
>> Amadeus House, Floral Street, London  WC2E 9DPUK @shapeblue
>>
>>
>>
>>
>> -----Original Message-----
>> From: Razvan Rosca <razvan.rosca@gmail.com>
>> Sent: 01 May 2019 17:28
>> To: users@cloudstack.apache.org
>> Subject: Restricting IP usage & Upgrading CloudStack & Live storage
>> migration
>>
>> Hello,
>>
>> We're thinking about switching from our current Xen+Proxmox setup into
>> something more "advanced", and we're really considering CloudStack as one
>> of our best/main candidates.
>>
>> Right off the bat here are the first questions:
>>
>>    - in our current setup users can freely use each other's IP address,
>>    because the software stack doesn't enforce any limits (or requires us to
>>    manually edit stuff each time a VM is created). Does CloudStack have the
>>    same behavior? What we need is kinda simple: allow a specific VM to use
>> a
>>    specific IP, and only that IP.
>>    - does CloudStack have the same "no-upgrade" policy as OpenStack?
>>    Ugrading OpenStack was/is nearly impossible, so I'm wondering if this is
>>    the case with CloudStack as well.
>>    - does CloudStack support "live-migration" between local storages? Xen
>>    does it, and does it really well. Again, I'm referring to local storage
>>    (local HDD/SSD/NVMe), not a central Ceph/Gluster/NFS store.
>>
>> Thank you,
>> Razvan Rosca
>>
>> Skype: razvan.rosca
>> Tel: +40 731 059 660
>> Linkedin: https://www.linkedin.com/in/razvanrosca/
>> Facebook: https://fb.com/razvanrosca.com

Mime
View raw message