I have 5 hosts in a cluster. In vCenter when I power on a VM, I get a Power on recommendations popup. But i can only choose 1 host. How do I force it to turn on on a certain host?
Sounds like an issue with how DRS is managing that VM: https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.resmgmt.doc/GUID-25B61435-40FA-46B6-998B-8AD059655C6F.html
You can use DRS affinity rules to control where a VM can run.
Related
For a group project in one of my university IT classes, each group is given 3 servers and the professor wants us to get an Apache CloudStack environment running using those three. While initially vague on instructions, he later informed us that we should install the ESXi hypervisor on all 3 of our servers and go from there.
We first installed ESXi on all 3 of our servers. Then we installed vCenter server on one of them in order to combine all the computing resources by adding each as a host in a cluster before we start setting up CloudStack. What we are about to do next is install the CloudStack Management server on a VM created in vCenter server.
I was reading the CloudStack documentation before we start the installation which is where my question stems from. The documentation mentions that a host should not have any running VMs on them before getting added to CloudStack. Here is the exact text:
Ideally clusters that will be managed by CloudStack should not contain any other VMs. Do not run the management server or vCenter on the cluster that is designated for CloudStack use. Create a separate cluster for use of CloudStack and make sure that they are no VMs in this cluster.
So my question is, does that include the management server VM? If it does, would that mean we have to make a separate cluster for just the host server that contains the management server? Cause if that's the case, we can't use any of the other resources on that server that is running the management server. Or does it mean that you can but it's just not recommended?
On top of that, the documentation also mentions the following:
Put all target ESXi hypervisors in dedicated clusters in a separate Datacenter in vCenter.
So would I have to put the ESXi host containing vCenter Server and CloudStack Management Server in both a separate datacenter and cluster?
I am trying to simulate an on-premises solution on GCP.
I am not able to bridge with the GCE NIC and get DHCP working on that.
I have isolated the issue and also successfully tests the similar thing on a sandboxed Vagrant (VirtualBox) setup.
Both approaches are scripted and available on the following repos:
https://github.com/htssouza/ovs-gcp-issue
The DHCP functionality for Compute Engine only provides and manages the IP address for the instance itself. It does not function as a general purpose DHCP server for other clients running hosted inside the instance.
I recently start using GCP but i have one thing i can't solve.
I have: 1 VM + 1 DB Instance + 1 LB. DB instance allow only conections from the VM IP. bUT THE VM IP allow traffic from all ip (if i configure the firewall to only allow CloudFlare and LB IP's the website crash and refuse conections).
Recently i was under attack, i activate the Cloudflare ddos mode, restart all and in like 6 h the attack come back with the Cloudflare activate. Wen i see mysql conections bump from 20-30 to 254 and all conections are from the IP of the VM so i think the problem are the public accesibility of the VM but i don't know how to solved it...
If i activate my firewall rules to only allow traffic from LB and Cloudflare the web refuses all conections..
Any idea what i can do?
Thanks.
Cloud Support here, unfortunately, we do not have visibility into what is installed on your instance or what software caused the issue.
Generally speaking you're responsible for investigating the source of the vulnerability and taking steps to mitigate it.
I'm writing here some hints that will help you:
Make sure you keep your firewall rules in a sensible manner, e.g. is not a good practice to have a firewall rule to allow all ingress connections on port 22 from all source IPs for obvious reasons.
Since you've already been rooted, change all your passwords: within the Cloud SQL instance, within the GCE instance, even within the GCP project.
It's also a good idea to check who has access to your service accounts, just in case people that aren't currently working for you or your company still have access to them.
If you're using certificates revoke them, generate new ones and share them in a secure way and with the minimum required number of users.
Securing GCE instances is a shared responsability, in general, OWASP hardening guides are really good.
I'm quoting some info here from another StackOverflow thread that might be useful in your case:
General security advice for Google Cloud Platform instances:
Set user permissions at project level.
Connect securely to your instance.
Ensure the project firewall is not open to everyone on the internet.
Use a strong password and store passwords securely.
Ensure that all software is up to date.
Monitor project usage closely via the monitoring API to identify abnormal project usage.
To diagnose trouble with GCE instances, serial port output from the instance can be useful.
You can check the serial port output by clicking on the instance name
and then on "Serial port 1 (console)". Note that this logs are wipped
when instances are shutdown & rebooted, and the log is not visible
when the instance is not started.
Stackdriver monitoring is also helpful to provide an audit trail to
diagnose problems.
You can use the Stackdriver Monitoring Console to set up alerting policies matching given conditions (under which a service is considered unhealthy) that can be set up to trigger email/SMS notifications.
This quickstart for Google Compute Engine instances can be completed in ~10 minutes and shows the convenience of monitoring instances.
Here are some hints you can check on keeping GCP projects secure.
I have a FreeNAS vm running in ESXi 6. I have installed VirtualBox jail on FreeNAS and assigned it a static IP.
I can ping that IP from shell in FreeNAS, but not from any of my other virtual machines.
They are all on the same subnet.
What can I try to fix this?
Firstly, FreeNAS should not be installed within a VM environment especially for production systems. This is also mentioned repeatedly on FreeNAS support and forums. I hope you are just conducting testing.
Back to your question, have you checked your firewalls / routing on your ESXi VMs, VB VMs, FreeNAS? I haven't tried this particular configuration before but typically its incorrect network settings that prevent pings. Have you tried dynamic IP?
Could you please suggest an ideal VM configuration for using micro cloud foundry. I understand that the configuration could depend on a lot of parameters but I am looking for something that allows smooth operations without making the guest or host machine too slow in terms of performance.
When you download Micro Cloud, It already comes in a configured VM. You can review the VM configurations but there is no need for you to manually create a new VM.
The "micro.vmx" is the VM.
Here is the link to the docs about Micro Cloud for more information:
http://docs.cloudfoundry.com/infrastructure/micro/installing-mcf.html