Skip to content

Entries tagged "cloudstack".

Cloudstack becomes an Apache top-level project

And so Cloudstack has graduated from the Apache Incubator!

Fireworks, trumpets!

Official announcement here.

Apache Cloudstack homepage.

Cloudstack 4.1.0

A couple of days ago the Apache foundation has released Cloudstack version 4.1.0 which brings a lot of new interesting stuff:
An API discovery service that allows an end point to list its supported APIs and their details.
Added an Events Framework to CloudStack to provide an “event bus” with publish, subscribe, and unsubscribe semantics. Includes a RabbitMQ plugin that can interact with AMQP servers. Introduces the notion of a state change event.
Implement L3 router functionality in the Nicira NVP plugin, and including support for KVM (previously Xen-only).
API request throttling to prevent attacks via frequent API requests.
AWS-style regions.
Egress firewall rules for guest networks.
Resizing root and data volumes.
Reset SSH key to access VMs.
Support for EC2 Query API.
Autoscaling support in conjunction with load balancing devices such as NetScaler.

Looking forward to testing it.
Download from here:
The original announcement here:

PS: one can use this for a simple deployment:

Cloudstack Centos 6 template

Everytime I installed Cloudstack I had to limit my tests to the bundled Centos 5.5 template, which is not the best one around.
For this reason I created a nice and clean minimal CentOS6 64bit template that has the password and ssh key init scripts installed and functional.
You can download it from here:

Make sure to consult the README file.

Cloudstack 4.2.0 is out!

The Apache foundation announces version 4.2 of Cloudstack cloud platform!
There are loads of new interesting features, check them out:

Taking KVM volume snapshots with Cloudstack 4.2 on CentOS 6.5

Apache Cloudstack cannot currently take KVM VM snapshots, but it can handle ROOT and DATA volume snapshots using qemu-img. This functionality can be enabled in Global Settings -> "kvm.snapshot.enabled".
This feature worked fine in previous versions of CentOS (6.0-6.4), however starting with 6.5 qemu-img no longer recognises the "-s" parameter that Cloudstack uses to take the volume snapshots.

This problem can be worked around in many ways, for example by downgrading qemu-img to the 6.4 version, but this idea may not appeal to those who like to stay up to date.

Another more elegant workaround that I've discovered since getting my hands dirty with ACS is that the script[1] which is responsible for taking the snapshot first looks for a "cloud-qemu-img" in the $PATH, if it can't find any it will fallback on whatever `which qemu-img` returns. So, the solution is as simple as getting the old qemu-img installed as cloud-qemu-img; this can be done like this:

mkdir cloud-qemu-img
cd cloud-qemu-img
rpm2cpio qemu-img- |cpio -idmv
cp ./usr/bin/qemu-img /usr/bin/cloud-qemu-img
Voilà! This is probably the best solution because it doesn't modify the Cloudstack script nor does it interfere with the stock qemu packages.

[1] - /usr/share/cloudstack-common/scripts/storage/qcow2/

Run your own realhostip is a DNS (and SSL) service run by Citrix to provide certain SSL functionality. To quote from the Cloudstack wiki:

Periodically we get questions asking about what realhostip DNS name is exactly doing in CloudStack. domain exists to make HTTPS work across all CloudStack installations in different customer sites, without administrators to worry about how to load a SSL certificate due to deployment environment changes. SSL certificates are used in CloudStack system VMs to host HTTPS connections, for example, console proxy VM and Secondary storage VM, both uses it in its HTTP server. SSL certificate is signed with wild-match addresses, all DNS names under * are qualified to use the certificate. Because of the fact that every CloudStack customer has its own environment, every each one has their own sets of system VMs in their installations and each system VM instance has their own sets of IP addresses. To use ONE certificate to apply for all these instances among different customers, we came out with a solution by providing dynamic DNS service hosted by CloudStack, the DDNS service basically translates following form of DNS names to IP addresses to IP address CloudStack has control of IP address in each installation, so whenever we need a SSL certificate, does not matter which customer is running the installation, with such DDNS service is available, we can always assign it a suffix under domain on top of ever-changing IP addresses, this is the trick we play to make ONE SSL certificate applicable universally among all CloudStack installations. In most of these cases, the ugly formed DNS name is not visible to end users, since its main purpose is to help establish secure communication channel (not truly to certify a site), however, there are cases that customer may do care, therefore, Console proxy VM does provide customizable way for users to use their own SSL certificates
Realhostip will disappear from future versions of Cloudstack as it adds extra complexity and makes the setup dependent on a 3rd party service, not to mention it requires one to have a working connection to the Internet which is not always the case with private cloud deployments.

With the introduction out of the way, let's proceed to the actual steps required to run such a service yourself. You will need 3 things mainly:
- the software who runs the wildcard DNS service
- a domain name
- a wildcard certificate for this domain name (can be self-signed if you don't mind the browser complaints)

Tip: You can also have a look at this if you don't want to run this DNS software:
In my setup I have dedicated a virtual machine with CentOS 6.5 64bit and a public IP address to run both the cloudstack management server and the "realhostip" DNS service. Read below how to install it (copy/paste style):
# get all the prerequisites
yum -y install git java-1.7.0-openjdk-devel
cd /usr/local
git clone
# RHIP was built with java 1.5 originally, we need to modify the build script to use 1.7
sed -i s/1.5/1.7/g
# build it
# build the zone file for your domain
cp named.mydomain.tld
sed -i s/ named.mydomain.tld
# open named.mydomain.tld in your favourite editor and update it with your own details, the ns A entries should point to the local machine
vi named.mydomain.tld
# make sure there is no DNS server running on this machine already
# launch the program, it requires the following 4 parameters: domain name, zone file, port and log configuration file
# add the line below to /etc/rc.local if you want it to start at boot
cd /usr/local/RHIP/; setsid ./ mydomain.tld named.mydomain.tld 53
If at the registrar of your domain name you have pointed the nameserver to the box running RHIP then you should be able to already get some DNS records:
host 1-2-3-8.mydomain.tld
1-2-3-8.mydomain.tld has address

The software is installed, configured and running, now we need to configure the Cloudstack part of things.
Login as admin in the UI, go to Infrastructure, click on SSL Certificate (upper right), in the Certificate box paste the contents of your certificate (PEM/Apache2 format is ok), in the PKCS#8 Private Key field paste the contents of your key and in the DNS Domain Suffix field put your own domain, e.g. mydomain.tld.
After you click OK Cloudstack will restart the system VMs so they load the new certificate and next time you open a console you will be using your own service instead of

We are almost done. In many cases the certificate comes with an intermediare CA certificate. In my case I ended up with a PossitiveSSL wildcard cert from Comodo (the cheapest I could find), so when they sent me the certificate they also sent an intermediate one... The problem is the intermediate CA cert cannot be added from the web interface. What I did is to install phpMyAdmin on the virtual machine and add it manually from there. Here's how:
- install and login in phpMyAdmin
- select the "cloud" database and click on the "keystore" table
- you should see a row with your certificate from the previous step and one for, delete the one
- insert a new row, id can be anything, 2, 3, etc; name can be anything; in the "certificate" text box add your CA intermediate, key can be "null" so tick the null check box, domain_suffix is mydomain.tld
- the "seq" field is important, the intermediate seq number needs to be smaller, ie use 1 for it and 2 for the existing row, like here

Good luck! - the first Cloudstack "market place"

This week I have launched OpenVM.EU.
OpenVM is a repository of templates and appliances for various Linux distributions, made specifically for Apache Cloudstack.
So far it is very much work in progress, but images will start pouring in shortly.

Thanks go to Ian for being willing to help with creating the Debian/Ubuntu images!