Overview When provisioning instances in vScale using the 1.5 API (especially when using the right-api-client) and you see a gateway timeout during the launch method on the server object like the following: /Users/ <USER _ID > /.rbenv/versions/2.0.0-p451/gemsets/rsapi/gems/right_api_client-1.5.19/lib/right_api_client/client.rb:326:in `block (2 levels) in do_post': Error: HTTP Code: 504, Response body: <html><body><h1> 504 Gateway Time-out </h1> (RightApi::ApiError) The server didn't respond in time. </body></html> ...this could be an issue with the timeout set in the RCA cloud appliance. Take note that this is an isolated specific use case and if you encounter this, follow the resolution below. Resolution In order to fix this issue, you need to set the default timeout from right-api to vSphere to 20 minutes. To do this, from the (RCA) adapter side, you will need to perform the following: In the RCA-V Admin UI, navigate to vCenter link on the left navigation column. Click Upgrade button in the Cloud Appliance (vScale) card. Download the latest package (vscale_1.1_20140814_22) Activate the package that you just downloaded using Activate button. SSH into the RCA-V adapter server and perform the following: $ sudo su $ cd /etc/nginx/sites-enabled $ vi vscale Search the nginx configuration for   proxy_read_timeout   and change it to   1200   (it is currently set to 240) in /etc/nginx/sites-enabled/vscale location /gw { root /home/vscale/current/public; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_pass http://vscale-app; proxy_read_timeout 1200; } Save and then reboot the RCA-V VM. In addition, if using right_api_client, the timeout will also needs to be passed as a parameter :timeout => 1200) ... View more

Background Information In order to comply with your company's security policies regarding access to your vSphere infrastructure by third party vendors and/or services, you may need to properly disclose RightScale's level of access to those resources via the RightScale Cloud Appliance for vSphere (RCA-V). Answer By default, no employee of RightScale will have access to your RCA-V and/or vSphere environment. However, at your discretion, you may find it helpful to temporarily grant a RightScale support engineer access to your RCA-V and/or vSphere environment for troubleshooting purposes. Please refer to   RightScale Security Program and Platform Overview   for more information about RightScale's Governance, Operations, Architecture, and Development policies and procedures. ... View more

Answer TLS/SSL HTTPS, AES-192 ... View more

Applicability: Applies to situations where field upgrade is performed on vscale and vscale-admin v1.1 packages. Does not apply to fresh deployments of RCA-V 1.2 appliance. Overview While performing the upgrade of RCA-V packages you may run into upgrade errors. These errors leave the RCA-V config file (called vscale.conf) in a format that is unusable by the v1.2 code. This can happen when upgrading vscale and vscale-admin package with   1.1   release label. The upgrade process for RCA-V packages (vscale and vscale-admin) was intended to be automatic so that the config file can be converted from the old format used by v1.1 to the newer format used by v1.2. In the event you run into an error 500 during the   Activate   portion of the upgrade process or if modifying vscale.conf directly and the service will not come up, please perform the following steps: Resolution Login to RCA-V appliance (using 'admin' user) $ sudo su $ sudo su # cd /home/vscale/current # bundle exec script/update_availability_zone_ids # bundle exec script/update_tenant_defaults_with_default_resource_pool_spec # service vscale restart # service vscale-admin restart You can verify that the config got upgraded by either look at /etc/vscale.conf or using the   Admin UI -> Cloud Configuration -> Advanced   link. You should see the   id   field in the   availability_zone   section of the config in the format similar to   domain-c27::datastore-33 ... View more

Overview There is a new option in the Cloud configuration file that was added from RCA-V Release v1.2 to circumvent some of the issues related to floppy drive usage that caused server launches to fail from time to time. In order to modify the Cloud configuration file, perform the following operation: In the Admin UI, go to   Cloud Configuration -> Advanced. Click   Edit   on the Cloud Configuration card. Look for the   tenant_defaults   section in the configuration JSON. Add   "no_fd_support": true,   as the first line in the "tenant_defaults” section. Note that the comma at the end of the string is important for maintaining the JSON format. Use this option only if you are using RightImage 14.1 (for Linux), RightImages 14.2 (for Windows) or images that you created using a RightLink 6.1 package. Please refer to the section on   ServerTemplates and other assets   for information on compatibility between various assets. ... View more

Background Information You may wonder if the RCA-V (or portions thereof) are open source. Answer Yes, the websocket and wstunnel implementations are both open source. The source code for wstunnel can be seen at:https://github.com/rightscale/wstunnel ... View more

How to Upgrade to the Latest Package not use these instructions if you want to upgrade to a newer major release (e.g. go from version 2.0 to version 3.0). To upgrade to the latest major release see the upgrade instructions provided with the target release. For a fresh deployment, you can install the latest RCA-V appliance using the instructions in the   Installation Guide. It is also possible to “field-upgrade” the application packages (vscale-admin and vscale) contained in the appliance. Use the following steps to perform the upgrade: Note: Before and after each component update, it is recommended to reload the browser (clearing the browser cache is preferred) for the new changes to take effect Using the RCA-V Admin UI, navigate to   RightScale Platform -> Admin Interface   and click   Upgrade. Download the latest vscale-admin package (in the format vscale-admin_3.0_YYYYMMDD_buildrev). Activate the package that you just downloaded using the   Activate   button. Navigate to the vCenter link on the left navigation column. Click   Upgrade   in the Cloud Appliance (vScale) card. Download the latest vscale package (vscale_3.0_YYYYMMDD_buildrev). Activate the package that you just downloaded using   Activate   button ... View more

Background Information The RightScale platform communicates with the RCA-V in your vSphere environment using a secure WebSocket tunnel connection. Answer A WebSocket connection begins as an HTTP handshake and then upgrades in-place to speak the WebSocket wire protocol. As such, many existing HTTP security mechanisms also apply to a WebSocket connection.   https://tools.ietf.org/html/rfc64550 The RCA-V Websocket tunnel is configured over TLS/SSL HTTPS port 443 and enables bi-directional communications. The Websocket tunnel does not require enterprises to open additional ports in their firewalls. The WebSocket endpoint is defined by a URL, which means origin-based security can be applied. Client-to-server masking – Each WebSocket frame, with a frame containing a message, is automatically masked to prevent old or badly-implemented intermediaries ( man-in-the-middle   scenarios) from accidentally or deliberately causing issues based on bytes in the payload. Each frame contains the masking key so WebSocket-aware intermediaries can unmask the messages for protocol or packet inspection, or to enforce security policies, etc ... View more

Background Information In order for your vSphere environment (or portion thereof) to be properly managed through the RightScale platform, you will need to give RightScale the necessary credentials to securely access your cloud environment. Therefore, you may be worried about how your vSphere cloud's credentials are stored in the RightScale platform in order to prevent sensitive information from being compromised. Answer RightScale uses database column encryption to ensure the confidentiality and integrity of sensitive data, such as cloud credentials, that are stored on behalf of RightScale's customers. Sensitive columns are encrypted at the application layer with AES128-CBC, using the PKCS#5 passphrase-based KDF for key derivation. See the   Data Protection in Databasesection in the   Information Handling   document. ... View more

Question: When launching an instance from an image I created with RightLink 6.x installed for my vSphere, I am receiving the following error: CloudExceptions::CloudException - Vscale::GenericError: Failed to inject user-data because there is no Floppy drive defined in the template How do I address this error? Resolution With the older version of the cloud appliance, the vscale appliance used to mount the floppy drive as a way to share user-data with the virtual machine. If there is no floppy drive to the VM before you converted it into a template, this will surely fail. To resolve the issue, Convert the template back to VM Add the floppy drive and convert back to template. Do not rename the VM name before converting. Once the image has been rediscovered, try to launch a server again Also, if you are still using an older version of the appliance, you should plan to upgrade both vscale and vscale-admin as soon as possible. The latest version of the cloud appliance, a new feature was introduced which should make the floppy drive based config optional. ... View more

Background Information If virtual machines (VMs) in my vSphere environment are launched and managed via the RightScale Dashboard/API, you may wonder if RightScale has access to the actual data stored on those instances. Answer Data, including PHI/PII data stored on virtual machines (i.e. instances) that are managed by RightScale is not stored in the RightScale system. By default, no RightScale employee will have access to the data stored on your instances. ... View more

Background Information Some users are hesitant about installing the RightScale Cloud Appliance for vSphere (RCA-V) because they do not want to grant 'admin' access to their existing vSphere environment. Answer Although you can grant the RightScale platform administrative access to your vSphere environment, it is NOT required. However, if you want your vSphere environment to be fully supported via the RightScale Dashboard/API, you will need to grant RightScale the minimum set of permissions to access your environment by creating a role in the vSphere Client that the RightScale platform will use to access your environment. Follow the instructions below to create a role with the minimum set of access permissions. For more detailed information, see Prepare the vSphere environment for RightScale Connectivity. Create a RightScale Role The first step is to create a new Role. Open the vSphere Client application and go to   View > Administration > Roles. Click   Add Role   and name it accordingly. (e.g. RightScaleRole) Make sure the role has the following privileges (at a minimum): Datastore: All Datastore Cluster Folder: Create, Delete Global: Cancel task Host > Local operations: Create virtual machine, Delete virtual machine, Reconfigure virtual machine (vSphere 5.5 only) Profile-driven storage: Profile-driven storage view Network: Assign network Resource: Apply recommendation, Assign virtual machine to resource pool, Create resource pool, Modify resource pool, Move resource pool, Remove resource pool vApp: Import Virtual machine: All ... View more

Question: When I use the vSphere Client to rename a VM or a template, the Dashboard does not appear to update the corresponding Instance or Image name. Is this a known behavior with a fix or should I just get the name right first time and not rename things? Resolution As of this time, renaming Template (images) from the vSphere Client does not update the image in RightScale. If you want to rename an existing template, here's a way to do it: Find the Template (image) that you want to rename using the vSphere Client Right click and choose,   Convert to Virtual Machine Go to   RightScale dashboard > Clouds > Images At the bottom of the page that says   ..you can manually query if something positively looks out of date , click the query link. Wait for a while and refresh the page until the image disappear from the list Now back to vSphere Client, select the VM, right-click and select   Template > Convert to Template Once the VM has been converted into a Template again, go back to the RightScale dashboard cloud image and do the re-query again It should take a few seconds to a couple minutes to discover the new image In summary, to rename the image, convert first to VM, do a RightScale force query, make sure the image was remove from the list, convert the image to template and do a force re-query again. Doing a re-query is not required since there is a scheduled process to discover the resources in the cloud including templates (images) but it will make the discovery faster. But doing so, you may need to re-associate the image to any MCI if you manually added it. As for VMs, instance that was provisioned using RightScale dashboard (or API), we do not recommend renaming the instance name and this is not supported operation. If you want to rename the instance name, you can rename the server name instead and relaunch the server. The new instance will be provision using the new server name ... View more

Background SoftLayer returns an invalid hostname or 'Connection to the gateway failed' error because it follows a naming convention for its instances and servers. Answer The correct naming convention is as follows: The hostname and domain must be alphanumeric strings that may be separated by periods '.'. The only other allowable special character is the dash '-'. However the special characters '.' and '-' may not be consecutive. Each alphanumeric string separated by a period is considered a label. Labels must begin and end with an alphanumeric character. Each label cannot be soley comprised of digits and must be between 1-63 characters in length. The last label, the TLD (top level domain) must be between 2-6 alphabetic characters. The domain portion must consist of least one label followed by a period '.' then ending with the TLD label. Combining the hostname, followed by a period '.', followed by the domain gives the FQDN (fully qualified domain name), which may not exceed 253 characters in total length. ... View more

Background When launching a SoftLayer instance or server, you may notice a generic   gateway   related error or another flash error on the screen. This may be due to the server or instance's nickname, which must fall under requirements of a naming convention set by SoftLayer. This article explains the naming requirements for SoftLayer instances or servers. Answer The naming requirements are as follows for SoftLayer instances/servers: The nickname must be alphanumeric strings that may be separated by periods '.' The only other allowable special character is the dash '-'. However the special characters '.' and '-' may not be consecutive. Each alphanumeric string separated by a period is considered a label. Labels must begin and end with an alphanumeric character. Each label cannot be solely comprised of digits and must be between 1-63 characters in length. The last label, the TLD (top level domain) must be between 2-6 alphabetic characters (if applicable). The domain portion must consist of at least one label followed by a period '.' then ending with the TLD label (if applicable). Combining the hostname, followed by a period '.', followed by the domain gives the FQDN (fully qualified domain name), which may not exceed 253 characters in total length. In short, you may see errors trying to launch a SoftLayer instance or server if there are special characters in the server/instance's nickname (parentheses, etc.) If you still see problems beyond the scope of this article, please feel free to open a ticket from the dashboard or call/email us at   (866) 787-2253   or   support@rightscale.com ... View more