[GitHub] mdesaive commented on issue #2541: Add "Lets Encrypt CA" Certpath to SSVM Keystore (for cdimage.debian.org)
mdesaive commented on issue #2541: Add "Lets Encrypt CA" Certpath to SSVM Keystore (for cdimage.debian.org) URL: https://github.com/apache/cloudstack/issues/2541#issuecomment-379519240 @rhtyd Thanks for the commands to update the Java keystore. Worked perfectly! And also big "thank you" for the commit! Absolutely great, how fast you are reacting to the issues we posted! Great project! Great team! This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] rafaelweingartner commented on issue #2551: agent: import letsencrypt X3 cross signed certificate to ssvm agent keystore
rafaelweingartner commented on issue #2551: agent: import letsencrypt X3 cross signed certificate to ssvm agent keystore URL: https://github.com/apache/cloudstack/pull/2551#issuecomment-379497194 I think it is ok to customize the default cacerts with users certificates. However, I am not sure if we already have an execution flow that could achieve this. The good point on using the default cacerts is that on every update of the OS (of the system VM template) we get the updates in cacerts "automatically". This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] rafaelweingartner commented on issue #2551: agent: import letsencrypt X3 cross signed certificate to ssvm agent keystore
rafaelweingartner commented on issue #2551: agent: import letsencrypt X3 cross signed certificate to ssvm agent keystore URL: https://github.com/apache/cloudstack/pull/2551#issuecomment-379497194 I think it is ok to customize the default cacerts with users certificates. However, I am not sure if we already have an execution flow that could achieve this. The upside on using the default cacerts is that on every update of the OS (of the system VM template) we get the updates in cacerts "automatically". This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] rhtyd commented on issue #2551: agent: import letsencrypt X3 cross signed certificate to ssvm agent keystore
rhtyd commented on issue #2551: agent: import letsencrypt X3 cross signed certificate to ssvm agent keystore URL: https://github.com/apache/cloudstack/pull/2551#issuecomment-379494931 Yes, you're right @rafaelweingartner it's not difficult to rename the keystore at all. In fact, I'm even considering, to get rid of this keystore file or symlink to the default system one (at /etc/ssl/certs/java/cacert, with password: `changeit`). The issue I found was that even when I updated the system `cacert` the agent failed to load that, since the old keystore file is used by default. Doing so may require some testing around using custom SSL certs for both SSVM and CPVM. Keeping a separate ca-cert file for cloudstack will cause a pain, when another provider's cert/chain are missing. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] blueorangutan commented on issue #2486: [CLOUDSTACK-10323] Allow changing disk offering during volume migration
blueorangutan commented on issue #2486: [CLOUDSTACK-10323] Allow changing disk offering during volume migration URL: https://github.com/apache/cloudstack/pull/2486#issuecomment-379493578 Packaging result: ✔centos6 ✔centos7 ✔debian. JID-1889 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] rafaelweingartner commented on issue #2551: agent: import letsencrypt X3 cross signed certificate to ssvm agent keystore
rafaelweingartner commented on issue #2551: agent: import letsencrypt X3 cross signed certificate to ssvm agent keystore URL: https://github.com/apache/cloudstack/pull/2551#issuecomment-379493270 @rhtyd thanks for updating the CA certificates into CloudStack's one. Out of curiosity, do you have an idea if it would be too complicated to change the name of this CA keystore? Something like cloudstack.keystore looks better, than realhost.keystore. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] blueorangutan commented on issue #2486: [CLOUDSTACK-10323] Allow changing disk offering during volume migration
blueorangutan commented on issue #2486: [CLOUDSTACK-10323] Allow changing disk offering during volume migration URL: https://github.com/apache/cloudstack/pull/2486#issuecomment-379491614 @rafaelweingartner a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] rafaelweingartner commented on issue #2486: [CLOUDSTACK-10323] Allow changing disk offering during volume migration
rafaelweingartner commented on issue #2486: [CLOUDSTACK-10323] Allow changing disk offering during volume migration URL: https://github.com/apache/cloudstack/pull/2486#issuecomment-379491537 @blueorangutan package This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] lzh3636 commented on a change in pull request #2553: Update inconsistent debugging info in catch block
lzh3636 commented on a change in pull request #2553: Update inconsistent debugging info in catch block URL: https://github.com/apache/cloudstack/pull/2553#discussion_r179925124 ## File path: api/src/main/java/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java ## @@ -358,7 +358,7 @@ public void create() { setEntityId(result.getId()); setEntityUuid(result.getUuid()); } catch (NetworkRuleConflictException ex) { -s_logger.info("Network rule conflict: " + ex.getMessage()); +s_logger.info("Network rule conflict: ", ex); Review comment: Done it, thanks for your suggestion This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] rafaelweingartner commented on a change in pull request #2553: Update inconsistent debugging info in catch block
rafaelweingartner commented on a change in pull request #2553: Update inconsistent debugging info in catch block URL: https://github.com/apache/cloudstack/pull/2553#discussion_r179924905 ## File path: api/src/main/java/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java ## @@ -358,7 +358,7 @@ public void create() { setEntityId(result.getId()); setEntityUuid(result.getUuid()); } catch (NetworkRuleConflictException ex) { -s_logger.info("Network rule conflict: " + ex.getMessage()); +s_logger.info("Network rule conflict: ", ex); Review comment: I would suggest removing the info one because we have a throw exception that we can send the `ex` exception. BTW: thanks for your PRs lately. We really need this tasks of cleaning up and standardization of log messages an exceptions. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] blueorangutan commented on issue #2553: Update inconsistent debugging info in catch block
blueorangutan commented on issue #2553: Update inconsistent debugging info in catch block URL: https://github.com/apache/cloudstack/pull/2553#issuecomment-379490819 Packaging result: ✔centos6 ✔centos7 ✔debian. JID-1888 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] lzh3636 commented on a change in pull request #2553: Update inconsistent debugging info in catch block
lzh3636 commented on a change in pull request #2553: Update inconsistent debugging info in catch block URL: https://github.com/apache/cloudstack/pull/2553#discussion_r179924848 ## File path: api/src/main/java/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java ## @@ -358,7 +358,7 @@ public void create() { setEntityId(result.getId()); setEntityUuid(result.getUuid()); } catch (NetworkRuleConflictException ex) { -s_logger.info("Network rule conflict: " + ex.getMessage()); +s_logger.info("Network rule conflict: ", ex); Review comment: Yeah, the same thing are logged twice, although they are different levels... I'm confused too, do you suggest to remove one from them? The trace one or the info one This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] rafaelweingartner commented on a change in pull request #2553: Update inconsistent debugging info in catch block
rafaelweingartner commented on a change in pull request #2553: Update inconsistent debugging info in catch block URL: https://github.com/apache/cloudstack/pull/2553#discussion_r179924158 ## File path: api/src/main/java/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java ## @@ -358,7 +358,7 @@ public void create() { setEntityId(result.getId()); setEntityUuid(result.getUuid()); } catch (NetworkRuleConflictException ex) { -s_logger.info("Network rule conflict: ", ex); +s_logger.info("Network rule conflict: " + ex.getMessage()); s_logger.trace("Network Rule Conflict: ", ex); throw new ServerApiException(ApiErrorCode.NETWORK_RULE_CONFLICT_ERROR, ex.getMessage()); Review comment: Here the code is throwing a new exception. What about instead of `ex.getMessage()`, you could use `ex` as a parameter; then, when the stack gets logged we would see the full stack trace, and not just from this point in the code. Ex: `throw new ServerApiException(ApiErrorCode.NETWORK_RULE_CONFLICT_ERROR, ex);` This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] rafaelweingartner commented on a change in pull request #2553: Update inconsistent debugging info in catch block
rafaelweingartner commented on a change in pull request #2553: Update inconsistent debugging info in catch block URL: https://github.com/apache/cloudstack/pull/2553#discussion_r179924158 ## File path: api/src/main/java/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java ## @@ -358,7 +358,7 @@ public void create() { setEntityId(result.getId()); setEntityUuid(result.getUuid()); } catch (NetworkRuleConflictException ex) { -s_logger.info("Network rule conflict: ", ex); +s_logger.info("Network rule conflict: " + ex.getMessage()); s_logger.trace("Network Rule Conflict: ", ex); throw new ServerApiException(ApiErrorCode.NETWORK_RULE_CONFLICT_ERROR, ex.getMessage()); Review comment: Here the code is throwing a new exception. What about instead of `ex.getMessage()`, you could use `ex` as a parameter; then, when the stack gets logged we would see the full stack trace, and not just from this point in the code. Ex: `hrow new ServerApiException(ApiErrorCode.NETWORK_RULE_CONFLICT_ERROR, ex);` This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] rafaelweingartner commented on a change in pull request #2553: Update inconsistent debugging info in catch block
rafaelweingartner commented on a change in pull request #2553: Update inconsistent debugging info in catch block URL: https://github.com/apache/cloudstack/pull/2553#discussion_r179924757 ## File path: api/src/main/java/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java ## @@ -358,7 +358,7 @@ public void create() { setEntityId(result.getId()); setEntityUuid(result.getUuid()); } catch (NetworkRuleConflictException ex) { -s_logger.info("Network rule conflict: " + ex.getMessage()); +s_logger.info("Network rule conflict: ", ex); Review comment: why are we logging the same thing twice here? This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] rafaelweingartner commented on a change in pull request #2553: Update inconsistent debugging info in catch block
rafaelweingartner commented on a change in pull request #2553: Update inconsistent debugging info in catch block URL: https://github.com/apache/cloudstack/pull/2553#discussion_r179924158 ## File path: api/src/main/java/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java ## @@ -358,7 +358,7 @@ public void create() { setEntityId(result.getId()); setEntityUuid(result.getUuid()); } catch (NetworkRuleConflictException ex) { -s_logger.info("Network rule conflict: ", ex); +s_logger.info("Network rule conflict: " + ex.getMessage()); s_logger.trace("Network Rule Conflict: ", ex); throw new ServerApiException(ApiErrorCode.NETWORK_RULE_CONFLICT_ERROR, ex.getMessage()); Review comment: Here the code is throwing a new exception. What about instead of `ex.getMessage()`, you could use `ex` as a parameter; then, when the stack gets logged we would see the full stack trace, and not just from this point in the code. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] blueorangutan commented on issue #2553: Update inconsistent debugging info in catch block
blueorangutan commented on issue #2553: Update inconsistent debugging info in catch block URL: https://github.com/apache/cloudstack/pull/2553#issuecomment-379489031 @lzh3636 a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] lzh3636 opened a new pull request #2553: Update inconsistent debugging info in catch block
lzh3636 opened a new pull request #2553: Update inconsistent debugging info in catch block URL: https://github.com/apache/cloudstack/pull/2553 ## Description The description of the problem: https://issues.apache.org/jira/browse/CLOUDSTACK-10315 I modified some stack traces information to those logging statements with the same log messages, make their stack trace consistent. ## Types of changes - [ ] Breaking change (fix or feature that would cause existing functionality to change) - [ ] New feature (non-breaking change which adds functionality) - [ ] Bug fix (non-breaking change which fixes an issue) - [x] Enhancement (improves an existing feature and functionality) - [ ] Cleanup (Code refactoring and cleanup, that may add test cases) ## Checklist: - [x] I have read the [CONTRIBUTING](https://github.com/apache/cloudstack/blob/master/CONTRIBUTING.md) document. - [x] My code follows the code style of this project. - [ ] My change requires a change to the documentation. - [ ] I have updated the documentation accordingly. Testing - [ ] I have added tests to cover my changes. - [ ] All relevant new and existing integration tests have passed. - [x] A full integration testsuite with all test that can run on my environment has passed. @blueorangutan package This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] blueorangutan commented on issue #2552: debian: remove old usage jars during upgrade
blueorangutan commented on issue #2552: debian: remove old usage jars during upgrade URL: https://github.com/apache/cloudstack/pull/2552#issuecomment-379480905 Packaging result: ✔centos6 ✔centos7 ✔debian. JID-1887 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] blueorangutan commented on issue #2551: agent: import letsencrypt X3 cross signed certificate to ssvm agent keystore
blueorangutan commented on issue #2551: agent: import letsencrypt X3 cross signed certificate to ssvm agent keystore URL: https://github.com/apache/cloudstack/pull/2551#issuecomment-379479964 Packaging result: ✔centos6 ✔centos7 ✔debian. JID-1886 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] DagSonsteboSB commented on issue #2523: XCP-ng 7.4 support
DagSonsteboSB commented on issue #2523: XCP-ng 7.4 support URL: https://github.com/apache/cloudstack/issues/2523#issuecomment-379478959 I would hope so @rhtyd - happy to discuss and further test, lab is still online for this. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] blueorangutan commented on issue #2552: debian: remove old usage jars during upgrade
blueorangutan commented on issue #2552: debian: remove old usage jars during upgrade URL: https://github.com/apache/cloudstack/pull/2552#issuecomment-379478777 @rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] rhtyd opened a new pull request #2552: debian: remove old usage jars during upgrade
rhtyd opened a new pull request #2552: debian: remove old usage jars during upgrade URL: https://github.com/apache/cloudstack/pull/2552 This removes old cloudstack-usage jars during upgrade as part of the pre-install step of cloudstack-usage deb package. This fixes #2542 ## Types of changes - [ ] Breaking change (fix or feature that would cause existing functionality to change) - [ ] New feature (non-breaking change which adds functionality) - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] Enhancement (improves an existing feature and functionality) - [ ] Cleanup (Code refactoring and cleanup, that may add test cases) ## Screenshots (if appropriate): ## How Has This Been Tested? ## Checklist: - [ ] I have read the [CONTRIBUTING](https://github.com/apache/cloudstack/blob/master/CONTRIBUTING.md) document. - [ ] My code follows the code style of this project. - [ ] My change requires a change to the documentation. - [ ] I have updated the documentation accordingly. Testing - [ ] I have added tests to cover my changes. - [ ] All relevant new and existing integration tests have passed. - [ ] A full integration testsuite with all test that can run on my environment has passed. @blueorangutan package This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] rhtyd commented on issue #2542: CloudStack-Usage Broken after Upgrade from 4.9 to 4.11
rhtyd commented on issue #2542: CloudStack-Usage Broken after Upgrade from 4.9 to 4.11 URL: https://github.com/apache/cloudstack/issues/2542#issuecomment-379478536 @s-seitz I'm not sure why upgrade did not remove old files, I'll send a fix that removes old jars as part of the upgrade. On CentOS, old jars are erased before new files are installed. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] rhtyd commented on issue #2541: Add "Lets Encrypt CA" Certpath to SSVM Keystore (for cdimage.debian.org)
rhtyd commented on issue #2541: Add "Lets Encrypt CA" Certpath to SSVM Keystore (for cdimage.debian.org) URL: https://github.com/apache/cloudstack/issues/2541#issuecomment-379477576 @rafaelweingartner another way exists which is to update the keystore file in systemvm.iso. @mdesaive can you try this on your ssvm and confirm: ``` cd /usr/local/cloud/systemvm/certs wget https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.der keytool -trustcacerts -keystore realhostip.keystore -storepass vmops.com -noprompt -importcert -alias letsencryptauthorityx3cross -file lets-encrypt-x3-cross-signed.der systemctl restart cloud ``` Now, try adding a template from a https url which uses letsencrypt certificate. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] rhtyd commented on issue #2541: Add "Lets Encrypt CA" Certpath to SSVM Keystore (for cdimage.debian.org)
rhtyd commented on issue #2541: Add "Lets Encrypt CA" Certpath to SSVM Keystore (for cdimage.debian.org) URL: https://github.com/apache/cloudstack/issues/2541#issuecomment-379477576 @rafaelweingartner another way exists which is to update the keystore file in systemvm.iso. @mdesaive can you try this on your ssvm and confirm: ``` cd /usr/local/cloud/systemvm/certs wget https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.der keytool -trustcacerts -keystore realhostip.keystore -storepass vmops.com -noprompt -importcert -alias letsencryptauthorityx3cross -file lets-encrypt-x3-cross-signed.der systemctl restart cloud ``` This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] blueorangutan commented on issue #2551: agent: import letsencrypt X3 cross signed certificate to ssvm agent keystore
blueorangutan commented on issue #2551: agent: import letsencrypt X3 cross signed certificate to ssvm agent keystore URL: https://github.com/apache/cloudstack/pull/2551#issuecomment-379477549 @rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] rhtyd opened a new pull request #2551: agent: import letsencrypt X3 cross signed certificate to ssvm agent keystore
rhtyd opened a new pull request #2551: agent: import letsencrypt X3 cross signed certificate to ssvm agent keystore URL: https://github.com/apache/cloudstack/pull/2551 This imports letsencypt X3 cross signed certificate to the default keystore file for ssvm agent. This fixes #2541. Example listing: $ keytool -list -keystore realhostip.keystore Keystore type: JKS Keystore provider: SUN Your keystore contains 5 entries root, Feb 3, 2012, trustedCertEntry, Certificate fingerprint (SHA1): 27:96:BA:E6:3F:18:01:E2:77:26:1B:A0:D7:77:70:02:8F:20:EE:E4 realhostip, Feb 3, 2012, PrivateKeyEntry, Certificate fingerprint (SHA1): DD:DB:44:55:E8:CF:33:4D:CB:54:B1:5A:95:A3:60:38:C3:1B:EF:7D letsencryptauthorityx3cross, Apr 7, 2018, trustedCertEntry, Certificate fingerprint (SHA1): E6:A3:B4:5B:06:2D:50:9B:33:82:28:2D:19:6E:FE:97:D5:95:6C:CB cross, Feb 3, 2012, trustedCertEntry, Certificate fingerprint (SHA1): DE:70:F4:E2:11:6F:7F:DC:E7:5F:9D:13:01:2B:7E:68:7A:3B:2C:62 intermed, Feb 3, 2012, trustedCertEntry, Certificate fingerprint (SHA1): 7C:46:56:C3:06:1F:7F:4C:0D:67:B3:19:A8:55:F6:0E:BC:11:FC:44 ## Types of changes - [ ] Breaking change (fix or feature that would cause existing functionality to change) - [ ] New feature (non-breaking change which adds functionality) - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] Enhancement (improves an existing feature and functionality) - [ ] Cleanup (Code refactoring and cleanup, that may add test cases) ## Screenshots (if appropriate): ## How Has This Been Tested? ## Checklist: - [ ] I have read the [CONTRIBUTING](https://github.com/apache/cloudstack/blob/master/CONTRIBUTING.md) document. - [ ] My code follows the code style of this project. - [ ] My change requires a change to the documentation. - [ ] I have updated the documentation accordingly. Testing - [ ] I have added tests to cover my changes. - [ ] All relevant new and existing integration tests have passed. - [ ] A full integration testsuite with all test that can run on my environment has passed. @blueorangutan package This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] rafaelweingartner commented on issue #2541: Add "Lets Encrypt CA" Certpath to SSVM Keystore (for cdimage.debian.org)
rafaelweingartner commented on issue #2541: Add "Lets Encrypt CA" Certpath to SSVM Keystore (for cdimage.debian.org) URL: https://github.com/apache/cloudstack/issues/2541#issuecomment-379475471 @rhtyd do you change the default cacerts in the system VMs template? I faced this problem sometime ago; it was due to the java keystore (cacerts) that did not contain the latest Let's encrypts CA certificates. I manually added them to the CA certs. In my case, `wget`/`curl` was also working fine because Debian certificates were updated. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] rafaelweingartner commented on issue #2541: Add "Lets Encrypt CA" Certpath to SSVM Keystore (for cdimage.debian.org)
rafaelweingartner commented on issue #2541: Add "Lets Encrypt CA" Certpath to SSVM Keystore (for cdimage.debian.org) URL: https://github.com/apache/cloudstack/issues/2541#issuecomment-379475471 @rhtyd do we change the default cacerts in the system VMs template? I faced this problem sometime ago; it was due to the java keystore (cacerts) that did not contain the latest Let's encrypts CA certificates. I manually added them to the CA certs. In my case, `wget`/`curl` was also working fine because Debian certificates were updated. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] rafaelweingartner commented on issue #2541: Add "Lets Encrypt CA" Certpath to SSVM Keystore (for cdimage.debian.org)
rafaelweingartner commented on issue #2541: Add "Lets Encrypt CA" Certpath to SSVM Keystore (for cdimage.debian.org) URL: https://github.com/apache/cloudstack/issues/2541#issuecomment-379475471 @rhtyd do you change the default cacerts in the system VMs template? I faced this problem sometime ago; it was due to the java keystore (cacerts) that did not contain the latest Let's encrypts CA certificates. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] blueorangutan commented on issue #2550: debian: Use only `-l` for libvirtd default file on debian
blueorangutan commented on issue #2550: debian: Use only `-l` for libvirtd default file on debian URL: https://github.com/apache/cloudstack/pull/2550#issuecomment-379475371 Packaging result: ✔centos6 ✔centos7 ✔debian. JID-1885 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] rhtyd commented on issue #2541: Add "Lets Encrypt CA" Certpath to SSVM Keystore (for cdimage.debian.org)
rhtyd commented on issue #2541: Add "Lets Encrypt CA" Certpath to SSVM Keystore (for cdimage.debian.org) URL: https://github.com/apache/cloudstack/issues/2541#issuecomment-379474873 This is more of a debian issue than CloudStack issue, example: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809259 On my testing, I found that debian ca-certificates is OK. Curling a letsencrypt https endpoint works but the java based agents fails for the same https URL with: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target We'll refresh a new systemvmtemplate as part of 4.11.1.0 release (that will be compatible with 4.11.0.0 as well) to include update ca-certificates packages. In addition, what we can do is to manually install/setup letsencrypt ca certs in the systemvmtemplate from https://letsencrypt.org/certificates/ This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] blueorangutan commented on issue #2499: Updates to capacity management
blueorangutan commented on issue #2499: Updates to capacity management URL: https://github.com/apache/cloudstack/pull/2499#issuecomment-379475224 Trillian test result (tid-2470) Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7 Total time taken: 103783 seconds Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr2499-t2470-kvm-centos7.zip Intermitten failure detected: /marvin/tests/smoke/test_certauthority_root.py Intermitten failure detected: /marvin/tests/smoke/test_primary_storage.py Intermitten failure detected: /marvin/tests/smoke/test_privategw_acl.py Intermitten failure detected: /marvin/tests/smoke/test_routers.py Intermitten failure detected: /marvin/tests/smoke/test_snapshots.py Intermitten failure detected: /marvin/tests/smoke/test_vm_life_cycle.py Intermitten failure detected: /marvin/tests/smoke/test_host_maintenance.py Intermitten failure detected: /marvin/tests/smoke/test_hostha_kvm.py Smoke tests completed. 60 look OK, 7 have error(s) Only failed tests results shown below: Test | Result | Time (s) | Test File --- | --- | --- | --- test_01_add_primary_storage_disabled_host | `Error` | 0.64 | test_primary_storage.py test_01_primary_storage_nfs | `Error` | 0.08 | test_primary_storage.py ContextSuite context=TestStorageTags>:setup | `Error` | 0.14 | test_primary_storage.py test_02_vpc_privategw_static_routes | `Failure` | 258.12 | test_privategw_acl.py test_04_rvpc_privategw_static_routes | `Failure` | 307.21 | test_privategw_acl.py test_04_restart_network_wo_cleanup | `Failure` | 4.07 | test_routers.py test_02_list_snapshots_with_removed_data_store | `Error` | 1.11 | test_snapshots.py test_08_migrate_vm | `Error` | 21.72 | test_vm_life_cycle.py test_01_cancel_host_maintenace_with_no_migration_jobs | `Failure` | 1.10 | test_host_maintenance.py test_02_cancel_host_maintenace_with_migration_jobs | `Error` | 2.26 | test_host_maintenance.py test_hostha_enable_ha_when_host_in_maintenance | `Error` | 3.50 | test_hostha_kvm.py This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] rhtyd commented on issue #2541: Add "Lets Encrypt CA" Certpath to SSVM Keystore (for cdimage.debian.org)
rhtyd commented on issue #2541: Add "Lets Encrypt CA" Certpath to SSVM Keystore (for cdimage.debian.org) URL: https://github.com/apache/cloudstack/issues/2541#issuecomment-379474873 This is more of a debian issue than CloudStack issue, example: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809259 We'll refresh a new systemvmtemplate as part of 4.11.1.0 release (that will be compatible with 4.11.0.0 as well) to include update ca-certificates packages. In addition, what we can do is to manually install/setup letsencrypt ca certs in the systemvmtemplate from https://letsencrypt.org/certificates/ This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] rhtyd commented on issue #2548: Upgrade to 4.11 and pre-existent saml2 authentication settings
rhtyd commented on issue #2548: Upgrade to 4.11 and pre-existent saml2 authentication settings URL: https://github.com/apache/cloudstack/issues/2548#issuecomment-379474248 Hi @eligorio, I've received a similar email privately. The upgrade steps can be amended to not run cloudstack-setup-databases. Instead, shutdown old mgmt server(s), take db backup for cloud, cloud_usage tables, run cloudstack-setup-databases without --deploy-as (i.e. to add a new management server, without deploying a new database), and start new mgmt server. See if can still reproduce the issue. The upgrade process should not alter the SAMLSP_KEYPAIR and SAMLSP_X509CERT keys/certs in the cloud.keystore table. On new installations, this is only created when SAML plugin is enabled. If the proposed upgrade process was indeed used, and in case this is a bug I can test this and get back to you after next week. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] rhtyd commented on issue #2523: XCP-ng 7.4 support
rhtyd commented on issue #2523: XCP-ng 7.4 support URL: https://github.com/apache/cloudstack/issues/2523#issuecomment-379473890 Thanks for testing and reporting @DagSonsteboSB, I think the fix is to simply add the product string as a support hypervisor version somewhere in CitrixResourceBase or similar class. I can discuss that next week with you/engg. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] rhtyd commented on issue #2530: KVM hosts fail to connect if there is more than one IP address on the host
rhtyd commented on issue #2530: KVM hosts fail to connect if there is more than one IP address on the host URL: https://github.com/apache/cloudstack/issues/2530#issuecomment-379473815 I'll have a look at it in few days @PaulAngus. Was the IP of the KVM host used, a management/control IP (i.e. IP belonged to the mgmt/control network cidr)? I've some fixes to the certificate generation in #2505, I'll explore if there is a way to capture multiple/all of the hosts IPs during certificate setup (i.e. the CSR generation). This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] rhtyd commented on issue #2537: Fix Jetty configuration file bugs during Upgrade from 4.x to 4.11
rhtyd commented on issue #2537: Fix Jetty configuration file bugs during Upgrade from 4.x to 4.11 URL: https://github.com/apache/cloudstack/issues/2537#issuecomment-379473606 @ernjvr please use something like 'This fixes \#id' to link an issue with a PR. Also, if you already have a fix, you don't need to create an issue for that. Simply open a PR with details like you've posted here. And while opening either a PR or an issue, please fill in the milestone and label details. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] blueorangutan commented on issue #2550: debian: Use only `-l` for libvirtd default file on debian
blueorangutan commented on issue #2550: debian: Use only `-l` for libvirtd default file on debian URL: https://github.com/apache/cloudstack/pull/2550#issuecomment-379473418 @rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] rhtyd opened a new pull request #2550: debian: Use only `-l` for libvirtd default file on debian
rhtyd opened a new pull request #2550: debian: Use only `-l` for libvirtd default file on debian URL: https://github.com/apache/cloudstack/pull/2550 ## Description This fixes #2546 ## Types of changes - [ ] Breaking change (fix or feature that would cause existing functionality to change) - [ ] New feature (non-breaking change which adds functionality) - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] Enhancement (improves an existing feature and functionality) - [ ] Cleanup (Code refactoring and cleanup, that may add test cases) ## Screenshots (if appropriate): ## How Has This Been Tested? ## Checklist: - [ ] I have read the [CONTRIBUTING](https://github.com/apache/cloudstack/blob/master/CONTRIBUTING.md) document. - [ ] My code follows the code style of this project. - [ ] My change requires a change to the documentation. - [ ] I have updated the documentation accordingly. Testing - [ ] I have added tests to cover my changes. - [ ] All relevant new and existing integration tests have passed. - [ ] A full integration testsuite with all test that can run on my environment has passed. @blueorangutan package This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] rhtyd commented on issue #2546: Libvirt-bin has trouble starting if -d is stated in /etc/default/libvirt-bin (libvirtd_opts)
rhtyd commented on issue #2546: Libvirt-bin has trouble starting if -d is stated in /etc/default/libvirt-bin (libvirtd_opts) URL: https://github.com/apache/cloudstack/issues/2546#issuecomment-379473322 Thanks @falcon78921 I've found and fixed this in one of the PRs. The issue is caused because daemon-management is done by systemd, and running libvirtd with -d -l causes two copies of libvirtd process to run. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] blueorangutan commented on issue #2549: debian: Fix errors reported by lintian
blueorangutan commented on issue #2549: debian: Fix errors reported by lintian URL: https://github.com/apache/cloudstack/pull/2549#issuecomment-379471921 Packaging result: ✔centos6 ✔centos7 ✔debian. JID-1884 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] rhtyd opened a new pull request #2549: debian: Fix errors reported by lintian
rhtyd opened a new pull request #2549: debian: Fix errors reported by lintian URL: https://github.com/apache/cloudstack/pull/2549 ## Description This fixes errors reported by `lintian` on deb packages. The end goal is to make a new 'redist' mvn goal that would create redistributable pkgs that my be accepted by mentor.debian.org. I'm still trying to understand the process: https://wiki.debian.org/DebianMentorsFaq https://nm.debian.org/person/rohit ## Types of changes - [ ] Breaking change (fix or feature that would cause existing functionality to change) - [ ] New feature (non-breaking change which adds functionality) - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] Enhancement (improves an existing feature and functionality) - [ ] Cleanup (Code refactoring and cleanup, that may add test cases) ## Screenshots (if appropriate): ## How Has This Been Tested? ## Checklist: - [ ] I have read the [CONTRIBUTING](https://github.com/apache/cloudstack/blob/master/CONTRIBUTING.md) document. - [ ] My code follows the code style of this project. - [ ] My change requires a change to the documentation. - [ ] I have updated the documentation accordingly. Testing - [ ] I have added tests to cover my changes. - [ ] All relevant new and existing integration tests have passed. - [ ] A full integration testsuite with all test that can run on my environment has passed. @blueorangutan package This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] blueorangutan commented on issue #2549: debian: Fix errors reported by lintian
blueorangutan commented on issue #2549: debian: Fix errors reported by lintian URL: https://github.com/apache/cloudstack/pull/2549#issuecomment-379469900 @rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] blueorangutan commented on issue #2538: Remove deprecated tomcat configuration file instead of moving it, sin…
blueorangutan commented on issue #2538: Remove deprecated tomcat configuration file instead of moving it, sin… URL: https://github.com/apache/cloudstack/pull/2538#issuecomment-379456854 Trillian test result (tid-2469) Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7 Total time taken: 85656 seconds Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr2538-t2469-kvm-centos7.zip Intermitten failure detected: /marvin/tests/smoke/test_routers.py Intermitten failure detected: /marvin/tests/smoke/test_hostha_kvm.py Smoke tests completed. 66 look OK, 1 have error(s) Only failed tests results shown below: Test | Result | Time (s) | Test File --- | --- | --- | --- test_04_restart_network_wo_cleanup | `Failure` | 4.06 | test_routers.py This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] mike-tutkowski commented on issue #2499: Updates to capacity management
mike-tutkowski commented on issue #2499: Updates to capacity management URL: https://github.com/apache/cloudstack/pull/2499#issuecomment-379440520 All test errors seem inapplicable to this PR. Here are some examples: test_primary_storage.py: errorText:Failed to add data store: Storage pool nfs://10.2.0.16/acs/primary/pr2499-t2464-kvm-centos7/marvin_pri1 already in use by another pod (id=1)\n'] test_snapshots.py: errorText:Failed to add data store: Storage pool nfs://10.2.0.16/acs/primary/pr2499-t2464-kvm-centos7/nfs2 already in use by another pod (id=1)\n'] test_templates.py: 'AssertionError: Extract Template Failed with invalid URL http://192.168.100.96/userdata/99b8334e-ecaa-405b-9168-e902981a3c40.qcow2 (template id: 8cc43b7f-00e7-4250-acbc-53be1de58627)\n'] test_vm_life_cycle.py: errortext : u'Cannot migrate VM, destination host is not in correct state, has status: Up, state: Disabled'}, accountid : u'c600e427-38a5-11e8-a6b6-06db8e010701'}\n"] test_volumes.py: 'AssertionError: Extract Volume Failed with invalid URL http://192.168.100.96/userdata/c146f89d-12e8-4a34-8087-79e66e110239.qcow2 (vol id: ab60d379-a5d3-471a-b17f-7df204e48e53)\n'] This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] mike-tutkowski commented on issue #2499: Updates to capacity management
mike-tutkowski commented on issue #2499: Updates to capacity management URL: https://github.com/apache/cloudstack/pull/2499#issuecomment-379437282 I've added an integration test. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services