Re: ACS based clouds in Russia

2018-04-12 Thread Ivan Kudryavtsev 
Hi, Will. We have one.

пт, 13 апр. 2018 г., 2:13 Will Stevens :

> Hello All,
> We need to build an application deployment in Russia and I am looking for
> an ACS based cloud to build it on.  Does anyone know of any ACS based IaaS
> clouds in Russia?
>
> Thanks,
>
> *Will Stevens*
> Chief Technology Officer
> c 514.826.0190
>
> 
>

Re: Remove 'md5Hashed' variable from Javascript

2018-04-12 Thread Gabriel Beims Bräscher 
+1

2018-04-12 20:35 GMT-03:00 Rohit Yadav :

> +1
>
>
>
> - Rohit
>
> 
>
>
>
> 
> From: Rafael Weingärtner 
> Sent: Friday, April 13, 2018 4:04:24 AM
> To: users; dev
> Subject: Re: Remove 'md5Hashed' variable from Javascript
>
> Hello folks,
> I have not heard anything back here. I will still wait a few more days. If
> I do not see anybody against it, I will assume lazy consensus and proceed
> removing these variables.
>
> On Mon, Apr 9, 2018 at 2:31 PM, Rafael Weingärtner <
> rafaelweingart...@gmail.com> wrote:
>
> > Hello fellow CloudStackers,
> >
> > Today I was working on CLOUDSTACK-5235, which is a security issue, and I
> > noticed a variable ‘md5Hashed’ in the javascript that does not seem to be
> > useful at all. This variable was used to control if we hash or not the
> > password of users in the user side (browser). However, we no longer hash
> > the password on the user side. All of the password processing is executed
> > in the server side according to the priority of hashing mechanism defined
> > by the administrator.
> >
> > I am addressing this cleanup with this PR https://github.com/apache/
> > cloudstack/pull/2555.
> >
> > If you have any objections regarding this variable and its relate code
> > removal, please do so. Otherwise, we will proceed to remove it.
> >
> > --
> > Rafael Weingärtner
> >
>
>
>
> --
> Rafael Weingärtner
>
> rohit.ya...@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> @shapeblue
>
>
>
>

Re: Remove 'md5Hashed' variable from Javascript

2018-04-12 Thread Rohit Yadav 
+1



- Rohit






From: Rafael Weingärtner 
Sent: Friday, April 13, 2018 4:04:24 AM
To: users; dev
Subject: Re: Remove 'md5Hashed' variable from Javascript

Hello folks,
I have not heard anything back here. I will still wait a few more days. If
I do not see anybody against it, I will assume lazy consensus and proceed
removing these variables.

On Mon, Apr 9, 2018 at 2:31 PM, Rafael Weingärtner <
rafaelweingart...@gmail.com> wrote:

> Hello fellow CloudStackers,
>
> Today I was working on CLOUDSTACK-5235, which is a security issue, and I
> noticed a variable ‘md5Hashed’ in the javascript that does not seem to be
> useful at all. This variable was used to control if we hash or not the
> password of users in the user side (browser). However, we no longer hash
> the password on the user side. All of the password processing is executed
> in the server side according to the priority of hashing mechanism defined
> by the administrator.
>
> I am addressing this cleanup with this PR https://github.com/apache/
> cloudstack/pull/2555.
>
> If you have any objections regarding this variable and its relate code
> removal, please do so. Otherwise, we will proceed to remove it.
>
> --
> Rafael Weingärtner
>



--
Rafael Weingärtner

rohit.ya...@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue

Re: Remove 'md5Hashed' variable from Javascript

2018-04-12 Thread Rafael Weingärtner 
Hello folks,
I have not heard anything back here. I will still wait a few more days. If
I do not see anybody against it, I will assume lazy consensus and proceed
removing these variables.

On Mon, Apr 9, 2018 at 2:31 PM, Rafael Weingärtner <
rafaelweingart...@gmail.com> wrote:

> Hello fellow CloudStackers,
>
> Today I was working on CLOUDSTACK-5235, which is a security issue, and I
> noticed a variable ‘md5Hashed’ in the javascript that does not seem to be
> useful at all. This variable was used to control if we hash or not the
> password of users in the user side (browser). However, we no longer hash
> the password on the user side. All of the password processing is executed
> in the server side according to the priority of hashing mechanism defined
> by the administrator.
>
> I am addressing this cleanup with this PR https://github.com/apache/
> cloudstack/pull/2555.
>
> If you have any objections regarding this variable and its relate code
> removal, please do so. Otherwise, we will proceed to remove it.
>
> --
> Rafael Weingärtner
>



-- 
Rafael Weingärtner

ACS based clouds in Russia

2018-04-12 Thread Will Stevens 
Hello All,
We need to build an application deployment in Russia and I am looking for
an ACS based cloud to build it on.  Does anyone know of any ACS based IaaS
clouds in Russia?

Thanks,

*Will Stevens*
Chief Technology Officer
c 514.826.0190

Re: SSL offloading for Virtual Routers / Loadbalancer

2018-04-12 Thread Stephan Seitz 
Hi Wei!

It would be very kind if you could provide some commits.

If it's ok for you, I'ld start a clone on github and try to port
your changes into 4.11 branch (if i find time also into master)

Thanks in advance!

cheers,

- Stephan




Am Donnerstag, den 12.04.2018, 11:36 +0200 schrieb Wei ZHOU:
> Hi Stephan,
> 
> It is done in our own fork based on cloudstack 4.7.1 . We are planning to
> port all our changes to 4.11 with pull requests.
> 
> If you need in urgently, I can share some commits with you (it might not
> work on 4.11).
> 
> -Wei
> 
> 2018-04-12 11:23 GMT+02:00 Stephan Seitz :
> 
> > 
> > Thank's for your feedback Wei!
> > 
> > I'll dscuss the configuration via tags/values with some collegues, but I
> > think that's a very practical way of configuring some LB specialities.
> > 
> > AFAIK there'll be some changes necessary to the codebase. Have you've done
> > that changes internally or do I live in an ideal world and it's available
> > maybe as pullrequest on github?
> > In short, may we use that work? :)
> > 
> > cheers,
> > 
> > - Stephan
> > 
> > Am Donnerstag, den 12.04.2018, 10:59 +0200 schrieb Wei ZHOU:
> > > 
> > > Hi Stephan,
> > > 
> > > We (Leaseweb in Netherlands) had some work on it. It is implemented by
> > > network tags and lb tags.
> > > Here is our KB:
> > > https://kb.leaseweb.com/display/KB/Network%3A+
> > CloudStack#Network:CloudStack-ConfiguringloadbalancerforanIP
> > AddressofanIsolatedNetwork
> > > 
> > > 
> > > -Wei
> > > 
> > > 2018-04-12 10:23 GMT+02:00 Stephan Seitz :
> > > 
> > > > 
> > > > 
> > > > Hi!
> > > > 
> > > > We've got some projects where it would be very reasonable to have SSL
> > > > offloading for https available at the loadbalancing component in the
> > VR.
> > > 
> > > > 
> > > > 
> > > > Since loadbalancing is done via haproxy, that wouldn't be impossible to
> > > > configure (at least for the haproxy.conf).
> > > > 
> > > > I wonder if there's some documentation for the management <-> VR
> > > > communication. IMHO we need to add
> > > > - upload/update of ssl certs from the management node to the
> > respective VR
> > > 
> > > > 
> > > > - configuring/updating SSL as additional LB method (besides the
> > > > tcp-oproxy, tcp and udp methods)
> > > > - some VR's feedback or canary code to inform the management node about
> > > > the LB capabilities(?)
> > > > 
> > > > It would be really nice if someone could share some information. How
> > would
> > > 
> > > > 
> > > > you start that?
> > > > 
> > > > 
> > > > Thanks!
> > > > 
> > > > - Stephan
> > > > 
> > Mit freundlichen Grüßen,
> > 
> > Stephan Seitz
> > 
> > --
> > 
> > Heinlein Support GmbH
> > Schwedter Str. 8/9b, 10119 Berlin
> > 
> > http://www.heinlein-support.de
> > 
> > Tel: 030 / 405051-44
> > Fax: 030 / 405051-19
> > 
> > Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht
> > Berlin-Charlottenburg,
> > Geschäftsführer: Peer Heinlein -- Sitz: Berlin
> > 
> > 
> > 
Mit freundlichen Grüßen,

Stephan Seitz

--

Heinlein Support GmbH
Schwedter Str. 8/9b, 10119 Berlin

http://www.heinlein-support.de

Tel: 030 / 405051-44
Fax: 030 / 405051-19

Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht
Berlin-Charlottenburg,
Geschäftsführer: Peer Heinlein -- Sitz: Berlin




signature.asc
Description: This is a digitally signed message part

Re: SSL offloading for Virtual Routers / Loadbalancer

2018-04-12 Thread Wei ZHOU 
Hi Stephan,

It is done in our own fork based on cloudstack 4.7.1 . We are planning to
port all our changes to 4.11 with pull requests.

If you need in urgently, I can share some commits with you (it might not
work on 4.11).

-Wei

2018-04-12 11:23 GMT+02:00 Stephan Seitz :

> Thank's for your feedback Wei!
>
> I'll dscuss the configuration via tags/values with some collegues, but I
> think that's a very practical way of configuring some LB specialities.
>
> AFAIK there'll be some changes necessary to the codebase. Have you've done
> that changes internally or do I live in an ideal world and it's available
> maybe as pullrequest on github?
> In short, may we use that work? :)
>
> cheers,
>
> - Stephan
>
> Am Donnerstag, den 12.04.2018, 10:59 +0200 schrieb Wei ZHOU:
> > Hi Stephan,
> >
> > We (Leaseweb in Netherlands) had some work on it. It is implemented by
> > network tags and lb tags.
> > Here is our KB:
> > https://kb.leaseweb.com/display/KB/Network%3A+
> CloudStack#Network:CloudStack-ConfiguringloadbalancerforanIP
> AddressofanIsolatedNetwork
> >
> > -Wei
> >
> > 2018-04-12 10:23 GMT+02:00 Stephan Seitz :
> >
> > >
> > > Hi!
> > >
> > > We've got some projects where it would be very reasonable to have SSL
> > > offloading for https available at the loadbalancing component in the
> VR.
> > >
> > > Since loadbalancing is done via haproxy, that wouldn't be impossible to
> > > configure (at least for the haproxy.conf).
> > >
> > > I wonder if there's some documentation for the management <-> VR
> > > communication. IMHO we need to add
> > > - upload/update of ssl certs from the management node to the
> respective VR
> > > - configuring/updating SSL as additional LB method (besides the
> > > tcp-oproxy, tcp and udp methods)
> > > - some VR's feedback or canary code to inform the management node about
> > > the LB capabilities(?)
> > >
> > > It would be really nice if someone could share some information. How
> would
> > > you start that?
> > >
> > >
> > > Thanks!
> > >
> > > - Stephan
> > >
> Mit freundlichen Grüßen,
>
> Stephan Seitz
>
> --
>
> Heinlein Support GmbH
> Schwedter Str. 8/9b, 10119 Berlin
>
> http://www.heinlein-support.de
>
> Tel: 030 / 405051-44
> Fax: 030 / 405051-19
>
> Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht
> Berlin-Charlottenburg,
> Geschäftsführer: Peer Heinlein -- Sitz: Berlin
>
>
>

Re: SSL offloading for Virtual Routers / Loadbalancer

2018-04-12 Thread Stephan Seitz 
Thank's for your feedback Wei!

I'll dscuss the configuration via tags/values with some collegues, but I think 
that's a very practical way of configuring some LB specialities.

AFAIK there'll be some changes necessary to the codebase. Have you've done that 
changes internally or do I live in an ideal world and it's available maybe as 
pullrequest on github?
In short, may we use that work? :)

cheers,

- Stephan

Am Donnerstag, den 12.04.2018, 10:59 +0200 schrieb Wei ZHOU:
> Hi Stephan,
> 
> We (Leaseweb in Netherlands) had some work on it. It is implemented by
> network tags and lb tags.
> Here is our KB:
> https://kb.leaseweb.com/display/KB/Network%3A+CloudStack#Network:CloudStack-ConfiguringloadbalancerforanIPAddressofanIsolatedNetwork
> 
> -Wei
> 
> 2018-04-12 10:23 GMT+02:00 Stephan Seitz :
> 
> > 
> > Hi!
> > 
> > We've got some projects where it would be very reasonable to have SSL
> > offloading for https available at the loadbalancing component in the VR.
> > 
> > Since loadbalancing is done via haproxy, that wouldn't be impossible to
> > configure (at least for the haproxy.conf).
> > 
> > I wonder if there's some documentation for the management <-> VR
> > communication. IMHO we need to add
> > - upload/update of ssl certs from the management node to the respective VR
> > - configuring/updating SSL as additional LB method (besides the
> > tcp-oproxy, tcp and udp methods)
> > - some VR's feedback or canary code to inform the management node about
> > the LB capabilities(?)
> > 
> > It would be really nice if someone could share some information. How would
> > you start that?
> > 
> > 
> > Thanks!
> > 
> > - Stephan
> > 
Mit freundlichen Grüßen,

Stephan Seitz

--

Heinlein Support GmbH
Schwedter Str. 8/9b, 10119 Berlin

http://www.heinlein-support.de

Tel: 030 / 405051-44
Fax: 030 / 405051-19

Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht
Berlin-Charlottenburg,
Geschäftsführer: Peer Heinlein -- Sitz: Berlin




signature.asc
Description: This is a digitally signed message part

Re: SSL offloading for Virtual Routers / Loadbalancer

2018-04-12 Thread Wei ZHOU 
Hi Stephan,

We (Leaseweb in Netherlands) had some work on it. It is implemented by
network tags and lb tags.
Here is our KB:
https://kb.leaseweb.com/display/KB/Network%3A+CloudStack#Network:CloudStack-ConfiguringloadbalancerforanIPAddressofanIsolatedNetwork

-Wei

2018-04-12 10:23 GMT+02:00 Stephan Seitz :

> Hi!
>
> We've got some projects where it would be very reasonable to have SSL
> offloading for https available at the loadbalancing component in the VR.
>
> Since loadbalancing is done via haproxy, that wouldn't be impossible to
> configure (at least for the haproxy.conf).
>
> I wonder if there's some documentation for the management <-> VR
> communication. IMHO we need to add
> - upload/update of ssl certs from the management node to the respective VR
> - configuring/updating SSL as additional LB method (besides the
> tcp-oproxy, tcp and udp methods)
> - some VR's feedback or canary code to inform the management node about
> the LB capabilities(?)
>
> It would be really nice if someone could share some information. How would
> you start that?
>
>
> Thanks!
>
> - Stephan
>

SSL offloading for Virtual Routers / Loadbalancer

2018-04-12 Thread Stephan Seitz 
Hi!

We've got some projects where it would be very reasonable to have SSL 
offloading for https available at the loadbalancing component in the VR.

Since loadbalancing is done via haproxy, that wouldn't be impossible to 
configure (at least for the haproxy.conf).

I wonder if there's some documentation for the management <-> VR communication. 
IMHO we need to add
- upload/update of ssl certs from the management node to the respective VR
- configuring/updating SSL as additional LB method (besides the tcp-oproxy, tcp 
and udp methods)
- some VR's feedback or canary code to inform the management node about the LB 
capabilities(?)

It would be really nice if someone could share some information. How would you 
start that?


Thanks!

- Stephan


signature.asc
Description: This is a digitally signed message part