[jira] [Commented] (CLOUDSTACK-10327) SSO fails with error "Session Expired", except for root admin
[
https://issues.apache.org/jira/browse/CLOUDSTACK-10327?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16408850#comment-16408850
]
ASF GitHub Bot commented on CLOUDSTACK-10327:
-
olivierlemasle commented on issue #2498: CLOUDSTACK-10327: Do not invalidate
the session when API command not found
URL: https://github.com/apache/cloudstack/pull/2498#issuecomment-375142120
@rhtyd Ok, I've rebased the PR against 4.11 and updated the base branch
accordingly.
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> SSO fails with error "Session Expired", except for root admin
> -
>
> Key: CLOUDSTACK-10327
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10327
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: API
>Affects Versions: 4.11.0.0
>Reporter: Olivier Lemasle
>Assignee: Olivier Lemasle
>Priority: Critical
>
> CloudStack SSO (using {{security.singlesignon.key}}) does not work anymore
> with CloudStack 4.11, since commit
> [9988c26|https://github.com/apache/cloudstack/commit/9988c269b259b84c0b8436bad17f88dbc1d706e7#diff-16f2bfa56c6e8760760dd2b27b47d5b4]
> This commit introduced a new feature (the ability to limit admin API calls to
> a network CIDR), but also a regression due to a refactoring: every API
> request that is not "validated" generates the same error (401 - Unauthorized)
> and *invalidates the session*.
> However, during an SSO login, CloudStack executes (since ACS 4.7), a [call to
> "listConfigurations"|https://github.com/apache/cloudstack/blob/8a3943b7632eddf3856a19e7d9a3fee82dd325be/ui/scripts/cloudStack.js#L172],
> an API command reserved for root admins. When the user is not a root admin,
> he does not have the privileges for this command.
> With CloudStack up to 4.10, an error 432 was returned (and ignored):
> {noformat}
> {"errorresponse":{"uuidList":[],"errorcode":432,"cserrorcode":,"errortext":"The
> user is not allowed to request the API command or the API command does not
> exist"}}
> {noformat}
> With CloudStack 4.11, the error 432 is replaced by an error 401 and the
> session is invalidated. Then the next API calls lead to an error "Session
> Expired" and the user cannot log in.
> {noformat}
> {"listconfigurationsresponse":{"uuidList":[],"errorcode":401,"errortext":"unable
> to verify user credentials and/or request signature"}}
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Created] (CLOUDSTACK-10339) Managed Storage and SolidFire: Support multiple volume access groups per compute cluster
Mike Tutkowski created CLOUDSTACK-10339: --- Summary: Managed Storage and SolidFire: Support multiple volume access groups per compute cluster Key: CLOUDSTACK-10339 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10339 Project: CloudStack Issue Type: Improvement Security Level: Public (Anyone can view this level - this is the default.) Affects Versions: 4.11.0.0 Environment: SolidFire Reporter: Mike Tutkowski Fix For: 4.12.0.0 Previously, the SolidFire storage plug-in for managed storage had a 1:1 mapping between a compute cluster and a volume access group (VAG). A VAG is a type of ACL in the SolidFire cluster. This ticket is looking to expand that support to be 1:M. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Assigned] (CLOUDSTACK-10339) Managed Storage and SolidFire: Support multiple volume access groups per compute cluster
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10339?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mike Tutkowski reassigned CLOUDSTACK-10339: --- Assignee: Mike Tutkowski > Managed Storage and SolidFire: Support multiple volume access groups per > compute cluster > > > Key: CLOUDSTACK-10339 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10339 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) >Affects Versions: 4.11.0.0 > Environment: SolidFire >Reporter: Mike Tutkowski >Assignee: Mike Tutkowski >Priority: Major > Fix For: 4.12.0.0 > > > Previously, the SolidFire storage plug-in for managed storage had a 1:1 > mapping between a compute cluster and a volume access group (VAG). A VAG is a > type of ACL in the SolidFire cluster. > This ticket is looking to expand that support to be 1:M. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Assigned] (CLOUDSTACK-10338) XenServer: Allow a volume on non-managed storage to be online migrated to managed storage
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mike Tutkowski reassigned CLOUDSTACK-10338: --- Assignee: Mike Tutkowski > XenServer: Allow a volume on non-managed storage to be online migrated to > managed storage > - > > Key: CLOUDSTACK-10338 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10338 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server, XenServer >Affects Versions: 4.11.0.0 > Environment: XenServer and Managed Storage >Reporter: Mike Tutkowski >Assignee: Mike Tutkowski >Priority: Major > Fix For: 4.12.0.0 > > > Allow on XenServer for a volume on non-managed storage to be online migrated > to managed storage. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (CLOUDSTACK-10337) Managed Storage: Check cluster ID, not host ID, when starting up a VM in a new cluster
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10337?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mike Tutkowski updated CLOUDSTACK-10337: Environment: All > Managed Storage: Check cluster ID, not host ID, when starting up a VM in a > new cluster > -- > > Key: CLOUDSTACK-10337 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10337 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server >Affects Versions: 4.11.0.0 > Environment: All >Reporter: Mike Tutkowski >Assignee: Mike Tutkowski >Priority: Major > Fix For: 4.12.0.0 > > > Example: A VM that uses managed storage is stopped. The VM is then started on > a different host in the same cluster. The Start operation fails. > To get around this issue, you must either start the VM up on the same host or > on a host in a different cluster. > The reason is due to a slightly erroneous check in VolumeOrchestrator.prepare. > To solve this issue, we should be checking if the cluster ID changes, not if > the host ID changes. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (CLOUDSTACK-10338) XenServer: Allow a volume on non-managed storage to be online migrated to managed storage
Mike Tutkowski created CLOUDSTACK-10338: --- Summary: XenServer: Allow a volume on non-managed storage to be online migrated to managed storage Key: CLOUDSTACK-10338 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10338 Project: CloudStack Issue Type: Improvement Security Level: Public (Anyone can view this level - this is the default.) Components: Management Server, XenServer Affects Versions: 4.11.0.0 Environment: XenServer and Managed Storage Reporter: Mike Tutkowski Fix For: 4.12.0.0 Allow on XenServer for a volume on non-managed storage to be online migrated to managed storage. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (CLOUDSTACK-10337) Managed Storage: Check cluster ID, not host ID, when starting up a VM in a new cluster
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10337?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mike Tutkowski updated CLOUDSTACK-10337: Description: Example: A VM that uses managed storage is stopped. The VM is then started on a different host in the same cluster. The Start operation fails. To get around this issue, you must either start the VM up on the same host or on a host in a different cluster. The reason is due to a slightly erroneous check in VolumeOrchestrator.prepare. To solve this issue, we should be checking if the cluster ID changes, not if the host ID changes. was: Example: A VM that uses managed storage is stopped. The VM is then started on a different host in the same cluster. The Start operation fails. To get around this issue, you must either start the VM up on the same host in the same cluster or on a host in a different cluster. The reason is due to a slightly erroneous check in VolumeOrchestrator.prepare. To solve this issue, we should be checking if the cluster ID changes, not if the host ID changes. > Managed Storage: Check cluster ID, not host ID, when starting up a VM in a > new cluster > -- > > Key: CLOUDSTACK-10337 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10337 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server >Affects Versions: 4.11.0.0 >Reporter: Mike Tutkowski >Assignee: Mike Tutkowski >Priority: Major > Fix For: 4.12.0.0 > > > Example: A VM that uses managed storage is stopped. The VM is then started on > a different host in the same cluster. The Start operation fails. > To get around this issue, you must either start the VM up on the same host or > on a host in a different cluster. > The reason is due to a slightly erroneous check in VolumeOrchestrator.prepare. > To solve this issue, we should be checking if the cluster ID changes, not if > the host ID changes. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Assigned] (CLOUDSTACK-10337) Managed Storage: Check cluster ID, not host ID, when starting up a VM in a new cluster
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10337?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mike Tutkowski reassigned CLOUDSTACK-10337: --- Assignee: Mike Tutkowski > Managed Storage: Check cluster ID, not host ID, when starting up a VM in a > new cluster > -- > > Key: CLOUDSTACK-10337 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10337 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server >Affects Versions: 4.11.0.0 >Reporter: Mike Tutkowski >Assignee: Mike Tutkowski >Priority: Major > Fix For: 4.12.0.0 > > > Example: A VM that uses managed storage is stopped. The VM is then started on > a different host in the same cluster. The Start operation fails. > To get around this issue, you must either start the VM up on the same host in > the same cluster or on a host in a different cluster. > The reason is due to a slightly erroneous check in VolumeOrchestrator.prepare. > To solve this issue, we should be checking if the cluster ID changes, not if > the host ID changes. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (CLOUDSTACK-10337) Managed Storage: Check cluster ID, not host ID, when starting up a VM in a new cluster
Mike Tutkowski created CLOUDSTACK-10337: --- Summary: Managed Storage: Check cluster ID, not host ID, when starting up a VM in a new cluster Key: CLOUDSTACK-10337 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10337 Project: CloudStack Issue Type: Bug Security Level: Public (Anyone can view this level - this is the default.) Components: Management Server Affects Versions: 4.11.0.0 Reporter: Mike Tutkowski Fix For: 4.12.0.0 Example: A VM that uses managed storage is stopped. The VM is then started on a different host in the same cluster. The Start operation fails. To get around this issue, you must either start the VM up on the same host in the same cluster or on a host in a different cluster. The reason is due to a slightly erroneous check in VolumeOrchestrator.prepare. To solve this issue, we should be checking if the cluster ID changes, not if the host ID changes. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10332) Users are not able to change/edit the protocol of an ACL rule
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10332?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16408583#comment-16408583 ] ASF GitHub Bot commented on CLOUDSTACK-10332: - blueorangutan commented on issue #2496: [CLOUDSTACK-10332] Users are not able to change/edit the protocol of an ACL rule URL: https://github.com/apache/cloudstack/pull/2496#issuecomment-375095784 Trillian test result (tid-2397) Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7 Total time taken: 43766 seconds Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr2496-t2397-kvm-centos7.zip Intermitten failure detected: /marvin/tests/smoke/test_certauthority_root.py Intermitten failure detected: /marvin/tests/smoke/test_internal_lb.py Intermitten failure detected: /marvin/tests/smoke/test_public_ip_range.py Intermitten failure detected: /marvin/tests/smoke/test_templates.py Intermitten failure detected: /marvin/tests/smoke/test_usage.py Intermitten failure detected: /marvin/tests/smoke/test_volumes.py Intermitten failure detected: /marvin/tests/smoke/test_vpc_redundant.py Intermitten failure detected: /marvin/tests/smoke/test_host_maintenance.py Intermitten failure detected: /marvin/tests/smoke/test_hostha_kvm.py Smoke tests completed. 62 look OK, 5 have error(s) Only failed tests results shown below: Test | Result | Time (s) | Test File --- | --- | --- | --- test_04_extract_template | `Failure` | 128.32 | test_templates.py ContextSuite context=TestISOUsage>:setup | `Error` | 0.00 | test_usage.py test_06_download_detached_volume | `Failure` | 137.75 | test_volumes.py test_04_rvpc_network_garbage_collector_nics | `Failure` | 313.72 | test_vpc_redundant.py test_hostha_enable_ha_when_host_in_maintenance | `Error` | 2.83 | test_hostha_kvm.py This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Users are not able to change/edit the protocol of an ACL rule > -- > > Key: CLOUDSTACK-10332 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10332 > Project: CloudStack > Issue Type: New Feature > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rafael Weingärtner >Assignee: Rafael Weingärtner >Priority: Major > Fix For: 4.12 > > > Users should be able to edit an ACL rule completely. Therefore, they must be > able to change the protocol type and others configs of an ACL rules. > Right now users are not able to execute the following. > * Create an ACL for ICMP > * Click on edit and change the protocol to TCP > * An error will happen when saving the rule. > Users should be able to execute the protocol changes without problem. > In addition, it is not just the protocol that users are not able to change. > For instance, after defining ports, or reason/description for the rule, users > are not able to set those values back to null. The same happens for ICMP code > and type. > We will introduce a new parameter called "partialUpdate", which will have its > default value as true to maintain backward compatibility. When this parameter > is set to false, we will consider only the parameters sent, and not the > parameters we already have in the database to change and validate the ACL > rule data. This allows us to update parameters already set back to null, and > to completely change an ACL rule. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Assigned] (CLOUDSTACK-10335) Refine space calculations for managed storage in StorageManagerImpl
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10335?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mike Tutkowski reassigned CLOUDSTACK-10335: --- Assignee: Mike Tutkowski > Refine space calculations for managed storage in StorageManagerImpl > --- > > Key: CLOUDSTACK-10335 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10335 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server >Affects Versions: 4.11.0.0 > Environment: All >Reporter: Mike Tutkowski >Assignee: Mike Tutkowski >Priority: Major > Fix For: 4.12.0.0 > > > In StorageManagerImpl.storagePoolHasEnoughSpace, we need to update a couple > areas of the algorithm that calculates if enough space is present when > dealing with managed storage: > 1) We no longer can rely on managed storage being exclusively at the zone > level. Check if the storage is managed (not if if it at the zone level). > 2) Invoke getBytesRequiredForTemplate not only for XenServer when > getSupportsResigning resolves to true, but also if using VMware or KVM. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (CLOUDSTACK-10336) Restrict the number of managed SRs and datastores
Mike Tutkowski created CLOUDSTACK-10336: --- Summary: Restrict the number of managed SRs and datastores Key: CLOUDSTACK-10336 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10336 Project: CloudStack Issue Type: Bug Security Level: Public (Anyone can view this level - this is the default.) Components: VMware, XenServer Affects Versions: 4.11.0.0 Environment: XenServer and VMware Reporter: Mike Tutkowski Fix For: 4.12.0.0 For managed storage, each time a virtual disk is created, a new SR is created (when on XenServer) or a new datastore is created (when on VMware). XenServer 6.5 can support around 500 - 600 SRs per compute cluster while VMware can support 256 datastores per compute cluster. CloudStack has never had the ability to limit the number of SRs or datastores it creates when using managed storage (the admin has needed to pay attention to this via some other process outside of CloudStack). This code aims to address the main use cases in CloudStack that can create SRs or datastores and fails the applicable operations if no more SRs or datastores can be created (based on a new cluster-scoped setting that specifies how many SRs or datastores the admin is OK with CloudStack creating). -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Assigned] (CLOUDSTACK-10336) Restrict the number of managed SRs and datastores
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10336?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mike Tutkowski reassigned CLOUDSTACK-10336: --- Assignee: Mike Tutkowski > Restrict the number of managed SRs and datastores > - > > Key: CLOUDSTACK-10336 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10336 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: VMware, XenServer >Affects Versions: 4.11.0.0 > Environment: XenServer and VMware >Reporter: Mike Tutkowski >Assignee: Mike Tutkowski >Priority: Major > Fix For: 4.12.0.0 > > > For managed storage, each time a virtual disk is created, a new SR is created > (when on XenServer) or a new datastore is created (when on VMware). > XenServer 6.5 can support around 500 - 600 SRs per compute cluster while > VMware can support 256 datastores per compute cluster. > CloudStack has never had the ability to limit the number of SRs or datastores > it creates when using managed storage (the admin has needed to pay attention > to this via some other process outside of CloudStack). > This code aims to address the main use cases in CloudStack that can create > SRs or datastores and fails the applicable operations if no more SRs or > datastores can be created (based on a new cluster-scoped setting that > specifies how many SRs or datastores the admin is OK with CloudStack > creating). -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (CLOUDSTACK-10335) Refine space calculations for managed storage in StorageManagerImpl
Mike Tutkowski created CLOUDSTACK-10335: --- Summary: Refine space calculations for managed storage in StorageManagerImpl Key: CLOUDSTACK-10335 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10335 Project: CloudStack Issue Type: Bug Security Level: Public (Anyone can view this level - this is the default.) Components: Management Server Affects Versions: 4.11.0.0 Environment: All Reporter: Mike Tutkowski Fix For: 4.12.0.0 In StorageManagerImpl.storagePoolHasEnoughSpace, we need to update a couple areas of the algorithm that calculates if enough space is present when dealing with managed storage: 1) We no longer can rely on managed storage being exclusively at the zone level. Check if the storage is managed (not if if it at the zone level). 2) Invoke getBytesRequiredForTemplate not only for XenServer when getSupportsResigning resolves to true, but also if using VMware or KVM. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (CLOUDSTACK-9620) Improvements for Managed Storage
[ https://issues.apache.org/jira/browse/CLOUDSTACK-9620?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mike Tutkowski resolved CLOUDSTACK-9620. Resolution: Fixed > Improvements for Managed Storage > > > Key: CLOUDSTACK-9620 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9620 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) > Components: KVM, Management Server, VMware, XenServer >Affects Versions: 4.11.0.0 > Environment: KVM, vSphere, and XenServer >Reporter: Mike Tutkowski >Assignee: Mike Tutkowski >Priority: Major > Fix For: 4.11.0.0 > > > Allowed zone-wide primary storage based on a custom plug-in to be added via > the GUI in a KVM-only environment (previously this only worked for XenServer > and VMware) > Added support for root disks on managed storage with KVM > Added support for volume snapshots with managed storage on KVM > Enabled creating a template directly from a volume (i.e. without having to go > through a volume snapshot) on KVM with managed storage > Only allowed the resizing of a volume for managed storage on KVM if the > volume in question is either not attached to a VM or is attached to a VM in > the Stopped state > Included support for Reinstall VM on KVM with managed storage > Enabled offline migration on KVM from non-managed storage to managed storage > and vice versa > Included support for online storage migration on KVM with managed storage > (NFS and Ceph to managed storage) > Added support to download (extract) a managed-storage volume to a QCOW2 file > When uploading a file from outside of CloudStack to CloudStack, set the min > and max IOPS, if applicable. > Included support for the KVM auto-convergence feature > The compression flag was actually added in version 1.0.3 (103) as opposed > to version 1.3.0 (1003000) (changed this to reflect the correct version) > On KVM when using iSCSI-based managed storage, if the user shuts a VM down > from the guest OS (as opposed to doing so from CloudStack), we need to pass > to the KVM agent a list of applicable iSCSI volumes that need to be > disconnected. > Added a new Global Setting: kvm.storage.live.migration.wait > For XenServer, added a check to enforce that only volumes from zone-wide > managed storage can be storage motioned from a host in one cluster to a host > in another cluster (cannot do so at the time being with volumes from > cluster-scoped managed storage) > Don’t allow Storage XenMotion on a VM that has any managed-storage volume > with one or more snapshots. > Enabled for managed storage with VMware: Template caching, create snapshot, > delete snapshot, create volume from snapshot, and create template from > snapshot > Added an SIOC API plug-in to support VMware SIOC > When starting a VM that uses managed storage in a cluster other than the one > it last was running in, we need to remove the reference to the iSCSI volume > from the original cluster. > Added the ability to revert a volume to a snapshot > Enabled cluster-scoped managed storage > Added support for VMware dynamic discovery -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Closed] (CLOUDSTACK-9620) Improvements for Managed Storage
[ https://issues.apache.org/jira/browse/CLOUDSTACK-9620?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mike Tutkowski closed CLOUDSTACK-9620. -- > Improvements for Managed Storage > > > Key: CLOUDSTACK-9620 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9620 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) > Components: KVM, Management Server, VMware, XenServer >Affects Versions: 4.11.0.0 > Environment: KVM, vSphere, and XenServer >Reporter: Mike Tutkowski >Assignee: Mike Tutkowski >Priority: Major > Fix For: 4.11.0.0 > > > Allowed zone-wide primary storage based on a custom plug-in to be added via > the GUI in a KVM-only environment (previously this only worked for XenServer > and VMware) > Added support for root disks on managed storage with KVM > Added support for volume snapshots with managed storage on KVM > Enabled creating a template directly from a volume (i.e. without having to go > through a volume snapshot) on KVM with managed storage > Only allowed the resizing of a volume for managed storage on KVM if the > volume in question is either not attached to a VM or is attached to a VM in > the Stopped state > Included support for Reinstall VM on KVM with managed storage > Enabled offline migration on KVM from non-managed storage to managed storage > and vice versa > Included support for online storage migration on KVM with managed storage > (NFS and Ceph to managed storage) > Added support to download (extract) a managed-storage volume to a QCOW2 file > When uploading a file from outside of CloudStack to CloudStack, set the min > and max IOPS, if applicable. > Included support for the KVM auto-convergence feature > The compression flag was actually added in version 1.0.3 (103) as opposed > to version 1.3.0 (1003000) (changed this to reflect the correct version) > On KVM when using iSCSI-based managed storage, if the user shuts a VM down > from the guest OS (as opposed to doing so from CloudStack), we need to pass > to the KVM agent a list of applicable iSCSI volumes that need to be > disconnected. > Added a new Global Setting: kvm.storage.live.migration.wait > For XenServer, added a check to enforce that only volumes from zone-wide > managed storage can be storage motioned from a host in one cluster to a host > in another cluster (cannot do so at the time being with volumes from > cluster-scoped managed storage) > Don’t allow Storage XenMotion on a VM that has any managed-storage volume > with one or more snapshots. > Enabled for managed storage with VMware: Template caching, create snapshot, > delete snapshot, create volume from snapshot, and create template from > snapshot > Added an SIOC API plug-in to support VMware SIOC > When starting a VM that uses managed storage in a cluster other than the one > it last was running in, we need to remove the reference to the iSCSI volume > from the original cluster. > Added the ability to revert a volume to a snapshot > Enabled cluster-scoped managed storage > Added support for VMware dynamic discovery -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Closed] (CLOUDSTACK-10244) Online storage migration for KVM fails and corrupts disk
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mike Tutkowski closed CLOUDSTACK-10244. --- > Online storage migration for KVM fails and corrupts disk > > > Key: CLOUDSTACK-10244 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10244 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: KVM >Affects Versions: 4.11.0.0 >Reporter: Mike Tutkowski >Assignee: Mike Tutkowski >Priority: Blocker > Fix For: 4.11.0.0 > > > This is an issue that was introduced in the code-review process of > https://github.com/apache/cloudstack/pull/2298. > I plan to open a PR for 4.11 RC2 soon. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (CLOUDSTACK-10244) Online storage migration for KVM fails and corrupts disk
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mike Tutkowski resolved CLOUDSTACK-10244. - Resolution: Fixed > Online storage migration for KVM fails and corrupts disk > > > Key: CLOUDSTACK-10244 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10244 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: KVM >Affects Versions: 4.11.0.0 >Reporter: Mike Tutkowski >Assignee: Mike Tutkowski >Priority: Blocker > Fix For: 4.11.0.0 > > > This is an issue that was introduced in the code-review process of > https://github.com/apache/cloudstack/pull/2298. > I plan to open a PR for 4.11 RC2 soon. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10311) Agent Log Rotate variable replace bug
[
https://issues.apache.org/jira/browse/CLOUDSTACK-10311?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16408211#comment-16408211
]
ASF GitHub Bot commented on CLOUDSTACK-10311:
-
Slair1 commented on issue #2471: CLOUDSTACK-10311 Agent Log Rotate variable
replace bug
URL: https://github.com/apache/cloudstack/pull/2471#issuecomment-375011413
@rafaelweingartner sorry for the newbie question, but i updated the
.travis.yml file and it now shows up in my commit, is that correct?
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Agent Log Rotate variable replace bug
> -
>
> Key: CLOUDSTACK-10311
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10311
> Project: CloudStack
> Issue Type: Improvement
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: cloudstack-agent
>Affects Versions: 4.10.0.0, 4.9.3.0
>Reporter: Sean Lair
>Priority: Major
>
> The cloudstack-agent was modified to use the @AGENTLOG@ variable entry, but
> the pom.xml file was not correct to do the replacement of the @AGENTLOG@.
> {{@AGENTLOG@}}
> {{/var/log/cloudstack/agent/security_group.log}}
> {{{}}
> {{ copytruncate}}
> {{ daily}}
> {{ rotate 5}}
> {{ compress}}
> {{ missingok}}
> {{}}}
> PR coming
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10311) Agent Log Rotate variable replace bug
[
https://issues.apache.org/jira/browse/CLOUDSTACK-10311?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16408204#comment-16408204
]
ASF GitHub Bot commented on CLOUDSTACK-10311:
-
Slair1 commented on issue #2471: CLOUDSTACK-10311 Agent Log Rotate variable
replace bug
URL: https://github.com/apache/cloudstack/pull/2471#issuecomment-375009487
@rafaelweingartner thanks for info on increasing the travis timeout.
I guess i thought there would be a 4.9.4.0, there have been other PRs merged
in 4.9 and the POMs for it have been updated to 4.9.4.0 it looks like at least.
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Agent Log Rotate variable replace bug
> -
>
> Key: CLOUDSTACK-10311
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10311
> Project: CloudStack
> Issue Type: Improvement
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: cloudstack-agent
>Affects Versions: 4.10.0.0, 4.9.3.0
>Reporter: Sean Lair
>Priority: Major
>
> The cloudstack-agent was modified to use the @AGENTLOG@ variable entry, but
> the pom.xml file was not correct to do the replacement of the @AGENTLOG@.
> {{@AGENTLOG@}}
> {{/var/log/cloudstack/agent/security_group.log}}
> {{{}}
> {{ copytruncate}}
> {{ daily}}
> {{ rotate 5}}
> {{ compress}}
> {{ missingok}}
> {{}}}
> PR coming
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10327) SSO fails with error "Session Expired", except for root admin
[
https://issues.apache.org/jira/browse/CLOUDSTACK-10327?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16408198#comment-16408198
]
ASF GitHub Bot commented on CLOUDSTACK-10327:
-
rhtyd commented on issue #2498: CLOUDSTACK-10327: Do not invalidate the session
when API command not found
URL: https://github.com/apache/cloudstack/pull/2498#issuecomment-375008974
@olivierlemasle can you edit the PR and rebase against 4.11 branch?
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> SSO fails with error "Session Expired", except for root admin
> -
>
> Key: CLOUDSTACK-10327
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10327
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: API
>Affects Versions: 4.11.0.0
>Reporter: Olivier Lemasle
>Assignee: Olivier Lemasle
>Priority: Critical
>
> CloudStack SSO (using {{security.singlesignon.key}}) does not work anymore
> with CloudStack 4.11, since commit
> [9988c26|https://github.com/apache/cloudstack/commit/9988c269b259b84c0b8436bad17f88dbc1d706e7#diff-16f2bfa56c6e8760760dd2b27b47d5b4]
> This commit introduced a new feature (the ability to limit admin API calls to
> a network CIDR), but also a regression due to a refactoring: every API
> request that is not "validated" generates the same error (401 - Unauthorized)
> and *invalidates the session*.
> However, during an SSO login, CloudStack executes (since ACS 4.7), a [call to
> "listConfigurations"|https://github.com/apache/cloudstack/blob/8a3943b7632eddf3856a19e7d9a3fee82dd325be/ui/scripts/cloudStack.js#L172],
> an API command reserved for root admins. When the user is not a root admin,
> he does not have the privileges for this command.
> With CloudStack up to 4.10, an error 432 was returned (and ignored):
> {noformat}
> {"errorresponse":{"uuidList":[],"errorcode":432,"cserrorcode":,"errortext":"The
> user is not allowed to request the API command or the API command does not
> exist"}}
> {noformat}
> With CloudStack 4.11, the error 432 is replaced by an error 401 and the
> session is invalidated. Then the next API calls lead to an error "Session
> Expired" and the user cannot log in.
> {noformat}
> {"listconfigurationsresponse":{"uuidList":[],"errorcode":401,"errortext":"unable
> to verify user credentials and/or request signature"}}
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10327) SSO fails with error "Session Expired", except for root admin
[
https://issues.apache.org/jira/browse/CLOUDSTACK-10327?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16408200#comment-16408200
]
ASF GitHub Bot commented on CLOUDSTACK-10327:
-
rhtyd commented on issue #2498: CLOUDSTACK-10327: Do not invalidate the session
when API command not found
URL: https://github.com/apache/cloudstack/pull/2498#issuecomment-375008974
@olivierlemasle can you edit the PR and rebase against 4.11 branch? I tried
to do that, but Github requires rebasing against 4.11.
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> SSO fails with error "Session Expired", except for root admin
> -
>
> Key: CLOUDSTACK-10327
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10327
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: API
>Affects Versions: 4.11.0.0
>Reporter: Olivier Lemasle
>Assignee: Olivier Lemasle
>Priority: Critical
>
> CloudStack SSO (using {{security.singlesignon.key}}) does not work anymore
> with CloudStack 4.11, since commit
> [9988c26|https://github.com/apache/cloudstack/commit/9988c269b259b84c0b8436bad17f88dbc1d706e7#diff-16f2bfa56c6e8760760dd2b27b47d5b4]
> This commit introduced a new feature (the ability to limit admin API calls to
> a network CIDR), but also a regression due to a refactoring: every API
> request that is not "validated" generates the same error (401 - Unauthorized)
> and *invalidates the session*.
> However, during an SSO login, CloudStack executes (since ACS 4.7), a [call to
> "listConfigurations"|https://github.com/apache/cloudstack/blob/8a3943b7632eddf3856a19e7d9a3fee82dd325be/ui/scripts/cloudStack.js#L172],
> an API command reserved for root admins. When the user is not a root admin,
> he does not have the privileges for this command.
> With CloudStack up to 4.10, an error 432 was returned (and ignored):
> {noformat}
> {"errorresponse":{"uuidList":[],"errorcode":432,"cserrorcode":,"errortext":"The
> user is not allowed to request the API command or the API command does not
> exist"}}
> {noformat}
> With CloudStack 4.11, the error 432 is replaced by an error 401 and the
> session is invalidated. Then the next API calls lead to an error "Session
> Expired" and the user cannot log in.
> {noformat}
> {"listconfigurationsresponse":{"uuidList":[],"errorcode":401,"errortext":"unable
> to verify user credentials and/or request signature"}}
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10311) Agent Log Rotate variable replace bug
[
https://issues.apache.org/jira/browse/CLOUDSTACK-10311?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16408192#comment-16408192
]
ASF GitHub Bot commented on CLOUDSTACK-10311:
-
rafaelweingartner commented on issue #2471: CLOUDSTACK-10311 Agent Log Rotate
variable replace bug
URL: https://github.com/apache/cloudstack/pull/2471#issuecomment-375006650
Timeouts can be changed in `.travil.yml`.
Are we going to have a 4.9.4.0? The version 4.9 is EOL.
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Agent Log Rotate variable replace bug
> -
>
> Key: CLOUDSTACK-10311
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10311
> Project: CloudStack
> Issue Type: Improvement
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: cloudstack-agent
>Affects Versions: 4.10.0.0, 4.9.3.0
>Reporter: Sean Lair
>Priority: Major
>
> The cloudstack-agent was modified to use the @AGENTLOG@ variable entry, but
> the pom.xml file was not correct to do the replacement of the @AGENTLOG@.
> {{@AGENTLOG@}}
> {{/var/log/cloudstack/agent/security_group.log}}
> {{{}}
> {{ copytruncate}}
> {{ daily}}
> {{ rotate 5}}
> {{ compress}}
> {{ missingok}}
> {{}}}
> PR coming
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10311) Agent Log Rotate variable replace bug
[
https://issues.apache.org/jira/browse/CLOUDSTACK-10311?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16408188#comment-16408188
]
ASF GitHub Bot commented on CLOUDSTACK-10311:
-
Slair1 commented on issue #2471: CLOUDSTACK-10311 Agent Log Rotate variable
replace bug
URL: https://github.com/apache/cloudstack/pull/2471#issuecomment-375005809
@rafaelweingartner how do i increase the travis timeouts?
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Agent Log Rotate variable replace bug
> -
>
> Key: CLOUDSTACK-10311
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10311
> Project: CloudStack
> Issue Type: Improvement
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: cloudstack-agent
>Affects Versions: 4.10.0.0, 4.9.3.0
>Reporter: Sean Lair
>Priority: Major
>
> The cloudstack-agent was modified to use the @AGENTLOG@ variable entry, but
> the pom.xml file was not correct to do the replacement of the @AGENTLOG@.
> {{@AGENTLOG@}}
> {{/var/log/cloudstack/agent/security_group.log}}
> {{{}}
> {{ copytruncate}}
> {{ daily}}
> {{ rotate 5}}
> {{ compress}}
> {{ missingok}}
> {{}}}
> PR coming
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10311) Agent Log Rotate variable replace bug
[
https://issues.apache.org/jira/browse/CLOUDSTACK-10311?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16408186#comment-16408186
]
ASF GitHub Bot commented on CLOUDSTACK-10311:
-
Slair1 commented on issue #2471: CLOUDSTACK-10311 Agent Log Rotate variable
replace bug
URL: https://github.com/apache/cloudstack/pull/2471#issuecomment-375005541
@rafaelweingartner yep, i was hoping it would be included in 4.9.4.0
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Agent Log Rotate variable replace bug
> -
>
> Key: CLOUDSTACK-10311
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10311
> Project: CloudStack
> Issue Type: Improvement
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: cloudstack-agent
>Affects Versions: 4.10.0.0, 4.9.3.0
>Reporter: Sean Lair
>Priority: Major
>
> The cloudstack-agent was modified to use the @AGENTLOG@ variable entry, but
> the pom.xml file was not correct to do the replacement of the @AGENTLOG@.
> {{@AGENTLOG@}}
> {{/var/log/cloudstack/agent/security_group.log}}
> {{{}}
> {{ copytruncate}}
> {{ daily}}
> {{ rotate 5}}
> {{ compress}}
> {{ missingok}}
> {{}}}
> PR coming
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10311) Agent Log Rotate variable replace bug
[
https://issues.apache.org/jira/browse/CLOUDSTACK-10311?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16408183#comment-16408183
]
ASF GitHub Bot commented on CLOUDSTACK-10311:
-
rafaelweingartner commented on issue #2471: CLOUDSTACK-10311 Agent Log Rotate
variable replace bug
URL: https://github.com/apache/cloudstack/pull/2471#issuecomment-375005145
Sorry for asking again, I forgot.
So, I was checking travis logs. It seems to be a timeout issue when
downloading dependencies. Can you increase the travis timeouts and test it
again?
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Agent Log Rotate variable replace bug
> -
>
> Key: CLOUDSTACK-10311
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10311
> Project: CloudStack
> Issue Type: Improvement
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: cloudstack-agent
>Affects Versions: 4.10.0.0, 4.9.3.0
>Reporter: Sean Lair
>Priority: Major
>
> The cloudstack-agent was modified to use the @AGENTLOG@ variable entry, but
> the pom.xml file was not correct to do the replacement of the @AGENTLOG@.
> {{@AGENTLOG@}}
> {{/var/log/cloudstack/agent/security_group.log}}
> {{{}}
> {{ copytruncate}}
> {{ daily}}
> {{ rotate 5}}
> {{ compress}}
> {{ missingok}}
> {{}}}
> PR coming
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10311) Agent Log Rotate variable replace bug
[
https://issues.apache.org/jira/browse/CLOUDSTACK-10311?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16408181#comment-16408181
]
ASF GitHub Bot commented on CLOUDSTACK-10311:
-
rhtyd commented on issue #2471: CLOUDSTACK-10311 Agent Log Rotate variable
replace bug
URL: https://github.com/apache/cloudstack/pull/2471#issuecomment-375004978
@Slair1 the changes are already in 4.11, master branches. By future version,
do you expect the fix to be in a future 4.9.x version (likely 4.9.4.0)?
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Agent Log Rotate variable replace bug
> -
>
> Key: CLOUDSTACK-10311
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10311
> Project: CloudStack
> Issue Type: Improvement
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: cloudstack-agent
>Affects Versions: 4.10.0.0, 4.9.3.0
>Reporter: Sean Lair
>Priority: Major
>
> The cloudstack-agent was modified to use the @AGENTLOG@ variable entry, but
> the pom.xml file was not correct to do the replacement of the @AGENTLOG@.
> {{@AGENTLOG@}}
> {{/var/log/cloudstack/agent/security_group.log}}
> {{{}}
> {{ copytruncate}}
> {{ daily}}
> {{ rotate 5}}
> {{ compress}}
> {{ missingok}}
> {{}}}
> PR coming
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10311) Agent Log Rotate variable replace bug
[
https://issues.apache.org/jira/browse/CLOUDSTACK-10311?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16408173#comment-16408173
]
ASF GitHub Bot commented on CLOUDSTACK-10311:
-
Slair1 commented on issue #2471: CLOUDSTACK-10311 Agent Log Rotate variable
replace bug
URL: https://github.com/apache/cloudstack/pull/2471#issuecomment-375003122
@rafaelweingartner as said in the other comments, there is already a PR that
addresses this issue in future versions. We are running 4.9.3 right now in our
environment.
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Agent Log Rotate variable replace bug
> -
>
> Key: CLOUDSTACK-10311
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10311
> Project: CloudStack
> Issue Type: Improvement
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: cloudstack-agent
>Affects Versions: 4.10.0.0, 4.9.3.0
>Reporter: Sean Lair
>Priority: Major
>
> The cloudstack-agent was modified to use the @AGENTLOG@ variable entry, but
> the pom.xml file was not correct to do the replacement of the @AGENTLOG@.
> {{@AGENTLOG@}}
> {{/var/log/cloudstack/agent/security_group.log}}
> {{{}}
> {{ copytruncate}}
> {{ daily}}
> {{ rotate 5}}
> {{ compress}}
> {{ missingok}}
> {{}}}
> PR coming
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10311) Agent Log Rotate variable replace bug
[
https://issues.apache.org/jira/browse/CLOUDSTACK-10311?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16408146#comment-16408146
]
ASF GitHub Bot commented on CLOUDSTACK-10311:
-
rafaelweingartner commented on issue #2471: CLOUDSTACK-10311 Agent Log Rotate
variable replace bug
URL: https://github.com/apache/cloudstack/pull/2471#issuecomment-374993809
Hmmm, may I ask you why did you open the PR against 4.9?
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Agent Log Rotate variable replace bug
> -
>
> Key: CLOUDSTACK-10311
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10311
> Project: CloudStack
> Issue Type: Improvement
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: cloudstack-agent
>Affects Versions: 4.10.0.0, 4.9.3.0
>Reporter: Sean Lair
>Priority: Major
>
> The cloudstack-agent was modified to use the @AGENTLOG@ variable entry, but
> the pom.xml file was not correct to do the replacement of the @AGENTLOG@.
> {{@AGENTLOG@}}
> {{/var/log/cloudstack/agent/security_group.log}}
> {{{}}
> {{ copytruncate}}
> {{ daily}}
> {{ rotate 5}}
> {{ compress}}
> {{ missingok}}
> {{}}}
> PR coming
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10311) Agent Log Rotate variable replace bug
[
https://issues.apache.org/jira/browse/CLOUDSTACK-10311?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16408139#comment-16408139
]
ASF GitHub Bot commented on CLOUDSTACK-10311:
-
Slair1 commented on issue #2471: CLOUDSTACK-10311 Agent Log Rotate variable
replace bug
URL: https://github.com/apache/cloudstack/pull/2471#issuecomment-374990533
@rafaelweingartner still seeing some unrelated errors in the travis
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Agent Log Rotate variable replace bug
> -
>
> Key: CLOUDSTACK-10311
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10311
> Project: CloudStack
> Issue Type: Improvement
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: cloudstack-agent
>Affects Versions: 4.10.0.0, 4.9.3.0
>Reporter: Sean Lair
>Priority: Major
>
> The cloudstack-agent was modified to use the @AGENTLOG@ variable entry, but
> the pom.xml file was not correct to do the replacement of the @AGENTLOG@.
> {{@AGENTLOG@}}
> {{/var/log/cloudstack/agent/security_group.log}}
> {{{}}
> {{ copytruncate}}
> {{ daily}}
> {{ rotate 5}}
> {{ compress}}
> {{ missingok}}
> {{}}}
> PR coming
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Created] (CLOUDSTACK-10334) Inadequate information for handling catch clauses
Zhenhao Li created CLOUDSTACK-10334: --- Summary: Inadequate information for handling catch clauses Key: CLOUDSTACK-10334 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10334 Project: CloudStack Issue Type: Improvement Security Level: Public (Anyone can view this level - this is the default.) Reporter: Zhenhao Li Their are some situations that different exception types are caught, but the handling of those exceptions can not show the differences of those types. Here are the code snippets we found which have this problem: *cloudstack/server/src/main/java/com/cloud/api/dispatch/ParamProcessWorker.java* [https://github.com/apache/cloudstack/blob/893a88d225276e45f12f9490e6af2c94a81c2965/server/src/main/java/com/cloud/api/dispatch/ParamProcessWorker.java] At Line *261* and Line *265.* We can see that two exception types are caught, but the logging statements here can not show the exception type at all. Also they threw new exceptions after the logs, but the throw statements in these two catch clauses are identical, which are not distinguishable. It may cause confusions to the person who is reading the log, the person can not know what exception happened here and can not distinguish logs generated by these two statements. Maybe adding stack trace information to these two logging statements and change the log message to handle specific situations is a simple way to improve it. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10327) SSO fails with error "Session Expired", except for root admin
[
https://issues.apache.org/jira/browse/CLOUDSTACK-10327?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16407960#comment-16407960
]
ASF GitHub Bot commented on CLOUDSTACK-10327:
-
olivierlemasle opened a new pull request #2498: CLOUDSTACK-10327: Do not
invalidate the session when API command not found
URL: https://github.com/apache/cloudstack/pull/2498
## Description
CloudStack SSO (using `security.singlesignon.key`) does not work anymore
with CloudStack 4.11, since commit 9988c26, which introduced a regression due
to a refactoring: every API request that is not "validated" generates the same
error (401 - Unauthorized) and invalidates the session.
However, CloudStack UI executes a call to `listConfigurations` [in method
`bypassLoginCheck`](https://github.com/apache/cloudstack/blob/1c99fd73881938/ui/scripts/cloudStack.js#L172).
A non-admin user does not have the permissions to execute this request, which
causes an error 401:
```
{"listconfigurationsresponse":{"uuidList":[],"errorcode":401,"errortext":"unable
to verify user credentials and/or request signature"}}
```
The session (already created by SSO) is then invalidated and the user cannot
access to CloudStack UI (error "Session Expired").
Before 9988c26 (up to CloudStack 4.10), an error 432 was returned (and
ignored):
```
{"errorresponse":{"uuidList":[],"errorcode":432,"cserrorcode":,"errortext":"The
user is not allowed to request the API command or the API command does not
exist"}}
```
Even if the call to `listConfigurations` was removed, another call to
[`listIdps`](https://github.com/apache/cloudstack/blob/1c99fd73881938/ui/scripts/cloudStack.js#L192)
also lead to an error 401 for user accounts if the SAML plugin is not enabled.
This pull request aims to fix the SSO issue, by restoring errors 432
(instead of 401 + invalidate session) for commands not available. However, if
an API command is explicitly denied using ACLs or if the session key is
incorrect, it still generates an error 401 and invalidates the session.
## Types of changes
- [ ] Breaking change (fix or feature that would cause existing
functionality to change)
- [ ] New feature (non-breaking change which adds functionality)
- [x] Bug fix (non-breaking change which fixes an issue)
- [ ] Enhancement (improves an existing feature and functionality)
- [ ] Cleanup (Code refactoring and cleanup, that may add test cases)
## How Has This Been Tested?
Compiled and ran CloudStack.
- API commands not explicitly allowed for a role (e.g. `listConfigurations`
for a user) generate 432.
- API commands not enabled (e.g. `listIdps` with SAML disabled) generate 432.
- non-existing API commands (e.g. `fooBar`) generate 432
However, API calls with session key removed generate 401 and invalidate
session.
SSO is ok.
## Checklist:
- [x] I have read the
[CONTRIBUTING](https://github.com/apache/cloudstack/blob/master/CONTRIBUTING.md)
document.
- [x] My code follows the code style of this project.
- [ ] My change requires a change to the documentation.
- [ ] I have updated the documentation accordingly.
- [ ] I have added tests to cover my changes.
- [x] All new and existing tests passed.
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> SSO fails with error "Session Expired", except for root admin
> -
>
> Key: CLOUDSTACK-10327
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10327
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: API
>Affects Versions: 4.11.0.0
>Reporter: Olivier Lemasle
>Assignee: Olivier Lemasle
>Priority: Critical
>
> CloudStack SSO (using {{security.singlesignon.key}}) does not work anymore
> with CloudStack 4.11, since commit
> [9988c26|https://github.com/apache/cloudstack/commit/9988c269b259b84c0b8436bad17f88dbc1d706e7#diff-16f2bfa56c6e8760760dd2b27b47d5b4]
> This commit introduced a new feature (the ability to limit admin API calls to
> a network CIDR), but also a regression due to a refactoring: every API
> request that is not "validated" generates the same error (401 - Unauthorized)
> and *invalidates the session*.
> However, during an SSO login, CloudStack executes (since ACS 4.7), a [call to
>
[jira] [Commented] (CLOUDSTACK-10238) Fix for metalink support on SSVM agents
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10238?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16407758#comment-16407758 ] ASF subversion and git services commented on CLOUDSTACK-10238: -- Commit 6a754237797a9d2f084674da83929f66fd402368 in cloudstack's branch refs/heads/master from [~nicolas.vazquez] [ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=6a75423 ] CLOUDSTACK-10231: Asserted fixes for Direct Download on KVM (#2408) Several fixes addressed: - Dettach ISO fails when trying to detach a direct download ISO - Fix for metalink support on SSVM agents (this closes CLOUDSTACK-10238) - Reinstall VM from bypassed registered template (this closes CLOUDSTACK-10250) - Fix upload certificate error message even though operation was successful - Fix metalink download, checksum retry logic and metalink SSVM downloader > Fix for metalink support on SSVM agents > --- > > Key: CLOUDSTACK-10238 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10238 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Nicolas Vazquez >Assignee: Nicolas Vazquez >Priority: Major > Fix For: 4.11.1.0 > > > Fix for metalink support -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10250) Reinstall VM from bypassed registered template
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10250?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16407759#comment-16407759 ] ASF subversion and git services commented on CLOUDSTACK-10250: -- Commit 6a754237797a9d2f084674da83929f66fd402368 in cloudstack's branch refs/heads/master from [~nicolas.vazquez] [ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=6a75423 ] CLOUDSTACK-10231: Asserted fixes for Direct Download on KVM (#2408) Several fixes addressed: - Dettach ISO fails when trying to detach a direct download ISO - Fix for metalink support on SSVM agents (this closes CLOUDSTACK-10238) - Reinstall VM from bypassed registered template (this closes CLOUDSTACK-10250) - Fix upload certificate error message even though operation was successful - Fix metalink download, checksum retry logic and metalink SSVM downloader > Reinstall VM from bypassed registered template > -- > > Key: CLOUDSTACK-10250 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10250 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Affects Versions: 4.11.0.0 >Reporter: Nicolas Vazquez >Assignee: Nicolas Vazquez >Priority: Major > Fix For: 4.11.1.0 > > > This fix allows users to restore a VM from a previously registered template > using the Direct Download option (only for KVM currently) > NOTE: As Reinstall VM button prompts only featured templates, to be able to > restore a vm to a Direct Download template, it should be registered as > Featured -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10231) Asserted fixes for Direct Download on KVM
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10231?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16407757#comment-16407757 ] ASF subversion and git services commented on CLOUDSTACK-10231: -- Commit 6a754237797a9d2f084674da83929f66fd402368 in cloudstack's branch refs/heads/master from [~nicolas.vazquez] [ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=6a75423 ] CLOUDSTACK-10231: Asserted fixes for Direct Download on KVM (#2408) Several fixes addressed: - Dettach ISO fails when trying to detach a direct download ISO - Fix for metalink support on SSVM agents (this closes CLOUDSTACK-10238) - Reinstall VM from bypassed registered template (this closes CLOUDSTACK-10250) - Fix upload certificate error message even though operation was successful - Fix metalink download, checksum retry logic and metalink SSVM downloader > Asserted fixes for Direct Download on KVM > - > > Key: CLOUDSTACK-10231 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10231 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: KVM >Affects Versions: 4.11.0.0 >Reporter: Nicolas Vazquez >Assignee: Nicolas Vazquez >Priority: Major > Labels: direct-download,, kvm > Fix For: 4.11.1.0 > > > Several fixes addressed: > * Dettach ISO fails when trying to detach a direct download ISO > * Fix for metalink support on SSVM agents (this closes CLOUDSTACK-10238) > * Reinstall VM from bypassed registered template (this closes > CLOUDSTACK-10250) > * Fix upload certificate error message even though operation was successful > * Fix metalink download, checksum retry logic and metalink SSVM downloader -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (CLOUDSTACK-10331) Error 404 for /client/scripts/vm_snapshots.js
[
https://issues.apache.org/jira/browse/CLOUDSTACK-10331?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rafael Weingärtner resolved CLOUDSTACK-10331.
-
Resolution: Fixed
Fix Version/s: 4.12
> Error 404 for /client/scripts/vm_snapshots.js
> -
>
> Key: CLOUDSTACK-10331
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10331
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: UI
>Affects Versions: 4.10.0.0, 4.10.1.0, 4.11.0.0
>Reporter: Olivier Lemasle
>Assignee: Olivier Lemasle
>Priority: Minor
> Fix For: 4.12
>
>
> CloudStack main page requests a script "client/scripts/vm_snapshots.js",
> which does exist since ACS 4.10, causing a HTTP 404 error.
> The script {{vm_snapshots.js}} was removed here:
> https://github.com/apache/cloudstack/pull/977/commits/a2428508e2969e89577ba29e4cf43ce28ba11704
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10331) Error 404 for /client/scripts/vm_snapshots.js
[
https://issues.apache.org/jira/browse/CLOUDSTACK-10331?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16407750#comment-16407750
]
ASF GitHub Bot commented on CLOUDSTACK-10331:
-
rafaelweingartner closed pull request #2497: CLOUDSTACK-10331: Remove reference
to deleted script vm_snapshots.js
URL: https://github.com/apache/cloudstack/pull/2497
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git a/scripts/installer/windows/client.wxs
b/scripts/installer/windows/client.wxs
index ee09744fc7b..609d720a67e 100644
--- a/scripts/installer/windows/client.wxs
+++ b/scripts/installer/windows/client.wxs
@@ -437,9 +437,6 @@
-
-
-
@@ -1948,7 +1945,6 @@
-
diff --git a/ui/index.html b/ui/index.html
index b94e8e5ad01..5003f00b369 100644
--- a/ui/index.html
+++ b/ui/index.html
@@ -1881,7 +1881,6 @@
-
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Error 404 for /client/scripts/vm_snapshots.js
> -
>
> Key: CLOUDSTACK-10331
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10331
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: UI
>Affects Versions: 4.10.0.0, 4.10.1.0, 4.11.0.0
>Reporter: Olivier Lemasle
>Assignee: Olivier Lemasle
>Priority: Minor
>
> CloudStack main page requests a script "client/scripts/vm_snapshots.js",
> which does exist since ACS 4.10, causing a HTTP 404 error.
> The script {{vm_snapshots.js}} was removed here:
> https://github.com/apache/cloudstack/pull/977/commits/a2428508e2969e89577ba29e4cf43ce28ba11704
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10331) Error 404 for /client/scripts/vm_snapshots.js
[
https://issues.apache.org/jira/browse/CLOUDSTACK-10331?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16407751#comment-16407751
]
ASF subversion and git services commented on CLOUDSTACK-10331:
--
Commit 3e62ce9c1b394a4a4da5d7d04a549f1be77ed9b3 in cloudstack's branch
refs/heads/master from [~olemasle]
[ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=3e62ce9 ]
CLOUDSTACK-10331: Remove reference to deleted script vm_snapshots.js (#2497)
> Error 404 for /client/scripts/vm_snapshots.js
> -
>
> Key: CLOUDSTACK-10331
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10331
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: UI
>Affects Versions: 4.10.0.0, 4.10.1.0, 4.11.0.0
>Reporter: Olivier Lemasle
>Assignee: Olivier Lemasle
>Priority: Minor
>
> CloudStack main page requests a script "client/scripts/vm_snapshots.js",
> which does exist since ACS 4.10, causing a HTTP 404 error.
> The script {{vm_snapshots.js}} was removed here:
> https://github.com/apache/cloudstack/pull/977/commits/a2428508e2969e89577ba29e4cf43ce28ba11704
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10332) Users are not able to change/edit the protocol of an ACL rule
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10332?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16407596#comment-16407596 ] ASF GitHub Bot commented on CLOUDSTACK-10332: - blueorangutan commented on issue #2496: [CLOUDSTACK-10332] Users are not able to change/edit the protocol of an ACL rule URL: https://github.com/apache/cloudstack/pull/2496#issuecomment-374863416 @borisstoyanov a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Users are not able to change/edit the protocol of an ACL rule > -- > > Key: CLOUDSTACK-10332 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10332 > Project: CloudStack > Issue Type: New Feature > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rafael Weingärtner >Assignee: Rafael Weingärtner >Priority: Major > Fix For: 4.12 > > > Users should be able to edit an ACL rule completely. Therefore, they must be > able to change the protocol type and others configs of an ACL rules. > Right now users are not able to execute the following. > * Create an ACL for ICMP > * Click on edit and change the protocol to TCP > * An error will happen when saving the rule. > Users should be able to execute the protocol changes without problem. > In addition, it is not just the protocol that users are not able to change. > For instance, after defining ports, or reason/description for the rule, users > are not able to set those values back to null. The same happens for ICMP code > and type. > We will introduce a new parameter called "partialUpdate", which will have its > default value as true to maintain backward compatibility. When this parameter > is set to false, we will consider only the parameters sent, and not the > parameters we already have in the database to change and validate the ACL > rule data. This allows us to update parameters already set back to null, and > to completely change an ACL rule. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10332) Users are not able to change/edit the protocol of an ACL rule
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10332?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16407595#comment-16407595 ] ASF GitHub Bot commented on CLOUDSTACK-10332: - borisstoyanov commented on issue #2496: [CLOUDSTACK-10332] Users are not able to change/edit the protocol of an ACL rule URL: https://github.com/apache/cloudstack/pull/2496#issuecomment-374863193 @blueorangutan test This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Users are not able to change/edit the protocol of an ACL rule > -- > > Key: CLOUDSTACK-10332 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10332 > Project: CloudStack > Issue Type: New Feature > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rafael Weingärtner >Assignee: Rafael Weingärtner >Priority: Major > Fix For: 4.12 > > > Users should be able to edit an ACL rule completely. Therefore, they must be > able to change the protocol type and others configs of an ACL rules. > Right now users are not able to execute the following. > * Create an ACL for ICMP > * Click on edit and change the protocol to TCP > * An error will happen when saving the rule. > Users should be able to execute the protocol changes without problem. > In addition, it is not just the protocol that users are not able to change. > For instance, after defining ports, or reason/description for the rule, users > are not able to set those values back to null. The same happens for ICMP code > and type. > We will introduce a new parameter called "partialUpdate", which will have its > default value as true to maintain backward compatibility. When this parameter > is set to false, we will consider only the parameters sent, and not the > parameters we already have in the database to change and validate the ACL > rule data. This allows us to update parameters already set back to null, and > to completely change an ACL rule. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (CLOUDSTACK-10333) Secure VM Live migration for KVM
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10333?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rohit Yadav updated CLOUDSTACK-10333: - Description: With use of CA framework to secure hosts, the current mechanisms don't secure libvirtd to use those certificates (used by agent to connect to mgmt server). This causes insecure vm migration over tcp instead of tls. The aim is to use the same framework and certificates to secure live VM migration. This could be coupled with securing of a host and renewal/provisioning of certificates to host. FS: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Secure+Live+VM+Migration+for+KVM was:With use of CA framework to secure hosts, the current mechanisms don't secure libvirtd to use those certificates (used by agent to connect to mgmt server). This causes insecure vm migration over tcp instead of tls. The aim is to use the same framework and certificates to secure live VM migration. This could be coupled with securing of a host and renewal/provisioning of certificates to host. > Secure VM Live migration for KVM > > > Key: CLOUDSTACK-10333 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10333 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > With use of CA framework to secure hosts, the current mechanisms don't secure > libvirtd to use those certificates (used by agent to connect to mgmt server). > This causes insecure vm migration over tcp instead of tls. The aim is to use > the same framework and certificates to secure live VM migration. This could > be coupled with securing of a host and renewal/provisioning of certificates > to host. > > FS: > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Secure+Live+VM+Migration+for+KVM -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (CLOUDSTACK-10333) Secure VM Live migration for KVM
Rohit Yadav created CLOUDSTACK-10333: Summary: Secure VM Live migration for KVM Key: CLOUDSTACK-10333 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10333 Project: CloudStack Issue Type: Improvement Security Level: Public (Anyone can view this level - this is the default.) Reporter: Rohit Yadav Assignee: Rohit Yadav Fix For: 4.12.0.0, 4.11.1.0 With use of CA framework to secure hosts, the current mechanisms don't secure libvirtd to use those certificates (used by agent to connect to mgmt server). This causes insecure vm migration over tcp instead of tls. The aim is to use the same framework and certificates to secure live VM migration. This could be coupled with securing of a host and renewal/provisioning of certificates to host. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Closed] (CLOUDSTACK-10227) Stabilization fixes for master/4.11
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10227?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rohit Yadav closed CLOUDSTACK-10227. Resolution: Fixed > Stabilization fixes for master/4.11 > --- > > Key: CLOUDSTACK-10227 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10227 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Blocker > > List of blocker fixes per the 4.11.0.0 release. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (CLOUDSTACK-10306) Update vmware dependency vim jar to 6.5 version
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10306?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rohit Yadav resolved CLOUDSTACK-10306. -- Resolution: Fixed > Update vmware dependency vim jar to 6.5 version > --- > > Key: CLOUDSTACK-10306 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10306 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Minor > Fix For: 4.11.1.1, 4.12.0.0 > > > Upgrade to vmware sdk 6.5's vim.jar -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (CLOUDSTACK-10296) Fix timestamp difference in heartbeat script for rVRs
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10296?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rohit Yadav resolved CLOUDSTACK-10296. -- Resolution: Fixed > Fix timestamp difference in heartbeat script for rVRs > - > > Key: CLOUDSTACK-10296 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10296 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Affects Versions: 4.11.0.0, 4.9.3.0 >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.11.1.1 > > > Raised recently on dev@ ML by Jayakartheek, the difference code in heartbeat > checker script for rVRs wrongly take difference, that will always be less > than or equal to 0. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (CLOUDSTACK-10317) In case of multiple-public ips, snat fails to work for addtional public nics/network for guest traffic
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10317?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rohit Yadav resolved CLOUDSTACK-10317. -- Resolution: Fixed > In case of multiple-public ips, snat fails to work for addtional public > nics/network for guest traffic > -- > > Key: CLOUDSTACK-10317 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10317 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Minor > Fix For: 4.12.0.0, 4.11.1.0 > > > If a VR has two+ public nics, traffic from guest VM fails to be NAT-ed > correctly for traffic towards additional public nics. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (CLOUDSTACK-10317) In case of multiple-public ips, snat fails to work for addtional public nics/network for guest traffic
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10317?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rohit Yadav updated CLOUDSTACK-10317: - Status: Reviewable (was: In Progress) > In case of multiple-public ips, snat fails to work for addtional public > nics/network for guest traffic > -- > > Key: CLOUDSTACK-10317 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10317 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Minor > Fix For: 4.12.0.0, 4.11.1.0 > > > If a VR has two+ public nics, traffic from guest VM fails to be NAT-ed > correctly for traffic towards additional public nics. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (CLOUDSTACK-10132) Extend Multiple Management Servers Support for agents to allow sorting algorithms
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10132?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rohit Yadav resolved CLOUDSTACK-10132. -- Resolution: Fixed > Extend Multiple Management Servers Support for agents to allow sorting > algorithms > - > > Key: CLOUDSTACK-10132 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10132 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) >Affects Versions: 4.11.0.0 >Reporter: Nicolas Vazquez >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > Multiple Management Servers Support for agents -- This message was sent by Atlassian JIRA (v7.6.3#76005)
