[jira] [Commented] (CLOUDSTACK-9114) restartnetwork with cleanup should not update/restart both routers at once
[ https://issues.apache.org/jira/browse/CLOUDSTACK-9114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16434928#comment-16434928 ] ASF GitHub Bot commented on CLOUDSTACK-9114: nitin-maharana commented on a change in pull request #2508: CLOUDSTACK-9114: Reduce VR downtime during network restart URL: https://github.com/apache/cloudstack/pull/2508#discussion_r180965420 ## File path: api/src/org/apache/cloudstack/api/command/user/network/RestartNetworkCmd.java ## @@ -57,6 +57,9 @@ @Parameter(name = ApiConstants.CLEANUP, type = CommandType.BOOLEAN, required = false, description = "If cleanup old network elements") private Boolean cleanup; +@Parameter(name = ApiConstants.MAKEREDUNDANTE, type = CommandType.BOOLEAN, required = false, description = "Turn the network into a network with redundant routers.", since = "4.11.1") Review comment: @rhtyd, Thanks for adding this functionality. I think there is a typo in ApiConstants name, E at the end. Would be great if we change the name of existing name to MAKE_RENDUNDANT, I just checked the usage is also very less. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > restartnetwork with cleanup should not update/restart both routers at once > -- > > Key: CLOUDSTACK-9114 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9114 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Wei Zhou >Assignee: Wei Zhou >Priority: Major > > for now, restartnetwork with cleanup will stop both RVRs at first, then start > two new RVRs. > to reduce the downtime of network, we'd better restart the RVRs one by one. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-9114) restartnetwork with cleanup should not update/restart both routers at once
[ https://issues.apache.org/jira/browse/CLOUDSTACK-9114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16434930#comment-16434930 ] ASF GitHub Bot commented on CLOUDSTACK-9114: nitin-maharana commented on a change in pull request #2508: CLOUDSTACK-9114: Reduce VR downtime during network restart URL: https://github.com/apache/cloudstack/pull/2508#discussion_r180965420 ## File path: api/src/org/apache/cloudstack/api/command/user/network/RestartNetworkCmd.java ## @@ -57,6 +57,9 @@ @Parameter(name = ApiConstants.CLEANUP, type = CommandType.BOOLEAN, required = false, description = "If cleanup old network elements") private Boolean cleanup; +@Parameter(name = ApiConstants.MAKEREDUNDANTE, type = CommandType.BOOLEAN, required = false, description = "Turn the network into a network with redundant routers.", since = "4.11.1") Review comment: @rhtyd, Thanks for adding this functionality. I think there is a typo in ApiConstants name, E at the end. Would be great if we change the name of existing name to MAKE_REDUNDANT, I just checked the usage is also very less. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > restartnetwork with cleanup should not update/restart both routers at once > -- > > Key: CLOUDSTACK-9114 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9114 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Wei Zhou >Assignee: Wei Zhou >Priority: Major > > for now, restartnetwork with cleanup will stop both RVRs at first, then start > two new RVRs. > to reduce the downtime of network, we'd better restart the RVRs one by one. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10304) SystemVM - Apache Web Server Version Number Information Disclosure
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16434628#comment-16434628 ] ASF GitHub Bot commented on CLOUDSTACK-10304: - blueorangutan commented on issue #2563: CLOUDSTACK-10304: turn off apache2 server tokens and signature in systemvms URL: https://github.com/apache/cloudstack/pull/2563#issuecomment-380609114 @rhtyd a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > SystemVM - Apache Web Server Version Number Information Disclosure > -- > > Key: CLOUDSTACK-10304 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10304 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: SystemVM >Affects Versions: 4.11.0.0 >Reporter: Julian Gilbert >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > {color:#00}The Secondary Storage System VM discloses its Apache Web > Server version number in HTTP headers and error pages. This type of > information disclosure can lead to medium vulnerabilities being reported in > web vulnerability scanners and reveals the Apache server version > unnecessarily.{color} > {color:#00}The apache2 directory structure no longer contains > /etc/apache2/conf.d/ in Debian 9 and therefore the appropriate apache2 > security configuration file is in another location. The > /opt/cloud/bin/setup/common.sh script has not been updated to reflect > this.{color} -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10304) SystemVM - Apache Web Server Version Number Information Disclosure
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16434627#comment-16434627 ] ASF GitHub Bot commented on CLOUDSTACK-10304: - rhtyd commented on issue #2563: CLOUDSTACK-10304: turn off apache2 server tokens and signature in systemvms URL: https://github.com/apache/cloudstack/pull/2563#issuecomment-380608955 @blueorangutan test This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > SystemVM - Apache Web Server Version Number Information Disclosure > -- > > Key: CLOUDSTACK-10304 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10304 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: SystemVM >Affects Versions: 4.11.0.0 >Reporter: Julian Gilbert >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > {color:#00}The Secondary Storage System VM discloses its Apache Web > Server version number in HTTP headers and error pages. This type of > information disclosure can lead to medium vulnerabilities being reported in > web vulnerability scanners and reveals the Apache server version > unnecessarily.{color} > {color:#00}The apache2 directory structure no longer contains > /etc/apache2/conf.d/ in Debian 9 and therefore the appropriate apache2 > security configuration file is in another location. The > /opt/cloud/bin/setup/common.sh script has not been updated to reflect > this.{color} -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10304) SystemVM - Apache Web Server Version Number Information Disclosure
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16434614#comment-16434614 ] ASF GitHub Bot commented on CLOUDSTACK-10304: - blueorangutan commented on issue #2563: CLOUDSTACK-10304: turn off apache2 server tokens and signature in systemvms URL: https://github.com/apache/cloudstack/pull/2563#issuecomment-380607397 Packaging result: ✔centos6 ✔centos7 ✔debian. JID-1906 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > SystemVM - Apache Web Server Version Number Information Disclosure > -- > > Key: CLOUDSTACK-10304 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10304 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: SystemVM >Affects Versions: 4.11.0.0 >Reporter: Julian Gilbert >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > {color:#00}The Secondary Storage System VM discloses its Apache Web > Server version number in HTTP headers and error pages. This type of > information disclosure can lead to medium vulnerabilities being reported in > web vulnerability scanners and reveals the Apache server version > unnecessarily.{color} > {color:#00}The apache2 directory structure no longer contains > /etc/apache2/conf.d/ in Debian 9 and therefore the appropriate apache2 > security configuration file is in another location. The > /opt/cloud/bin/setup/common.sh script has not been updated to reflect > this.{color} -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10304) SystemVM - Apache Web Server Version Number Information Disclosure
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16434600#comment-16434600 ] Rohit Yadav commented on CLOUDSTACK-10304: -- [~jgilbert] - please use Github issues in future to report issues. For any security issues please use the security ML, see cloudstack.apache.org on mailing list details. I've fixed the issue here that you can help test: https://github.com/apache/cloudstack/pull/2563 > SystemVM - Apache Web Server Version Number Information Disclosure > -- > > Key: CLOUDSTACK-10304 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10304 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: SystemVM >Affects Versions: 4.11.0.0 >Reporter: Julian Gilbert >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > {color:#00}The Secondary Storage System VM discloses its Apache Web > Server version number in HTTP headers and error pages. This type of > information disclosure can lead to medium vulnerabilities being reported in > web vulnerability scanners and reveals the Apache server version > unnecessarily.{color} > {color:#00}The apache2 directory structure no longer contains > /etc/apache2/conf.d/ in Debian 9 and therefore the appropriate apache2 > security configuration file is in another location. The > /opt/cloud/bin/setup/common.sh script has not been updated to reflect > this.{color} -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (CLOUDSTACK-10304) SystemVM - Apache Web Server Version Number Information Disclosure
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10304?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rohit Yadav updated CLOUDSTACK-10304: - Fix Version/s: 4.11.1.0 4.12.0.0 > SystemVM - Apache Web Server Version Number Information Disclosure > -- > > Key: CLOUDSTACK-10304 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10304 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: SystemVM >Affects Versions: 4.11.0.0 >Reporter: Julian Gilbert >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > {color:#00}The Secondary Storage System VM discloses its Apache Web > Server version number in HTTP headers and error pages. This type of > information disclosure can lead to medium vulnerabilities being reported in > web vulnerability scanners and reveals the Apache server version > unnecessarily.{color} > {color:#00}The apache2 directory structure no longer contains > /etc/apache2/conf.d/ in Debian 9 and therefore the appropriate apache2 > security configuration file is in another location. The > /opt/cloud/bin/setup/common.sh script has not been updated to reflect > this.{color} -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Assigned] (CLOUDSTACK-10304) SystemVM - Apache Web Server Version Number Information Disclosure
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10304?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rohit Yadav reassigned CLOUDSTACK-10304: Assignee: Rohit Yadav > SystemVM - Apache Web Server Version Number Information Disclosure > -- > > Key: CLOUDSTACK-10304 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10304 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: SystemVM >Affects Versions: 4.11.0.0 >Reporter: Julian Gilbert >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > {color:#00}The Secondary Storage System VM discloses its Apache Web > Server version number in HTTP headers and error pages. This type of > information disclosure can lead to medium vulnerabilities being reported in > web vulnerability scanners and reveals the Apache server version > unnecessarily.{color} > {color:#00}The apache2 directory structure no longer contains > /etc/apache2/conf.d/ in Debian 9 and therefore the appropriate apache2 > security configuration file is in another location. The > /opt/cloud/bin/setup/common.sh script has not been updated to reflect > this.{color} -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-9975) Allow customizing system VM templates for SSVM and Console Proxy
[ https://issues.apache.org/jira/browse/CLOUDSTACK-9975?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16434289#comment-16434289 ] ASF GitHub Bot commented on CLOUDSTACK-9975: rafaelweingartner commented on issue #2275: CLOUDSTACK-9975: Allow customizing system VM templates for SSVM and Console Proxy URL: https://github.com/apache/cloudstack/pull/2275#issuecomment-380535283 @rhtyd are you sure? Take a look at the code that deploys SSVM for instance [1] . Can you check line 645? [1] https://github.com/apache/cloudstack/blob/8ef131745a5ef0e5e6ddc7e498f3a0208f1bfb71/services/secondary-storage/controller/src/main/java/org/apache/cloudstack/secondarystorage/SecondaryStorageManagerImpl.java This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Allow customizing system VM templates for SSVM and Console Proxy > > > Key: CLOUDSTACK-9975 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9975 > Project: CloudStack > Issue Type: New Feature > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Gabriel Beims Bräscher >Assignee: Gabriel Beims Bräscher >Priority: Minor > > Currently, it is only possible to change the template used by virtual > routers, but other system VMs do not have the same feature. The virtual > router template is configured according to the respective global settings > parameters: router.template.hyperv, router.template.kvm, router.template.lxc, > router.template.xenserver, router.template.ovm, router.template.vmware. > This ticket proposes the configuration of templates for storage system VMs > (SSVMs) and console proxy system VMs with parameters similar with the virtual > router template configuration: ssvm.template. and > consoleproxy.template. > If a parameter is null then it keeps the current flow for that scenario > (systemvm/virtualization tool). > This proposal allows users to customize virtual machines templates according > to specific needs of each system VM. This feature was useful in a practical > scenario where it was necessary to perform some changes for the console proxy > system VM template. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-9975) Allow customizing system VM templates for SSVM and Console Proxy
[ https://issues.apache.org/jira/browse/CLOUDSTACK-9975?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16434280#comment-16434280 ] ASF GitHub Bot commented on CLOUDSTACK-9975: rhtyd commented on issue #2275: CLOUDSTACK-9975: Allow customizing system VM templates for SSVM and Console Proxy URL: https://github.com/apache/cloudstack/pull/2275#issuecomment-380534599 This PR may be closed, the global setting names may be confusing but the `router.xxx` global settings apply for cpvm, ssvm too. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Allow customizing system VM templates for SSVM and Console Proxy > > > Key: CLOUDSTACK-9975 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9975 > Project: CloudStack > Issue Type: New Feature > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Gabriel Beims Bräscher >Assignee: Gabriel Beims Bräscher >Priority: Minor > > Currently, it is only possible to change the template used by virtual > routers, but other system VMs do not have the same feature. The virtual > router template is configured according to the respective global settings > parameters: router.template.hyperv, router.template.kvm, router.template.lxc, > router.template.xenserver, router.template.ovm, router.template.vmware. > This ticket proposes the configuration of templates for storage system VMs > (SSVMs) and console proxy system VMs with parameters similar with the virtual > router template configuration: ssvm.template. and > consoleproxy.template. > If a parameter is null then it keeps the current flow for that scenario > (systemvm/virtualization tool). > This proposal allows users to customize virtual machines templates according > to specific needs of each system VM. This feature was useful in a practical > scenario where it was necessary to perform some changes for the console proxy > system VM template. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10323) Change disk offering when volume is migrated to different type of storage pool.
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10323?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16434109#comment-16434109 ] ASF GitHub Bot commented on CLOUDSTACK-10323: - blueorangutan commented on issue #2486: [CLOUDSTACK-10323] Allow changing disk offering during volume migration URL: https://github.com/apache/cloudstack/pull/2486#issuecomment-380504152 Trillian test result (tid-2488) Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7 Total time taken: 97660 seconds Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr2486-t2488-kvm-centos7.zip Intermitten failure detected: /marvin/tests/smoke/test_certauthority_root.py Intermitten failure detected: /marvin/tests/smoke/test_primary_storage.py Intermitten failure detected: /marvin/tests/smoke/test_privategw_acl.py Intermitten failure detected: /marvin/tests/smoke/test_routers.py Intermitten failure detected: /marvin/tests/smoke/test_snapshots.py Intermitten failure detected: /marvin/tests/smoke/test_ssvm.py Intermitten failure detected: /marvin/tests/smoke/test_vm_life_cycle.py Intermitten failure detected: /marvin/tests/smoke/test_host_maintenance.py Intermitten failure detected: /marvin/tests/smoke/test_hostha_kvm.py Smoke tests completed. 61 look OK, 6 have error(s) Only failed tests results shown below: Test | Result | Time (s) | Test File --- | --- | --- | --- test_01_add_primary_storage_disabled_host | `Error` | 0.74 | test_primary_storage.py test_01_primary_storage_nfs | `Error` | 0.12 | test_primary_storage.py ContextSuite context=TestStorageTags>:setup | `Error` | 0.21 | test_primary_storage.py test_04_restart_network_wo_cleanup | `Failure` | 4.11 | test_routers.py test_02_list_snapshots_with_removed_data_store | `Error` | 1.16 | test_snapshots.py test_08_migrate_vm | `Error` | 18.91 | test_vm_life_cycle.py test_01_cancel_host_maintenace_with_no_migration_jobs | `Failure` | 1.14 | test_host_maintenance.py test_02_cancel_host_maintenace_with_migration_jobs | `Error` | 2.31 | test_host_maintenance.py test_hostha_enable_ha_when_host_in_maintenance | `Error` | 1.56 | test_hostha_kvm.py test_hostha_kvm_host_degraded | `Failure` | 1503.52 | test_hostha_kvm.py test_hostha_kvm_host_fencing | `Failure` | 619.78 | test_hostha_kvm.py test_hostha_kvm_host_recovering | `Failure` | 621.92 | test_hostha_kvm.py This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Change disk offering when volume is migrated to different type of storage > pool. > --- > > Key: CLOUDSTACK-10323 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10323 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) >Affects Versions: 4.12 >Reporter: Rafael Weingärtner >Assignee: Rafael Weingärtner >Priority: Major > > This is a continuation of work developed on PR #2425 (CLOUDSTACK-10240), > which provided root admins an override mechanism to move volumes between > storage systems types (local/shared) even when the disk offering would not > allow such operation. To complete the work, we will now provide a way for > administrators to enter a new disk offering that can reflect the new > placement of the volume. We will add an extra parameter to allow the root > admin inform a new disk offering for the volume. Therefore, when the volume > is being migrated, it will be possible to replace the disk offering to > reflect the new placement of the volume. > The API method will have the following parameters: > * storageid (required) > * volumeid (required) > * livemigrate(optional) > * newdiskofferingid (optional) – this is the new parameter > The expected behavior is the following: > * If “newdiskofferingid” is not provided the current behavior is maintained. > Override mechanism will also keep working as we have seen so far. > * If the “newdiskofferingid” is provided by the admin, we will execute the > following checks > ** new disk offering mode (local/shared) must match the target storage mode. > If it does not match, an exception will be thrown and the operator will > receive a message indicating the problem. > ** we will check if the new disk offering tags match the target storage tags. > If it does not match, an exception will be thrown and the operator will > receive a message indicating the problem. > ** check if the
[jira] [Commented] (CLOUDSTACK-10352) XenServer: Support online storage migration from non-managed to managed storage
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10352?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16434062#comment-16434062 ] ASF GitHub Bot commented on CLOUDSTACK-10352: - blueorangutan commented on issue #2502: [CLOUDSTACK-10352] XenServer: Support online migration of a virtual disk from non-managed to managed storage URL: https://github.com/apache/cloudstack/pull/2502#issuecomment-380489540 Trillian test result (tid-2486) Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7 Total time taken: 95304 seconds Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr2502-t2486-kvm-centos7.zip Intermitten failure detected: /marvin/tests/smoke/test_certauthority_root.py Intermitten failure detected: /marvin/tests/smoke/test_routers.py Intermitten failure detected: /marvin/tests/smoke/test_vpc_redundant.py Intermitten failure detected: /marvin/tests/smoke/test_hostha_kvm.py Smoke tests completed. 64 look OK, 3 have error(s) Only failed tests results shown below: Test | Result | Time (s) | Test File --- | --- | --- | --- test_04_restart_network_wo_cleanup | `Failure` | 3.04 | test_routers.py test_04_rvpc_network_garbage_collector_nics | `Failure` | 525.86 | test_vpc_redundant.py test_hostha_enable_ha_when_host_in_maintenance | `Error` | 3.60 | test_hostha_kvm.py This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > XenServer: Support online storage migration from non-managed to managed > storage > --- > > Key: CLOUDSTACK-10352 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10352 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server, XenServer > Environment: XenServer >Reporter: Mike Tutkowski >Assignee: Mike Tutkowski >Priority: Major > Fix For: 4.12.0.0 > > > Allow a user to online migrate a volume from non-managed storage to managed > storage. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10230) User is able to change to “Guest OS type” that has been removed
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16433972#comment-16433972 ] ASF GitHub Bot commented on CLOUDSTACK-10230: - blueorangutan commented on issue #2404: [CLOUDSTACK-10230] User should not be able to use removed “Guest OS type” URL: https://github.com/apache/cloudstack/pull/2404#issuecomment-380467249 Trillian test result (tid-2484) Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7 Total time taken: 91748 seconds Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr2404-t2484-kvm-centos7.zip Intermitten failure detected: /marvin/tests/smoke/test_certauthority_root.py Intermitten failure detected: /marvin/tests/smoke/test_routers.py Intermitten failure detected: /marvin/tests/smoke/test_hostha_kvm.py Smoke tests completed. 65 look OK, 2 have error(s) Only failed tests results shown below: Test | Result | Time (s) | Test File --- | --- | --- | --- test_04_restart_network_wo_cleanup | `Failure` | 2.96 | test_routers.py test_hostha_enable_ha_when_host_in_maintenance | `Error` | 4.70 | test_hostha_kvm.py This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > User is able to change to “Guest OS type” that has been removed > > > Key: CLOUDSTACK-10230 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10230 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rafael Weingärtner >Assignee: Rafael Weingärtner >Priority: Critical > > Users are able to change the OS type of VMs to “Guest OS type” that has been > removed. This becomes a security issue when we try to force users to use HVM > VMs (Meltdown/Spectre thing). A removed “guest os type” should not be usable > by any users in the cloud. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10333) Secure VM Live migration for KVM
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10333?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16433802#comment-16433802 ] ASF GitHub Bot commented on CLOUDSTACK-10333: - borisstoyanov commented on issue #2505: CLOUDSTACK-10333: Secure Live VM Migration for KVM URL: https://github.com/apache/cloudstack/pull/2505#issuecomment-380428948 @blueorangutan test This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Secure VM Live migration for KVM > > > Key: CLOUDSTACK-10333 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10333 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > With use of CA framework to secure hosts, the current mechanisms don't secure > libvirtd to use those certificates (used by agent to connect to mgmt server). > This causes insecure vm migration over tcp instead of tls. The aim is to use > the same framework and certificates to secure live VM migration. This could > be coupled with securing of a host and renewal/provisioning of certificates > to host. > > FS: > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Secure+Live+VM+Migration+for+KVM -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10333) Secure VM Live migration for KVM
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10333?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16433803#comment-16433803 ] ASF GitHub Bot commented on CLOUDSTACK-10333: - blueorangutan commented on issue #2505: CLOUDSTACK-10333: Secure Live VM Migration for KVM URL: https://github.com/apache/cloudstack/pull/2505#issuecomment-380429185 @borisstoyanov a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Secure VM Live migration for KVM > > > Key: CLOUDSTACK-10333 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10333 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > With use of CA framework to secure hosts, the current mechanisms don't secure > libvirtd to use those certificates (used by agent to connect to mgmt server). > This causes insecure vm migration over tcp instead of tls. The aim is to use > the same framework and certificates to secure live VM migration. This could > be coupled with securing of a host and renewal/provisioning of certificates > to host. > > FS: > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Secure+Live+VM+Migration+for+KVM -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10333) Secure VM Live migration for KVM
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10333?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16433768#comment-16433768 ] ASF GitHub Bot commented on CLOUDSTACK-10333: - blueorangutan commented on issue #2505: CLOUDSTACK-10333: Secure Live VM Migration for KVM URL: https://github.com/apache/cloudstack/pull/2505#issuecomment-380420402 Packaging result: ✔centos6 ✔centos7 ✔debian. JID-1902 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Secure VM Live migration for KVM > > > Key: CLOUDSTACK-10333 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10333 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > With use of CA framework to secure hosts, the current mechanisms don't secure > libvirtd to use those certificates (used by agent to connect to mgmt server). > This causes insecure vm migration over tcp instead of tls. The aim is to use > the same framework and certificates to secure live VM migration. This could > be coupled with securing of a host and renewal/provisioning of certificates > to host. > > FS: > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Secure+Live+VM+Migration+for+KVM -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10333) Secure VM Live migration for KVM
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10333?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16433741#comment-16433741 ] ASF GitHub Bot commented on CLOUDSTACK-10333: - rhtyd commented on issue #2505: CLOUDSTACK-10333: Secure Live VM Migration for KVM URL: https://github.com/apache/cloudstack/pull/2505#issuecomment-380414753 Okay @borisstoyanov All - please hold merging this, I may include some keystore related changes reported in recent issues. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Secure VM Live migration for KVM > > > Key: CLOUDSTACK-10333 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10333 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > With use of CA framework to secure hosts, the current mechanisms don't secure > libvirtd to use those certificates (used by agent to connect to mgmt server). > This causes insecure vm migration over tcp instead of tls. The aim is to use > the same framework and certificates to secure live VM migration. This could > be coupled with securing of a host and renewal/provisioning of certificates > to host. > > FS: > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Secure+Live+VM+Migration+for+KVM -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10333) Secure VM Live migration for KVM
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10333?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16433739#comment-16433739 ] ASF GitHub Bot commented on CLOUDSTACK-10333: - blueorangutan commented on issue #2505: CLOUDSTACK-10333: Secure Live VM Migration for KVM URL: https://github.com/apache/cloudstack/pull/2505#issuecomment-380414312 @borisstoyanov a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Secure VM Live migration for KVM > > > Key: CLOUDSTACK-10333 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10333 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > With use of CA framework to secure hosts, the current mechanisms don't secure > libvirtd to use those certificates (used by agent to connect to mgmt server). > This causes insecure vm migration over tcp instead of tls. The aim is to use > the same framework and certificates to secure live VM migration. This could > be coupled with securing of a host and renewal/provisioning of certificates > to host. > > FS: > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Secure+Live+VM+Migration+for+KVM -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10333) Secure VM Live migration for KVM
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10333?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16433738#comment-16433738 ] ASF GitHub Bot commented on CLOUDSTACK-10333: - borisstoyanov commented on issue #2505: CLOUDSTACK-10333: Secure Live VM Migration for KVM URL: https://github.com/apache/cloudstack/pull/2505#issuecomment-380414080 I've resolved the conflict, let me run tests again @rhtyd @blueorangutan package This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Secure VM Live migration for KVM > > > Key: CLOUDSTACK-10333 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10333 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > With use of CA framework to secure hosts, the current mechanisms don't secure > libvirtd to use those certificates (used by agent to connect to mgmt server). > This causes insecure vm migration over tcp instead of tls. The aim is to use > the same framework and certificates to secure live VM migration. This could > be coupled with securing of a host and renewal/provisioning of certificates > to host. > > FS: > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Secure+Live+VM+Migration+for+KVM -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10214) Unable to remove local primary storage
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10214?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16433512#comment-16433512 ] ASF GitHub Bot commented on CLOUDSTACK-10214: - borisstoyanov commented on issue #2390: [CLOUDSTACK-10214] Unable to remove local primary storage URL: https://github.com/apache/cloudstack/pull/2390#issuecomment-380353613 @blueorangutan test This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Unable to remove local primary storage > --- > > Key: CLOUDSTACK-10214 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10214 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Affects Versions: 4.10.0.0, 4.9.3.0 >Reporter: Rafael Weingärtner >Assignee: Rafael Weingärtner >Priority: Major > > When enabling the use of local storage ACS will automatically load all local > storage configured in the Host and start using them as primary storage to > deploy user VMs (if the service offering allows to do so). However, if the > operator wants to remove the local storage ACS will throw an exception saying > that the removal of local storage is not allowed.Therefore, if one wants to > remove a local storage, he/she needs to do a manual intervention in the > database and hosts. > This limitation was removed, as it was only a logical restriction. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10214) Unable to remove local primary storage
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10214?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16433513#comment-16433513 ] ASF GitHub Bot commented on CLOUDSTACK-10214: - blueorangutan commented on issue #2390: [CLOUDSTACK-10214] Unable to remove local primary storage URL: https://github.com/apache/cloudstack/pull/2390#issuecomment-380353647 @borisstoyanov a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Unable to remove local primary storage > --- > > Key: CLOUDSTACK-10214 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10214 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Affects Versions: 4.10.0.0, 4.9.3.0 >Reporter: Rafael Weingärtner >Assignee: Rafael Weingärtner >Priority: Major > > When enabling the use of local storage ACS will automatically load all local > storage configured in the Host and start using them as primary storage to > deploy user VMs (if the service offering allows to do so). However, if the > operator wants to remove the local storage ACS will throw an exception saying > that the removal of local storage is not allowed.Therefore, if one wants to > remove a local storage, he/she needs to do a manual intervention in the > database and hosts. > This limitation was removed, as it was only a logical restriction. -- This message was sent by Atlassian JIRA (v7.6.3#76005)