[jira] [Commented] (CLOUDSTACK-10304) SystemVM - Apache Web Server Version Number Information Disclosure
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16436501#comment-16436501 ] ASF GitHub Bot commented on CLOUDSTACK-10304: - blueorangutan commented on issue #2563: CLOUDSTACK-10304: turn off apache2 server tokens and signature in systemvms URL: https://github.com/apache/cloudstack/pull/2563#issuecomment-380978801 Trillian test result (tid-2496) Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7 Total time taken: 91764 seconds Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr2563-t2496-kvm-centos7.zip Intermitten failure detected: /marvin/tests/smoke/test_routers.py Smoke tests completed. 66 look OK, 1 have error(s) Only failed tests results shown below: Test | Result | Time (s) | Test File --- | --- | --- | --- test_04_restart_network_wo_cleanup | `Failure` | 3.98 | test_routers.py This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > SystemVM - Apache Web Server Version Number Information Disclosure > -- > > Key: CLOUDSTACK-10304 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10304 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: SystemVM >Affects Versions: 4.11.0.0 >Reporter: Julian Gilbert >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > {color:#00}The Secondary Storage System VM discloses its Apache Web > Server version number in HTTP headers and error pages. This type of > information disclosure can lead to medium vulnerabilities being reported in > web vulnerability scanners and reveals the Apache server version > unnecessarily.{color} > {color:#00}The apache2 directory structure no longer contains > /etc/apache2/conf.d/ in Debian 9 and therefore the appropriate apache2 > security configuration file is in another location. The > /opt/cloud/bin/setup/common.sh script has not been updated to reflect > this.{color} -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10346) Problem with NAT configuration and VMs not accessing each other via public IPs
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10346?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16436411#comment-16436411 ] ASF GitHub Bot commented on CLOUDSTACK-10346: - rafaelweingartner commented on issue #2514: [CLOUDSTACK-10346] Problem with NAT configuration and VMs not accessing each other via public IPs URL: https://github.com/apache/cloudstack/pull/2514#issuecomment-380965556 @ustcweizhou, @rhtyd and others. Are you ok with changes introduce in this PR? This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Problem with NAT configuration and VMs not accessing each other via public IPs > -- > > Key: CLOUDSTACK-10346 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10346 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rafael Weingärtner >Assignee: Rafael Weingärtner >Priority: Major > > When users create a VPC, and configure a NAT from a public IP to application > in a VM. This VM(applications) are not accessible via public IP for other VMs > in the same VPC. > > The problem is in the NAT table. If you take a closer look at rules, you will > see something like: > {code:java} > -A PREROUTING -d publicIP/32 -i eth1 -p tcp -m tcp --dport 80 -j DNAT > --to-destination internalIp:80 > {code} > The problem is that according to this rule only packets coming via > eth1(public interface), will be “redirected” to the internal IP. We need an > extra entry to each one of the NAT configurations. For the presented rule, we > would need something like: > {code:java} > -A PREROUTING -d publicIP/32 -i eth2 -p tcp -m tcp --dport 80 -j DNAT > --to-destination internalIp:80 > {code} -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (CLOUDSTACK-10214) Unable to remove local primary storage
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10214?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rafael Weingärtner resolved CLOUDSTACK-10214. - Resolution: Fixed Fix Version/s: 4.12 > Unable to remove local primary storage > --- > > Key: CLOUDSTACK-10214 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10214 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Affects Versions: 4.10.0.0, 4.9.3.0 >Reporter: Rafael Weingärtner >Assignee: Rafael Weingärtner >Priority: Major > Fix For: 4.12 > > > When enabling the use of local storage ACS will automatically load all local > storage configured in the Host and start using them as primary storage to > deploy user VMs (if the service offering allows to do so). However, if the > operator wants to remove the local storage ACS will throw an exception saying > that the removal of local storage is not allowed.Therefore, if one wants to > remove a local storage, he/she needs to do a manual intervention in the > database and hosts. > This limitation was removed, as it was only a logical restriction. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10288) Config drive - Usedata corruption when gzipped
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10288?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16436012#comment-16436012 ] ASF GitHub Bot commented on CLOUDSTACK-10288: - rhtyd commented on a change in pull request #2566: ConfigDrive fixes: CLOUDSTACK-10288, CLOUDSTACK-10289 URL: https://github.com/apache/cloudstack/pull/2566#discussion_r181163582 ## File path: services/secondary-storage/server/src/org/apache/cloudstack/storage/resource/NfsSecondaryStorageResource.java ## @@ -480,7 +480,7 @@ public Answer createConfigDriveIsoForVM(HandleConfigDriveIsoCommand cmd) { for (String[] item : cmd.getVmData()) { String dataType = item[CONFIGDATA_DIR]; String fileName = item[CONFIGDATA_FILE]; -String content = item[CONFIGDATA_CONTENT]; +String content = item[CONFIGDATA_CONTENT]; // base64 Review comment: you can rename the variable to `base64Content` This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Config drive - Usedata corruption when gzipped > --- > > Key: CLOUDSTACK-10288 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10288 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Affects Versions: 4.11.0.0 >Reporter: Rohit Yadav >Assignee: Frank Maximus >Priority: Major > > Should be able to create userdata via "echo hi | gzip | base64 -w0" and read > it back in VM via "mount -o loop /dev/sr1 /mnt/tmp; cat > /mnt/tmp/cloudstack/userdata/user_data.txt | gunzip" -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10214) Unable to remove local primary storage
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10214?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16436010#comment-16436010 ] ASF subversion and git services commented on CLOUDSTACK-10214: -- Commit eba2e1d8a1ce4e86b4df144db03e96739da455e5 in cloudstack's branch refs/heads/master from [~rafaelweingartner] [ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=eba2e1d ] [CLOUDSTACK-10214] Unable to remove local primary storage (#2390) > Unable to remove local primary storage > --- > > Key: CLOUDSTACK-10214 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10214 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Affects Versions: 4.10.0.0, 4.9.3.0 >Reporter: Rafael Weingärtner >Assignee: Rafael Weingärtner >Priority: Major > > When enabling the use of local storage ACS will automatically load all local > storage configured in the Host and start using them as primary storage to > deploy user VMs (if the service offering allows to do so). However, if the > operator wants to remove the local storage ACS will throw an exception saying > that the removal of local storage is not allowed.Therefore, if one wants to > remove a local storage, he/she needs to do a manual intervention in the > database and hosts. > This limitation was removed, as it was only a logical restriction. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10214) Unable to remove local primary storage
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10214?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16436009#comment-16436009 ] ASF GitHub Bot commented on CLOUDSTACK-10214: - rafaelweingartner closed pull request #2390: [CLOUDSTACK-10214] Unable to remove local primary storage URL: https://github.com/apache/cloudstack/pull/2390 This is a PR merged from a forked repository. As GitHub hides the original diff on merge, it is displayed below for the sake of provenance: As this is a foreign pull request (from a fork), the diff is supplied below (as it won't show otherwise due to GitHub magic): diff --git a/api/src/main/java/com/cloud/storage/StorageService.java b/api/src/main/java/com/cloud/storage/StorageService.java index e40b1e6e14c..aebbbcd4bd0 100644 --- a/api/src/main/java/com/cloud/storage/StorageService.java +++ b/api/src/main/java/com/cloud/storage/StorageService.java @@ -90,23 +90,16 @@ boolean deleteSecondaryStagingStore(DeleteSecondaryStagingStoreCmd cmd); -ImageStore discoverImageStore(String name, String url, String providerName, Long zoneId, Map details) throws IllegalArgumentException, DiscoveryException, -InvalidParameterValueException; +ImageStore discoverImageStore(String name, String url, String providerName, Long zoneId, Map details) throws IllegalArgumentException, DiscoveryException, InvalidParameterValueException; - -/** +/** * Migrate existing NFS to use object store. * @param name object store name. - * @param url object store url. + * @param url object store URL. * @param providerName object store provider Name. * @param details object store other details * @return Object store created. - * @throws IllegalArgumentException - * @throws DiscoveryException - * @throws InvalidParameterValueException */ -ImageStore migrateToObjectStore(String name, String url, String providerName, Map details) throws IllegalArgumentException, DiscoveryException, -InvalidParameterValueException; - +ImageStore migrateToObjectStore(String name, String url, String providerName, Mapdetails) throws DiscoveryException; } diff --git a/server/src/main/java/com/cloud/storage/StorageManagerImpl.java b/server/src/main/java/com/cloud/storage/StorageManagerImpl.java index a179f8d65c9..749450c135f 100644 --- a/server/src/main/java/com/cloud/storage/StorageManagerImpl.java +++ b/server/src/main/java/com/cloud/storage/StorageManagerImpl.java @@ -344,7 +344,6 @@ public boolean share(VMInstanceVO vm, List vols, HostVO host, boolean return false; } } - // ok to share return true; } @@ -891,11 +890,6 @@ public boolean deletePool(DeletePoolCmd cmd) { s_logger.warn("Unable to delete storage id: " + id + " due to it is not in Maintenance state"); throw new InvalidParameterValueException("Unable to delete storage due to it is not in Maintenance state, id: " + id); } -if (sPool.isLocal()) { -s_logger.warn("Unable to delete local storage id:" + id); -throw new InvalidParameterValueException("Unable to delete local storage id: " + id); -} - Pair vlms = _volsDao.getCountAndTotalByPool(id); if (forced) { if (vlms.first() > 0) { @@ -1126,7 +1120,6 @@ public void cleanupStorage(boolean recurring) { s_logger.debug("Failed to delete snapshot: " + ssSnapshotVO.getId() + " from storage"); } } - cleanupSecondaryStorage(recurring); List vols = _volsDao.listVolumesToBeDestroyed(new Date(System.currentTimeMillis() - ((long)StorageCleanupDelay.value() << 10))); @@ -1931,19 +1924,16 @@ public synchronized boolean registerHostListener(String providerName, Hypervisor @Override public Answer sendToPool(long poolId, Command cmd) throws StorageUnavailableException { -// TODO Auto-generated method stub return null; } @Override public Answer[] sendToPool(long poolId, Commands cmd) throws StorageUnavailableException { -// TODO Auto-generated method stub return null; } @Override public String getName() { -// TODO Auto-generated method stub return null; } @@ -2044,7 +2034,7 @@ public ImageStore discoverImageStore(String name, String url, String providerNam } @Override -public ImageStore migrateToObjectStore(String name, String url, String providerName, Map details) throws IllegalArgumentException, DiscoveryException, InvalidParameterValueException { +public ImageStore migrateToObjectStore(String name, String url, String providerName, Map details) throws DiscoveryException,
[jira] [Commented] (CLOUDSTACK-10333) Secure VM Live migration for KVM
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10333?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16435897#comment-16435897 ] ASF GitHub Bot commented on CLOUDSTACK-10333: - blueorangutan commented on issue #2505: CLOUDSTACK-10333: Secure Live VM Migration for KVM URL: https://github.com/apache/cloudstack/pull/2505#issuecomment-380870819 Trillian test result (tid-2494) Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7 Total time taken: 101305 seconds Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr2505-t2494-kvm-centos7.zip Intermitten failure detected: /marvin/tests/smoke/test_routers.py Intermitten failure detected: /marvin/tests/smoke/test_vm_life_cycle.py Intermitten failure detected: /marvin/tests/smoke/test_vpc_redundant.py Intermitten failure detected: /marvin/tests/smoke/test_hostha_kvm.py Smoke tests completed. 63 look OK, 4 have error(s) Only failed tests results shown below: Test | Result | Time (s) | Test File --- | --- | --- | --- test_04_restart_network_wo_cleanup | `Failure` | 3.99 | test_routers.py test_01_secured_vm_migration | `Failure` | 1033.48 | test_vm_life_cycle.py test_02_not_secured_vm_migration | `Failure` | 193.32 | test_vm_life_cycle.py test_04_rvpc_network_garbage_collector_nics | `Failure` | 287.33 | test_vpc_redundant.py test_hostha_enable_ha_when_host_in_maintenance | `Error` | 1.39 | test_hostha_kvm.py This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Secure VM Live migration for KVM > > > Key: CLOUDSTACK-10333 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10333 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > With use of CA framework to secure hosts, the current mechanisms don't secure > libvirtd to use those certificates (used by agent to connect to mgmt server). > This causes insecure vm migration over tcp instead of tls. The aim is to use > the same framework and certificates to secure live VM migration. This could > be coupled with securing of a host and renewal/provisioning of certificates > to host. > > FS: > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Secure+Live+VM+Migration+for+KVM -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10288) Config drive - Usedata corruption when gzipped
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10288?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16435833#comment-16435833 ] ASF GitHub Bot commented on CLOUDSTACK-10288: - blueorangutan commented on issue #2566: ConfigDrive fixes: CLOUDSTACK-10288, CLOUDSTACK-10289 URL: https://github.com/apache/cloudstack/pull/2566#issuecomment-380856699 Packaging result: ✔centos6 ✔centos7 ✔debian. JID-1911 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Config drive - Usedata corruption when gzipped > --- > > Key: CLOUDSTACK-10288 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10288 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Affects Versions: 4.11.0.0 >Reporter: Rohit Yadav >Assignee: Frank Maximus >Priority: Major > > Should be able to create userdata via "echo hi | gzip | base64 -w0" and read > it back in VM via "mount -o loop /dev/sr1 /mnt/tmp; cat > /mnt/tmp/cloudstack/userdata/user_data.txt | gunzip" -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10352) XenServer: Support online storage migration from non-managed to managed storage
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10352?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16435426#comment-16435426 ] ASF GitHub Bot commented on CLOUDSTACK-10352: - blueorangutan commented on issue #2502: [CLOUDSTACK-10352] XenServer: Support online migration of a virtual disk from non-managed to managed storage URL: https://github.com/apache/cloudstack/pull/2502#issuecomment-380780893 Trillian test result (tid-2500) Environment: xenserver-71 (x2), Advanced Networking with Mgmt server 6 Total time taken: 591 seconds Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr2502-t2500-xenserver-71.zip Intermitten failure detected: /marvin/tests/smoke/test_affinity_groups_projects.py Intermitten failure detected: /marvin/tests/smoke/test_affinity_groups.py Intermitten failure detected: /marvin/tests/smoke/test_deploy_vgpu_enabled_vm.py Intermitten failure detected: /marvin/tests/smoke/test_deploy_vm_iso.py Intermitten failure detected: /marvin/tests/smoke/test_deploy_vm_root_resize.py Intermitten failure detected: /marvin/tests/smoke/test_deploy_vms_with_varied_deploymentplanners.py Intermitten failure detected: /marvin/tests/smoke/test_deploy_vm_with_userdata.py Intermitten failure detected: /marvin/tests/smoke/test_disk_offerings.py Intermitten failure detected: /marvin/tests/smoke/test_dynamicroles.py Intermitten failure detected: /marvin/tests/smoke/test_global_settings.py Intermitten failure detected: /marvin/tests/smoke/test_guest_vlan_range.py Intermitten failure detected: /marvin/tests/smoke/test_internal_lb.py Intermitten failure detected: /marvin/tests/smoke/test_iso.py Intermitten failure detected: /marvin/tests/smoke/test_list_ids_parameter.py Intermitten failure detected: /marvin/tests/smoke/test_loadbalance.py Intermitten failure detected: /marvin/tests/smoke/test_login.py Intermitten failure detected: /marvin/tests/smoke/test_multipleips_per_nic.py Intermitten failure detected: /marvin/tests/smoke/test_network_acl.py Intermitten failure detected: /marvin/tests/smoke/test_network.py Intermitten failure detected: /marvin/tests/smoke/test_nic_adapter_type.py Intermitten failure detected: /marvin/tests/smoke/test_nic.py Intermitten failure detected: /marvin/tests/smoke/test_non_contigiousvlan.py Intermitten failure detected: /marvin/tests/smoke/test_outofbandmanagement.py Intermitten failure detected: /marvin/tests/smoke/test_over_provisioning.py Intermitten failure detected: /marvin/tests/smoke/test_password_server.py Intermitten failure detected: /marvin/tests/smoke/test_portable_publicip.py Intermitten failure detected: /marvin/tests/smoke/test_primary_storage.py Intermitten failure detected: /marvin/tests/smoke/test_privategw_acl.py Intermitten failure detected: /marvin/tests/smoke/test_public_ip_range.py Intermitten failure detected: /marvin/tests/smoke/test_pvlan.py Intermitten failure detected: /marvin/tests/smoke/test_regions.py Intermitten failure detected: /marvin/tests/smoke/test_reset_vm_on_reboot.py Intermitten failure detected: /marvin/tests/smoke/test_resource_detail.py Intermitten failure detected: /marvin/tests/smoke/test_router_dhcphosts.py Intermitten failure detected: /marvin/tests/smoke/test_router_dns.py Intermitten failure detected: /marvin/tests/smoke/test_routers_iptables_default_policy.py Intermitten failure detected: /marvin/tests/smoke/test_routers_network_ops.py Intermitten failure detected: /marvin/tests/smoke/test_routers.py Intermitten failure detected: /marvin/tests/smoke/test_scale_vm.py Intermitten failure detected: /marvin/tests/smoke/test_secondary_storage.py Intermitten failure detected: /marvin/tests/smoke/test_service_offerings.py Intermitten failure detected: /marvin/tests/smoke/test_snapshots.py Intermitten failure detected: /marvin/tests/smoke/test_ssvm.py Intermitten failure detected: /marvin/tests/smoke/test_staticroles.py Intermitten failure detected: /marvin/tests/smoke/test_templates.py Intermitten failure detected: /marvin/tests/smoke/test_vm_life_cycle.py Intermitten failure detected: /marvin/tests/smoke/test_vm_snapshots.py Intermitten failure detected: /marvin/tests/smoke/test_volumes.py Intermitten failure detected: /marvin/tests/smoke/test_vpc_redundant.py Intermitten failure detected: /marvin/tests/smoke/test_vpc_router_nics.py Intermitten failure detected: /marvin/tests/smoke/test_vpc_vpn.py Smoke tests completed. 2 look OK, 51 have error(s) Only failed tests results shown below: Test | Result | Time (s) | Test File --- | --- | --- | --- ContextSuite context=TestListIdsParams>:setup | `Error` | 0.00 | test_list_ids_parameter.py ContextSuite context=TestNetworkACL>:setup | `Error` | 0.00 | test_network_acl.py ContextSuite
[jira] [Commented] (CLOUDSTACK-10304) SystemVM - Apache Web Server Version Number Information Disclosure
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16435410#comment-16435410 ] ASF GitHub Bot commented on CLOUDSTACK-10304: - rhtyd commented on issue #2563: CLOUDSTACK-10304: turn off apache2 server tokens and signature in systemvms URL: https://github.com/apache/cloudstack/pull/2563#issuecomment-380778512 @jgilbert35 I checked debian9's apache2 filesystem layout, we don't see to sed stuff, we can remove the change and simply include a file as done in this PR. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > SystemVM - Apache Web Server Version Number Information Disclosure > -- > > Key: CLOUDSTACK-10304 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10304 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: SystemVM >Affects Versions: 4.11.0.0 >Reporter: Julian Gilbert >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > {color:#00}The Secondary Storage System VM discloses its Apache Web > Server version number in HTTP headers and error pages. This type of > information disclosure can lead to medium vulnerabilities being reported in > web vulnerability scanners and reveals the Apache server version > unnecessarily.{color} > {color:#00}The apache2 directory structure no longer contains > /etc/apache2/conf.d/ in Debian 9 and therefore the appropriate apache2 > security configuration file is in another location. The > /opt/cloud/bin/setup/common.sh script has not been updated to reflect > this.{color} -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10304) SystemVM - Apache Web Server Version Number Information Disclosure
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16435397#comment-16435397 ] ASF GitHub Bot commented on CLOUDSTACK-10304: - jgilbert35 commented on issue #2563: CLOUDSTACK-10304: turn off apache2 server tokens and signature in systemvms URL: https://github.com/apache/cloudstack/pull/2563#issuecomment-380775957 Should cloudstack/systemvm/debian/opt/cloud/bin/setup/common.sh also be considered? The setup_apache2_common() function contains references to ServerTokens and ServerSignature. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > SystemVM - Apache Web Server Version Number Information Disclosure > -- > > Key: CLOUDSTACK-10304 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10304 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: SystemVM >Affects Versions: 4.11.0.0 >Reporter: Julian Gilbert >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > {color:#00}The Secondary Storage System VM discloses its Apache Web > Server version number in HTTP headers and error pages. This type of > information disclosure can lead to medium vulnerabilities being reported in > web vulnerability scanners and reveals the Apache server version > unnecessarily.{color} > {color:#00}The apache2 directory structure no longer contains > /etc/apache2/conf.d/ in Debian 9 and therefore the appropriate apache2 > security configuration file is in another location. The > /opt/cloud/bin/setup/common.sh script has not been updated to reflect > this.{color} -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-9114) restartnetwork with cleanup should not update/restart both routers at once
[ https://issues.apache.org/jira/browse/CLOUDSTACK-9114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16435364#comment-16435364 ] ASF GitHub Bot commented on CLOUDSTACK-9114: rhtyd commented on a change in pull request #2508: CLOUDSTACK-9114: Reduce VR downtime during network restart URL: https://github.com/apache/cloudstack/pull/2508#discussion_r181045084 ## File path: api/src/org/apache/cloudstack/api/command/user/network/RestartNetworkCmd.java ## @@ -77,6 +80,13 @@ public Boolean getCleanup() { return true; } +public Boolean getMakeRedundant() { +if (makeRedundant != null) { +return makeRedundant; +} +return true; Review comment: Will fix that. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > restartnetwork with cleanup should not update/restart both routers at once > -- > > Key: CLOUDSTACK-9114 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9114 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Wei Zhou >Assignee: Wei Zhou >Priority: Major > > for now, restartnetwork with cleanup will stop both RVRs at first, then start > two new RVRs. > to reduce the downtime of network, we'd better restart the RVRs one by one. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-9114) restartnetwork with cleanup should not update/restart both routers at once
[ https://issues.apache.org/jira/browse/CLOUDSTACK-9114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16435368#comment-16435368 ] ASF GitHub Bot commented on CLOUDSTACK-9114: rhtyd commented on a change in pull request #2508: CLOUDSTACK-9114: Reduce VR downtime during network restart URL: https://github.com/apache/cloudstack/pull/2508#discussion_r181045243 ## File path: ui/scripts/network.js ## @@ -1100,11 +1100,23 @@ }); args.$form.find('.form-item[rel=cleanup]').find('input').attr('checked', 'checked'); //checked args.$form.find('.form-item[rel=cleanup]').css('display', 'inline-block'); //shown + args.$form.find('.form-item[rel=makeredundant]').find('input').attr('checked', 'checked'); //checked + args.$form.find('.form-item[rel=makeredundant]').css('display', 'inline-block'); //shown + +if (Boolean(args.context.networks[0].redundantrouter)) { Review comment: This code will show option to make network redundant during restart, we hide the checkbox/label for networks that are already redundant. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > restartnetwork with cleanup should not update/restart both routers at once > -- > > Key: CLOUDSTACK-9114 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9114 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Wei Zhou >Assignee: Wei Zhou >Priority: Major > > for now, restartnetwork with cleanup will stop both RVRs at first, then start > two new RVRs. > to reduce the downtime of network, we'd better restart the RVRs one by one. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-9114) restartnetwork with cleanup should not update/restart both routers at once
[ https://issues.apache.org/jira/browse/CLOUDSTACK-9114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16435362#comment-16435362 ] ASF GitHub Bot commented on CLOUDSTACK-9114: rhtyd commented on a change in pull request #2508: CLOUDSTACK-9114: Reduce VR downtime during network restart URL: https://github.com/apache/cloudstack/pull/2508#discussion_r181044905 ## File path: engine/orchestration/src/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java ## @@ -2868,6 +2849,89 @@ public boolean restartNetwork(final Long networkId, final Account callerAccount, } } +@Override +public void destroyExpendableRouters(final List routers, final ReservationContext context) throws ResourceUnavailableException { +final List remainingRouters = new ArrayList<>(); +// Purge invalid routers +for (final VirtualRouter router : routers) { +if (router.getState() == VirtualMachine.State.Stopped || +router.getState() == VirtualMachine.State.Error || +router.getState() == VirtualMachine.State.Shutdowned || +router.getState() == VirtualMachine.State.Unknown) { +s_logger.debug("Destroying old router " + router); +_routerService.destroyRouter(router.getId(), context.getAccount(), context.getCaller().getId()); +} else { +remainingRouters.add(router); +} +} + +if (remainingRouters.size() < 2) { +return; +} + +// Purge any backup router +VirtualRouter backupRouter = null; +for (final VirtualRouter router : remainingRouters) { +if (router.getRedundantState() == VirtualRouter.RedundantState.BACKUP) { +backupRouter = router; +} +} +if (backupRouter == null) { +backupRouter = routers.get(routers.size() - 1); +} +if (backupRouter != null) { +_routerService.destroyRouter(backupRouter.getId(), context.getAccount(), context.getCaller().getId()); +} +} + +@Override +public boolean validateNewRouters(final List routers, final boolean isRedundant) { +for (final VirtualRouter router : routers) { +if (router.getState() != VirtualMachine.State.Running) { +s_logger.debug("Found new router " + router.getInstanceName() + " to be in non-Running state: " + router.getState() + ". Please try restarting network again."); +return false; +} +if (!isRedundant) { + router.setRedundantState(VirtualRouter.RedundantState.REDUNDANT_CAPABLE); +_routerDao.update(router.getId(), (DomainRouterVO) router); +} +} +return true; +} + +private boolean rollingRestartRouters(final NetworkVO network, final NetworkOffering offering, final DeployDestination dest, final ReservationContext context) throws ResourceUnavailableException, ConcurrentOperationException, InsufficientCapacityException { +s_logger.debug("Performing rolling restart of routers of network " + network); +destroyExpendableRouters(_routerDao.findByNetwork(network.getId()), context); + +final List providersToImplement = getNetworkProviders(network.getId()); +final List oldRouters = _routerDao.findByNetwork(network.getId()); + +// Deploy a new router +final boolean originalRedundancy = network.isRedundant(); +network.setRedundant(true); +implementNetworkElements(dest, context, network, offering, providersToImplement); +network.setRedundant(originalRedundancy); + +// For redundant network wait for 3*advert_int+skew_seconds for VRRP to kick in +if (network.isRedundant() || (oldRouters.size() == 1 && oldRouters.get(0).getIsRedundantRouter())) { +try { +Thread.sleep(1L); +} catch (final InterruptedException ignored) {} +} + +// Destroy old routers +for (final DomainRouterVO oldRouter : oldRouters) { +_routerService.destroyRouter(oldRouter.getId(), context.getAccount(), context.getCaller().getId()); Review comment: @nitin-maharana if you read the code again we're deploying a new VR first. If it fails, the method will fail at that point and won't fallthrough to this code that destroys the old VRs. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > restartnetwork with cleanup should not update/restart both routers at once >
[jira] [Commented] (CLOUDSTACK-9114) restartnetwork with cleanup should not update/restart both routers at once
[ https://issues.apache.org/jira/browse/CLOUDSTACK-9114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16435359#comment-16435359 ] ASF GitHub Bot commented on CLOUDSTACK-9114: nitin-maharana commented on a change in pull request #2508: CLOUDSTACK-9114: Reduce VR downtime during network restart URL: https://github.com/apache/cloudstack/pull/2508#discussion_r181044136 ## File path: ui/scripts/network.js ## @@ -1100,11 +1100,23 @@ }); args.$form.find('.form-item[rel=cleanup]').find('input').attr('checked', 'checked'); //checked args.$form.find('.form-item[rel=cleanup]').css('display', 'inline-block'); //shown + args.$form.find('.form-item[rel=makeredundant]').find('input').attr('checked', 'checked'); //checked + args.$form.find('.form-item[rel=makeredundant]').css('display', 'inline-block'); //shown + +if (Boolean(args.context.networks[0].redundantrouter)) { Review comment: As I understand, for RVR also the rolling upgrade will be applicable, any reason we hide the button. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > restartnetwork with cleanup should not update/restart both routers at once > -- > > Key: CLOUDSTACK-9114 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9114 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Wei Zhou >Assignee: Wei Zhou >Priority: Major > > for now, restartnetwork with cleanup will stop both RVRs at first, then start > two new RVRs. > to reduce the downtime of network, we'd better restart the RVRs one by one. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-9114) restartnetwork with cleanup should not update/restart both routers at once
[ https://issues.apache.org/jira/browse/CLOUDSTACK-9114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16435352#comment-16435352 ] ASF GitHub Bot commented on CLOUDSTACK-9114: nitin-maharana commented on a change in pull request #2508: CLOUDSTACK-9114: Reduce VR downtime during network restart URL: https://github.com/apache/cloudstack/pull/2508#discussion_r181043216 ## File path: engine/orchestration/src/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java ## @@ -2868,6 +2849,89 @@ public boolean restartNetwork(final Long networkId, final Account callerAccount, } } +@Override +public void destroyExpendableRouters(final List routers, final ReservationContext context) throws ResourceUnavailableException { +final List remainingRouters = new ArrayList<>(); +// Purge invalid routers +for (final VirtualRouter router : routers) { +if (router.getState() == VirtualMachine.State.Stopped || +router.getState() == VirtualMachine.State.Error || +router.getState() == VirtualMachine.State.Shutdowned || +router.getState() == VirtualMachine.State.Unknown) { +s_logger.debug("Destroying old router " + router); +_routerService.destroyRouter(router.getId(), context.getAccount(), context.getCaller().getId()); +} else { +remainingRouters.add(router); +} +} + +if (remainingRouters.size() < 2) { +return; +} + +// Purge any backup router +VirtualRouter backupRouter = null; +for (final VirtualRouter router : remainingRouters) { +if (router.getRedundantState() == VirtualRouter.RedundantState.BACKUP) { +backupRouter = router; +} +} +if (backupRouter == null) { +backupRouter = routers.get(routers.size() - 1); +} +if (backupRouter != null) { +_routerService.destroyRouter(backupRouter.getId(), context.getAccount(), context.getCaller().getId()); +} +} + +@Override +public boolean validateNewRouters(final List routers, final boolean isRedundant) { +for (final VirtualRouter router : routers) { +if (router.getState() != VirtualMachine.State.Running) { +s_logger.debug("Found new router " + router.getInstanceName() + " to be in non-Running state: " + router.getState() + ". Please try restarting network again."); +return false; +} +if (!isRedundant) { + router.setRedundantState(VirtualRouter.RedundantState.REDUNDANT_CAPABLE); +_routerDao.update(router.getId(), (DomainRouterVO) router); +} +} +return true; +} + +private boolean rollingRestartRouters(final NetworkVO network, final NetworkOffering offering, final DeployDestination dest, final ReservationContext context) throws ResourceUnavailableException, ConcurrentOperationException, InsufficientCapacityException { +s_logger.debug("Performing rolling restart of routers of network " + network); +destroyExpendableRouters(_routerDao.findByNetwork(network.getId()), context); + +final List providersToImplement = getNetworkProviders(network.getId()); +final List oldRouters = _routerDao.findByNetwork(network.getId()); + +// Deploy a new router +final boolean originalRedundancy = network.isRedundant(); +network.setRedundant(true); +implementNetworkElements(dest, context, network, offering, providersToImplement); +network.setRedundant(originalRedundancy); + +// For redundant network wait for 3*advert_int+skew_seconds for VRRP to kick in +if (network.isRedundant() || (oldRouters.size() == 1 && oldRouters.get(0).getIsRedundantRouter())) { +try { +Thread.sleep(1L); +} catch (final InterruptedException ignored) {} +} + +// Destroy old routers +for (final DomainRouterVO oldRouter : oldRouters) { +_routerService.destroyRouter(oldRouter.getId(), context.getAccount(), context.getCaller().getId()); Review comment: Here, before validating the new routers, we are destroying the old ones. If the new routers don't come up properly, we won't have old routers to roll back. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > restartnetwork with cleanup should not update/restart both routers at once >
[jira] [Commented] (CLOUDSTACK-9114) restartnetwork with cleanup should not update/restart both routers at once
[ https://issues.apache.org/jira/browse/CLOUDSTACK-9114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16435331#comment-16435331 ] ASF GitHub Bot commented on CLOUDSTACK-9114: nitin-maharana commented on a change in pull request #2508: CLOUDSTACK-9114: Reduce VR downtime during network restart URL: https://github.com/apache/cloudstack/pull/2508#discussion_r181038001 ## File path: api/src/org/apache/cloudstack/api/command/user/network/RestartNetworkCmd.java ## @@ -77,6 +80,13 @@ public Boolean getCleanup() { return true; } +public Boolean getMakeRedundant() { +if (makeRedundant != null) { +return makeRedundant; +} +return true; Review comment: If we don't pass anything, I think it should be false, it would continue with normal restart instead of this blue-green deployment. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > restartnetwork with cleanup should not update/restart both routers at once > -- > > Key: CLOUDSTACK-9114 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9114 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Wei Zhou >Assignee: Wei Zhou >Priority: Major > > for now, restartnetwork with cleanup will stop both RVRs at first, then start > two new RVRs. > to reduce the downtime of network, we'd better restart the RVRs one by one. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (CLOUDSTACK-10230) User is able to change to “Guest OS type” that has been removed
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10230?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rafael Weingärtner resolved CLOUDSTACK-10230. - Resolution: Fixed Fix Version/s: 4.12 > User is able to change to “Guest OS type” that has been removed > > > Key: CLOUDSTACK-10230 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10230 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rafael Weingärtner >Assignee: Rafael Weingärtner >Priority: Critical > Fix For: 4.12 > > > Users are able to change the OS type of VMs to “Guest OS type” that has been > removed. This becomes a security issue when we try to force users to use HVM > VMs (Meltdown/Spectre thing). A removed “guest os type” should not be usable > by any users in the cloud. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10352) XenServer: Support online storage migration from non-managed to managed storage
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10352?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16435203#comment-16435203 ] ASF GitHub Bot commented on CLOUDSTACK-10352: - blueorangutan commented on issue #2502: [CLOUDSTACK-10352] XenServer: Support online migration of a virtual disk from non-managed to managed storage URL: https://github.com/apache/cloudstack/pull/2502#issuecomment-380730840 Packaging result: ✔centos6 ✔centos7 ✔debian. JID-1909 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > XenServer: Support online storage migration from non-managed to managed > storage > --- > > Key: CLOUDSTACK-10352 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10352 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server, XenServer > Environment: XenServer >Reporter: Mike Tutkowski >Assignee: Mike Tutkowski >Priority: Major > Fix For: 4.12.0.0 > > > Allow a user to online migrate a volume from non-managed storage to managed > storage. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10352) XenServer: Support online storage migration from non-managed to managed storage
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10352?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16435196#comment-16435196 ] ASF GitHub Bot commented on CLOUDSTACK-10352: - blueorangutan commented on issue #2502: [CLOUDSTACK-10352] XenServer: Support online migration of a virtual disk from non-managed to managed storage URL: https://github.com/apache/cloudstack/pull/2502#issuecomment-380729866 Packaging result: ✔centos6 ✔centos7 ✔debian. JID-1907 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > XenServer: Support online storage migration from non-managed to managed > storage > --- > > Key: CLOUDSTACK-10352 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10352 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server, XenServer > Environment: XenServer >Reporter: Mike Tutkowski >Assignee: Mike Tutkowski >Priority: Major > Fix For: 4.12.0.0 > > > Allow a user to online migrate a volume from non-managed storage to managed > storage. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-9114) restartnetwork with cleanup should not update/restart both routers at once
[ https://issues.apache.org/jira/browse/CLOUDSTACK-9114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16435182#comment-16435182 ] ASF GitHub Bot commented on CLOUDSTACK-9114: rhtyd commented on issue #2508: CLOUDSTACK-9114: Reduce VR downtime during network restart URL: https://github.com/apache/cloudstack/pull/2508#issuecomment-376589266 @blueorangutan test matrix This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > restartnetwork with cleanup should not update/restart both routers at once > -- > > Key: CLOUDSTACK-9114 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9114 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Wei Zhou >Assignee: Wei Zhou >Priority: Major > > for now, restartnetwork with cleanup will stop both RVRs at first, then start > two new RVRs. > to reduce the downtime of network, we'd better restart the RVRs one by one. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-9114) restartnetwork with cleanup should not update/restart both routers at once
[ https://issues.apache.org/jira/browse/CLOUDSTACK-9114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16435180#comment-16435180 ] ASF GitHub Bot commented on CLOUDSTACK-9114: blueorangutan commented on issue #2508: CLOUDSTACK-9114: Reduce VR downtime during network restart URL: https://github.com/apache/cloudstack/pull/2508#issuecomment-376713942 Trillian test result (tid-2432) Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7 Total time taken: 25160 seconds Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr2508-t2432-kvm-centos7.zip Intermitten failure detected: /marvin/tests/smoke/test_volumes.py Intermitten failure detected: /marvin/tests/smoke/test_vpc_redundant.py Intermitten failure detected: /marvin/tests/smoke/test_vpc_vpn.py Intermitten failure detected: /marvin/tests/smoke/test_hostha_kvm.py Smoke tests completed. 65 look OK, 2 have error(s) Only failed tests results shown below: Test | Result | Time (s) | Test File --- | --- | --- | --- test_04_rvpc_network_garbage_collector_nics | `Failure` | 462.96 | test_vpc_redundant.py test_hostha_enable_ha_when_host_in_maintenance | `Error` | 3.61 | test_hostha_kvm.py This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > restartnetwork with cleanup should not update/restart both routers at once > -- > > Key: CLOUDSTACK-9114 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9114 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Wei Zhou >Assignee: Wei Zhou >Priority: Major > > for now, restartnetwork with cleanup will stop both RVRs at first, then start > two new RVRs. > to reduce the downtime of network, we'd better restart the RVRs one by one. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-9114) restartnetwork with cleanup should not update/restart both routers at once
[ https://issues.apache.org/jira/browse/CLOUDSTACK-9114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16435181#comment-16435181 ] ASF GitHub Bot commented on CLOUDSTACK-9114: blueorangutan commented on issue #2508: CLOUDSTACK-9114: Reduce VR downtime during network restart URL: https://github.com/apache/cloudstack/pull/2508#issuecomment-376589438 @rhtyd a Trillian-Jenkins matrix job (centos6 mgmt + xs71, centos7 mgmt + vmware65, centos7 mgmt + kvmcentos7) has been kicked to run smoke tests This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > restartnetwork with cleanup should not update/restart both routers at once > -- > > Key: CLOUDSTACK-9114 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9114 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Wei Zhou >Assignee: Wei Zhou >Priority: Major > > for now, restartnetwork with cleanup will stop both RVRs at first, then start > two new RVRs. > to reduce the downtime of network, we'd better restart the RVRs one by one. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-9114) restartnetwork with cleanup should not update/restart both routers at once
[ https://issues.apache.org/jira/browse/CLOUDSTACK-9114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16435183#comment-16435183 ] ASF GitHub Bot commented on CLOUDSTACK-9114: blueorangutan commented on issue #2508: CLOUDSTACK-9114: Reduce VR downtime during network restart URL: https://github.com/apache/cloudstack/pull/2508#issuecomment-376525033 Packaging result: ✔centos6 ✔centos7 ✔debian. JID-1841 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > restartnetwork with cleanup should not update/restart both routers at once > -- > > Key: CLOUDSTACK-9114 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9114 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Wei Zhou >Assignee: Wei Zhou >Priority: Major > > for now, restartnetwork with cleanup will stop both RVRs at first, then start > two new RVRs. > to reduce the downtime of network, we'd better restart the RVRs one by one. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-9114) restartnetwork with cleanup should not update/restart both routers at once
[ https://issues.apache.org/jira/browse/CLOUDSTACK-9114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16435186#comment-16435186 ] ASF GitHub Bot commented on CLOUDSTACK-9114: rhtyd commented on issue #2508: CLOUDSTACK-9114: Reduce VR downtime during network restart URL: https://github.com/apache/cloudstack/pull/2508#issuecomment-376510465 @blueorangutan package This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > restartnetwork with cleanup should not update/restart both routers at once > -- > > Key: CLOUDSTACK-9114 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9114 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Wei Zhou >Assignee: Wei Zhou >Priority: Major > > for now, restartnetwork with cleanup will stop both RVRs at first, then start > two new RVRs. > to reduce the downtime of network, we'd better restart the RVRs one by one. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-9114) restartnetwork with cleanup should not update/restart both routers at once
[ https://issues.apache.org/jira/browse/CLOUDSTACK-9114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16435178#comment-16435178 ] ASF GitHub Bot commented on CLOUDSTACK-9114: blueorangutan commented on issue #2508: CLOUDSTACK-9114: Reduce VR downtime during network restart URL: https://github.com/apache/cloudstack/pull/2508#issuecomment-376710639 Trillian test result (tid-2431) Environment: xenserver-71 (x2), Advanced Networking with Mgmt server 6 Total time taken: 24159 seconds Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr2508-t2431-xenserver-71.zip Intermitten failure detected: /marvin/tests/smoke/test_network.py Intermitten failure detected: /marvin/tests/smoke/test_outofbandmanagement.py Intermitten failure detected: /marvin/tests/smoke/test_projects.py Intermitten failure detected: /marvin/tests/smoke/test_public_ip_range.py Intermitten failure detected: /marvin/tests/smoke/test_reset_vm_on_reboot.py Intermitten failure detected: /marvin/tests/smoke/test_router_dhcphosts.py Intermitten failure detected: /marvin/tests/smoke/test_router_dns.py Intermitten failure detected: /marvin/tests/smoke/test_router_dnsservice.py Intermitten failure detected: /marvin/tests/smoke/test_routers_iptables_default_policy.py Intermitten failure detected: /marvin/tests/smoke/test_routers_network_ops.py Intermitten failure detected: /marvin/tests/smoke/test_routers.py Intermitten failure detected: /marvin/tests/smoke/test_scale_vm.py Intermitten failure detected: /marvin/tests/smoke/test_secondary_storage.py Intermitten failure detected: /marvin/tests/smoke/test_service_offerings.py Intermitten failure detected: /marvin/tests/smoke/test_snapshots.py Intermitten failure detected: /marvin/tests/smoke/test_ssvm.py Intermitten failure detected: /marvin/tests/smoke/test_templates.py Intermitten failure detected: /marvin/tests/smoke/test_usage.py Intermitten failure detected: /marvin/tests/smoke/test_vm_life_cycle.py Intermitten failure detected: /marvin/tests/smoke/test_vm_snapshots.py Intermitten failure detected: /marvin/tests/smoke/test_volumes.py Intermitten failure detected: /marvin/tests/smoke/test_vpc_redundant.py Intermitten failure detected: /marvin/tests/smoke/test_vpc_router_nics.py Intermitten failure detected: /marvin/tests/smoke/test_vpc_vpn.py Intermitten failure detected: /marvin/tests/smoke/test_host_maintenance.py Smoke tests completed. 44 look OK, 23 have error(s) Only failed tests results shown below: Test | Result | Time (s) | Test File --- | --- | --- | --- test_reboot_router | `Error` | 1538.22 | test_network.py test_10_project_activation | `Error` | 2684.95 | test_projects.py ContextSuite context=TestResetVmOnReboot>:setup | `Error` | 0.00 | test_reset_vm_on_reboot.py ContextSuite context=TestRouterDHCPHosts>:setup | `Error` | 0.00 | test_router_dhcphosts.py ContextSuite context=TestRouterDHCPOpts>:setup | `Error` | 0.00 | test_router_dhcphosts.py ContextSuite context=TestRouterDns>:setup | `Error` | 0.00 | test_router_dns.py ContextSuite context=TestRouterDnsService>:setup | `Error` | 0.00 | test_router_dnsservice.py ContextSuite context=TestRouterIpTablesPolicies>:setup | `Error` | 0.00 | test_routers_iptables_default_policy.py ContextSuite context=TestVPCIpTablesPolicies>:setup | `Error` | 0.00 | test_routers_iptables_default_policy.py test_01_isolate_network_FW_PF_default_routes_egress_true | `Error` | 0.24 | test_routers_network_ops.py test_02_isolate_network_FW_PF_default_routes_egress_false | `Error` | 0.25 | test_routers_network_ops.py ContextSuite context=TestRedundantIsolateNetworks>:setup | `Error` | 1.58 | test_routers_network_ops.py ContextSuite context=TestRouterServices>:setup | `Error` | 0.00 | test_routers.py ContextSuite context=TestScaleVm>:setup | `Error` | 0.00 | test_scale_vm.py test_01_sys_vm_start | `Failure` | 0.26 | test_secondary_storage.py test_02_sys_template_ready | `Failure` | 0.21 | test_secondary_storage.py ContextSuite context=TestCpuCapServiceOfferings>:teardown | `Error` | 0.00 | test_service_offerings.py ContextSuite context=TestServiceOfferings>:setup | `Error` | 0.47 | test_service_offerings.py ContextSuite context=TestSnapshotRootDisk>:setup | `Error` | 0.00 | test_snapshots.py test_01_list_sec_storage_vm | `Failure` | 0.03 | test_ssvm.py test_02_list_cpvm_vm | `Failure` | 0.02 | test_ssvm.py test_03_ssvm_internals | `Failure` | 0.02 | test_ssvm.py test_04_cpvm_internals | `Failure` | 0.02 | test_ssvm.py test_05_stop_ssvm | `Failure` | 0.03 | test_ssvm.py test_06_stop_cpvm | `Failure` | 0.02 | test_ssvm.py test_07_reboot_ssvm | `Failure` | 0.02 | test_ssvm.py test_08_reboot_cpvm | `Failure` | 0.02 | test_ssvm.py test_09_destroy_ssvm |
[jira] [Commented] (CLOUDSTACK-9114) restartnetwork with cleanup should not update/restart both routers at once
[ https://issues.apache.org/jira/browse/CLOUDSTACK-9114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16435185#comment-16435185 ] ASF GitHub Bot commented on CLOUDSTACK-9114: blueorangutan commented on issue #2508: CLOUDSTACK-9114: Reduce VR downtime during network restart URL: https://github.com/apache/cloudstack/pull/2508#issuecomment-376510749 @rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > restartnetwork with cleanup should not update/restart both routers at once > -- > > Key: CLOUDSTACK-9114 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9114 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Wei Zhou >Assignee: Wei Zhou >Priority: Major > > for now, restartnetwork with cleanup will stop both RVRs at first, then start > two new RVRs. > to reduce the downtime of network, we'd better restart the RVRs one by one. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-9114) restartnetwork with cleanup should not update/restart both routers at once
[ https://issues.apache.org/jira/browse/CLOUDSTACK-9114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16435176#comment-16435176 ] ASF GitHub Bot commented on CLOUDSTACK-9114: blueorangutan commented on issue #2508: CLOUDSTACK-9114: Reduce VR downtime during network restart URL: https://github.com/apache/cloudstack/pull/2508#issuecomment-376708510 Trillian test result (tid-2433) Environment: vmware-65 (x2), Advanced Networking with Mgmt server 7 Total time taken: 23516 seconds Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr2508-t2433-vmware-65.zip Intermitten failure detected: /marvin/tests/smoke/test_service_offerings.py Intermitten failure detected: /marvin/tests/smoke/test_ssvm.py Intermitten failure detected: /marvin/tests/smoke/test_templates.py Intermitten failure detected: /marvin/tests/smoke/test_usage.py Intermitten failure detected: /marvin/tests/smoke/test_vm_life_cycle.py Intermitten failure detected: /marvin/tests/smoke/test_vm_snapshots.py Intermitten failure detected: /marvin/tests/smoke/test_volumes.py Intermitten failure detected: /marvin/tests/smoke/test_vpc_redundant.py Intermitten failure detected: /marvin/tests/smoke/test_vpc_router_nics.py Intermitten failure detected: /marvin/tests/smoke/test_vpc_vpn.py Intermitten failure detected: /marvin/tests/smoke/test_host_maintenance.py Smoke tests completed. 56 look OK, 11 have error(s) Only failed tests results shown below: Test | Result | Time (s) | Test File --- | --- | --- | --- ContextSuite context=TestCpuCapServiceOfferings>:teardown | `Error` | 0.00 | test_service_offerings.py test_01_list_sec_storage_vm | `Failure` | 0.03 | test_ssvm.py test_02_list_cpvm_vm | `Failure` | 0.03 | test_ssvm.py test_03_ssvm_internals | `Failure` | 0.03 | test_ssvm.py test_04_cpvm_internals | `Failure` | 0.03 | test_ssvm.py test_05_stop_ssvm | `Failure` | 0.03 | test_ssvm.py test_06_stop_cpvm | `Failure` | 0.02 | test_ssvm.py test_07_reboot_ssvm | `Failure` | 0.02 | test_ssvm.py test_08_reboot_cpvm | `Failure` | 0.03 | test_ssvm.py test_09_destroy_ssvm | `Failure` | 0.03 | test_ssvm.py test_10_destroy_cpvm | `Failure` | 0.03 | test_ssvm.py test_02_create_template_with_checksum_sha1 | `Error` | 65.35 | test_templates.py test_03_create_template_with_checksum_sha256 | `Error` | 65.34 | test_templates.py test_04_create_template_with_checksum_md5 | `Error` | 65.59 | test_templates.py test_05_create_template_with_no_checksum | `Error` | 65.50 | test_templates.py ContextSuite context=TestTemplates>:setup | `Error` | 5.64 | test_templates.py ContextSuite context=TestISOUsage>:setup | `Error` | 0.00 | test_usage.py ContextSuite context=TestLBRuleUsage>:setup | `Error` | 0.00 | test_usage.py ContextSuite context=TestNatRuleUsage>:setup | `Error` | 0.00 | test_usage.py ContextSuite context=TestPublicIPUsage>:setup | `Error` | 0.00 | test_usage.py ContextSuite context=TestSnapshotUsage>:setup | `Error` | 0.00 | test_usage.py ContextSuite context=TestVmUsage>:setup | `Error` | 0.00 | test_usage.py ContextSuite context=TestVolumeUsage>:setup | `Error` | 0.00 | test_usage.py ContextSuite context=TestVpnUsage>:setup | `Error` | 0.00 | test_usage.py test_01_VPC_nics_after_destroy | `Error` | 2.63 | test_vpc_router_nics.py test_02_VPC_default_routes | `Error` | 1.61 | test_vpc_router_nics.py ContextSuite context=TestDeployVM>:setup | `Error` | 0.00 | test_vm_life_cycle.py ContextSuite context=TestVMLifeCycle>:setup | `Error` | 0.00 | test_vm_life_cycle.py test_change_service_offering_for_vm_with_snapshots | `Error` | 4.26 | test_vm_snapshots.py ContextSuite context=TestVmSnapshot>:setup | `Error` | 12.29 | test_vm_snapshots.py test_01_redundant_vpc_site2site_vpn | `Failure` | 3.28 | test_vpc_vpn.py test_01_vpc_site2site_vpn_multiple_options | `Failure` | 2.29 | test_vpc_vpn.py test_01_vpc_remote_access_vpn | `Failure` | 1.21 | test_vpc_vpn.py test_01_vpc_site2site_vpn | `Failure` | 2.30 | test_vpc_vpn.py ContextSuite context=TestCreateVolume>:setup | `Error` | 0.00 | test_volumes.py ContextSuite context=TestVolumes>:setup | `Error` | 0.00 | test_volumes.py test_01_create_redundant_VPC_2tiers_4VMs_4IPs_4PF_ACL | `Error` | 3.68 | test_vpc_redundant.py test_02_redundant_VPC_default_routes | `Error` | 3.71 | test_vpc_redundant.py test_03_create_redundant_VPC_1tier_2VMs_2IPs_2PF_ACL_reboot_routers | `Error` | 2.68 | test_vpc_redundant.py test_04_rvpc_network_garbage_collector_nics | `Error` | 3.72 | test_vpc_redundant.py test_05_rvpc_multi_tiers | `Error` | 3.69 | test_vpc_redundant.py test_02_cancel_host_maintenace_with_migration_jobs | `Error` | 3.28 | test_host_maintenance.py This is
[jira] [Commented] (CLOUDSTACK-9114) restartnetwork with cleanup should not update/restart both routers at once
[ https://issues.apache.org/jira/browse/CLOUDSTACK-9114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16435174#comment-16435174 ] ASF GitHub Bot commented on CLOUDSTACK-9114: rhtyd commented on a change in pull request #2508: CLOUDSTACK-9114: Reduce VR downtime during network restart URL: https://github.com/apache/cloudstack/pull/2508#discussion_r181008868 ## File path: api/src/org/apache/cloudstack/api/command/user/network/RestartNetworkCmd.java ## @@ -57,6 +57,9 @@ @Parameter(name = ApiConstants.CLEANUP, type = CommandType.BOOLEAN, required = false, description = "If cleanup old network elements") private Boolean cleanup; +@Parameter(name = ApiConstants.MAKEREDUNDANTE, type = CommandType.BOOLEAN, required = false, description = "Turn the network into a network with redundant routers.", since = "4.11.1") Review comment: Thanks for spotting @nitin-maharana, will fix the typo This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > restartnetwork with cleanup should not update/restart both routers at once > -- > > Key: CLOUDSTACK-9114 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9114 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Wei Zhou >Assignee: Wei Zhou >Priority: Major > > for now, restartnetwork with cleanup will stop both RVRs at first, then start > two new RVRs. > to reduce the downtime of network, we'd better restart the RVRs one by one. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10352) XenServer: Support online storage migration from non-managed to managed storage
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10352?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16435131#comment-16435131 ] ASF GitHub Bot commented on CLOUDSTACK-10352: - blueorangutan commented on issue #2502: [CLOUDSTACK-10352] XenServer: Support online migration of a virtual disk from non-managed to managed storage URL: https://github.com/apache/cloudstack/pull/2502#issuecomment-380717583 @mike-tutkowski a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > XenServer: Support online storage migration from non-managed to managed > storage > --- > > Key: CLOUDSTACK-10352 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10352 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server, XenServer > Environment: XenServer >Reporter: Mike Tutkowski >Assignee: Mike Tutkowski >Priority: Major > Fix For: 4.12.0.0 > > > Allow a user to online migrate a volume from non-managed storage to managed > storage. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10352) XenServer: Support online storage migration from non-managed to managed storage
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10352?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16435129#comment-16435129 ] ASF GitHub Bot commented on CLOUDSTACK-10352: - mike-tutkowski opened a new pull request #2502: [CLOUDSTACK-10352] XenServer: Support online migration of a virtual disk from non-managed to managed storage URL: https://github.com/apache/cloudstack/pull/2502 https://issues.apache.org/jira/browse/CLOUDSTACK-10352 ## Description Allow on XenServer for a volume on non-managed storage to be online migrated to managed storage. ## Types of changes - [ ] Breaking change (fix or feature that would cause existing functionality to change) - [ ] New feature (non-breaking change which adds functionality) - [ ] Bug fix (non-breaking change which fixes an issue) - [x] Enhancement (improves an existing feature and functionality) - [ ] Cleanup (Code refactoring and cleanup, that may add test cases) ## How Has This Been Tested? Previously if you tried to online migrate a volume on XenServer from non-managed storage to managed storage, the operation failed. Now the operation succeeds. ## Checklist: - [x] I have read the [CONTRIBUTING](https://github.com/apache/cloudstack/blob/master/CONTRIBUTING.md) document. - [x] My code follows the code style of this project. - [ ] My change requires a change to the documentation. - [ ] I have updated the documentation accordingly. - [ ] I have added tests to cover my changes. - [ ] All new and existing tests passed. @blueorangutan package This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > XenServer: Support online storage migration from non-managed to managed > storage > --- > > Key: CLOUDSTACK-10352 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10352 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server, XenServer > Environment: XenServer >Reporter: Mike Tutkowski >Assignee: Mike Tutkowski >Priority: Major > Fix For: 4.12.0.0 > > > Allow a user to online migrate a volume from non-managed storage to managed > storage. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10352) XenServer: Support online storage migration from non-managed to managed storage
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10352?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16435119#comment-16435119 ] ASF GitHub Bot commented on CLOUDSTACK-10352: - blueorangutan commented on issue #2502: [CLOUDSTACK-10352] XenServer: Support online migration of a virtual disk from non-managed to managed storage URL: https://github.com/apache/cloudstack/pull/2502#issuecomment-380715425 @mike-tutkowski a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > XenServer: Support online storage migration from non-managed to managed > storage > --- > > Key: CLOUDSTACK-10352 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10352 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server, XenServer > Environment: XenServer >Reporter: Mike Tutkowski >Assignee: Mike Tutkowski >Priority: Major > Fix For: 4.12.0.0 > > > Allow a user to online migrate a volume from non-managed storage to managed > storage. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10352) XenServer: Support online storage migration from non-managed to managed storage
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10352?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16435117#comment-16435117 ] ASF GitHub Bot commented on CLOUDSTACK-10352: - DaanHoogland closed pull request #2502: [CLOUDSTACK-10352] XenServer: Support online migration of a virtual disk from non-managed to managed storage URL: https://github.com/apache/cloudstack/pull/2502 This is a PR merged from a forked repository. As GitHub hides the original diff on merge, it is displayed below for the sake of provenance: As this is a foreign pull request (from a fork), the diff is supplied below (as it won't show otherwise due to GitHub magic): diff --git a/core/src/main/java/com/cloud/agent/api/storage/MigrateVolumeCommand.java b/core/src/main/java/com/cloud/agent/api/storage/MigrateVolumeCommand.java index 77430c39808..e5838451dd0 100644 --- a/core/src/main/java/com/cloud/agent/api/storage/MigrateVolumeCommand.java +++ b/core/src/main/java/com/cloud/agent/api/storage/MigrateVolumeCommand.java @@ -97,10 +97,18 @@ public DataTO getDestData() { return destData; } +public void setSrcDetails(Mapdetails) { +srcDetails = details; +} + public Map getSrcDetails() { return srcDetails; } +public void setDestDetails(Map details) { +destDetails = details; +} + public Map getDestDetails() { return destDetails; } diff --git a/engine/api/src/main/java/org/apache/cloudstack/engine/subsystem/api/storage/PrimaryDataStoreDriver.java b/engine/api/src/main/java/org/apache/cloudstack/engine/subsystem/api/storage/PrimaryDataStoreDriver.java index 8749589f12c..6021a439178 100644 --- a/engine/api/src/main/java/org/apache/cloudstack/engine/subsystem/api/storage/PrimaryDataStoreDriver.java +++ b/engine/api/src/main/java/org/apache/cloudstack/engine/subsystem/api/storage/PrimaryDataStoreDriver.java @@ -25,9 +25,12 @@ import com.cloud.storage.StoragePool; public interface PrimaryDataStoreDriver extends DataStoreDriver { +enum QualityOfServiceState { MIGRATION, NO_MIGRATION } + String BASIC_CREATE = "basicCreate"; String BASIC_DELETE = "basicDelete"; String BASIC_DELETE_FAILURE = "basicDeleteFailure"; +String BASIC_DELETE_BY_FOLDER = "basicDeleteByFolder"; String BASIC_GRANT_ACCESS = "basicGrantAccess"; String BASIC_REVOKE_ACCESS = "basicRevokeAccess"; String BASIC_IQN = "basicIqn"; @@ -67,4 +70,6 @@ void takeSnapshot(SnapshotInfo snapshot, AsyncCompletionCallback callback); void revertSnapshot(SnapshotInfo snapshotOnImageStore, SnapshotInfo snapshotOnPrimaryStore, AsyncCompletionCallback callback); + +void handleQualityOfServiceForVolumeMigration(VolumeInfo volumeInfo, QualityOfServiceState qualityOfServiceState); } diff --git a/engine/storage/datamotion/src/main/java/org/apache/cloudstack/storage/motion/StorageSystemDataMotionStrategy.java b/engine/storage/datamotion/src/main/java/org/apache/cloudstack/storage/motion/StorageSystemDataMotionStrategy.java index 30cff850c88..e08c3063b40 100644 --- a/engine/storage/datamotion/src/main/java/org/apache/cloudstack/storage/motion/StorageSystemDataMotionStrategy.java +++ b/engine/storage/datamotion/src/main/java/org/apache/cloudstack/storage/motion/StorageSystemDataMotionStrategy.java @@ -49,6 +49,7 @@ import com.cloud.storage.SnapshotVO; import com.cloud.storage.Storage.ImageFormat; import com.cloud.storage.StorageManager; +import com.cloud.storage.StoragePool; import com.cloud.storage.VMTemplateVO; import com.cloud.storage.VolumeDetailVO; import com.cloud.storage.Volume; @@ -84,8 +85,10 @@ import org.apache.cloudstack.engine.subsystem.api.storage.EndPointSelector; import org.apache.cloudstack.engine.subsystem.api.storage.HostScope; import org.apache.cloudstack.engine.subsystem.api.storage.ObjectInDataStoreStateMachine.Event; +import org.apache.cloudstack.engine.subsystem.api.storage.PrimaryDataStoreDriver; import org.apache.cloudstack.engine.subsystem.api.storage.Scope; import org.apache.cloudstack.engine.subsystem.api.storage.SnapshotInfo; +import org.apache.cloudstack.engine.subsystem.api.storage.StorageAction; import org.apache.cloudstack.engine.subsystem.api.storage.StorageCacheManager; import org.apache.cloudstack.engine.subsystem.api.storage.StrategyPriority; import org.apache.cloudstack.engine.subsystem.api.storage.TemplateInfo; @@ -288,7 +291,7 @@ public void copyAsync(DataObject srcData, DataObject destData, Host destHost, As VolumeInfo srcVolumeInfo = (VolumeInfo)srcData; TemplateInfo destTemplateInfo = (TemplateInfo)destData; -handleCreateTemplateFromVolume(srcVolumeInfo, destTemplateInfo, callback); +handleCreateTemplateFromManagedVolume(srcVolumeInfo, destTemplateInfo, callback); }
[jira] [Commented] (CLOUDSTACK-10214) Unable to remove local primary storage
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10214?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16435118#comment-16435118 ] ASF GitHub Bot commented on CLOUDSTACK-10214: - blueorangutan commented on issue #2390: [CLOUDSTACK-10214] Unable to remove local primary storage URL: https://github.com/apache/cloudstack/pull/2390#issuecomment-380715348 Trillian test result (tid-2489) Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7 Total time taken: 87341 seconds Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr2390-t2489-kvm-centos7.zip Intermitten failure detected: /marvin/tests/smoke/test_certauthority_root.py Intermitten failure detected: /marvin/tests/smoke/test_routers.py Intermitten failure detected: /marvin/tests/smoke/test_vpc_redundant.py Intermitten failure detected: /marvin/tests/smoke/test_vpc_vpn.py Smoke tests completed. 65 look OK, 2 have error(s) Only failed tests results shown below: Test | Result | Time (s) | Test File --- | --- | --- | --- test_04_restart_network_wo_cleanup | `Failure` | 4.03 | test_routers.py test_05_rvpc_multi_tiers | `Failure` | 319.70 | test_vpc_redundant.py test_05_rvpc_multi_tiers | `Error` | 342.76 | test_vpc_redundant.py This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Unable to remove local primary storage > --- > > Key: CLOUDSTACK-10214 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10214 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Affects Versions: 4.10.0.0, 4.9.3.0 >Reporter: Rafael Weingärtner >Assignee: Rafael Weingärtner >Priority: Major > > When enabling the use of local storage ACS will automatically load all local > storage configured in the Host and start using them as primary storage to > deploy user VMs (if the service offering allows to do so). However, if the > operator wants to remove the local storage ACS will throw an exception saying > that the removal of local storage is not allowed.Therefore, if one wants to > remove a local storage, he/she needs to do a manual intervention in the > database and hosts. > This limitation was removed, as it was only a logical restriction. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10352) XenServer: Support online storage migration from non-managed to managed storage
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10352?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16435116#comment-16435116 ] ASF GitHub Bot commented on CLOUDSTACK-10352: - DaanHoogland commented on issue #2502: [CLOUDSTACK-10352] XenServer: Support online migration of a virtual disk from non-managed to managed storage URL: https://github.com/apache/cloudstack/pull/2502#issuecomment-380715225 want to see some ci passing This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > XenServer: Support online storage migration from non-managed to managed > storage > --- > > Key: CLOUDSTACK-10352 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10352 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server, XenServer > Environment: XenServer >Reporter: Mike Tutkowski >Assignee: Mike Tutkowski >Priority: Major > Fix For: 4.12.0.0 > > > Allow a user to online migrate a volume from non-managed storage to managed > storage. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10230) User is able to change to “Guest OS type” that has been removed
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16435104#comment-16435104 ] ASF subversion and git services commented on CLOUDSTACK-10230: -- Commit 91d98211496a482e6882acd6528f9b8dbeefe3bf in cloudstack's branch refs/heads/master from [~rafaelweingartner] [ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=91d9821 ] [CLOUDSTACK-10230] User should not be able to use removed “Guest OS type” (#2404) * [CLOUDSTACK-10230] User is able to change to “Guest OS type” that has been removed Users are able to change the OS type of VMs to “Guest OS type” that has been removed. This becomes a security issue when we try to force users to use HVM VMs (Meltdown/Spectre thing). A removed “guest os type” should not be usable by any users in the cloud. > User is able to change to “Guest OS type” that has been removed > > > Key: CLOUDSTACK-10230 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10230 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rafael Weingärtner >Assignee: Rafael Weingärtner >Priority: Critical > > Users are able to change the OS type of VMs to “Guest OS type” that has been > removed. This becomes a security issue when we try to force users to use HVM > VMs (Meltdown/Spectre thing). A removed “guest os type” should not be usable > by any users in the cloud. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10230) User is able to change to “Guest OS type” that has been removed
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16435103#comment-16435103 ] ASF GitHub Bot commented on CLOUDSTACK-10230: - DaanHoogland closed pull request #2404: [CLOUDSTACK-10230] User should not be able to use removed “Guest OS type” URL: https://github.com/apache/cloudstack/pull/2404 This is a PR merged from a forked repository. As GitHub hides the original diff on merge, it is displayed below for the sake of provenance: As this is a foreign pull request (from a fork), the diff is supplied below (as it won't show otherwise due to GitHub magic): diff --git a/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java b/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java index f2f764b3dc7..df81dd3ff2b 100644 --- a/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java +++ b/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java @@ -39,10 +39,6 @@ import javax.inject.Inject; import javax.naming.ConfigurationException; -import org.apache.commons.codec.binary.Base64; -import org.apache.commons.lang.StringUtils; -import org.apache.log4j.Logger; - import org.apache.cloudstack.acl.ControlledEntity.ACLType; import org.apache.cloudstack.acl.SecurityChecker.AccessType; import org.apache.cloudstack.affinity.AffinityGroupService; @@ -80,7 +76,6 @@ import org.apache.cloudstack.engine.subsystem.api.storage.DataStore; import org.apache.cloudstack.engine.subsystem.api.storage.DataStoreManager; import org.apache.cloudstack.engine.subsystem.api.storage.PrimaryDataStore; -import org.apache.cloudstack.engine.subsystem.api.storage.TemplateDataFactory; import org.apache.cloudstack.engine.subsystem.api.storage.VolumeDataFactory; import org.apache.cloudstack.engine.subsystem.api.storage.VolumeInfo; import org.apache.cloudstack.engine.subsystem.api.storage.VolumeService; @@ -89,7 +84,6 @@ import org.apache.cloudstack.framework.config.ConfigKey; import org.apache.cloudstack.framework.config.Configurable; import org.apache.cloudstack.framework.config.dao.ConfigurationDao; -import org.apache.cloudstack.framework.jobs.AsyncJobManager; import org.apache.cloudstack.managed.context.ManagedContextRunnable; import org.apache.cloudstack.storage.command.DeleteCommand; import org.apache.cloudstack.storage.command.DettachCommand; @@ -97,6 +91,10 @@ import org.apache.cloudstack.storage.datastore.db.StoragePoolVO; import org.apache.cloudstack.storage.datastore.db.TemplateDataStoreDao; import org.apache.cloudstack.storage.datastore.db.TemplateDataStoreVO; +import org.apache.commons.codec.binary.Base64; +import org.apache.commons.collections.MapUtils; +import org.apache.commons.lang3.StringUtils; +import org.apache.log4j.Logger; import com.cloud.agent.AgentManager; import com.cloud.agent.api.Answer; @@ -125,7 +123,6 @@ import com.cloud.agent.manager.Commands; import com.cloud.alert.AlertManager; import com.cloud.api.ApiDBUtils; -import com.cloud.api.query.dao.UserVmJoinDao; import com.cloud.capacity.Capacity; import com.cloud.capacity.CapacityManager; import com.cloud.configuration.Config; @@ -136,14 +133,14 @@ import com.cloud.dc.DataCenterVO; import com.cloud.dc.DedicatedResourceVO; import com.cloud.dc.HostPodVO; +import com.cloud.dc.Vlan; +import com.cloud.dc.Vlan.VlanType; +import com.cloud.dc.VlanVO; import com.cloud.dc.dao.ClusterDao; import com.cloud.dc.dao.DataCenterDao; import com.cloud.dc.dao.DedicatedResourceDao; import com.cloud.dc.dao.HostPodDao; import com.cloud.dc.dao.VlanDao; -import com.cloud.dc.Vlan; -import com.cloud.dc.Vlan.VlanType; -import com.cloud.dc.VlanVO; import com.cloud.deploy.DataCenterDeployment; import com.cloud.deploy.DeployDestination; import com.cloud.deploy.DeploymentPlanner; @@ -211,9 +208,7 @@ import com.cloud.network.security.SecurityGroup; import com.cloud.network.security.SecurityGroupManager; import com.cloud.network.security.dao.SecurityGroupDao; -import com.cloud.network.security.dao.SecurityGroupVMMapDao; import com.cloud.network.vpc.VpcManager; -import com.cloud.network.vpc.dao.VpcDao; import com.cloud.offering.DiskOffering; import com.cloud.offering.NetworkOffering; import com.cloud.offering.NetworkOffering.Availability; @@ -222,10 +217,8 @@ import com.cloud.offerings.dao.NetworkOfferingDao; import com.cloud.org.Cluster; import com.cloud.org.Grouping; -import com.cloud.projects.ProjectManager; import com.cloud.resource.ResourceManager; import com.cloud.resource.ResourceState; -import com.cloud.server.ConfigurationServer; import com.cloud.server.ManagementService; import com.cloud.service.ServiceOfferingVO; import com.cloud.service.dao.ServiceOfferingDao; @@ -234,15 +227,15 @@ import com.cloud.storage.DiskOfferingVO; import com.cloud.storage.GuestOSCategoryVO; import com.cloud.storage.GuestOSVO; +import com.cloud.storage.Snapshot; import com.cloud.storage.SnapshotVO; import
[jira] [Commented] (CLOUDSTACK-10230) User is able to change to “Guest OS type” that has been removed
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16435105#comment-16435105 ] ASF subversion and git services commented on CLOUDSTACK-10230: -- Commit 91d98211496a482e6882acd6528f9b8dbeefe3bf in cloudstack's branch refs/heads/master from [~rafaelweingartner] [ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=91d9821 ] [CLOUDSTACK-10230] User should not be able to use removed “Guest OS type” (#2404) * [CLOUDSTACK-10230] User is able to change to “Guest OS type” that has been removed Users are able to change the OS type of VMs to “Guest OS type” that has been removed. This becomes a security issue when we try to force users to use HVM VMs (Meltdown/Spectre thing). A removed “guest os type” should not be usable by any users in the cloud. > User is able to change to “Guest OS type” that has been removed > > > Key: CLOUDSTACK-10230 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10230 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rafael Weingärtner >Assignee: Rafael Weingärtner >Priority: Critical > > Users are able to change the OS type of VMs to “Guest OS type” that has been > removed. This becomes a security issue when we try to force users to use HVM > VMs (Meltdown/Spectre thing). A removed “guest os type” should not be usable > by any users in the cloud. -- This message was sent by Atlassian JIRA (v7.6.3#76005)