[GitHub] cloudstack issue #1640: CLOUDSTACK-9458: Fix HA bug when VMs are stopped on ...
Github user marcaurele commented on the issue: https://github.com/apache/cloudstack/pull/1640 @jburwell I changed the commit and PR to point to 4.9 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
Re: builds.cloudstack.org (new jenkins system)
This is great. Thanks for setting it up PL. If possible, could you also move the coverity job[1] to the new jenkins please? CloudStack coverity report last ran on Jan 25, 2016 [1] http://jenkins.buildacloud.org/job/cloudstack-master-twiceweekly-coverity/ Thanks, ~ Rajani http://cloudplatform.accelerite.com/ On September 14, 2016 at 12:11 AM, Pierre-Luc Dion (pdion...@apache.org) wrote: Hi, we now have a nice URL pointing to the replacement jenkins of j.bac.o: builds.cloudstack.org I'll make sure the enable SSL for user authentication, whoever is commiter that want admin access to Jenkins, let me know, if you have CI system that we could leverage via a centralized portal, feel free to post on dev@ Cheers, PL
[GitHub] cloudstack issue #1542: CLOUDSTACK-9379: Support nested virtualization at VM...
Github user serg38 commented on the issue: https://github.com/apache/cloudstack/pull/1542 @rhtyd @jburwell @rafaelweingartner @koushik-das The rationale to have vmware.nested.virtualization.perVM was that advanced vm_details and template details are user controlled. With https://issues.apache.org/jira/browse/CLOUDSTACK-9457 âAllow retrieval and modification of VM and template details via API and UIâ users will be able to change any advanced details in UI and API. If admin wants to preserve that nested virtualization is controlled in centralized fashion they can do so by setting vmware.nested.virtualization.perVM to âfalseâ. Idea was to allow organizations that currently have nested virtualization disabled to have it so after upgrade. Does it make sense or everyone prefers that setting on VM level overrides global one? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack issue #1511: 4.9/master bountycastle changes
Github user jburwell commented on the issue: https://github.com/apache/cloudstack/pull/1511 @rhtyd this PR is actually fairly important as it upgrades our crypto implementation to the latest available. Therefore, I want to get it into LTS for 4.9.2.0. In addition to addressing the code review comments, I see the following items need to addressed into order merge this PR: * [ ] Re-target the PR to the 4.9 branch * [ ] Create a JIRA ticket for this change and reference it in the commit message * [ ] Squash the commits * [ ] Fix the Travis failures * [ ] Rebase the changes with the parent branch to resolve merge conflicts * [ ] Integration test it --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78648723 --- Diff: utils/src/main/java/com/cloud/utils/security/CertificateHelper.java --- @@ -38,125 +38,139 @@ import java.security.spec.InvalidKeySpecException; import java.security.spec.PKCS8EncodedKeySpec; import java.util.ArrayList; +import java.util.Collection; +import java.util.Iterator; import java.util.List; -import com.cloud.utils.exception.CloudRuntimeException; import org.apache.commons.codec.binary.Base64; +import org.bouncycastle.util.io.pem.PemObject; +import org.bouncycastle.util.io.pem.PemReader; import com.cloud.utils.Ternary; -import org.bouncycastle.openssl.PEMReader; +import com.cloud.utils.exception.CloudRuntimeException; public class CertificateHelper { -public static byte[] buildAndSaveKeystore(String alias, String cert, String privateKey, String storePassword) throws KeyStoreException, CertificateException, -NoSuchAlgorithmException, InvalidKeySpecException, IOException { -KeyStore ks = buildKeystore(alias, cert, privateKey, storePassword); +public static byte[] buildAndSaveKeystore(final String alias, final String cert, final String privateKey, final String storePassword) throws KeyStoreException, CertificateException, +NoSuchAlgorithmException, InvalidKeySpecException, IOException { +final KeyStore ks = buildKeystore(alias, cert, privateKey, storePassword); -ByteArrayOutputStream os = new ByteArrayOutputStream(); +final ByteArrayOutputStream os = new ByteArrayOutputStream(); ks.store(os, storePassword != null ? storePassword.toCharArray() : null); os.close(); return os.toByteArray(); } -public static byte[] buildAndSaveKeystore(List> certs, String storePassword) throws KeyStoreException, NoSuchAlgorithmException, -CertificateException, IOException, InvalidKeySpecException { -KeyStore ks = KeyStore.getInstance("JKS"); +public static byte[] buildAndSaveKeystore(final List > certs, final String storePassword) throws KeyStoreException, NoSuchAlgorithmException, +CertificateException, IOException, InvalidKeySpecException { +final KeyStore ks = KeyStore.getInstance("JKS"); ks.load(null, storePassword != null ? storePassword.toCharArray() : null); //name,cert,key -for (Ternary cert : certs) { +for (final Ternary cert : certs) { if (cert.third() == null) { -Certificate c = buildCertificate(cert.second()); +final Certificate c = buildCertificate(cert.second()); ks.setCertificateEntry(cert.first(), c); } else { -Certificate[] c = new Certificate[certs.size()]; +final Certificate[] c = new Certificate[certs.size()]; int i = certs.size(); -for (Ternary ct : certs) { +for (final Ternary ct : certs) { c[i - 1] = buildCertificate(ct.second()); i--; } ks.setKeyEntry(cert.first(), buildPrivateKey(cert.third()), storePassword != null ? storePassword.toCharArray() : null, c); } } -ByteArrayOutputStream os = new ByteArrayOutputStream(); +final ByteArrayOutputStream os = new ByteArrayOutputStream(); ks.store(os, storePassword != null ? storePassword.toCharArray() : null); os.close(); return os.toByteArray(); } -public static KeyStore loadKeystore(byte[] ksData, String storePassword) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException { -assert (ksData != null); -KeyStore ks = KeyStore.getInstance("JKS"); +public static KeyStore loadKeystore(final byte[] ksData, final String storePassword) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException { +assert ksData != null; +final KeyStore ks = KeyStore.getInstance("JKS"); ks.load(new ByteArrayInputStream(ksData), storePassword != null ? storePassword.toCharArray() : null); return ks; } -public static KeyStore buildKeystore(String alias, String cert, String privateKey, String storePassword) throws KeyStoreException, CertificateException, -NoSuchAlgorithmException, InvalidKeySpecException, IOException { +public
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78649049 --- Diff: utils/src/main/java/com/cloud/utils/security/CertificateHelper.java --- @@ -38,125 +38,139 @@ import java.security.spec.InvalidKeySpecException; import java.security.spec.PKCS8EncodedKeySpec; import java.util.ArrayList; +import java.util.Collection; +import java.util.Iterator; import java.util.List; -import com.cloud.utils.exception.CloudRuntimeException; import org.apache.commons.codec.binary.Base64; +import org.bouncycastle.util.io.pem.PemObject; +import org.bouncycastle.util.io.pem.PemReader; import com.cloud.utils.Ternary; -import org.bouncycastle.openssl.PEMReader; +import com.cloud.utils.exception.CloudRuntimeException; public class CertificateHelper { -public static byte[] buildAndSaveKeystore(String alias, String cert, String privateKey, String storePassword) throws KeyStoreException, CertificateException, -NoSuchAlgorithmException, InvalidKeySpecException, IOException { -KeyStore ks = buildKeystore(alias, cert, privateKey, storePassword); +public static byte[] buildAndSaveKeystore(final String alias, final String cert, final String privateKey, final String storePassword) throws KeyStoreException, CertificateException, +NoSuchAlgorithmException, InvalidKeySpecException, IOException { +final KeyStore ks = buildKeystore(alias, cert, privateKey, storePassword); -ByteArrayOutputStream os = new ByteArrayOutputStream(); +final ByteArrayOutputStream os = new ByteArrayOutputStream(); ks.store(os, storePassword != null ? storePassword.toCharArray() : null); os.close(); return os.toByteArray(); } -public static byte[] buildAndSaveKeystore(List> certs, String storePassword) throws KeyStoreException, NoSuchAlgorithmException, -CertificateException, IOException, InvalidKeySpecException { -KeyStore ks = KeyStore.getInstance("JKS"); +public static byte[] buildAndSaveKeystore(final List > certs, final String storePassword) throws KeyStoreException, NoSuchAlgorithmException, +CertificateException, IOException, InvalidKeySpecException { +final KeyStore ks = KeyStore.getInstance("JKS"); ks.load(null, storePassword != null ? storePassword.toCharArray() : null); //name,cert,key -for (Ternary cert : certs) { +for (final Ternary cert : certs) { if (cert.third() == null) { -Certificate c = buildCertificate(cert.second()); +final Certificate c = buildCertificate(cert.second()); ks.setCertificateEntry(cert.first(), c); } else { -Certificate[] c = new Certificate[certs.size()]; +final Certificate[] c = new Certificate[certs.size()]; int i = certs.size(); -for (Ternary ct : certs) { +for (final Ternary ct : certs) { c[i - 1] = buildCertificate(ct.second()); i--; } ks.setKeyEntry(cert.first(), buildPrivateKey(cert.third()), storePassword != null ? storePassword.toCharArray() : null, c); } } -ByteArrayOutputStream os = new ByteArrayOutputStream(); +final ByteArrayOutputStream os = new ByteArrayOutputStream(); ks.store(os, storePassword != null ? storePassword.toCharArray() : null); os.close(); return os.toByteArray(); } -public static KeyStore loadKeystore(byte[] ksData, String storePassword) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException { -assert (ksData != null); -KeyStore ks = KeyStore.getInstance("JKS"); +public static KeyStore loadKeystore(final byte[] ksData, final String storePassword) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException { +assert ksData != null; +final KeyStore ks = KeyStore.getInstance("JKS"); ks.load(new ByteArrayInputStream(ksData), storePassword != null ? storePassword.toCharArray() : null); return ks; } -public static KeyStore buildKeystore(String alias, String cert, String privateKey, String storePassword) throws KeyStoreException, CertificateException, -NoSuchAlgorithmException, InvalidKeySpecException, IOException { +public
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78648669 --- Diff: utils/src/main/java/com/cloud/utils/security/CertificateHelper.java --- @@ -38,125 +38,139 @@ import java.security.spec.InvalidKeySpecException; import java.security.spec.PKCS8EncodedKeySpec; import java.util.ArrayList; +import java.util.Collection; +import java.util.Iterator; import java.util.List; -import com.cloud.utils.exception.CloudRuntimeException; import org.apache.commons.codec.binary.Base64; +import org.bouncycastle.util.io.pem.PemObject; +import org.bouncycastle.util.io.pem.PemReader; import com.cloud.utils.Ternary; -import org.bouncycastle.openssl.PEMReader; +import com.cloud.utils.exception.CloudRuntimeException; public class CertificateHelper { -public static byte[] buildAndSaveKeystore(String alias, String cert, String privateKey, String storePassword) throws KeyStoreException, CertificateException, -NoSuchAlgorithmException, InvalidKeySpecException, IOException { -KeyStore ks = buildKeystore(alias, cert, privateKey, storePassword); +public static byte[] buildAndSaveKeystore(final String alias, final String cert, final String privateKey, final String storePassword) throws KeyStoreException, CertificateException, +NoSuchAlgorithmException, InvalidKeySpecException, IOException { +final KeyStore ks = buildKeystore(alias, cert, privateKey, storePassword); -ByteArrayOutputStream os = new ByteArrayOutputStream(); +final ByteArrayOutputStream os = new ByteArrayOutputStream(); ks.store(os, storePassword != null ? storePassword.toCharArray() : null); os.close(); return os.toByteArray(); } -public static byte[] buildAndSaveKeystore(List> certs, String storePassword) throws KeyStoreException, NoSuchAlgorithmException, -CertificateException, IOException, InvalidKeySpecException { -KeyStore ks = KeyStore.getInstance("JKS"); +public static byte[] buildAndSaveKeystore(final List > certs, final String storePassword) throws KeyStoreException, NoSuchAlgorithmException, +CertificateException, IOException, InvalidKeySpecException { +final KeyStore ks = KeyStore.getInstance("JKS"); ks.load(null, storePassword != null ? storePassword.toCharArray() : null); //name,cert,key -for (Ternary cert : certs) { +for (final Ternary cert : certs) { if (cert.third() == null) { -Certificate c = buildCertificate(cert.second()); +final Certificate c = buildCertificate(cert.second()); ks.setCertificateEntry(cert.first(), c); } else { -Certificate[] c = new Certificate[certs.size()]; +final Certificate[] c = new Certificate[certs.size()]; int i = certs.size(); -for (Ternary ct : certs) { +for (final Ternary ct : certs) { c[i - 1] = buildCertificate(ct.second()); i--; } ks.setKeyEntry(cert.first(), buildPrivateKey(cert.third()), storePassword != null ? storePassword.toCharArray() : null, c); } } -ByteArrayOutputStream os = new ByteArrayOutputStream(); +final ByteArrayOutputStream os = new ByteArrayOutputStream(); ks.store(os, storePassword != null ? storePassword.toCharArray() : null); os.close(); return os.toByteArray(); } -public static KeyStore loadKeystore(byte[] ksData, String storePassword) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException { -assert (ksData != null); -KeyStore ks = KeyStore.getInstance("JKS"); +public static KeyStore loadKeystore(final byte[] ksData, final String storePassword) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException { +assert ksData != null; +final KeyStore ks = KeyStore.getInstance("JKS"); ks.load(new ByteArrayInputStream(ksData), storePassword != null ? storePassword.toCharArray() : null); return ks; } -public static KeyStore buildKeystore(String alias, String cert, String privateKey, String storePassword) throws KeyStoreException, CertificateException, -NoSuchAlgorithmException, InvalidKeySpecException, IOException { +public
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78648573 --- Diff: utils/src/main/java/com/cloud/utils/security/CertificateHelper.java --- @@ -38,125 +38,139 @@ import java.security.spec.InvalidKeySpecException; import java.security.spec.PKCS8EncodedKeySpec; import java.util.ArrayList; +import java.util.Collection; +import java.util.Iterator; import java.util.List; -import com.cloud.utils.exception.CloudRuntimeException; import org.apache.commons.codec.binary.Base64; +import org.bouncycastle.util.io.pem.PemObject; +import org.bouncycastle.util.io.pem.PemReader; import com.cloud.utils.Ternary; -import org.bouncycastle.openssl.PEMReader; +import com.cloud.utils.exception.CloudRuntimeException; public class CertificateHelper { -public static byte[] buildAndSaveKeystore(String alias, String cert, String privateKey, String storePassword) throws KeyStoreException, CertificateException, -NoSuchAlgorithmException, InvalidKeySpecException, IOException { -KeyStore ks = buildKeystore(alias, cert, privateKey, storePassword); +public static byte[] buildAndSaveKeystore(final String alias, final String cert, final String privateKey, final String storePassword) throws KeyStoreException, CertificateException, +NoSuchAlgorithmException, InvalidKeySpecException, IOException { +final KeyStore ks = buildKeystore(alias, cert, privateKey, storePassword); -ByteArrayOutputStream os = new ByteArrayOutputStream(); +final ByteArrayOutputStream os = new ByteArrayOutputStream(); ks.store(os, storePassword != null ? storePassword.toCharArray() : null); os.close(); return os.toByteArray(); } -public static byte[] buildAndSaveKeystore(List> certs, String storePassword) throws KeyStoreException, NoSuchAlgorithmException, -CertificateException, IOException, InvalidKeySpecException { -KeyStore ks = KeyStore.getInstance("JKS"); +public static byte[] buildAndSaveKeystore(final List > certs, final String storePassword) throws KeyStoreException, NoSuchAlgorithmException, +CertificateException, IOException, InvalidKeySpecException { +final KeyStore ks = KeyStore.getInstance("JKS"); ks.load(null, storePassword != null ? storePassword.toCharArray() : null); //name,cert,key -for (Ternary cert : certs) { +for (final Ternary cert : certs) { if (cert.third() == null) { -Certificate c = buildCertificate(cert.second()); +final Certificate c = buildCertificate(cert.second()); ks.setCertificateEntry(cert.first(), c); } else { -Certificate[] c = new Certificate[certs.size()]; +final Certificate[] c = new Certificate[certs.size()]; int i = certs.size(); -for (Ternary ct : certs) { +for (final Ternary ct : certs) { c[i - 1] = buildCertificate(ct.second()); i--; } ks.setKeyEntry(cert.first(), buildPrivateKey(cert.third()), storePassword != null ? storePassword.toCharArray() : null, c); } } -ByteArrayOutputStream os = new ByteArrayOutputStream(); +final ByteArrayOutputStream os = new ByteArrayOutputStream(); ks.store(os, storePassword != null ? storePassword.toCharArray() : null); os.close(); return os.toByteArray(); } -public static KeyStore loadKeystore(byte[] ksData, String storePassword) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException { -assert (ksData != null); -KeyStore ks = KeyStore.getInstance("JKS"); +public static KeyStore loadKeystore(final byte[] ksData, final String storePassword) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException { +assert ksData != null; +final KeyStore ks = KeyStore.getInstance("JKS"); ks.load(new ByteArrayInputStream(ksData), storePassword != null ? storePassword.toCharArray() : null); return ks; } -public static KeyStore buildKeystore(String alias, String cert, String privateKey, String storePassword) throws KeyStoreException, CertificateException, -NoSuchAlgorithmException, InvalidKeySpecException, IOException { +public
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78648332 --- Diff: utils/src/main/java/com/cloud/utils/security/CertificateHelper.java --- @@ -38,125 +38,139 @@ import java.security.spec.InvalidKeySpecException; import java.security.spec.PKCS8EncodedKeySpec; import java.util.ArrayList; +import java.util.Collection; +import java.util.Iterator; import java.util.List; -import com.cloud.utils.exception.CloudRuntimeException; import org.apache.commons.codec.binary.Base64; +import org.bouncycastle.util.io.pem.PemObject; +import org.bouncycastle.util.io.pem.PemReader; import com.cloud.utils.Ternary; -import org.bouncycastle.openssl.PEMReader; +import com.cloud.utils.exception.CloudRuntimeException; public class CertificateHelper { -public static byte[] buildAndSaveKeystore(String alias, String cert, String privateKey, String storePassword) throws KeyStoreException, CertificateException, -NoSuchAlgorithmException, InvalidKeySpecException, IOException { -KeyStore ks = buildKeystore(alias, cert, privateKey, storePassword); +public static byte[] buildAndSaveKeystore(final String alias, final String cert, final String privateKey, final String storePassword) throws KeyStoreException, CertificateException, +NoSuchAlgorithmException, InvalidKeySpecException, IOException { +final KeyStore ks = buildKeystore(alias, cert, privateKey, storePassword); -ByteArrayOutputStream os = new ByteArrayOutputStream(); +final ByteArrayOutputStream os = new ByteArrayOutputStream(); ks.store(os, storePassword != null ? storePassword.toCharArray() : null); os.close(); return os.toByteArray(); } -public static byte[] buildAndSaveKeystore(List> certs, String storePassword) throws KeyStoreException, NoSuchAlgorithmException, -CertificateException, IOException, InvalidKeySpecException { -KeyStore ks = KeyStore.getInstance("JKS"); +public static byte[] buildAndSaveKeystore(final List > certs, final String storePassword) throws KeyStoreException, NoSuchAlgorithmException, +CertificateException, IOException, InvalidKeySpecException { +final KeyStore ks = KeyStore.getInstance("JKS"); ks.load(null, storePassword != null ? storePassword.toCharArray() : null); //name,cert,key -for (Ternary cert : certs) { +for (final Ternary cert : certs) { if (cert.third() == null) { -Certificate c = buildCertificate(cert.second()); +final Certificate c = buildCertificate(cert.second()); ks.setCertificateEntry(cert.first(), c); } else { -Certificate[] c = new Certificate[certs.size()]; +final Certificate[] c = new Certificate[certs.size()]; int i = certs.size(); -for (Ternary ct : certs) { +for (final Ternary ct : certs) { c[i - 1] = buildCertificate(ct.second()); i--; } ks.setKeyEntry(cert.first(), buildPrivateKey(cert.third()), storePassword != null ? storePassword.toCharArray() : null, c); } } -ByteArrayOutputStream os = new ByteArrayOutputStream(); +final ByteArrayOutputStream os = new ByteArrayOutputStream(); ks.store(os, storePassword != null ? storePassword.toCharArray() : null); os.close(); --- End diff -- It appears that we are potentially leaving a dangling `OutputSteam` instance. It seems like lines 84 and 85 should be wrapped in a try with resources block that translates all checked exceptions to unchecked exceptions and logs the error. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78647094 --- Diff: server/test/org/apache/cloudstack/network/lb/CertServiceTest.java --- @@ -440,129 +441,130 @@ public void runUploadSslCertBadkeyPair() throws IOException, IllegalAccessExcept public void runUploadSslCertBadkeyAlgo() throws IOException, IllegalAccessException, NoSuchFieldException { // Reading appropritate files -String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); -String keyFile = URLDecoder.decode(getClass().getResource("/certs/dsa_self_signed.key").getFile(),Charset.defaultCharset().name()); +final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); +final String keyFile = URLDecoder.decode(getClass().getResource("/certs/dsa_self_signed.key").getFile(),Charset.defaultCharset().name()); -String cert = readFileToString(new File(certFile)); -String key = readFileToString(new File(keyFile)); +final String cert = readFileToString(new File(certFile)); +final String key = readFileToString(new File(keyFile)); -CertServiceImpl certService = new CertServiceImpl(); +final CertServiceImpl certService = new CertServiceImpl(); //setting mock objects certService._accountMgr = Mockito.mock(AccountManager.class); -Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); +final Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); when(certService._accountMgr.getAccount(anyLong())).thenReturn(account); certService._domainDao = Mockito.mock(DomainDao.class); -DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); +final DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain); certService._sslCertDao = Mockito.mock(SslCertDao.class); when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO()); //creating the command -UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); -Class _class = uploadCmd.getClass().getSuperclass(); +final UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); +final Class klazz = uploadCmd.getClass().getSuperclass(); -Field certField = _class.getDeclaredField("cert"); +final Field certField = klazz.getDeclaredField("cert"); certField.setAccessible(true); certField.set(uploadCmd, cert); -Field keyField = _class.getDeclaredField("key"); +final Field keyField = klazz.getDeclaredField("key"); keyField.setAccessible(true); keyField.set(uploadCmd, key); try { certService.uploadSslCert(uploadCmd); fail("Given a private key which has a different algorithm than the certificate, upload should fail"); -} catch (Exception e) { -assertTrue(e.getMessage().contains("Public and private key have different algorithms")); +} catch (final Exception e) { +assertTrue("Did not expect message: " + e.getMessage(), +e.getMessage().contains("Error parsing certificate data Parsing certificate/key failed: Invalid Key format.")); } } @Test public void runUploadSslCertExpiredCert() throws IOException, IllegalAccessException, NoSuchFieldException { // Reading appropritate files -String certFile = URLDecoder.decode(getClass().getResource("/certs/expired_cert.crt").getFile(),Charset.defaultCharset().name()); -String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.key").getFile(),Charset.defaultCharset().name()); +final String certFile = URLDecoder.decode(getClass().getResource("/certs/expired_cert.crt").getFile(),Charset.defaultCharset().name()); +final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.key").getFile(),Charset.defaultCharset().name()); -String cert = readFileToString(new File(certFile)); -String key = readFileToString(new File(keyFile)); +final String cert = readFileToString(new File(certFile)); +final String key = readFileToString(new File(keyFile)); -CertServiceImpl
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78647052 --- Diff: server/test/org/apache/cloudstack/network/lb/CertServiceTest.java --- @@ -440,129 +441,130 @@ public void runUploadSslCertBadkeyPair() throws IOException, IllegalAccessExcept public void runUploadSslCertBadkeyAlgo() throws IOException, IllegalAccessException, NoSuchFieldException { // Reading appropritate files -String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); -String keyFile = URLDecoder.decode(getClass().getResource("/certs/dsa_self_signed.key").getFile(),Charset.defaultCharset().name()); +final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); +final String keyFile = URLDecoder.decode(getClass().getResource("/certs/dsa_self_signed.key").getFile(),Charset.defaultCharset().name()); -String cert = readFileToString(new File(certFile)); -String key = readFileToString(new File(keyFile)); +final String cert = readFileToString(new File(certFile)); +final String key = readFileToString(new File(keyFile)); -CertServiceImpl certService = new CertServiceImpl(); +final CertServiceImpl certService = new CertServiceImpl(); //setting mock objects certService._accountMgr = Mockito.mock(AccountManager.class); -Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); +final Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); when(certService._accountMgr.getAccount(anyLong())).thenReturn(account); certService._domainDao = Mockito.mock(DomainDao.class); -DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); +final DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain); certService._sslCertDao = Mockito.mock(SslCertDao.class); when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO()); //creating the command -UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); -Class _class = uploadCmd.getClass().getSuperclass(); +final UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); +final Class klazz = uploadCmd.getClass().getSuperclass(); -Field certField = _class.getDeclaredField("cert"); +final Field certField = klazz.getDeclaredField("cert"); certField.setAccessible(true); certField.set(uploadCmd, cert); -Field keyField = _class.getDeclaredField("key"); +final Field keyField = klazz.getDeclaredField("key"); keyField.setAccessible(true); keyField.set(uploadCmd, key); try { certService.uploadSslCert(uploadCmd); fail("Given a private key which has a different algorithm than the certificate, upload should fail"); -} catch (Exception e) { -assertTrue(e.getMessage().contains("Public and private key have different algorithms")); +} catch (final Exception e) { +assertTrue("Did not expect message: " + e.getMessage(), +e.getMessage().contains("Error parsing certificate data Parsing certificate/key failed: Invalid Key format.")); } } @Test public void runUploadSslCertExpiredCert() throws IOException, IllegalAccessException, NoSuchFieldException { // Reading appropritate files -String certFile = URLDecoder.decode(getClass().getResource("/certs/expired_cert.crt").getFile(),Charset.defaultCharset().name()); -String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.key").getFile(),Charset.defaultCharset().name()); +final String certFile = URLDecoder.decode(getClass().getResource("/certs/expired_cert.crt").getFile(),Charset.defaultCharset().name()); +final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.key").getFile(),Charset.defaultCharset().name()); -String cert = readFileToString(new File(certFile)); -String key = readFileToString(new File(keyFile)); +final String cert = readFileToString(new File(certFile)); +final String key = readFileToString(new File(keyFile)); -CertServiceImpl
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78648238 --- Diff: utils/src/main/java/com/cloud/utils/security/CertificateHelper.java --- @@ -38,125 +38,139 @@ import java.security.spec.InvalidKeySpecException; import java.security.spec.PKCS8EncodedKeySpec; import java.util.ArrayList; +import java.util.Collection; +import java.util.Iterator; import java.util.List; -import com.cloud.utils.exception.CloudRuntimeException; import org.apache.commons.codec.binary.Base64; +import org.bouncycastle.util.io.pem.PemObject; +import org.bouncycastle.util.io.pem.PemReader; import com.cloud.utils.Ternary; -import org.bouncycastle.openssl.PEMReader; +import com.cloud.utils.exception.CloudRuntimeException; public class CertificateHelper { -public static byte[] buildAndSaveKeystore(String alias, String cert, String privateKey, String storePassword) throws KeyStoreException, CertificateException, -NoSuchAlgorithmException, InvalidKeySpecException, IOException { -KeyStore ks = buildKeystore(alias, cert, privateKey, storePassword); +public static byte[] buildAndSaveKeystore(final String alias, final String cert, final String privateKey, final String storePassword) throws KeyStoreException, CertificateException, +NoSuchAlgorithmException, InvalidKeySpecException, IOException { +final KeyStore ks = buildKeystore(alias, cert, privateKey, storePassword); -ByteArrayOutputStream os = new ByteArrayOutputStream(); +final ByteArrayOutputStream os = new ByteArrayOutputStream(); ks.store(os, storePassword != null ? storePassword.toCharArray() : null); os.close(); return os.toByteArray(); } -public static byte[] buildAndSaveKeystore(List> certs, String storePassword) throws KeyStoreException, NoSuchAlgorithmException, -CertificateException, IOException, InvalidKeySpecException { -KeyStore ks = KeyStore.getInstance("JKS"); +public static byte[] buildAndSaveKeystore(final List > certs, final String storePassword) throws KeyStoreException, NoSuchAlgorithmException, +CertificateException, IOException, InvalidKeySpecException { +final KeyStore ks = KeyStore.getInstance("JKS"); ks.load(null, storePassword != null ? storePassword.toCharArray() : null); //name,cert,key -for (Ternary cert : certs) { +for (final Ternary cert : certs) { if (cert.third() == null) { -Certificate c = buildCertificate(cert.second()); +final Certificate c = buildCertificate(cert.second()); ks.setCertificateEntry(cert.first(), c); } else { -Certificate[] c = new Certificate[certs.size()]; +final Certificate[] c = new Certificate[certs.size()]; int i = certs.size(); -for (Ternary ct : certs) { +for (final Ternary ct : certs) { c[i - 1] = buildCertificate(ct.second()); i--; } ks.setKeyEntry(cert.first(), buildPrivateKey(cert.third()), storePassword != null ? storePassword.toCharArray() : null, c); } } -ByteArrayOutputStream os = new ByteArrayOutputStream(); +final ByteArrayOutputStream os = new ByteArrayOutputStream(); ks.store(os, storePassword != null ? storePassword.toCharArray() : null); os.close(); return os.toByteArray(); } -public static KeyStore loadKeystore(byte[] ksData, String storePassword) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException { -assert (ksData != null); -KeyStore ks = KeyStore.getInstance("JKS"); +public static KeyStore loadKeystore(final byte[] ksData, final String storePassword) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException { +assert ksData != null; +final KeyStore ks = KeyStore.getInstance("JKS"); ks.load(new ByteArrayInputStream(ksData), storePassword != null ? storePassword.toCharArray() : null); --- End diff -- It appears that we are potentially leaving a dangling `InputSteam` here. It seems like line 93 should be wrapped in a try with resources block that translates all checked exceptions to unchecked exceptions and logs the error. --- If your project is set up for it, you can
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78648029 --- Diff: utils/src/main/java/com/cloud/utils/security/CertificateHelper.java --- @@ -38,125 +38,139 @@ import java.security.spec.InvalidKeySpecException; import java.security.spec.PKCS8EncodedKeySpec; import java.util.ArrayList; +import java.util.Collection; +import java.util.Iterator; import java.util.List; -import com.cloud.utils.exception.CloudRuntimeException; import org.apache.commons.codec.binary.Base64; +import org.bouncycastle.util.io.pem.PemObject; +import org.bouncycastle.util.io.pem.PemReader; import com.cloud.utils.Ternary; -import org.bouncycastle.openssl.PEMReader; +import com.cloud.utils.exception.CloudRuntimeException; public class CertificateHelper { -public static byte[] buildAndSaveKeystore(String alias, String cert, String privateKey, String storePassword) throws KeyStoreException, CertificateException, -NoSuchAlgorithmException, InvalidKeySpecException, IOException { -KeyStore ks = buildKeystore(alias, cert, privateKey, storePassword); +public static byte[] buildAndSaveKeystore(final String alias, final String cert, final String privateKey, final String storePassword) throws KeyStoreException, CertificateException, +NoSuchAlgorithmException, InvalidKeySpecException, IOException { +final KeyStore ks = buildKeystore(alias, cert, privateKey, storePassword); -ByteArrayOutputStream os = new ByteArrayOutputStream(); +final ByteArrayOutputStream os = new ByteArrayOutputStream(); ks.store(os, storePassword != null ? storePassword.toCharArray() : null); os.close(); --- End diff -- It appears that we potentially leaving a dangling `OutputSteam` instance here. It seems like lines 57 and 58 should be wrapped in a try with resources block that translates all checked exceptions to unchecked exceptions and logs the error. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78647513 --- Diff: server/test/org/apache/cloudstack/network/lb/CertServiceTest.java --- @@ -726,17 +729,17 @@ public void runDeleteSslCertInvalidId() throws NoSuchFieldException, IllegalAcce when(certService._lbCertDao.listByCertId(anyLong())).thenReturn(null); //creating the command -DeleteSslCertCmd deleteCmd = new DeleteSslCertCmdExtn(); -Class _class = deleteCmd.getClass().getSuperclass(); +final DeleteSslCertCmd deleteCmd = new DeleteSslCertCmdExtn(); +final Class klazz = deleteCmd.getClass().getSuperclass(); -Field certField = _class.getDeclaredField("id"); +final Field certField = klazz.getDeclaredField("id"); certField.setAccessible(true); certField.set(deleteCmd, certId); try { certService.deleteSslCert(deleteCmd); fail("Delete with an invalid ID should fail"); -} catch (Exception e) { +} catch (final Exception e) { assertTrue(e.getMessage().contains("Invalid certificate id")); } --- End diff -- Please consider replacing this `try` block with `expected` on the `@Test` annotation --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78647426 --- Diff: server/test/org/apache/cloudstack/network/lb/CertServiceTest.java --- @@ -686,35 +689,35 @@ public void runDeleteSslCertBoundCert() throws NoSuchFieldException, IllegalAcce when(certService._entityMgr.findById(eq(LoadBalancerVO.class), anyLong())).thenReturn(new LoadBalancerVO()); //creating the command -DeleteSslCertCmd deleteCmd = new DeleteSslCertCmdExtn(); -Class _class = deleteCmd.getClass().getSuperclass(); +final DeleteSslCertCmd deleteCmd = new DeleteSslCertCmdExtn(); +final Class klazz = deleteCmd.getClass().getSuperclass(); -Field certField = _class.getDeclaredField("id"); +final Field certField = klazz.getDeclaredField("id"); certField.setAccessible(true); certField.set(deleteCmd, certId); try { certService.deleteSslCert(deleteCmd); fail("Delete with a cert id bound to a lb should fail"); -} catch (Exception e) { +} catch (final Exception e) { assertTrue(e.getMessage().contains("Certificate in use by a loadbalancer")); } --- End diff -- Please consider replacing this `try` block with `expected` on the `@Test` annotation --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78647300 --- Diff: server/test/org/apache/cloudstack/network/lb/CertServiceTest.java --- @@ -571,43 +573,44 @@ public void runUploadSslCertNotX509() throws IOException, IllegalAccessException public void runUploadSslCertBadFormat() throws IOException, IllegalAccessException, NoSuchFieldException { // Reading appropritate files -String certFile = URLDecoder.decode(getClass().getResource("/certs/bad_format_cert.crt").getFile(),Charset.defaultCharset().name()); -String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.key").getFile(),Charset.defaultCharset().name()); +final String certFile = URLDecoder.decode(getClass().getResource("/certs/bad_format_cert.crt").getFile(),Charset.defaultCharset().name()); +final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.key").getFile(),Charset.defaultCharset().name()); -String cert = readFileToString(new File(certFile)); -String key = readFileToString(new File(keyFile)); +final String cert = readFileToString(new File(certFile)); +final String key = readFileToString(new File(keyFile)); -CertServiceImpl certService = new CertServiceImpl(); +final CertServiceImpl certService = new CertServiceImpl(); //setting mock objects certService._accountMgr = Mockito.mock(AccountManager.class); -Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); +final Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); when(certService._accountMgr.getAccount(anyLong())).thenReturn(account); certService._domainDao = Mockito.mock(DomainDao.class); -DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); +final DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain); certService._sslCertDao = Mockito.mock(SslCertDao.class); when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO()); //creating the command -UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); -Class _class = uploadCmd.getClass().getSuperclass(); +final UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); +final Class klazz = uploadCmd.getClass().getSuperclass(); -Field certField = _class.getDeclaredField("cert"); +final Field certField = klazz.getDeclaredField("cert"); certField.setAccessible(true); certField.set(uploadCmd, cert); -Field keyField = _class.getDeclaredField("key"); +final Field keyField = klazz.getDeclaredField("key"); keyField.setAccessible(true); keyField.set(uploadCmd, key); try { certService.uploadSslCert(uploadCmd); fail("Given a Certificate in bad format (Not PEM), upload should fail"); -} catch (Exception e) { -assertTrue(e.getMessage().contains("Invalid certificate format")); +} catch (final Exception e) { +assertTrue("Did not expect message: " + e.getMessage(), +e.getMessage().contains("Error parsing certificate data Invalid Certificate format. Expected X509 certificate. Failed due to null")); } } --- End diff -- Please consider replacing this `try` block with `expected` on the `@Test` annotation --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78645945 --- Diff: server/test/org/apache/cloudstack/network/lb/CertServiceTest.java --- @@ -348,90 +348,91 @@ public void runUploadSslCertNoRootCert() throws IOException, IllegalAccessExcept @Test public void runUploadSslCertBadPassword() throws IOException, IllegalAccessException, NoSuchFieldException { -String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.crt").getFile(),Charset.defaultCharset().name()); -String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.key").getFile(),Charset.defaultCharset().name()); -String password = "bad_password"; +final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.crt").getFile(),Charset.defaultCharset().name()); +final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.key").getFile(),Charset.defaultCharset().name()); +final String password = "bad_password"; -String cert = readFileToString(new File(certFile)); -String key = readFileToString(new File(keyFile)); +final String cert = readFileToString(new File(certFile)); +final String key = readFileToString(new File(keyFile)); -CertServiceImpl certService = new CertServiceImpl(); +final CertServiceImpl certService = new CertServiceImpl(); //setting mock objects certService._accountMgr = Mockito.mock(AccountManager.class); -Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); +final Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); when(certService._accountMgr.getAccount(anyLong())).thenReturn(account); certService._domainDao = Mockito.mock(DomainDao.class); -DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); +final DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain); certService._sslCertDao = Mockito.mock(SslCertDao.class); when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO()); //creating the command -UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); -Class _class = uploadCmd.getClass().getSuperclass(); +final UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); +final Class klazz = uploadCmd.getClass().getSuperclass(); -Field certField = _class.getDeclaredField("cert"); +final Field certField = klazz.getDeclaredField("cert"); certField.setAccessible(true); certField.set(uploadCmd, cert); -Field keyField = _class.getDeclaredField("key"); +final Field keyField = klazz.getDeclaredField("key"); keyField.setAccessible(true); keyField.set(uploadCmd, key); -Field passField = _class.getDeclaredField("password"); +final Field passField = klazz.getDeclaredField("password"); passField.setAccessible(true); passField.set(uploadCmd, password); try { certService.uploadSslCert(uploadCmd); fail("Given an encrypted private key with a bad password. Upload should fail."); -} catch (Exception e) { -assertTrue(e.getMessage().contains("please check password and data")); +} catch (final Exception e) { +assertTrue("Did not expect message: " + e.getMessage(), +e.getMessage().contains("Error parsing certificate data Parsing certificate/key failed: Invalid Key format.")); } } @Test public void runUploadSslCertBadkeyPair() throws IOException, IllegalAccessException, NoSuchFieldException { // Reading appropritate files -String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); -String keyFile = URLDecoder.decode(getClass().getResource("/certs/non_root.key").getFile(),Charset.defaultCharset().name()); +final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); +final String keyFile = URLDecoder.decode(getClass().getResource("/certs/non_root.key").getFile(),Charset.defaultCharset().name()); -
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78645447 --- Diff: server/test/org/apache/cloudstack/network/lb/CertServiceTest.java --- @@ -297,48 +297,48 @@ public void runUploadSslCertNoRootCert() throws IOException, IllegalAccessExcept Assume.assumeTrue(isOpenJdk() || isJCEInstalled()); -String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.crt").getFile(),Charset.defaultCharset().name()); -String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.key").getFile(),Charset.defaultCharset().name()); -String chainFile = URLDecoder.decode(getClass().getResource("/certs/non_root.crt").getFile(),Charset.defaultCharset().name()); +final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.crt").getFile(),Charset.defaultCharset().name()); +final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.key").getFile(),Charset.defaultCharset().name()); +final String chainFile = URLDecoder.decode(getClass().getResource("/certs/non_root.crt").getFile(),Charset.defaultCharset().name()); -String cert = readFileToString(new File(certFile)); -String key = readFileToString(new File(keyFile)); -String chain = readFileToString(new File(chainFile)); +final String cert = readFileToString(new File(certFile)); +final String key = readFileToString(new File(keyFile)); +final String chain = readFileToString(new File(chainFile)); -CertServiceImpl certService = new CertServiceImpl(); +final CertServiceImpl certService = new CertServiceImpl(); //setting mock objects certService._accountMgr = Mockito.mock(AccountManager.class); -Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); +final Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); when(certService._accountMgr.getAccount(anyLong())).thenReturn(account); certService._domainDao = Mockito.mock(DomainDao.class); -DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); +final DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain); certService._sslCertDao = Mockito.mock(SslCertDao.class); when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO()); //creating the command -UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); -Class _class = uploadCmd.getClass().getSuperclass(); +final UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); +final Class klazz = uploadCmd.getClass().getSuperclass(); -Field certField = _class.getDeclaredField("cert"); +final Field certField = klazz.getDeclaredField("cert"); certField.setAccessible(true); certField.set(uploadCmd, cert); -Field keyField = _class.getDeclaredField("key"); +final Field keyField = klazz.getDeclaredField("key"); keyField.setAccessible(true); keyField.set(uploadCmd, key); -Field chainField = _class.getDeclaredField("chain"); +final Field chainField = klazz.getDeclaredField("chain"); chainField.setAccessible(true); chainField.set(uploadCmd, chain); try { certService.uploadSslCert(uploadCmd); fail("Chain is given but does not link to the certificate"); -} catch (Exception e) { +} catch (final Exception e) { assertTrue(e.getMessage().contains("Invalid certificate chain")); } --- End diff -- Please consider replacing this try block with `expected` on the `@Test` annotation. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78645238 --- Diff: server/test/org/apache/cloudstack/network/lb/CertServiceTest.java --- @@ -297,48 +297,48 @@ public void runUploadSslCertNoRootCert() throws IOException, IllegalAccessExcept Assume.assumeTrue(isOpenJdk() || isJCEInstalled()); -String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.crt").getFile(),Charset.defaultCharset().name()); -String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.key").getFile(),Charset.defaultCharset().name()); -String chainFile = URLDecoder.decode(getClass().getResource("/certs/non_root.crt").getFile(),Charset.defaultCharset().name()); +final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.crt").getFile(),Charset.defaultCharset().name()); +final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.key").getFile(),Charset.defaultCharset().name()); +final String chainFile = URLDecoder.decode(getClass().getResource("/certs/non_root.crt").getFile(),Charset.defaultCharset().name()); --- End diff -- Please see line notes for 154-155 as those comments apply to lines 300-302 as well. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78645782 --- Diff: server/test/org/apache/cloudstack/network/lb/CertServiceTest.java --- @@ -348,90 +348,91 @@ public void runUploadSslCertNoRootCert() throws IOException, IllegalAccessExcept @Test public void runUploadSslCertBadPassword() throws IOException, IllegalAccessException, NoSuchFieldException { -String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.crt").getFile(),Charset.defaultCharset().name()); -String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.key").getFile(),Charset.defaultCharset().name()); -String password = "bad_password"; +final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.crt").getFile(),Charset.defaultCharset().name()); +final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.key").getFile(),Charset.defaultCharset().name()); +final String password = "bad_password"; -String cert = readFileToString(new File(certFile)); -String key = readFileToString(new File(keyFile)); +final String cert = readFileToString(new File(certFile)); +final String key = readFileToString(new File(keyFile)); --- End diff -- Please see line comments 158-159 as they apply to lines 355-356 as well. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78646098 --- Diff: server/test/org/apache/cloudstack/network/lb/CertServiceTest.java --- @@ -440,129 +441,130 @@ public void runUploadSslCertBadkeyPair() throws IOException, IllegalAccessExcept public void runUploadSslCertBadkeyAlgo() throws IOException, IllegalAccessException, NoSuchFieldException { // Reading appropritate files -String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); -String keyFile = URLDecoder.decode(getClass().getResource("/certs/dsa_self_signed.key").getFile(),Charset.defaultCharset().name()); +final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); +final String keyFile = URLDecoder.decode(getClass().getResource("/certs/dsa_self_signed.key").getFile(),Charset.defaultCharset().name()); -String cert = readFileToString(new File(certFile)); -String key = readFileToString(new File(keyFile)); +final String cert = readFileToString(new File(certFile)); +final String key = readFileToString(new File(keyFile)); --- End diff -- Please see line comments 158-159 as they apply to lines 447-448 as well. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78647140 --- Diff: server/test/org/apache/cloudstack/network/lb/CertServiceTest.java --- @@ -571,43 +573,44 @@ public void runUploadSslCertNotX509() throws IOException, IllegalAccessException public void runUploadSslCertBadFormat() throws IOException, IllegalAccessException, NoSuchFieldException { // Reading appropritate files -String certFile = URLDecoder.decode(getClass().getResource("/certs/bad_format_cert.crt").getFile(),Charset.defaultCharset().name()); -String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.key").getFile(),Charset.defaultCharset().name()); +final String certFile = URLDecoder.decode(getClass().getResource("/certs/bad_format_cert.crt").getFile(),Charset.defaultCharset().name()); +final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.key").getFile(),Charset.defaultCharset().name()); --- End diff -- Please see line notes for 154-155 as those comments apply to lines 576-577 as well. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78647190 --- Diff: server/test/org/apache/cloudstack/network/lb/CertServiceTest.java --- @@ -571,43 +573,44 @@ public void runUploadSslCertNotX509() throws IOException, IllegalAccessException public void runUploadSslCertBadFormat() throws IOException, IllegalAccessException, NoSuchFieldException { // Reading appropritate files -String certFile = URLDecoder.decode(getClass().getResource("/certs/bad_format_cert.crt").getFile(),Charset.defaultCharset().name()); -String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.key").getFile(),Charset.defaultCharset().name()); +final String certFile = URLDecoder.decode(getClass().getResource("/certs/bad_format_cert.crt").getFile(),Charset.defaultCharset().name()); +final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.key").getFile(),Charset.defaultCharset().name()); -String cert = readFileToString(new File(certFile)); -String key = readFileToString(new File(keyFile)); +final String cert = readFileToString(new File(certFile)); +final String key = readFileToString(new File(keyFile)); --- End diff -- Please see line comments 158-159 as they apply to lines 579-580 as well. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78646689 --- Diff: server/test/org/apache/cloudstack/network/lb/CertServiceTest.java --- @@ -440,129 +441,130 @@ public void runUploadSslCertBadkeyPair() throws IOException, IllegalAccessExcept public void runUploadSslCertBadkeyAlgo() throws IOException, IllegalAccessException, NoSuchFieldException { // Reading appropritate files -String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); -String keyFile = URLDecoder.decode(getClass().getResource("/certs/dsa_self_signed.key").getFile(),Charset.defaultCharset().name()); +final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); +final String keyFile = URLDecoder.decode(getClass().getResource("/certs/dsa_self_signed.key").getFile(),Charset.defaultCharset().name()); -String cert = readFileToString(new File(certFile)); -String key = readFileToString(new File(keyFile)); +final String cert = readFileToString(new File(certFile)); +final String key = readFileToString(new File(keyFile)); -CertServiceImpl certService = new CertServiceImpl(); +final CertServiceImpl certService = new CertServiceImpl(); //setting mock objects certService._accountMgr = Mockito.mock(AccountManager.class); -Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); +final Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); when(certService._accountMgr.getAccount(anyLong())).thenReturn(account); certService._domainDao = Mockito.mock(DomainDao.class); -DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); +final DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain); certService._sslCertDao = Mockito.mock(SslCertDao.class); when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO()); //creating the command -UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); -Class _class = uploadCmd.getClass().getSuperclass(); +final UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); +final Class klazz = uploadCmd.getClass().getSuperclass(); -Field certField = _class.getDeclaredField("cert"); +final Field certField = klazz.getDeclaredField("cert"); certField.setAccessible(true); certField.set(uploadCmd, cert); -Field keyField = _class.getDeclaredField("key"); +final Field keyField = klazz.getDeclaredField("key"); keyField.setAccessible(true); keyField.set(uploadCmd, key); try { certService.uploadSslCert(uploadCmd); fail("Given a private key which has a different algorithm than the certificate, upload should fail"); -} catch (Exception e) { -assertTrue(e.getMessage().contains("Public and private key have different algorithms")); +} catch (final Exception e) { +assertTrue("Did not expect message: " + e.getMessage(), +e.getMessage().contains("Error parsing certificate data Parsing certificate/key failed: Invalid Key format.")); } } --- End diff -- Please consider replacing this `try` block with `expected` on the `@Test` annotation. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78646330 --- Diff: server/test/org/apache/cloudstack/network/lb/CertServiceTest.java --- @@ -440,129 +441,130 @@ public void runUploadSslCertBadkeyPair() throws IOException, IllegalAccessExcept public void runUploadSslCertBadkeyAlgo() throws IOException, IllegalAccessException, NoSuchFieldException { // Reading appropritate files -String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); -String keyFile = URLDecoder.decode(getClass().getResource("/certs/dsa_self_signed.key").getFile(),Charset.defaultCharset().name()); +final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); +final String keyFile = URLDecoder.decode(getClass().getResource("/certs/dsa_self_signed.key").getFile(),Charset.defaultCharset().name()); -String cert = readFileToString(new File(certFile)); -String key = readFileToString(new File(keyFile)); +final String cert = readFileToString(new File(certFile)); +final String key = readFileToString(new File(keyFile)); -CertServiceImpl certService = new CertServiceImpl(); +final CertServiceImpl certService = new CertServiceImpl(); --- End diff -- This line appears in nearly every test method. Consider converting it to an attribute and initializing it in `setUp`. Since the `setUp` is run before every test method, the instance will be re-initialized and it will remove some repetition. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78646913 --- Diff: server/test/org/apache/cloudstack/network/lb/CertServiceTest.java --- @@ -440,129 +441,130 @@ public void runUploadSslCertBadkeyPair() throws IOException, IllegalAccessExcept public void runUploadSslCertBadkeyAlgo() throws IOException, IllegalAccessException, NoSuchFieldException { // Reading appropritate files -String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); -String keyFile = URLDecoder.decode(getClass().getResource("/certs/dsa_self_signed.key").getFile(),Charset.defaultCharset().name()); +final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); +final String keyFile = URLDecoder.decode(getClass().getResource("/certs/dsa_self_signed.key").getFile(),Charset.defaultCharset().name()); -String cert = readFileToString(new File(certFile)); -String key = readFileToString(new File(keyFile)); +final String cert = readFileToString(new File(certFile)); +final String key = readFileToString(new File(keyFile)); -CertServiceImpl certService = new CertServiceImpl(); +final CertServiceImpl certService = new CertServiceImpl(); //setting mock objects certService._accountMgr = Mockito.mock(AccountManager.class); -Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); +final Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); when(certService._accountMgr.getAccount(anyLong())).thenReturn(account); certService._domainDao = Mockito.mock(DomainDao.class); -DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); +final DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain); certService._sslCertDao = Mockito.mock(SslCertDao.class); when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO()); //creating the command -UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); -Class _class = uploadCmd.getClass().getSuperclass(); +final UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); +final Class klazz = uploadCmd.getClass().getSuperclass(); -Field certField = _class.getDeclaredField("cert"); +final Field certField = klazz.getDeclaredField("cert"); certField.setAccessible(true); certField.set(uploadCmd, cert); -Field keyField = _class.getDeclaredField("key"); +final Field keyField = klazz.getDeclaredField("key"); keyField.setAccessible(true); keyField.set(uploadCmd, key); try { certService.uploadSslCert(uploadCmd); fail("Given a private key which has a different algorithm than the certificate, upload should fail"); -} catch (Exception e) { -assertTrue(e.getMessage().contains("Public and private key have different algorithms")); +} catch (final Exception e) { +assertTrue("Did not expect message: " + e.getMessage(), +e.getMessage().contains("Error parsing certificate data Parsing certificate/key failed: Invalid Key format.")); } } @Test public void runUploadSslCertExpiredCert() throws IOException, IllegalAccessException, NoSuchFieldException { // Reading appropritate files -String certFile = URLDecoder.decode(getClass().getResource("/certs/expired_cert.crt").getFile(),Charset.defaultCharset().name()); -String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.key").getFile(),Charset.defaultCharset().name()); +final String certFile = URLDecoder.decode(getClass().getResource("/certs/expired_cert.crt").getFile(),Charset.defaultCharset().name()); +final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.key").getFile(),Charset.defaultCharset().name()); --- End diff -- Please see line notes for 154-155 as those comments apply to lines 489-490 as well. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78646974 --- Diff: server/test/org/apache/cloudstack/network/lb/CertServiceTest.java --- @@ -440,129 +441,130 @@ public void runUploadSslCertBadkeyPair() throws IOException, IllegalAccessExcept public void runUploadSslCertBadkeyAlgo() throws IOException, IllegalAccessException, NoSuchFieldException { // Reading appropritate files -String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); -String keyFile = URLDecoder.decode(getClass().getResource("/certs/dsa_self_signed.key").getFile(),Charset.defaultCharset().name()); +final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); +final String keyFile = URLDecoder.decode(getClass().getResource("/certs/dsa_self_signed.key").getFile(),Charset.defaultCharset().name()); -String cert = readFileToString(new File(certFile)); -String key = readFileToString(new File(keyFile)); +final String cert = readFileToString(new File(certFile)); +final String key = readFileToString(new File(keyFile)); -CertServiceImpl certService = new CertServiceImpl(); +final CertServiceImpl certService = new CertServiceImpl(); //setting mock objects certService._accountMgr = Mockito.mock(AccountManager.class); -Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); +final Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); when(certService._accountMgr.getAccount(anyLong())).thenReturn(account); certService._domainDao = Mockito.mock(DomainDao.class); -DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); +final DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain); certService._sslCertDao = Mockito.mock(SslCertDao.class); when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO()); //creating the command -UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); -Class _class = uploadCmd.getClass().getSuperclass(); +final UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); +final Class klazz = uploadCmd.getClass().getSuperclass(); -Field certField = _class.getDeclaredField("cert"); +final Field certField = klazz.getDeclaredField("cert"); certField.setAccessible(true); certField.set(uploadCmd, cert); -Field keyField = _class.getDeclaredField("key"); +final Field keyField = klazz.getDeclaredField("key"); keyField.setAccessible(true); keyField.set(uploadCmd, key); try { certService.uploadSslCert(uploadCmd); fail("Given a private key which has a different algorithm than the certificate, upload should fail"); -} catch (Exception e) { -assertTrue(e.getMessage().contains("Public and private key have different algorithms")); +} catch (final Exception e) { +assertTrue("Did not expect message: " + e.getMessage(), +e.getMessage().contains("Error parsing certificate data Parsing certificate/key failed: Invalid Key format.")); } } @Test public void runUploadSslCertExpiredCert() throws IOException, IllegalAccessException, NoSuchFieldException { // Reading appropritate files -String certFile = URLDecoder.decode(getClass().getResource("/certs/expired_cert.crt").getFile(),Charset.defaultCharset().name()); -String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.key").getFile(),Charset.defaultCharset().name()); +final String certFile = URLDecoder.decode(getClass().getResource("/certs/expired_cert.crt").getFile(),Charset.defaultCharset().name()); +final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.key").getFile(),Charset.defaultCharset().name()); -String cert = readFileToString(new File(certFile)); -String key = readFileToString(new File(keyFile)); +final String cert = readFileToString(new File(certFile)); +final String key = readFileToString(new File(keyFile)); --- End diff -- Please
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78646545 --- Diff: server/test/org/apache/cloudstack/network/lb/CertServiceTest.java --- @@ -440,129 +441,130 @@ public void runUploadSslCertBadkeyPair() throws IOException, IllegalAccessExcept public void runUploadSslCertBadkeyAlgo() throws IOException, IllegalAccessException, NoSuchFieldException { // Reading appropritate files -String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); -String keyFile = URLDecoder.decode(getClass().getResource("/certs/dsa_self_signed.key").getFile(),Charset.defaultCharset().name()); +final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); +final String keyFile = URLDecoder.decode(getClass().getResource("/certs/dsa_self_signed.key").getFile(),Charset.defaultCharset().name()); -String cert = readFileToString(new File(certFile)); -String key = readFileToString(new File(keyFile)); +final String cert = readFileToString(new File(certFile)); +final String key = readFileToString(new File(keyFile)); -CertServiceImpl certService = new CertServiceImpl(); +final CertServiceImpl certService = new CertServiceImpl(); //setting mock objects certService._accountMgr = Mockito.mock(AccountManager.class); -Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); +final Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); when(certService._accountMgr.getAccount(anyLong())).thenReturn(account); certService._domainDao = Mockito.mock(DomainDao.class); -DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); +final DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain); certService._sslCertDao = Mockito.mock(SslCertDao.class); when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO()); --- End diff -- Lines 450-462 appear in nearly every test method. Consider converting it to an attribute and initializing it in setUp. Since the setUp is run before every test method, the instance will be re-initialized and it will remove some repetition. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78646056 --- Diff: server/test/org/apache/cloudstack/network/lb/CertServiceTest.java --- @@ -440,129 +441,130 @@ public void runUploadSslCertBadkeyPair() throws IOException, IllegalAccessExcept public void runUploadSslCertBadkeyAlgo() throws IOException, IllegalAccessException, NoSuchFieldException { // Reading appropritate files -String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); -String keyFile = URLDecoder.decode(getClass().getResource("/certs/dsa_self_signed.key").getFile(),Charset.defaultCharset().name()); +final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); +final String keyFile = URLDecoder.decode(getClass().getResource("/certs/dsa_self_signed.key").getFile(),Charset.defaultCharset().name()); --- End diff -- Please see line notes for 154-155 as those comments apply to lines 444-445 as well. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78645990 --- Diff: server/test/org/apache/cloudstack/network/lb/CertServiceTest.java --- @@ -348,90 +348,91 @@ public void runUploadSslCertNoRootCert() throws IOException, IllegalAccessExcept @Test public void runUploadSslCertBadPassword() throws IOException, IllegalAccessException, NoSuchFieldException { -String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.crt").getFile(),Charset.defaultCharset().name()); -String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.key").getFile(),Charset.defaultCharset().name()); -String password = "bad_password"; +final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.crt").getFile(),Charset.defaultCharset().name()); +final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.key").getFile(),Charset.defaultCharset().name()); +final String password = "bad_password"; -String cert = readFileToString(new File(certFile)); -String key = readFileToString(new File(keyFile)); +final String cert = readFileToString(new File(certFile)); +final String key = readFileToString(new File(keyFile)); -CertServiceImpl certService = new CertServiceImpl(); +final CertServiceImpl certService = new CertServiceImpl(); //setting mock objects certService._accountMgr = Mockito.mock(AccountManager.class); -Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); +final Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); when(certService._accountMgr.getAccount(anyLong())).thenReturn(account); certService._domainDao = Mockito.mock(DomainDao.class); -DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); +final DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain); certService._sslCertDao = Mockito.mock(SslCertDao.class); when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO()); //creating the command -UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); -Class _class = uploadCmd.getClass().getSuperclass(); +final UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); +final Class klazz = uploadCmd.getClass().getSuperclass(); -Field certField = _class.getDeclaredField("cert"); +final Field certField = klazz.getDeclaredField("cert"); certField.setAccessible(true); certField.set(uploadCmd, cert); -Field keyField = _class.getDeclaredField("key"); +final Field keyField = klazz.getDeclaredField("key"); keyField.setAccessible(true); keyField.set(uploadCmd, key); -Field passField = _class.getDeclaredField("password"); +final Field passField = klazz.getDeclaredField("password"); passField.setAccessible(true); passField.set(uploadCmd, password); try { certService.uploadSslCert(uploadCmd); fail("Given an encrypted private key with a bad password. Upload should fail."); -} catch (Exception e) { -assertTrue(e.getMessage().contains("please check password and data")); +} catch (final Exception e) { +assertTrue("Did not expect message: " + e.getMessage(), +e.getMessage().contains("Error parsing certificate data Parsing certificate/key failed: Invalid Key format.")); } } @Test public void runUploadSslCertBadkeyPair() throws IOException, IllegalAccessException, NoSuchFieldException { // Reading appropritate files -String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); -String keyFile = URLDecoder.decode(getClass().getResource("/certs/non_root.key").getFile(),Charset.defaultCharset().name()); +final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); +final String keyFile = URLDecoder.decode(getClass().getResource("/certs/non_root.key").getFile(),Charset.defaultCharset().name()); --- End
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78645872 --- Diff: server/test/org/apache/cloudstack/network/lb/CertServiceTest.java --- @@ -348,90 +348,91 @@ public void runUploadSslCertNoRootCert() throws IOException, IllegalAccessExcept @Test public void runUploadSslCertBadPassword() throws IOException, IllegalAccessException, NoSuchFieldException { -String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.crt").getFile(),Charset.defaultCharset().name()); -String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.key").getFile(),Charset.defaultCharset().name()); -String password = "bad_password"; +final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.crt").getFile(),Charset.defaultCharset().name()); +final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.key").getFile(),Charset.defaultCharset().name()); +final String password = "bad_password"; -String cert = readFileToString(new File(certFile)); -String key = readFileToString(new File(keyFile)); +final String cert = readFileToString(new File(certFile)); +final String key = readFileToString(new File(keyFile)); -CertServiceImpl certService = new CertServiceImpl(); +final CertServiceImpl certService = new CertServiceImpl(); //setting mock objects certService._accountMgr = Mockito.mock(AccountManager.class); -Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); +final Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); when(certService._accountMgr.getAccount(anyLong())).thenReturn(account); certService._domainDao = Mockito.mock(DomainDao.class); -DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); +final DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain); certService._sslCertDao = Mockito.mock(SslCertDao.class); when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO()); //creating the command -UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); -Class _class = uploadCmd.getClass().getSuperclass(); +final UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); +final Class klazz = uploadCmd.getClass().getSuperclass(); -Field certField = _class.getDeclaredField("cert"); +final Field certField = klazz.getDeclaredField("cert"); certField.setAccessible(true); certField.set(uploadCmd, cert); -Field keyField = _class.getDeclaredField("key"); +final Field keyField = klazz.getDeclaredField("key"); keyField.setAccessible(true); keyField.set(uploadCmd, key); -Field passField = _class.getDeclaredField("password"); +final Field passField = klazz.getDeclaredField("password"); passField.setAccessible(true); passField.set(uploadCmd, password); try { certService.uploadSslCert(uploadCmd); fail("Given an encrypted private key with a bad password. Upload should fail."); -} catch (Exception e) { -assertTrue(e.getMessage().contains("please check password and data")); +} catch (final Exception e) { +assertTrue("Did not expect message: " + e.getMessage(), +e.getMessage().contains("Error parsing certificate data Parsing certificate/key failed: Invalid Key format.")); } --- End diff -- Please consider replacing this `try` block with `expected` on the `@Test` annotation. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78645670 --- Diff: server/test/org/apache/cloudstack/network/lb/CertServiceTest.java --- @@ -348,90 +348,91 @@ public void runUploadSslCertNoRootCert() throws IOException, IllegalAccessExcept @Test public void runUploadSslCertBadPassword() throws IOException, IllegalAccessException, NoSuchFieldException { -String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.crt").getFile(),Charset.defaultCharset().name()); -String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.key").getFile(),Charset.defaultCharset().name()); -String password = "bad_password"; +final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.crt").getFile(),Charset.defaultCharset().name()); +final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.key").getFile(),Charset.defaultCharset().name()); +final String password = "bad_password"; --- End diff -- Please see line notes for 154-155 as those comments apply to lines 351-353 as well. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78645295 --- Diff: server/test/org/apache/cloudstack/network/lb/CertServiceTest.java --- @@ -297,48 +297,48 @@ public void runUploadSslCertNoRootCert() throws IOException, IllegalAccessExcept Assume.assumeTrue(isOpenJdk() || isJCEInstalled()); -String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.crt").getFile(),Charset.defaultCharset().name()); -String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.key").getFile(),Charset.defaultCharset().name()); -String chainFile = URLDecoder.decode(getClass().getResource("/certs/non_root.crt").getFile(),Charset.defaultCharset().name()); +final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.crt").getFile(),Charset.defaultCharset().name()); +final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.key").getFile(),Charset.defaultCharset().name()); +final String chainFile = URLDecoder.decode(getClass().getResource("/certs/non_root.crt").getFile(),Charset.defaultCharset().name()); -String cert = readFileToString(new File(certFile)); -String key = readFileToString(new File(keyFile)); -String chain = readFileToString(new File(chainFile)); +final String cert = readFileToString(new File(certFile)); +final String key = readFileToString(new File(keyFile)); +final String chain = readFileToString(new File(chainFile)); --- End diff -- Please see line comments 158-159 as they apply to lines 304-306 as well. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78644966 --- Diff: server/test/org/apache/cloudstack/network/lb/CertServiceTest.java --- @@ -245,48 +245,48 @@ public void runUploadSslCertSelfSignedNoPassword() throws Exception { public void runUploadSslCertBadChain() throws IOException, IllegalAccessException, NoSuchFieldException { Assume.assumeTrue(isOpenJdk() || isJCEInstalled()); -String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.crt").getFile(),Charset.defaultCharset().name()); -String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.key").getFile(),Charset.defaultCharset().name()); -String chainFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); +final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.crt").getFile(),Charset.defaultCharset().name()); +final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.key").getFile(),Charset.defaultCharset().name()); +final String chainFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); -String cert = readFileToString(new File(certFile)); -String key = readFileToString(new File(keyFile)); -String chain = readFileToString(new File(chainFile)); +final String cert = readFileToString(new File(certFile)); +final String key = readFileToString(new File(keyFile)); +final String chain = readFileToString(new File(chainFile)); --- End diff -- Please see line comments 158-159 as they apply to lines 252-254 as well. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78644844 --- Diff: server/test/org/apache/cloudstack/network/lb/CertServiceTest.java --- @@ -245,48 +245,48 @@ public void runUploadSslCertSelfSignedNoPassword() throws Exception { public void runUploadSslCertBadChain() throws IOException, IllegalAccessException, NoSuchFieldException { Assume.assumeTrue(isOpenJdk() || isJCEInstalled()); -String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.crt").getFile(),Charset.defaultCharset().name()); -String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.key").getFile(),Charset.defaultCharset().name()); -String chainFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); +final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.crt").getFile(),Charset.defaultCharset().name()); +final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.key").getFile(),Charset.defaultCharset().name()); +final String chainFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); --- End diff -- Please see line notes for 154-155 as those comments apply to lines 248-250 as well. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78644684 --- Diff: server/test/org/apache/cloudstack/network/lb/CertServiceTest.java --- @@ -200,23 +200,23 @@ public void runUploadSslCertSelfSignedWithPassword() throws Exception { */ public void runUploadSslCertSelfSignedNoPassword() throws Exception { -TransactionLegacy txn = TransactionLegacy.open("runUploadSslCertSelfSignedNoPassword"); +TransactionLegacy.open("runUploadSslCertSelfSignedNoPassword"); -String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); -String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.key").getFile(),Charset.defaultCharset().name()); +final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); +final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.key").getFile(),Charset.defaultCharset().name()); --- End diff -- Please see line notes for 154-155 as those comments apply here as well. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78644729 --- Diff: server/test/org/apache/cloudstack/network/lb/CertServiceTest.java --- @@ -200,23 +200,23 @@ public void runUploadSslCertSelfSignedWithPassword() throws Exception { */ public void runUploadSslCertSelfSignedNoPassword() throws Exception { -TransactionLegacy txn = TransactionLegacy.open("runUploadSslCertSelfSignedNoPassword"); +TransactionLegacy.open("runUploadSslCertSelfSignedNoPassword"); -String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); -String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.key").getFile(),Charset.defaultCharset().name()); +final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); +final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.key").getFile(),Charset.defaultCharset().name()); -String cert = readFileToString(new File(certFile)); -String key = readFileToString(new File(keyFile)); +final String cert = readFileToString(new File(certFile)); +final String key = readFileToString(new File(keyFile)); --- End diff -- Please see line comments 158-159 as they apply here as well. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78644594 --- Diff: server/test/org/apache/cloudstack/network/lb/CertServiceTest.java --- @@ -125,48 +125,48 @@ public void runUploadSslCertWithCAChain() throws Exception { when(certService._accountDao.findByIdIncludingRemoved(anyLong())).thenReturn((AccountVO)account); //creating the command -UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); -Class _class = uploadCmd.getClass().getSuperclass(); +final UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); +final Class klazz = uploadCmd.getClass().getSuperclass(); -Field certField = _class.getDeclaredField("cert"); +final Field certField = klazz.getDeclaredField("cert"); certField.setAccessible(true); certField.set(uploadCmd, cert); -Field keyField = _class.getDeclaredField("key"); +final Field keyField = klazz.getDeclaredField("key"); keyField.setAccessible(true); keyField.set(uploadCmd, key); -Field chainField = _class.getDeclaredField("chain"); +final Field chainField = klazz.getDeclaredField("chain"); chainField.setAccessible(true); chainField.set(uploadCmd, chain); certService.uploadSslCert(uploadCmd); } -@Test +//@Test /** * Given a Self-signed Certificate with encrypted key, upload should succeed */ public void runUploadSslCertSelfSignedWithPassword() throws Exception { -TransactionLegacy txn = TransactionLegacy.open("runUploadSslCertSelfSignedWithPassword"); +TransactionLegacy.open("runUploadSslCertSelfSignedWithPassword"); -String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.crt").getFile(),Charset.defaultCharset().name()); -String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.key").getFile(),Charset.defaultCharset().name()); -String password = "test"; +final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.crt").getFile(),Charset.defaultCharset().name()); +final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.key").getFile(),Charset.defaultCharset().name()); +final String password = "test"; -String cert = readFileToString(new File(certFile)); -String key = readFileToString(new File(keyFile)); +final String cert = readFileToString(new File(certFile)); +final String key = readFileToString(new File(keyFile)); --- End diff -- Lines 154-155 and 158-159 are a repeating group. Please consider extracting to a utility method with proper unit tests. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78644423 --- Diff: server/test/org/apache/cloudstack/network/lb/CertServiceTest.java --- @@ -125,48 +125,48 @@ public void runUploadSslCertWithCAChain() throws Exception { when(certService._accountDao.findByIdIncludingRemoved(anyLong())).thenReturn((AccountVO)account); //creating the command -UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); -Class _class = uploadCmd.getClass().getSuperclass(); +final UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); +final Class klazz = uploadCmd.getClass().getSuperclass(); -Field certField = _class.getDeclaredField("cert"); +final Field certField = klazz.getDeclaredField("cert"); certField.setAccessible(true); certField.set(uploadCmd, cert); -Field keyField = _class.getDeclaredField("key"); +final Field keyField = klazz.getDeclaredField("key"); keyField.setAccessible(true); keyField.set(uploadCmd, key); -Field chainField = _class.getDeclaredField("chain"); +final Field chainField = klazz.getDeclaredField("chain"); chainField.setAccessible(true); chainField.set(uploadCmd, chain); certService.uploadSslCert(uploadCmd); } -@Test +//@Test /** * Given a Self-signed Certificate with encrypted key, upload should succeed */ public void runUploadSslCertSelfSignedWithPassword() throws Exception { -TransactionLegacy txn = TransactionLegacy.open("runUploadSslCertSelfSignedWithPassword"); +TransactionLegacy.open("runUploadSslCertSelfSignedWithPassword"); -String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.crt").getFile(),Charset.defaultCharset().name()); -String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.key").getFile(),Charset.defaultCharset().name()); -String password = "test"; +final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.crt").getFile(),Charset.defaultCharset().name()); +final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.key").getFile(),Charset.defaultCharset().name()); --- End diff -- From the best I can see, this code is finding the resource's URL, changing to a `File` instance, and decoding it to a `String` only to turn around and turn it back into a `File` on lines 158-159. Please consider simplifying as follows: ``` final File certFile = getClass().getResource("/certs/rsa_self_signed_with_pwd.crt").getFile(); final File keyFile = getClass().getResource("/certs/rsa_self_signed_with_pwd.key").getFile()); ``` --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78643673 --- Diff: server/src/org/apache/cloudstack/network/lb/CertServiceImpl.java --- @@ -341,179 +350,172 @@ public SslCertResponse createCertResponse(SslCertVO cert, List chain, Certificate cert) { -List certs = new ArrayList(); -Set anchors = new HashSet(); +final List certs = new ArrayList(); +final Set anchors = new HashSet(); certs.add(cert); // adding for self signed certs certs.addAll(chain); -for (Certificate c : certs) { -if (!(c instanceof X509Certificate)) +for (final Certificate c : certs) { +if (!(c instanceof X509Certificate)) { throw new IllegalArgumentException("Invalid chain format. Expected X509 certificate"); +} -X509Certificate xCert = (X509Certificate)c; +final X509Certificate xCert = (X509Certificate)c; -Principal subject = xCert.getSubjectDN(); -Principal issuer = xCert.getIssuerDN(); +xCert.getSubjectDN(); +xCert.getIssuerDN(); anchors.add(new TrustAnchor(xCert, null)); } -X509CertSelector target = new X509CertSelector(); +final X509CertSelector target = new X509CertSelector(); target.setCertificate((X509Certificate)cert); PKIXBuilderParameters params = null; try { params = new PKIXBuilderParameters(anchors, target); params.setRevocationEnabled(false); params.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(certs))); -CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC"); +final CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC"); builder.build(params); -} catch (InvalidAlgorithmParameterException e) { +} catch (final InvalidAlgorithmParameterException e) { throw new IllegalArgumentException("Invalid certificate chain", e); -} catch (CertPathBuilderException e) { +} catch (final CertPathBuilderException e) { throw new IllegalArgumentException("Invalid certificate chain", e); -} catch (NoSuchAlgorithmException e) { +} catch (final NoSuchAlgorithmException e) { throw new IllegalArgumentException("Invalid certificate chain", e); -} catch (NoSuchProviderException e) { +} catch (final NoSuchProviderException e) { throw new CloudRuntimeException("No provider for certificate validation", e); } } -public PrivateKey parsePrivateKey(String key, String password) throws IOException { - -PasswordFinder pGet = null; - -if (password != null) -pGet = new KeyPassword(password.toCharArray()); - -PEMReader privateKey = new PEMReader(new StringReader(key), pGet); -Object obj = null; -try { -obj = privateKey.readObject(); -} finally { -IOUtils.closeQuietly(privateKey); -} - -try { - -if (obj instanceof KeyPair) -return ((KeyPair)obj).getPrivate(); - -return (PrivateKey)obj; - -} catch (Exception e) { +public PrivateKey parsePrivateKey(final String key, final String password) throws IOException { +try (final PemReader pemReader = new PemReader(new StringReader(key));) { +final PemObject pemObject = pemReader.readPemObject(); +final byte[] content = pemObject.getContent(); +final PKCS8EncodedKeySpec privKeySpec = new PKCS8EncodedKeySpec(content); +final KeyFactory factory = KeyFactory.getInstance("RSA", "BC"); +return factory.generatePrivate(privKeySpec); +} catch (NoSuchAlgorithmException | NoSuchProviderException e) { +throw new IOException("No encryption provider available.", e); +} catch (final InvalidKeySpecException e) { throw new IOException("Invalid Key format or invalid password.", e); } } public Certificate parseCertificate(String cert) { -PEMReader certPem = new PEMReader(new StringReader(cert)); +final PemReader certPem = new PemReader(new StringReader(cert)); try { -return (Certificate)certPem.readObject(); -} catch (Exception e) { +return
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78643413 --- Diff: server/src/org/apache/cloudstack/network/lb/CertServiceImpl.java --- @@ -339,190 +348,182 @@ public SslCertResponse createCertResponse(SslCertVO cert, List chain, Certificate cert) { +private void validateChain(final List chain, final Certificate cert) { -List certs = new ArrayList(); -Set anchors = new HashSet(); +final List certs = new ArrayList(); +final Set anchors = new HashSet(); certs.add(cert); // adding for self signed certs certs.addAll(chain); -for (Certificate c : certs) { -if (!(c instanceof X509Certificate)) +for (final Certificate c : certs) { +if (!(c instanceof X509Certificate)) { throw new IllegalArgumentException("Invalid chain format. Expected X509 certificate"); +} -X509Certificate xCert = (X509Certificate)c; +final X509Certificate xCert = (X509Certificate)c; -Principal subject = xCert.getSubjectDN(); -Principal issuer = xCert.getIssuerDN(); +xCert.getSubjectDN(); +xCert.getIssuerDN(); - anchors.add(new TrustAnchor(xCert, null)); +anchors.add(new TrustAnchor(xCert, null)); } -X509CertSelector target = new X509CertSelector(); +final X509CertSelector target = new X509CertSelector(); target.setCertificate((X509Certificate)cert); PKIXBuilderParameters params = null; try { params = new PKIXBuilderParameters(anchors, target); params.setRevocationEnabled(false); params.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(certs))); -CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC"); +final CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC"); builder.build(params); -} catch (InvalidAlgorithmParameterException e) { +} catch (final InvalidAlgorithmParameterException e) { throw new IllegalArgumentException("Invalid certificate chain", e); -} catch (CertPathBuilderException e) { +} catch (final CertPathBuilderException e) { throw new IllegalArgumentException("Invalid certificate chain", e); -} catch (NoSuchAlgorithmException e) { +} catch (final NoSuchAlgorithmException e) { throw new IllegalArgumentException("Invalid certificate chain", e); -} catch (NoSuchProviderException e) { +} catch (final NoSuchProviderException e) { throw new CloudRuntimeException("No provider for certificate validation", e); } } -public PrivateKey parsePrivateKey(String key, String password) throws IOException { - -PasswordFinder pGet = null; - -if (password != null) -pGet = new KeyPassword(password.toCharArray()); - -PEMReader privateKey = new PEMReader(new StringReader(key), pGet); -Object obj = null; -try { -obj = privateKey.readObject(); -} finally { -IOUtils.closeQuietly(privateKey); -} - -try { - -if (obj instanceof KeyPair) -return ((KeyPair)obj).getPrivate(); - -return (PrivateKey)obj; - -} catch (Exception e) { -throw new IOException("Invalid Key format or invalid password.", e); +public PrivateKey parsePrivateKey(final String key) throws IOException { +try (final PemReader pemReader = new PemReader(new StringReader(key));) { +final PemObject pemObject = pemReader.readPemObject(); +final byte[] content = pemObject.getContent(); +final PKCS8EncodedKeySpec privKeySpec = new PKCS8EncodedKeySpec(content); +final KeyFactory factory = KeyFactory.getInstance("RSA", "BC"); +return factory.generatePrivate(privKeySpec); +} catch (NoSuchAlgorithmException | NoSuchProviderException e) { +throw new IOException("No encryption provider available.", e); +} catch (final InvalidKeySpecException e) { +throw new IOException("Invalid Key format.", e); } } -public Certificate parseCertificate(String cert) { -PEMReader certPem = new PEMReader(new StringReader(cert)); +public Certificate parseCertificate(final String cert) {
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78642099 --- Diff: server/src/org/apache/cloudstack/network/lb/CertServiceImpl.java --- @@ -339,190 +348,182 @@ public SslCertResponse createCertResponse(SslCertVO cert, List
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78642059 --- Diff: server/src/org/apache/cloudstack/network/lb/CertServiceImpl.java --- @@ -339,190 +348,182 @@ public SslCertResponse createCertResponse(SslCertVO cert, List chain, Certificate cert) { +private void validateChain(final List chain, final Certificate cert) { -List certs = new ArrayList(); -Set anchors = new HashSet(); +final List certs = new ArrayList(); +final Set anchors = new HashSet(); certs.add(cert); // adding for self signed certs certs.addAll(chain); -for (Certificate c : certs) { -if (!(c instanceof X509Certificate)) +for (final Certificate c : certs) { +if (!(c instanceof X509Certificate)) { throw new IllegalArgumentException("Invalid chain format. Expected X509 certificate"); +} -X509Certificate xCert = (X509Certificate)c; +final X509Certificate xCert = (X509Certificate)c; -Principal subject = xCert.getSubjectDN(); -Principal issuer = xCert.getIssuerDN(); +xCert.getSubjectDN(); +xCert.getIssuerDN(); - anchors.add(new TrustAnchor(xCert, null)); +anchors.add(new TrustAnchor(xCert, null)); } -X509CertSelector target = new X509CertSelector(); +final X509CertSelector target = new X509CertSelector(); target.setCertificate((X509Certificate)cert); PKIXBuilderParameters params = null; try { params = new PKIXBuilderParameters(anchors, target); params.setRevocationEnabled(false); params.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(certs))); -CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC"); +final CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC"); builder.build(params); -} catch (InvalidAlgorithmParameterException e) { +} catch (final InvalidAlgorithmParameterException e) { throw new IllegalArgumentException("Invalid certificate chain", e); -} catch (CertPathBuilderException e) { +} catch (final CertPathBuilderException e) { throw new IllegalArgumentException("Invalid certificate chain", e); -} catch (NoSuchAlgorithmException e) { +} catch (final NoSuchAlgorithmException e) { throw new IllegalArgumentException("Invalid certificate chain", e); -} catch (NoSuchProviderException e) { +} catch (final NoSuchProviderException e) { throw new CloudRuntimeException("No provider for certificate validation", e); } } -public PrivateKey parsePrivateKey(String key, String password) throws IOException { - -PasswordFinder pGet = null; - -if (password != null) -pGet = new KeyPassword(password.toCharArray()); - -PEMReader privateKey = new PEMReader(new StringReader(key), pGet); -Object obj = null; -try { -obj = privateKey.readObject(); -} finally { -IOUtils.closeQuietly(privateKey); -} - -try { - -if (obj instanceof KeyPair) -return ((KeyPair)obj).getPrivate(); - -return (PrivateKey)obj; - -} catch (Exception e) { -throw new IOException("Invalid Key format or invalid password.", e); +public PrivateKey parsePrivateKey(final String key) throws IOException { +try (final PemReader pemReader = new PemReader(new StringReader(key));) { +final PemObject pemObject = pemReader.readPemObject(); +final byte[] content = pemObject.getContent(); +final PKCS8EncodedKeySpec privKeySpec = new PKCS8EncodedKeySpec(content); +final KeyFactory factory = KeyFactory.getInstance("RSA", "BC"); +return factory.generatePrivate(privKeySpec); +} catch (NoSuchAlgorithmException | NoSuchProviderException e) { +throw new IOException("No encryption provider available.", e); +} catch (final InvalidKeySpecException e) { +throw new IOException("Invalid Key format.", e); } } -public Certificate parseCertificate(String cert) { -PEMReader certPem = new PEMReader(new StringReader(cert)); +public Certificate parseCertificate(final String cert) {
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78641993 --- Diff: server/src/org/apache/cloudstack/network/lb/CertServiceImpl.java --- @@ -339,190 +348,182 @@ public SslCertResponse createCertResponse(SslCertVO cert, List chain, Certificate cert) { +private void validateChain(final List chain, final Certificate cert) { -List certs = new ArrayList(); -Set anchors = new HashSet(); +final List certs = new ArrayList(); +final Set anchors = new HashSet(); certs.add(cert); // adding for self signed certs certs.addAll(chain); -for (Certificate c : certs) { -if (!(c instanceof X509Certificate)) +for (final Certificate c : certs) { +if (!(c instanceof X509Certificate)) { throw new IllegalArgumentException("Invalid chain format. Expected X509 certificate"); +} -X509Certificate xCert = (X509Certificate)c; +final X509Certificate xCert = (X509Certificate)c; -Principal subject = xCert.getSubjectDN(); -Principal issuer = xCert.getIssuerDN(); +xCert.getSubjectDN(); +xCert.getIssuerDN(); - anchors.add(new TrustAnchor(xCert, null)); +anchors.add(new TrustAnchor(xCert, null)); } -X509CertSelector target = new X509CertSelector(); +final X509CertSelector target = new X509CertSelector(); target.setCertificate((X509Certificate)cert); PKIXBuilderParameters params = null; try { params = new PKIXBuilderParameters(anchors, target); params.setRevocationEnabled(false); params.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(certs))); -CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC"); +final CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC"); builder.build(params); -} catch (InvalidAlgorithmParameterException e) { +} catch (final InvalidAlgorithmParameterException e) { throw new IllegalArgumentException("Invalid certificate chain", e); -} catch (CertPathBuilderException e) { +} catch (final CertPathBuilderException e) { throw new IllegalArgumentException("Invalid certificate chain", e); -} catch (NoSuchAlgorithmException e) { +} catch (final NoSuchAlgorithmException e) { throw new IllegalArgumentException("Invalid certificate chain", e); -} catch (NoSuchProviderException e) { +} catch (final NoSuchProviderException e) { throw new CloudRuntimeException("No provider for certificate validation", e); } } -public PrivateKey parsePrivateKey(String key, String password) throws IOException { - -PasswordFinder pGet = null; - -if (password != null) -pGet = new KeyPassword(password.toCharArray()); - -PEMReader privateKey = new PEMReader(new StringReader(key), pGet); -Object obj = null; -try { -obj = privateKey.readObject(); -} finally { -IOUtils.closeQuietly(privateKey); -} - -try { - -if (obj instanceof KeyPair) -return ((KeyPair)obj).getPrivate(); - -return (PrivateKey)obj; - -} catch (Exception e) { -throw new IOException("Invalid Key format or invalid password.", e); +public PrivateKey parsePrivateKey(final String key) throws IOException { +try (final PemReader pemReader = new PemReader(new StringReader(key));) { +final PemObject pemObject = pemReader.readPemObject(); +final byte[] content = pemObject.getContent(); +final PKCS8EncodedKeySpec privKeySpec = new PKCS8EncodedKeySpec(content); +final KeyFactory factory = KeyFactory.getInstance("RSA", "BC"); +return factory.generatePrivate(privKeySpec); +} catch (NoSuchAlgorithmException | NoSuchProviderException e) { +throw new IOException("No encryption provider available.", e); +} catch (final InvalidKeySpecException e) { +throw new IOException("Invalid Key format.", e); } } -public Certificate parseCertificate(String cert) { -PEMReader certPem = new PEMReader(new StringReader(cert)); +public Certificate parseCertificate(final String cert) {
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78641717 --- Diff: server/src/org/apache/cloudstack/network/lb/CertServiceImpl.java --- @@ -339,190 +348,182 @@ public SslCertResponse createCertResponse(SslCertVO cert, List
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78640135 --- Diff: server/src/org/apache/cloudstack/network/lb/CertServiceImpl.java --- @@ -339,190 +348,182 @@ public SslCertResponse createCertResponse(SslCertVO cert, List
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78639151 --- Diff: server/src/org/apache/cloudstack/network/lb/CertServiceImpl.java --- @@ -339,190 +348,182 @@ public SslCertResponse createCertResponse(SslCertVO cert, List
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78638892 --- Diff: server/src/org/apache/cloudstack/network/lb/CertServiceImpl.java --- @@ -339,190 +348,182 @@ public SslCertResponse createCertResponse(SslCertVO cert, List
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78638846 --- Diff: server/src/org/apache/cloudstack/network/lb/CertServiceImpl.java --- @@ -339,190 +348,182 @@ public SslCertResponse createCertResponse(SslCertVO cert, List
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78638396 --- Diff: server/src/org/apache/cloudstack/network/lb/CertServiceImpl.java --- @@ -111,37 +116,37 @@ public CertServiceImpl() { @DB @Override @ActionEvent(eventType = EventTypes.EVENT_LB_CERT_UPLOAD, eventDescription = "Uploading a certificate to cloudstack", async = false) -public SslCertResponse uploadSslCert(UploadSslCertCmd certCmd) { +public SslCertResponse uploadSslCert(final UploadSslCertCmd certCmd) { try { -String cert = certCmd.getCert(); -String key = certCmd.getKey(); -String password = certCmd.getPassword(); -String chain = certCmd.getChain(); +final String cert = certCmd.getCert(); +final String key = certCmd.getKey(); +final String password = certCmd.getPassword(); +final String chain = certCmd.getChain(); validate(cert, key, password, chain); s_logger.debug("Certificate Validation succeeded"); -String fingerPrint = generateFingerPrint(parseCertificate(cert)); +final String fingerPrint = generateFingerPrint(parseCertificate(cert)); -CallContext ctx = CallContext.current(); -Account caller = ctx.getCallingAccount(); +final CallContext ctx = CallContext.current(); +final Account caller = ctx.getCallingAccount(); Account owner = null; -if ((certCmd.getAccountName() != null && certCmd.getDomainId() != null) || certCmd.getProjectId() != null) { +if (certCmd.getAccountName() != null && certCmd.getDomainId() != null || certCmd.getProjectId() != null) { owner = _accountMgr.finalizeOwner(caller, certCmd.getAccountName(), certCmd.getDomainId(), certCmd.getProjectId()); } else { owner = caller; } -Long accountId = owner.getId(); -Long domainId = owner.getDomainId(); +final Long accountId = owner.getId(); +final Long domainId = owner.getDomainId(); -SslCertVO certVO = new SslCertVO(cert, key, password, chain, accountId, domainId, fingerPrint); +final SslCertVO certVO = new SslCertVO(cert, key, password, chain, accountId, domainId, fingerPrint); _sslCertDao.persist(certVO); return createCertResponse(certVO, null); -} catch (Exception e) { +} catch (final Exception e) { --- End diff -- Why are all checked and unchecked exceptions being caught here? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1511#discussion_r78638045 --- Diff: pom.xml --- @@ -70,7 +70,7 @@ 4.12 1.3 -1.46 +1.54 --- End diff -- it appears that [1.55](http://search.maven.org/#artifactdetails%7Corg.bouncycastle%7Cbcprov-jdk14%7C1.55%7Cjar) has been released. Seems like a good idea to use the latest. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack issue #1666: CLOUDSTACK-9480: Egress Firewall: Incorrect use of A...
Github user jburwell commented on the issue: https://github.com/apache/cloudstack/pull/1666 @murali-reddy could you please investigate the cause of the Jenkins build failure? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
Re: [DISCUSS] Replacing the VR
Ya, I can't find anything either. So that means that we would be working with the API of each component, which I don't really like. It means we don't have a single API endpoint to handle things like IPSec, etc (or even an API at all for a lot of the functionality). :( *Will STEVENS* Lead Developer *CloudOps* *| *Cloud Solutions Experts 420 rue Guy *|* Montreal *|* Quebec *|* H3J 1S6 w cloudops.com *|* tw @CloudOps_ On Tue, Sep 13, 2016 at 3:52 PM, Marty Godseywrote: > Since Cloudrouter has a full distro for Opendaylight would you use that > for the API? But I can't find anything about the Cloudrouter API if it does > have one. > > Regards, > Marty Godsey > nSource Solutions > > -Original Message- > From: williamstev...@gmail.com [mailto:williamstev...@gmail.com] On > Behalf Of Will Stevens > Sent: Tuesday, September 13, 2016 3:48 PM > To: dev@cloudstack.apache.org > Subject: Re: [DISCUSS] Replacing the VR > > I can't seem to find any API documentation for CloudRouter. Maybe my > Google foo is weak. Has anyone else found any usable docs on that? > > *Will STEVENS* > Lead Developer > > *CloudOps* *| *Cloud Solutions Experts > 420 rue Guy *|* Montreal *|* Quebec *|* H3J 1S6 w cloudops.com *|* tw > @CloudOps_ > > On Tue, Sep 13, 2016 at 5:22 AM, Nux! wrote: > > > Hi, > > > > I like the idea. > > > > Cloudrouter looks really promising, I'm not too keen on VyOS (it > > doesn't have a proper http api etc). > > > > -- > > Sent from the Delta quadrant using Borg technology! > > > > Nux! > > www.nux.ro > > > > - Original Message - > > > From: "Will Stevens" > > > To: dev@cloudstack.apache.org > > > Sent: Monday, 12 September, 2016 21:20:11 > > > Subject: [DISCUSS] Replacing the VR > > > > > *Disclaimer:* This is a thought experiment and should be treated as > such. > > > Please weigh in with the good and bad of this idea... > > > > > > A couple of us have been discussing the idea of potentially > > > replacing the ACS VR with the VyOS [1] (Open Source Vyatta VM). > > > There may be a license issue because I think it is licensed under > > > GPL, but for the sake of discussion, let's assume we can overcome any > license issues. > > > > > > I have spent some time recently with the VyOS and I have to admit, I > > > was pretty impressed. It is simple and intuitive and it gives you a > > > lot more options for auditing the configuration etc... > > > > > > Items of potential interest: > > > - Clean up our current VR script spaghetti to a simpler more > > > auditable configuration workflow. > > > - Gives a cleaner path for IPv6 support. > > > - Handles VPN configuration via the same configuration interface. > > > - Support for OSPF & BGP. > > > - VPN support through OpenVPN & StrongSwan. > > > - Easily supports HA (redundant routers) through VRRP. > > > - VXLAN support. > > > - Transaction based changes to the VR with rollback on error. > > > > > > Items that could be difficult to solve: > > > - Userdata password reset workflow and implementation. > > > - Upgrade process. > > > > > > The VyOS is not the only option if we were to consider this approach. > > > Another option, which I don't know as well, would be CloudRouter > > > (AGPL > > > license) [2] which is purely API driven. > > > > > > Anyway, would love to hear your thoughts... > > > > > > Will > > > > > > [1] https://vyos.io/ > > > [2] https://cloudrouter.org/ > > >
Re: [DISCUSS] Replacing the VR
I can't seem to find any API documentation for CloudRouter. Maybe my Google foo is weak. Has anyone else found any usable docs on that? *Will STEVENS* Lead Developer *CloudOps* *| *Cloud Solutions Experts 420 rue Guy *|* Montreal *|* Quebec *|* H3J 1S6 w cloudops.com *|* tw @CloudOps_ On Tue, Sep 13, 2016 at 5:22 AM, Nux!wrote: > Hi, > > I like the idea. > > Cloudrouter looks really promising, I'm not too keen on VyOS (it doesn't > have a proper http api etc). > > -- > Sent from the Delta quadrant using Borg technology! > > Nux! > www.nux.ro > > - Original Message - > > From: "Will Stevens" > > To: dev@cloudstack.apache.org > > Sent: Monday, 12 September, 2016 21:20:11 > > Subject: [DISCUSS] Replacing the VR > > > *Disclaimer:* This is a thought experiment and should be treated as such. > > Please weigh in with the good and bad of this idea... > > > > A couple of us have been discussing the idea of potentially replacing the > > ACS VR with the VyOS [1] (Open Source Vyatta VM). There may be a license > > issue because I think it is licensed under GPL, but for the sake of > > discussion, let's assume we can overcome any license issues. > > > > I have spent some time recently with the VyOS and I have to admit, I was > > pretty impressed. It is simple and intuitive and it gives you a lot more > > options for auditing the configuration etc... > > > > Items of potential interest: > > - Clean up our current VR script spaghetti to a simpler more auditable > > configuration workflow. > > - Gives a cleaner path for IPv6 support. > > - Handles VPN configuration via the same configuration interface. > > - Support for OSPF & BGP. > > - VPN support through OpenVPN & StrongSwan. > > - Easily supports HA (redundant routers) through VRRP. > > - VXLAN support. > > - Transaction based changes to the VR with rollback on error. > > > > Items that could be difficult to solve: > > - Userdata password reset workflow and implementation. > > - Upgrade process. > > > > The VyOS is not the only option if we were to consider this approach. > > Another option, which I don't know as well, would be CloudRouter (AGPL > > license) [2] which is purely API driven. > > > > Anyway, would love to hear your thoughts... > > > > Will > > > > [1] https://vyos.io/ > > [2] https://cloudrouter.org/ >
RE: [DISCUSS] Replacing the VR
Since Cloudrouter has a full distro for Opendaylight would you use that for the API? But I can't find anything about the Cloudrouter API if it does have one. Regards, Marty Godsey nSource Solutions -Original Message- From: williamstev...@gmail.com [mailto:williamstev...@gmail.com] On Behalf Of Will Stevens Sent: Tuesday, September 13, 2016 3:48 PM To: dev@cloudstack.apache.org Subject: Re: [DISCUSS] Replacing the VR I can't seem to find any API documentation for CloudRouter. Maybe my Google foo is weak. Has anyone else found any usable docs on that? *Will STEVENS* Lead Developer *CloudOps* *| *Cloud Solutions Experts 420 rue Guy *|* Montreal *|* Quebec *|* H3J 1S6 w cloudops.com *|* tw @CloudOps_ On Tue, Sep 13, 2016 at 5:22 AM, Nux!wrote: > Hi, > > I like the idea. > > Cloudrouter looks really promising, I'm not too keen on VyOS (it > doesn't have a proper http api etc). > > -- > Sent from the Delta quadrant using Borg technology! > > Nux! > www.nux.ro > > - Original Message - > > From: "Will Stevens" > > To: dev@cloudstack.apache.org > > Sent: Monday, 12 September, 2016 21:20:11 > > Subject: [DISCUSS] Replacing the VR > > > *Disclaimer:* This is a thought experiment and should be treated as such. > > Please weigh in with the good and bad of this idea... > > > > A couple of us have been discussing the idea of potentially > > replacing the ACS VR with the VyOS [1] (Open Source Vyatta VM). > > There may be a license issue because I think it is licensed under > > GPL, but for the sake of discussion, let's assume we can overcome any > > license issues. > > > > I have spent some time recently with the VyOS and I have to admit, I > > was pretty impressed. It is simple and intuitive and it gives you a > > lot more options for auditing the configuration etc... > > > > Items of potential interest: > > - Clean up our current VR script spaghetti to a simpler more > > auditable configuration workflow. > > - Gives a cleaner path for IPv6 support. > > - Handles VPN configuration via the same configuration interface. > > - Support for OSPF & BGP. > > - VPN support through OpenVPN & StrongSwan. > > - Easily supports HA (redundant routers) through VRRP. > > - VXLAN support. > > - Transaction based changes to the VR with rollback on error. > > > > Items that could be difficult to solve: > > - Userdata password reset workflow and implementation. > > - Upgrade process. > > > > The VyOS is not the only option if we were to consider this approach. > > Another option, which I don't know as well, would be CloudRouter > > (AGPL > > license) [2] which is purely API driven. > > > > Anyway, would love to hear your thoughts... > > > > Will > > > > [1] https://vyos.io/ > > [2] https://cloudrouter.org/ >
[GitHub] cloudstack issue #1591: Updating Alert codes
Github user dcarbone commented on the issue: https://github.com/apache/cloudstack/pull/1591 squashed, pointing at 4.9, and commit amended. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
Re: System VM's are getting stuck in starting mode
This looks interesting to me: 1. looking for pif for bridge virbr0 2. 2016-09-13 19:22:09,833 DEBUG [kvm.resource.LibvirtComputingResource] (main:null) failing to get physical interface from bridge virbr0, did not find an eth*, bond*, team*, vlan*, em*, p*p*, ens*, eno*, enp*, or enx* in /sys/devices/virtual/net/virbr0/brif 3. 2016-09-13 19:22:09,833 DEBUG [kvm.resource.LibvirtComputingResource] (main:null) looking for pif for bridge lxcbr0 4. 2016-09-13 19:22:09,833 DEBUG [kvm.resource.LibvirtComputingResource] (main:null) failing to get physical interface from bridge Can you post your interfaces and bridges please? - Si From: ned doggSent: Tuesday, September 13, 2016 1:27 PM To: dev@cloudstack.apache.org Subject: Re: System VM's are getting stuck in starting mode Hi Simon, Thanks for the reply. I changed the logging level to dedug as per your recommendation. Please find enclosed the link of my cloudstack-management and cloudstack-agent respectively: http://pastebin.com/gG1LRm0X http://pastebin.com/zJ7CHhLD On Mon, Sep 12, 2016 at 2:22 PM, Tutkowski, Mike wrote: > Thanks > > Yeah, I wasn't sure if you just experienced it on reboot or if sometimes > when setting up your cloud you encountered this issue, as well (like 9144). > > From: ned dogg > Sent: Monday, September 12, 2016 6:08 AM > To: dev@cloudstack.apache.org > Subject: Re: System VM's are getting stuck in starting mode > > Hi Mike and thank you for the reply. Sorry but this issue is not similar > to mine, I already gave you the one which looks similar : > https://issues.apache.org/jira/browse/CLOUDSTACK-7936 > > On Sun, Sep 11, 2016 at 5:28 AM, Tutkowski, Mike < > mike.tutkow...@netapp.com> > wrote: > > > Is your issue similar to this one? > > > > https://issues.apache.org/jira/browse/CLOUDSTACK-9144 > > > > From: ned dogg > > Sent: Saturday, September 10, 2016 1:24 PM > > To: dev@cloudstack.apache.org > > Subject: System VM's are getting stuck in starting mode > > > > Hi Everybody, > > > > I'm a newbie on cloudstack. I started playing with this technology. For > > that I install both the management -server and the agent. I was able to > > install and start them properly but I unable to create any instance. > When I > > click on instance the menu then I click on add instance and next, I have > > no templates that is presented to me. Thus I stuck at this level. I don't > > know what to do. > > > > I think that this issue is because my System VM get stuck an the starting > > mode. After some googling, I discovered that this is a know issue > > https://issues.apache.org/jira/browse/CLOUDSTACK-7936. But this issue is > > for cloudstack 4.4.1 but I'm using cloudstack 4.6. I was asking myself if > > this issue is also common on cloudstack 4.6? > > > > Please any help will be welcoming. > > Thanks. > > >
[GitHub] cloudstack issue #1602: CLOUDSTACK-9422: Granular 'vmware.create.full.clone'...
Github user serg38 commented on the issue: https://github.com/apache/cloudstack/pull/1602 LGTM for the testing. Smoke test results ``` test DeployVM in anti-affinity groups for project ... === TestName: test_DeployVmAntiAffinityGroup_in_project | Status : SUCCESS === test DeployVM in anti-affinity groups ... === TestName: test_DeployVmAntiAffinityGroup | Status : SUCCESS === Test Deploy Virtual Machine ... SKIP: Skipping test because suitable hypervisor/host notpresent Test Deploy Virtual Machine from ISO ... === TestName: test_deploy_vm_from_iso | Status : SUCCESS === Test deploy virtual machine with root resize ... === TestName: test_00_deploy_vm_root_resize | Status : SUCCESS === Test proper failure to deploy virtual machine with rootdisksize of 0 ... === TestName: test_01_deploy_vm_root_resize | Status : SUCCESS === Test proper failure to deploy virtual machine with rootdisksize less than template size ... === TestName: test_02_deploy_vm_root_resize | Status : SUCCESS === Test to deploy vm with a first fit offering ... === TestName: test_deployvm_firstfit | Status : SUCCESS === Test deploy VMs using user concentrated planner ... === TestName: test_deployvm_userconcentrated | Status : SUCCESS === Test deploy VMs using user dispersion planner ... === TestName: test_deployvm_userdispersing | Status : SUCCESS === Test userdata as GET, size > 2k ... === TestName: test_deployvm_userdata | Status : SUCCESS === Test userdata as POST, size > 2k ... === TestName: test_deployvm_userdata_post | Status : SUCCESS === Test to create disk offering ... === TestName: test_01_create_disk_offering | Status : SUCCESS === Test to create a sparse type disk offering ... === TestName: test_02_create_sparse_type_disk_offering | Status : SUCCESS === Test to create a sparse type disk offering ... === TestName: test_04_create_fat_type_disk_offering | Status : SUCCESS === Test to update existing disk offering ... === TestName: test_02_edit_disk_offering | Status : SUCCESS === Test to delete disk offering ... === TestName: test_03_delete_disk_offering | Status : SUCCESS === Test to ensure 4 default roles cannot be deleted ... SKIP: Dynamic Role-Based API checker not enabled, skipping test Test to check role, role permissions and account life cycles ... SKIP: Dynamic Role-Based API checker not enabled, skipping test Test for role-rule enforcement in case of multiple mgmt servers ... SKIP: Dynamic Role-Based API checker not enabled, skipping test Test to ensure role in use cannot be deleted ... SKIP: Dynamic Role-Based API checker not enabled, skipping test Tests normal lifecycle operations for roles ... SKIP: Dynamic Role-Based API checker not enabled, skipping test Tests role update ... SKIP: Dynamic Role-Based API checker not enabled, skipping test Tests that default four roles exist ... SKIP: Dynamic Role-Based API checker not enabled, skipping test Tests role update ... SKIP: Dynamic Role-Based API checker not enabled, skipping test Tests role update when role is in use by an account ... SKIP: Dynamic Role-Based API checker not enabled, skipping test Tests concurrent order updation of role permission ... SKIP: Dynamic Role-Based API checker not enabled, skipping test Tests creation of role permission ... SKIP: Dynamic Role-Based API checker not enabled, skipping test Tests deletion of role permission ... SKIP: Dynamic Role-Based API checker not enabled, skipping test Tests listing of default role's permission ... SKIP: Dynamic Role-Based API checker not enabled, skipping test Tests order updation of role permission ... SKIP: Dynamic Role-Based API checker not enabled, skipping test test update configuration setting at zone level scope ... === TestName: test_UpdateConfigParamWithScope | Status : SUCCESS === Test guest vlan range dedication ... === TestName: test_dedicateGuestVlanRange | Status : SUCCESS === Test create public & private ISO ... === TestName: test_01_create_iso | Status : SUCCESS === Test Edit ISO ... === TestName: test_02_edit_iso | Status : SUCCESS === Test delete ISO ... === TestName: test_03_delete_iso | Status : SUCCESS === Test for extract ISO ... === TestName: test_04_extract_Iso | Status : SUCCESS === Update & Test for ISO permissions ... === TestName: test_05_iso_permissions | Status : SUCCESS === Test for copy ISO from one zone to another ... SKIP: Not enough zones available to perform copy template Test delete ISO ... === TestName: test_07_list_default_iso | Status : SUCCESS === Test listing Volumes using 'ids' parameter ... === TestName: test_01_list_volumes | Status : SUCCESS === Test listing Templates using 'ids' parameter ... === TestName: test_02_list_templates | Status : SUCCESS === Test listing Snapshots using 'ids' parameter ... === TestName:
builds.cloudstack.org (new jenkins system)
Hi, we now have a nice URL pointing to the replacement jenkins of j.bac.o: builds.cloudstack.org I'll make sure the enable SSL for user authentication, whoever is commiter that want admin access to Jenkins, let me know, if you have CI system that we could leverage via a centralized portal, feel free to post on dev@ Cheers, PL
Re: System VM's are getting stuck in starting mode
Hi Simon, Thanks for the reply. I changed the logging level to dedug as per your recommendation. Please find enclosed the link of my cloudstack-management and cloudstack-agent respectively: http://pastebin.com/gG1LRm0X http://pastebin.com/zJ7CHhLD On Mon, Sep 12, 2016 at 2:22 PM, Tutkowski, Mikewrote: > Thanks > > Yeah, I wasn't sure if you just experienced it on reboot or if sometimes > when setting up your cloud you encountered this issue, as well (like 9144). > > From: ned dogg > Sent: Monday, September 12, 2016 6:08 AM > To: dev@cloudstack.apache.org > Subject: Re: System VM's are getting stuck in starting mode > > Hi Mike and thank you for the reply. Sorry but this issue is not similar > to mine, I already gave you the one which looks similar : > https://issues.apache.org/jira/browse/CLOUDSTACK-7936 > > On Sun, Sep 11, 2016 at 5:28 AM, Tutkowski, Mike < > mike.tutkow...@netapp.com> > wrote: > > > Is your issue similar to this one? > > > > https://issues.apache.org/jira/browse/CLOUDSTACK-9144 > > > > From: ned dogg > > Sent: Saturday, September 10, 2016 1:24 PM > > To: dev@cloudstack.apache.org > > Subject: System VM's are getting stuck in starting mode > > > > Hi Everybody, > > > > I'm a newbie on cloudstack. I started playing with this technology. For > > that I install both the management -server and the agent. I was able to > > install and start them properly but I unable to create any instance. > When I > > click on instance the menu then I click on add instance and next, I have > > no templates that is presented to me. Thus I stuck at this level. I don't > > know what to do. > > > > I think that this issue is because my System VM get stuck an the starting > > mode. After some googling, I discovered that this is a know issue > > https://issues.apache.org/jira/browse/CLOUDSTACK-7936. But this issue is > > for cloudstack 4.4.1 but I'm using cloudstack 4.6. I was asking myself if > > this issue is also common on cloudstack 4.6? > > > > Please any help will be welcoming. > > Thanks. > > >
Re: [DISCUSS] Replacing the VR
I think there are other options for the vyos, but none are elegant from what I have seen so far. On Sep 13, 2016 1:14 PM, "Will Stevens"wrote: > Yes, not pretty, but this would probably be the best option for remote > management of the vyos. > > https://github.com/vyos/python-vyos-mgmt > > On Sep 13, 2016 1:08 PM, "Simon Weller" wrote: > >> Yeah, today, the agent uses a script to inject CLI via ssh into the VR. >> It's really (did I mention really) ugly. >> >> >> From: Marty Godsey >> Sent: Tuesday, September 13, 2016 12:05 PM >> To: dev@cloudstack.apache.org >> Subject: RE: [DISCUSS] Replacing the VR >> >> So it looks like we are eliminating CloudRouter. To many missing or non >> API managed features. >> >> But in reading VyOS, it also does not have a remote management API so >> this would have to be a "SSH to CLI" job. >> >> If I am not mistaken is this how it's done now? >> >> -Original Message- >> From: williamstev...@gmail.com [mailto:williamstev...@gmail.com] On >> Behalf Of Will Stevens >> Sent: Tuesday, September 13, 2016 12:58 PM >> To: dev@cloudstack.apache.org >> Subject: Re: [DISCUSS] Replacing the VR >> >> Judging from this, it does not look like IPSec is managed via the API >> though: >> https://cloudrouter.atlassian.net/wiki/display/CPD/Bridging+ >> Public+Clouds+with+CloudRouter >> >> I believe it is also missing VXLAN and VRRP, but I have not dug into it >> yet. >> >> *Will STEVENS* >> Lead Developer >> >> *CloudOps* *| *Cloud Solutions Experts >> 420 rue Guy *|* Montreal *|* Quebec *|* H3J 1S6 w cloudops.com *|* tw >> @CloudOps_ >> >> On Tue, Sep 13, 2016 at 12:53 PM, Marty Godsey >> wrote: >> >> > It does.. Its under Secure Connectivity. >> > >> > -Original Message- >> > From: Syed Ahmed [mailto:sah...@cloudops.com] >> > Sent: Tuesday, September 13, 2016 12:49 PM >> > To: dev@cloudstack.apache.org >> > Subject: Re: [DISCUSS] Replacing the VR >> > >> > Does CloudRouter provide VPN (site-site and client)? Looking from >> > their website I don't seem to find it. Also, missing is VVRP for >> > redundancy. Has anyone used it for this? >> > >> > On Tue, Sep 13, 2016 at 12:43 PM, Zaeem Arshad >> > >> > wrote: >> > >> > > +1 on cloudrouter. We have been looking at this as a potential >> > > replacement/addon to our existing VRs. >> > > >> > > On Tue, Sep 13, 2016 at 9:07 PM, Will Stevens >> > > >> > > wrote: >> > > >> > > > yes, technically we should be able to just make a new VR >> > > > implementation available and then when people create their network >> > > > offerings, they just pick which VR implementation they want to use >> > > > for the different capabilities. >> > > > >> > > > *Will STEVENS* >> > > > Lead Developer >> > > > >> > > > *CloudOps* *| *Cloud Solutions Experts >> > > > 420 rue Guy *|* Montreal *|* Quebec *|* H3J 1S6 w cloudops.com *|* >> > > > tw @CloudOps_ >> > > > >> > > > On Tue, Sep 13, 2016 at 11:41 AM, Dustin Wright < >> > > > dwri...@untangledtechnology.com> wrote: >> > > > >> > > > > I would like to see a "virtual router offering" in the UI which >> > > > > lets >> > > you >> > > > > pick the legacy VR or your own. Probably a component of the >> > > > > network offering. I've had many cases were I needed Mikrotik >> > > > > RouterOS or >> > > pfSense >> > > > to >> > > > > match a clients on-premise gear. ACS should find a way to stay >> > > > > agnostic IMO. >> > > > > >> > > > > On Tue, Sep 13, 2016 at 11:36 AM, Marty Godsey >> > > > > >> > > > > wrote: >> > > > > >> > > > > > I like this idea as well. I would be willing to test both VyOS >> > > > > > and Cloudrouter if you need an active service to test with. >> > > > > > Specifically >> > > I >> > > > am >> > > > > > looking to test IPv6 since I provide IPv6 /64 spaces to my >> > > > > > customers >> > > > and >> > > > > I >> > > > > > am having to provide it via an external router at the moment >> > > > > > which >> > > has >> > > > a >> > > > > > lot of manual configurations. >> > > > > > >> > > > > > Let me know if I can help in anyway. >> > > > > > >> > > > > > -Original Message- >> > > > > > From: Will Stevens [mailto:williamstev...@gmail.com] >> > > > > > Sent: Tuesday, September 13, 2016 7:21 AM >> > > > > > To: dev@cloudstack.apache.org >> > > > > > Subject: Re: [DISCUSS] Replacing the VR >> > > > > > >> > > > > > Ya. If we go this way, I like the approach of building the >> > > integration >> > > > > and >> > > > > > putting it through its paces as a stand alone VR before we >> > > > > > consider replacing the old VR and making it the default. >> > > > > > >> > > > > > On Sep 13, 2016 6:52 AM, "Jayapal Uradi" < >> > > jayapal.ur...@accelerite.com >> > > > > >> > > > > > wrote: >> > > > > > >> > > > > > > Hi, >> > > > > > > >> > > > > > > Instead of replacing the VR in first place we
Re: [DISCUSS] Replacing the VR
Yes, not pretty, but this would probably be the best option for remote management of the vyos. https://github.com/vyos/python-vyos-mgmt On Sep 13, 2016 1:08 PM, "Simon Weller"wrote: > Yeah, today, the agent uses a script to inject CLI via ssh into the VR. > It's really (did I mention really) ugly. > > > From: Marty Godsey > Sent: Tuesday, September 13, 2016 12:05 PM > To: dev@cloudstack.apache.org > Subject: RE: [DISCUSS] Replacing the VR > > So it looks like we are eliminating CloudRouter. To many missing or non > API managed features. > > But in reading VyOS, it also does not have a remote management API so this > would have to be a "SSH to CLI" job. > > If I am not mistaken is this how it's done now? > > -Original Message- > From: williamstev...@gmail.com [mailto:williamstev...@gmail.com] On > Behalf Of Will Stevens > Sent: Tuesday, September 13, 2016 12:58 PM > To: dev@cloudstack.apache.org > Subject: Re: [DISCUSS] Replacing the VR > > Judging from this, it does not look like IPSec is managed via the API > though: > https://cloudrouter.atlassian.net/wiki/display/CPD/Bridging+ > Public+Clouds+with+CloudRouter > > I believe it is also missing VXLAN and VRRP, but I have not dug into it > yet. > > *Will STEVENS* > Lead Developer > > *CloudOps* *| *Cloud Solutions Experts > 420 rue Guy *|* Montreal *|* Quebec *|* H3J 1S6 w cloudops.com *|* tw > @CloudOps_ > > On Tue, Sep 13, 2016 at 12:53 PM, Marty Godsey > wrote: > > > It does.. Its under Secure Connectivity. > > > > -Original Message- > > From: Syed Ahmed [mailto:sah...@cloudops.com] > > Sent: Tuesday, September 13, 2016 12:49 PM > > To: dev@cloudstack.apache.org > > Subject: Re: [DISCUSS] Replacing the VR > > > > Does CloudRouter provide VPN (site-site and client)? Looking from > > their website I don't seem to find it. Also, missing is VVRP for > > redundancy. Has anyone used it for this? > > > > On Tue, Sep 13, 2016 at 12:43 PM, Zaeem Arshad > > > > wrote: > > > > > +1 on cloudrouter. We have been looking at this as a potential > > > replacement/addon to our existing VRs. > > > > > > On Tue, Sep 13, 2016 at 9:07 PM, Will Stevens > > > > > > wrote: > > > > > > > yes, technically we should be able to just make a new VR > > > > implementation available and then when people create their network > > > > offerings, they just pick which VR implementation they want to use > > > > for the different capabilities. > > > > > > > > *Will STEVENS* > > > > Lead Developer > > > > > > > > *CloudOps* *| *Cloud Solutions Experts > > > > 420 rue Guy *|* Montreal *|* Quebec *|* H3J 1S6 w cloudops.com *|* > > > > tw @CloudOps_ > > > > > > > > On Tue, Sep 13, 2016 at 11:41 AM, Dustin Wright < > > > > dwri...@untangledtechnology.com> wrote: > > > > > > > > > I would like to see a "virtual router offering" in the UI which > > > > > lets > > > you > > > > > pick the legacy VR or your own. Probably a component of the > > > > > network offering. I've had many cases were I needed Mikrotik > > > > > RouterOS or > > > pfSense > > > > to > > > > > match a clients on-premise gear. ACS should find a way to stay > > > > > agnostic IMO. > > > > > > > > > > On Tue, Sep 13, 2016 at 11:36 AM, Marty Godsey > > > > > > > > > > wrote: > > > > > > > > > > > I like this idea as well. I would be willing to test both VyOS > > > > > > and Cloudrouter if you need an active service to test with. > > > > > > Specifically > > > I > > > > am > > > > > > looking to test IPv6 since I provide IPv6 /64 spaces to my > > > > > > customers > > > > and > > > > > I > > > > > > am having to provide it via an external router at the moment > > > > > > which > > > has > > > > a > > > > > > lot of manual configurations. > > > > > > > > > > > > Let me know if I can help in anyway. > > > > > > > > > > > > -Original Message- > > > > > > From: Will Stevens [mailto:williamstev...@gmail.com] > > > > > > Sent: Tuesday, September 13, 2016 7:21 AM > > > > > > To: dev@cloudstack.apache.org > > > > > > Subject: Re: [DISCUSS] Replacing the VR > > > > > > > > > > > > Ya. If we go this way, I like the approach of building the > > > integration > > > > > and > > > > > > putting it through its paces as a stand alone VR before we > > > > > > consider replacing the old VR and making it the default. > > > > > > > > > > > > On Sep 13, 2016 6:52 AM, "Jayapal Uradi" < > > > jayapal.ur...@accelerite.com > > > > > > > > > > > wrote: > > > > > > > > > > > > > Hi, > > > > > > > > > > > > > > Instead of replacing the VR in first place we should add > > > > > > > VyOS/cloudrouter as provider. Once it is stable, network > > > > > > > offerings > > > > (on > > > > > > > upgrade) can be updated to use it and we can drop the VR if > > > > > > > we want > > > > at > > > > > > that release onwards. > > > > > > > > > > > > > > VR is stabilized over a period of
RE: [DISCUSS] Replacing the VR
I am trying to find their api documentation to get a feel for what cloudrouter can do via the API. On Sep 13, 2016 1:05 PM, "Marty Godsey"wrote: > So it looks like we are eliminating CloudRouter. To many missing or non > API managed features. > > But in reading VyOS, it also does not have a remote management API so this > would have to be a "SSH to CLI" job. > > If I am not mistaken is this how it's done now? > > -Original Message- > From: williamstev...@gmail.com [mailto:williamstev...@gmail.com] On > Behalf Of Will Stevens > Sent: Tuesday, September 13, 2016 12:58 PM > To: dev@cloudstack.apache.org > Subject: Re: [DISCUSS] Replacing the VR > > Judging from this, it does not look like IPSec is managed via the API > though: > https://cloudrouter.atlassian.net/wiki/display/CPD/Bridging+ > Public+Clouds+with+CloudRouter > > I believe it is also missing VXLAN and VRRP, but I have not dug into it > yet. > > *Will STEVENS* > Lead Developer > > *CloudOps* *| *Cloud Solutions Experts > 420 rue Guy *|* Montreal *|* Quebec *|* H3J 1S6 w cloudops.com *|* tw > @CloudOps_ > > On Tue, Sep 13, 2016 at 12:53 PM, Marty Godsey > wrote: > > > It does.. Its under Secure Connectivity. > > > > -Original Message- > > From: Syed Ahmed [mailto:sah...@cloudops.com] > > Sent: Tuesday, September 13, 2016 12:49 PM > > To: dev@cloudstack.apache.org > > Subject: Re: [DISCUSS] Replacing the VR > > > > Does CloudRouter provide VPN (site-site and client)? Looking from > > their website I don't seem to find it. Also, missing is VVRP for > > redundancy. Has anyone used it for this? > > > > On Tue, Sep 13, 2016 at 12:43 PM, Zaeem Arshad > > > > wrote: > > > > > +1 on cloudrouter. We have been looking at this as a potential > > > replacement/addon to our existing VRs. > > > > > > On Tue, Sep 13, 2016 at 9:07 PM, Will Stevens > > > > > > wrote: > > > > > > > yes, technically we should be able to just make a new VR > > > > implementation available and then when people create their network > > > > offerings, they just pick which VR implementation they want to use > > > > for the different capabilities. > > > > > > > > *Will STEVENS* > > > > Lead Developer > > > > > > > > *CloudOps* *| *Cloud Solutions Experts > > > > 420 rue Guy *|* Montreal *|* Quebec *|* H3J 1S6 w cloudops.com *|* > > > > tw @CloudOps_ > > > > > > > > On Tue, Sep 13, 2016 at 11:41 AM, Dustin Wright < > > > > dwri...@untangledtechnology.com> wrote: > > > > > > > > > I would like to see a "virtual router offering" in the UI which > > > > > lets > > > you > > > > > pick the legacy VR or your own. Probably a component of the > > > > > network offering. I've had many cases were I needed Mikrotik > > > > > RouterOS or > > > pfSense > > > > to > > > > > match a clients on-premise gear. ACS should find a way to stay > > > > > agnostic IMO. > > > > > > > > > > On Tue, Sep 13, 2016 at 11:36 AM, Marty Godsey > > > > > > > > > > wrote: > > > > > > > > > > > I like this idea as well. I would be willing to test both VyOS > > > > > > and Cloudrouter if you need an active service to test with. > > > > > > Specifically > > > I > > > > am > > > > > > looking to test IPv6 since I provide IPv6 /64 spaces to my > > > > > > customers > > > > and > > > > > I > > > > > > am having to provide it via an external router at the moment > > > > > > which > > > has > > > > a > > > > > > lot of manual configurations. > > > > > > > > > > > > Let me know if I can help in anyway. > > > > > > > > > > > > -Original Message- > > > > > > From: Will Stevens [mailto:williamstev...@gmail.com] > > > > > > Sent: Tuesday, September 13, 2016 7:21 AM > > > > > > To: dev@cloudstack.apache.org > > > > > > Subject: Re: [DISCUSS] Replacing the VR > > > > > > > > > > > > Ya. If we go this way, I like the approach of building the > > > integration > > > > > and > > > > > > putting it through its paces as a stand alone VR before we > > > > > > consider replacing the old VR and making it the default. > > > > > > > > > > > > On Sep 13, 2016 6:52 AM, "Jayapal Uradi" < > > > jayapal.ur...@accelerite.com > > > > > > > > > > > wrote: > > > > > > > > > > > > > Hi, > > > > > > > > > > > > > > Instead of replacing the VR in first place we should add > > > > > > > VyOS/cloudrouter as provider. Once it is stable, network > > > > > > > offerings > > > > (on > > > > > > > upgrade) can be updated to use it and we can drop the VR if > > > > > > > we want > > > > at > > > > > > that release onwards. > > > > > > > > > > > > > > VR is stabilized over a period of time and some of them are > > > > > > > running without issues. When we replicate the ACS VR > > > > > > > features in new > > > > solution > > > > > > > it takes some to find the missing pieces (hidden bugs). > > > > > > > > > > > > > > Thanks, > > > > > > > Jayapal > > > > > > > > > > > > > > > On Sep 13, 2016, at 2:52 PM, Nux! < > > > > > > > >
RE: [DISCUSS] Replacing the VR
So it looks like we are eliminating CloudRouter. To many missing or non API managed features. But in reading VyOS, it also does not have a remote management API so this would have to be a "SSH to CLI" job. If I am not mistaken is this how it's done now? -Original Message- From: williamstev...@gmail.com [mailto:williamstev...@gmail.com] On Behalf Of Will Stevens Sent: Tuesday, September 13, 2016 12:58 PM To: dev@cloudstack.apache.org Subject: Re: [DISCUSS] Replacing the VR Judging from this, it does not look like IPSec is managed via the API though: https://cloudrouter.atlassian.net/wiki/display/CPD/Bridging+Public+Clouds+with+CloudRouter I believe it is also missing VXLAN and VRRP, but I have not dug into it yet. *Will STEVENS* Lead Developer *CloudOps* *| *Cloud Solutions Experts 420 rue Guy *|* Montreal *|* Quebec *|* H3J 1S6 w cloudops.com *|* tw @CloudOps_ On Tue, Sep 13, 2016 at 12:53 PM, Marty Godseywrote: > It does.. Its under Secure Connectivity. > > -Original Message- > From: Syed Ahmed [mailto:sah...@cloudops.com] > Sent: Tuesday, September 13, 2016 12:49 PM > To: dev@cloudstack.apache.org > Subject: Re: [DISCUSS] Replacing the VR > > Does CloudRouter provide VPN (site-site and client)? Looking from > their website I don't seem to find it. Also, missing is VVRP for > redundancy. Has anyone used it for this? > > On Tue, Sep 13, 2016 at 12:43 PM, Zaeem Arshad > > wrote: > > > +1 on cloudrouter. We have been looking at this as a potential > > replacement/addon to our existing VRs. > > > > On Tue, Sep 13, 2016 at 9:07 PM, Will Stevens > > > > wrote: > > > > > yes, technically we should be able to just make a new VR > > > implementation available and then when people create their network > > > offerings, they just pick which VR implementation they want to use > > > for the different capabilities. > > > > > > *Will STEVENS* > > > Lead Developer > > > > > > *CloudOps* *| *Cloud Solutions Experts > > > 420 rue Guy *|* Montreal *|* Quebec *|* H3J 1S6 w cloudops.com *|* > > > tw @CloudOps_ > > > > > > On Tue, Sep 13, 2016 at 11:41 AM, Dustin Wright < > > > dwri...@untangledtechnology.com> wrote: > > > > > > > I would like to see a "virtual router offering" in the UI which > > > > lets > > you > > > > pick the legacy VR or your own. Probably a component of the > > > > network offering. I've had many cases were I needed Mikrotik > > > > RouterOS or > > pfSense > > > to > > > > match a clients on-premise gear. ACS should find a way to stay > > > > agnostic IMO. > > > > > > > > On Tue, Sep 13, 2016 at 11:36 AM, Marty Godsey > > > > > > > > wrote: > > > > > > > > > I like this idea as well. I would be willing to test both VyOS > > > > > and Cloudrouter if you need an active service to test with. > > > > > Specifically > > I > > > am > > > > > looking to test IPv6 since I provide IPv6 /64 spaces to my > > > > > customers > > > and > > > > I > > > > > am having to provide it via an external router at the moment > > > > > which > > has > > > a > > > > > lot of manual configurations. > > > > > > > > > > Let me know if I can help in anyway. > > > > > > > > > > -Original Message- > > > > > From: Will Stevens [mailto:williamstev...@gmail.com] > > > > > Sent: Tuesday, September 13, 2016 7:21 AM > > > > > To: dev@cloudstack.apache.org > > > > > Subject: Re: [DISCUSS] Replacing the VR > > > > > > > > > > Ya. If we go this way, I like the approach of building the > > integration > > > > and > > > > > putting it through its paces as a stand alone VR before we > > > > > consider replacing the old VR and making it the default. > > > > > > > > > > On Sep 13, 2016 6:52 AM, "Jayapal Uradi" < > > jayapal.ur...@accelerite.com > > > > > > > > > wrote: > > > > > > > > > > > Hi, > > > > > > > > > > > > Instead of replacing the VR in first place we should add > > > > > > VyOS/cloudrouter as provider. Once it is stable, network > > > > > > offerings > > > (on > > > > > > upgrade) can be updated to use it and we can drop the VR if > > > > > > we want > > > at > > > > > that release onwards. > > > > > > > > > > > > VR is stabilized over a period of time and some of them are > > > > > > running without issues. When we replicate the ACS VR > > > > > > features in new > > > solution > > > > > > it takes some to find the missing pieces (hidden bugs). > > > > > > > > > > > > Thanks, > > > > > > Jayapal > > > > > > > > > > > > > On Sep 13, 2016, at 2:52 PM, Nux! < > > > > > > > > > > > > > n...@li.nux.ro> wrote: > > > > > > > > > > > > > > Hi, > > > > > > > > > > > > > > I like the idea. > > > > > > > > > > > > > > Cloudrouter looks really promising, I'm not too keen on > > > > > > > VyOS (it doesn't > > > > > > have a proper http api etc). > > > > > > > > > > > > > > -- > > > > > > > Sent from the Delta quadrant using Borg technology! > > > > > > > > > > > > > > Nux! > > > > > > >
Re: [DISCUSS] Replacing the VR
Judging from this, it does not look like IPSec is managed via the API though: https://cloudrouter.atlassian.net/wiki/display/CPD/Bridging+Public+Clouds+with+CloudRouter I believe it is also missing VXLAN and VRRP, but I have not dug into it yet. *Will STEVENS* Lead Developer *CloudOps* *| *Cloud Solutions Experts 420 rue Guy *|* Montreal *|* Quebec *|* H3J 1S6 w cloudops.com *|* tw @CloudOps_ On Tue, Sep 13, 2016 at 12:53 PM, Marty Godseywrote: > It does.. Its under Secure Connectivity. > > -Original Message- > From: Syed Ahmed [mailto:sah...@cloudops.com] > Sent: Tuesday, September 13, 2016 12:49 PM > To: dev@cloudstack.apache.org > Subject: Re: [DISCUSS] Replacing the VR > > Does CloudRouter provide VPN (site-site and client)? Looking from their > website I don't seem to find it. Also, missing is VVRP for redundancy. Has > anyone used it for this? > > On Tue, Sep 13, 2016 at 12:43 PM, Zaeem Arshad > wrote: > > > +1 on cloudrouter. We have been looking at this as a potential > > replacement/addon to our existing VRs. > > > > On Tue, Sep 13, 2016 at 9:07 PM, Will Stevens > > wrote: > > > > > yes, technically we should be able to just make a new VR > > > implementation available and then when people create their network > > > offerings, they just pick which VR implementation they want to use > > > for the different capabilities. > > > > > > *Will STEVENS* > > > Lead Developer > > > > > > *CloudOps* *| *Cloud Solutions Experts > > > 420 rue Guy *|* Montreal *|* Quebec *|* H3J 1S6 w cloudops.com *|* > > > tw @CloudOps_ > > > > > > On Tue, Sep 13, 2016 at 11:41 AM, Dustin Wright < > > > dwri...@untangledtechnology.com> wrote: > > > > > > > I would like to see a "virtual router offering" in the UI which > > > > lets > > you > > > > pick the legacy VR or your own. Probably a component of the > > > > network offering. I've had many cases were I needed Mikrotik > > > > RouterOS or > > pfSense > > > to > > > > match a clients on-premise gear. ACS should find a way to stay > > > > agnostic IMO. > > > > > > > > On Tue, Sep 13, 2016 at 11:36 AM, Marty Godsey > > > > > > > > wrote: > > > > > > > > > I like this idea as well. I would be willing to test both VyOS > > > > > and Cloudrouter if you need an active service to test with. > > > > > Specifically > > I > > > am > > > > > looking to test IPv6 since I provide IPv6 /64 spaces to my > > > > > customers > > > and > > > > I > > > > > am having to provide it via an external router at the moment > > > > > which > > has > > > a > > > > > lot of manual configurations. > > > > > > > > > > Let me know if I can help in anyway. > > > > > > > > > > -Original Message- > > > > > From: Will Stevens [mailto:williamstev...@gmail.com] > > > > > Sent: Tuesday, September 13, 2016 7:21 AM > > > > > To: dev@cloudstack.apache.org > > > > > Subject: Re: [DISCUSS] Replacing the VR > > > > > > > > > > Ya. If we go this way, I like the approach of building the > > integration > > > > and > > > > > putting it through its paces as a stand alone VR before we > > > > > consider replacing the old VR and making it the default. > > > > > > > > > > On Sep 13, 2016 6:52 AM, "Jayapal Uradi" < > > jayapal.ur...@accelerite.com > > > > > > > > > wrote: > > > > > > > > > > > Hi, > > > > > > > > > > > > Instead of replacing the VR in first place we should add > > > > > > VyOS/cloudrouter as provider. Once it is stable, network > > > > > > offerings > > > (on > > > > > > upgrade) can be updated to use it and we can drop the VR if we > > > > > > want > > > at > > > > > that release onwards. > > > > > > > > > > > > VR is stabilized over a period of time and some of them are > > > > > > running without issues. When we replicate the ACS VR features > > > > > > in new > > > solution > > > > > > it takes some to find the missing pieces (hidden bugs). > > > > > > > > > > > > Thanks, > > > > > > Jayapal > > > > > > > > > > > > > On Sep 13, 2016, at 2:52 PM, Nux! < > > > > > > > > > > > > > n...@li.nux.ro> wrote: > > > > > > > > > > > > > > Hi, > > > > > > > > > > > > > > I like the idea. > > > > > > > > > > > > > > Cloudrouter looks really promising, I'm not too keen on VyOS > > > > > > > (it doesn't > > > > > > have a proper http api etc). > > > > > > > > > > > > > > -- > > > > > > > Sent from the Delta quadrant using Borg technology! > > > > > > > > > > > > > > Nux! > > > > > > > www.nux.ro > > > > > > > > > > > > > > - Original Message - > > > > > > >> From: "Will Stevens" > > > > > > >> To: dev@cloudstack.apache.org > > > > > > >> Sent: Monday, 12 September, 2016 21:20:11 > > > > > > >> Subject: [DISCUSS] Replacing the VR > > > > > > > > > > > > > >> *Disclaimer:* This is a thought experiment and should be > > > > > > >> treated > > > as > > > > > > such. > > > > > > >> Please weigh in with the good and bad of this idea... > > > > > > >> > > > > > > >> A couple
RE: [DISCUSS] Replacing the VR
It does.. Its under Secure Connectivity. -Original Message- From: Syed Ahmed [mailto:sah...@cloudops.com] Sent: Tuesday, September 13, 2016 12:49 PM To: dev@cloudstack.apache.org Subject: Re: [DISCUSS] Replacing the VR Does CloudRouter provide VPN (site-site and client)? Looking from their website I don't seem to find it. Also, missing is VVRP for redundancy. Has anyone used it for this? On Tue, Sep 13, 2016 at 12:43 PM, Zaeem Arshadwrote: > +1 on cloudrouter. We have been looking at this as a potential > replacement/addon to our existing VRs. > > On Tue, Sep 13, 2016 at 9:07 PM, Will Stevens > wrote: > > > yes, technically we should be able to just make a new VR > > implementation available and then when people create their network > > offerings, they just pick which VR implementation they want to use > > for the different capabilities. > > > > *Will STEVENS* > > Lead Developer > > > > *CloudOps* *| *Cloud Solutions Experts > > 420 rue Guy *|* Montreal *|* Quebec *|* H3J 1S6 w cloudops.com *|* > > tw @CloudOps_ > > > > On Tue, Sep 13, 2016 at 11:41 AM, Dustin Wright < > > dwri...@untangledtechnology.com> wrote: > > > > > I would like to see a "virtual router offering" in the UI which > > > lets > you > > > pick the legacy VR or your own. Probably a component of the > > > network offering. I've had many cases were I needed Mikrotik > > > RouterOS or > pfSense > > to > > > match a clients on-premise gear. ACS should find a way to stay > > > agnostic IMO. > > > > > > On Tue, Sep 13, 2016 at 11:36 AM, Marty Godsey > > > > > > wrote: > > > > > > > I like this idea as well. I would be willing to test both VyOS > > > > and Cloudrouter if you need an active service to test with. > > > > Specifically > I > > am > > > > looking to test IPv6 since I provide IPv6 /64 spaces to my > > > > customers > > and > > > I > > > > am having to provide it via an external router at the moment > > > > which > has > > a > > > > lot of manual configurations. > > > > > > > > Let me know if I can help in anyway. > > > > > > > > -Original Message- > > > > From: Will Stevens [mailto:williamstev...@gmail.com] > > > > Sent: Tuesday, September 13, 2016 7:21 AM > > > > To: dev@cloudstack.apache.org > > > > Subject: Re: [DISCUSS] Replacing the VR > > > > > > > > Ya. If we go this way, I like the approach of building the > integration > > > and > > > > putting it through its paces as a stand alone VR before we > > > > consider replacing the old VR and making it the default. > > > > > > > > On Sep 13, 2016 6:52 AM, "Jayapal Uradi" < > jayapal.ur...@accelerite.com > > > > > > > wrote: > > > > > > > > > Hi, > > > > > > > > > > Instead of replacing the VR in first place we should add > > > > > VyOS/cloudrouter as provider. Once it is stable, network > > > > > offerings > > (on > > > > > upgrade) can be updated to use it and we can drop the VR if we > > > > > want > > at > > > > that release onwards. > > > > > > > > > > VR is stabilized over a period of time and some of them are > > > > > running without issues. When we replicate the ACS VR features > > > > > in new > > solution > > > > > it takes some to find the missing pieces (hidden bugs). > > > > > > > > > > Thanks, > > > > > Jayapal > > > > > > > > > > > On Sep 13, 2016, at 2:52 PM, Nux! < > > > > > > > > > > > n...@li.nux.ro> wrote: > > > > > > > > > > > > Hi, > > > > > > > > > > > > I like the idea. > > > > > > > > > > > > Cloudrouter looks really promising, I'm not too keen on VyOS > > > > > > (it doesn't > > > > > have a proper http api etc). > > > > > > > > > > > > -- > > > > > > Sent from the Delta quadrant using Borg technology! > > > > > > > > > > > > Nux! > > > > > > www.nux.ro > > > > > > > > > > > > - Original Message - > > > > > >> From: "Will Stevens" > > > > > >> To: dev@cloudstack.apache.org > > > > > >> Sent: Monday, 12 September, 2016 21:20:11 > > > > > >> Subject: [DISCUSS] Replacing the VR > > > > > > > > > > > >> *Disclaimer:* This is a thought experiment and should be > > > > > >> treated > > as > > > > > such. > > > > > >> Please weigh in with the good and bad of this idea... > > > > > >> > > > > > >> A couple of us have been discussing the idea of potentially > > > > > >> replacing > > > > > the > > > > > >> ACS VR with the VyOS [1] (Open Source Vyatta VM). There > > > > > >> may be > a > > > > > license > > > > > >> issue because I think it is licensed under GPL, but for the > > > > > >> sake > > of > > > > > >> discussion, let's assume we can overcome any license issues. > > > > > >> > > > > > >> I have spent some time recently with the VyOS and I have to > admit, > > > > > >> I was pretty impressed. It is simple and intuitive and it > > > > > >> gives you a lot > > > > > more > > > > > >> options for auditing the configuration etc... > > > > > >> > > > > > >> Items of potential interest: > > > > > >> - Clean
Re: [DISCUSS] Replacing the VR
Does CloudRouter provide VPN (site-site and client)? Looking from their website I don't seem to find it. Also, missing is VVRP for redundancy. Has anyone used it for this? On Tue, Sep 13, 2016 at 12:43 PM, Zaeem Arshadwrote: > +1 on cloudrouter. We have been looking at this as a potential > replacement/addon to our existing VRs. > > On Tue, Sep 13, 2016 at 9:07 PM, Will Stevens > wrote: > > > yes, technically we should be able to just make a new VR implementation > > available and then when people create their network offerings, they just > > pick which VR implementation they want to use for the different > > capabilities. > > > > *Will STEVENS* > > Lead Developer > > > > *CloudOps* *| *Cloud Solutions Experts > > 420 rue Guy *|* Montreal *|* Quebec *|* H3J 1S6 > > w cloudops.com *|* tw @CloudOps_ > > > > On Tue, Sep 13, 2016 at 11:41 AM, Dustin Wright < > > dwri...@untangledtechnology.com> wrote: > > > > > I would like to see a "virtual router offering" in the UI which lets > you > > > pick the legacy VR or your own. Probably a component of the network > > > offering. I've had many cases were I needed Mikrotik RouterOS or > pfSense > > to > > > match a clients on-premise gear. ACS should find a way to stay agnostic > > > IMO. > > > > > > On Tue, Sep 13, 2016 at 11:36 AM, Marty Godsey > > > wrote: > > > > > > > I like this idea as well. I would be willing to test both VyOS and > > > > Cloudrouter if you need an active service to test with. Specifically > I > > am > > > > looking to test IPv6 since I provide IPv6 /64 spaces to my customers > > and > > > I > > > > am having to provide it via an external router at the moment which > has > > a > > > > lot of manual configurations. > > > > > > > > Let me know if I can help in anyway. > > > > > > > > -Original Message- > > > > From: Will Stevens [mailto:williamstev...@gmail.com] > > > > Sent: Tuesday, September 13, 2016 7:21 AM > > > > To: dev@cloudstack.apache.org > > > > Subject: Re: [DISCUSS] Replacing the VR > > > > > > > > Ya. If we go this way, I like the approach of building the > integration > > > and > > > > putting it through its paces as a stand alone VR before we consider > > > > replacing the old VR and making it the default. > > > > > > > > On Sep 13, 2016 6:52 AM, "Jayapal Uradi" < > jayapal.ur...@accelerite.com > > > > > > > wrote: > > > > > > > > > Hi, > > > > > > > > > > Instead of replacing the VR in first place we should add > > > > > VyOS/cloudrouter as provider. Once it is stable, network offerings > > (on > > > > > upgrade) can be updated to use it and we can drop the VR if we want > > at > > > > that release onwards. > > > > > > > > > > VR is stabilized over a period of time and some of them are running > > > > > without issues. When we replicate the ACS VR features in new > > solution > > > > > it takes some to find the missing pieces (hidden bugs). > > > > > > > > > > Thanks, > > > > > Jayapal > > > > > > > > > > > On Sep 13, 2016, at 2:52 PM, Nux! < > > > > > > > > > > > n...@li.nux.ro> wrote: > > > > > > > > > > > > Hi, > > > > > > > > > > > > I like the idea. > > > > > > > > > > > > Cloudrouter looks really promising, I'm not too keen on VyOS (it > > > > > > doesn't > > > > > have a proper http api etc). > > > > > > > > > > > > -- > > > > > > Sent from the Delta quadrant using Borg technology! > > > > > > > > > > > > Nux! > > > > > > www.nux.ro > > > > > > > > > > > > - Original Message - > > > > > >> From: "Will Stevens" > > > > > >> To: dev@cloudstack.apache.org > > > > > >> Sent: Monday, 12 September, 2016 21:20:11 > > > > > >> Subject: [DISCUSS] Replacing the VR > > > > > > > > > > > >> *Disclaimer:* This is a thought experiment and should be treated > > as > > > > > such. > > > > > >> Please weigh in with the good and bad of this idea... > > > > > >> > > > > > >> A couple of us have been discussing the idea of potentially > > > > > >> replacing > > > > > the > > > > > >> ACS VR with the VyOS [1] (Open Source Vyatta VM). There may be > a > > > > > license > > > > > >> issue because I think it is licensed under GPL, but for the sake > > of > > > > > >> discussion, let's assume we can overcome any license issues. > > > > > >> > > > > > >> I have spent some time recently with the VyOS and I have to > admit, > > > > > >> I was pretty impressed. It is simple and intuitive and it gives > > > > > >> you a lot > > > > > more > > > > > >> options for auditing the configuration etc... > > > > > >> > > > > > >> Items of potential interest: > > > > > >> - Clean up our current VR script spaghetti to a simpler more > > > > > >> auditable configuration workflow. > > > > > >> - Gives a cleaner path for IPv6 support. > > > > > >> - Handles VPN configuration via the same configuration > interface. > > > > > >> - Support for OSPF & BGP. > > > > > >> - VPN support through OpenVPN & StrongSwan. > > > > > >> - Easily supports HA
RE: [DISCUSS] Replacing the VR
I have spent all of 2 mins looking at Cloudrouter so it may do this and I haven’t found it but according to the feature list it doesn't support VXLANS. Am I missing it somewhere? -Original Message- From: Zaeem Arshad [mailto:zaeem.ars...@gmail.com] Sent: Tuesday, September 13, 2016 12:43 PM To: dev@cloudstack.apache.org Subject: Re: [DISCUSS] Replacing the VR +1 on cloudrouter. We have been looking at this as a potential replacement/addon to our existing VRs. On Tue, Sep 13, 2016 at 9:07 PM, Will Stevenswrote: > yes, technically we should be able to just make a new VR > implementation available and then when people create their network > offerings, they just pick which VR implementation they want to use for > the different capabilities. > > *Will STEVENS* > Lead Developer > > *CloudOps* *| *Cloud Solutions Experts > 420 rue Guy *|* Montreal *|* Quebec *|* H3J 1S6 w cloudops.com *|* tw > @CloudOps_ > > On Tue, Sep 13, 2016 at 11:41 AM, Dustin Wright < > dwri...@untangledtechnology.com> wrote: > > > I would like to see a "virtual router offering" in the UI which lets > > you pick the legacy VR or your own. Probably a component of the > > network offering. I've had many cases were I needed Mikrotik > > RouterOS or pfSense > to > > match a clients on-premise gear. ACS should find a way to stay > > agnostic IMO. > > > > On Tue, Sep 13, 2016 at 11:36 AM, Marty Godsey > > wrote: > > > > > I like this idea as well. I would be willing to test both VyOS and > > > Cloudrouter if you need an active service to test with. > > > Specifically I > am > > > looking to test IPv6 since I provide IPv6 /64 spaces to my > > > customers > and > > I > > > am having to provide it via an external router at the moment which > > > has > a > > > lot of manual configurations. > > > > > > Let me know if I can help in anyway. > > > > > > -Original Message- > > > From: Will Stevens [mailto:williamstev...@gmail.com] > > > Sent: Tuesday, September 13, 2016 7:21 AM > > > To: dev@cloudstack.apache.org > > > Subject: Re: [DISCUSS] Replacing the VR > > > > > > Ya. If we go this way, I like the approach of building the > > > integration > > and > > > putting it through its paces as a stand alone VR before we > > > consider replacing the old VR and making it the default. > > > > > > On Sep 13, 2016 6:52 AM, "Jayapal Uradi" > > > > > > > wrote: > > > > > > > Hi, > > > > > > > > Instead of replacing the VR in first place we should add > > > > VyOS/cloudrouter as provider. Once it is stable, network > > > > offerings > (on > > > > upgrade) can be updated to use it and we can drop the VR if we > > > > want > at > > > that release onwards. > > > > > > > > VR is stabilized over a period of time and some of them are > > > > running without issues. When we replicate the ACS VR features > > > > in new > solution > > > > it takes some to find the missing pieces (hidden bugs). > > > > > > > > Thanks, > > > > Jayapal > > > > > > > > > On Sep 13, 2016, at 2:52 PM, Nux! < > > > > > > > > > n...@li.nux.ro> wrote: > > > > > > > > > > Hi, > > > > > > > > > > I like the idea. > > > > > > > > > > Cloudrouter looks really promising, I'm not too keen on VyOS > > > > > (it doesn't > > > > have a proper http api etc). > > > > > > > > > > -- > > > > > Sent from the Delta quadrant using Borg technology! > > > > > > > > > > Nux! > > > > > www.nux.ro > > > > > > > > > > - Original Message - > > > > >> From: "Will Stevens" > > > > >> To: dev@cloudstack.apache.org > > > > >> Sent: Monday, 12 September, 2016 21:20:11 > > > > >> Subject: [DISCUSS] Replacing the VR > > > > > > > > > >> *Disclaimer:* This is a thought experiment and should be > > > > >> treated > as > > > > such. > > > > >> Please weigh in with the good and bad of this idea... > > > > >> > > > > >> A couple of us have been discussing the idea of potentially > > > > >> replacing > > > > the > > > > >> ACS VR with the VyOS [1] (Open Source Vyatta VM). There may > > > > >> be a > > > > license > > > > >> issue because I think it is licensed under GPL, but for the > > > > >> sake > of > > > > >> discussion, let's assume we can overcome any license issues. > > > > >> > > > > >> I have spent some time recently with the VyOS and I have to > > > > >> admit, I was pretty impressed. It is simple and intuitive > > > > >> and it gives you a lot > > > > more > > > > >> options for auditing the configuration etc... > > > > >> > > > > >> Items of potential interest: > > > > >> - Clean up our current VR script spaghetti to a simpler more > > > > >> auditable configuration workflow. > > > > >> - Gives a cleaner path for IPv6 support. > > > > >> - Handles VPN configuration via the same configuration interface. > > > > >> - Support for OSPF & BGP. > > > > >> - VPN support through OpenVPN & StrongSwan. > > > > >> - Easily supports HA (redundant routers) through
Re: [DISCUSS] Replacing the VR
+1 on cloudrouter. We have been looking at this as a potential replacement/addon to our existing VRs. On Tue, Sep 13, 2016 at 9:07 PM, Will Stevenswrote: > yes, technically we should be able to just make a new VR implementation > available and then when people create their network offerings, they just > pick which VR implementation they want to use for the different > capabilities. > > *Will STEVENS* > Lead Developer > > *CloudOps* *| *Cloud Solutions Experts > 420 rue Guy *|* Montreal *|* Quebec *|* H3J 1S6 > w cloudops.com *|* tw @CloudOps_ > > On Tue, Sep 13, 2016 at 11:41 AM, Dustin Wright < > dwri...@untangledtechnology.com> wrote: > > > I would like to see a "virtual router offering" in the UI which lets you > > pick the legacy VR or your own. Probably a component of the network > > offering. I've had many cases were I needed Mikrotik RouterOS or pfSense > to > > match a clients on-premise gear. ACS should find a way to stay agnostic > > IMO. > > > > On Tue, Sep 13, 2016 at 11:36 AM, Marty Godsey > > wrote: > > > > > I like this idea as well. I would be willing to test both VyOS and > > > Cloudrouter if you need an active service to test with. Specifically I > am > > > looking to test IPv6 since I provide IPv6 /64 spaces to my customers > and > > I > > > am having to provide it via an external router at the moment which has > a > > > lot of manual configurations. > > > > > > Let me know if I can help in anyway. > > > > > > -Original Message- > > > From: Will Stevens [mailto:williamstev...@gmail.com] > > > Sent: Tuesday, September 13, 2016 7:21 AM > > > To: dev@cloudstack.apache.org > > > Subject: Re: [DISCUSS] Replacing the VR > > > > > > Ya. If we go this way, I like the approach of building the integration > > and > > > putting it through its paces as a stand alone VR before we consider > > > replacing the old VR and making it the default. > > > > > > On Sep 13, 2016 6:52 AM, "Jayapal Uradi" > > > > wrote: > > > > > > > Hi, > > > > > > > > Instead of replacing the VR in first place we should add > > > > VyOS/cloudrouter as provider. Once it is stable, network offerings > (on > > > > upgrade) can be updated to use it and we can drop the VR if we want > at > > > that release onwards. > > > > > > > > VR is stabilized over a period of time and some of them are running > > > > without issues. When we replicate the ACS VR features in new > solution > > > > it takes some to find the missing pieces (hidden bugs). > > > > > > > > Thanks, > > > > Jayapal > > > > > > > > > On Sep 13, 2016, at 2:52 PM, Nux! < > > > > > > > > > n...@li.nux.ro> wrote: > > > > > > > > > > Hi, > > > > > > > > > > I like the idea. > > > > > > > > > > Cloudrouter looks really promising, I'm not too keen on VyOS (it > > > > > doesn't > > > > have a proper http api etc). > > > > > > > > > > -- > > > > > Sent from the Delta quadrant using Borg technology! > > > > > > > > > > Nux! > > > > > www.nux.ro > > > > > > > > > > - Original Message - > > > > >> From: "Will Stevens" > > > > >> To: dev@cloudstack.apache.org > > > > >> Sent: Monday, 12 September, 2016 21:20:11 > > > > >> Subject: [DISCUSS] Replacing the VR > > > > > > > > > >> *Disclaimer:* This is a thought experiment and should be treated > as > > > > such. > > > > >> Please weigh in with the good and bad of this idea... > > > > >> > > > > >> A couple of us have been discussing the idea of potentially > > > > >> replacing > > > > the > > > > >> ACS VR with the VyOS [1] (Open Source Vyatta VM). There may be a > > > > license > > > > >> issue because I think it is licensed under GPL, but for the sake > of > > > > >> discussion, let's assume we can overcome any license issues. > > > > >> > > > > >> I have spent some time recently with the VyOS and I have to admit, > > > > >> I was pretty impressed. It is simple and intuitive and it gives > > > > >> you a lot > > > > more > > > > >> options for auditing the configuration etc... > > > > >> > > > > >> Items of potential interest: > > > > >> - Clean up our current VR script spaghetti to a simpler more > > > > >> auditable configuration workflow. > > > > >> - Gives a cleaner path for IPv6 support. > > > > >> - Handles VPN configuration via the same configuration interface. > > > > >> - Support for OSPF & BGP. > > > > >> - VPN support through OpenVPN & StrongSwan. > > > > >> - Easily supports HA (redundant routers) through VRRP. > > > > >> - VXLAN support. > > > > >> - Transaction based changes to the VR with rollback on error. > > > > >> > > > > >> Items that could be difficult to solve: > > > > >> - Userdata password reset workflow and implementation. > > > > >> - Upgrade process. > > > > >> > > > > >> The VyOS is not the only option if we were to consider this > > approach. > > > > >> Another option, which I don't know as well, would be CloudRouter > > > > >> (AGPL > > > > >> license) [2] which is purely API
Re: CloudStack European User Group
> Op 13 september 2016 om 13:33 schreef Steve Roles: > > > Hi all, > > We're very excited to announce the Autumn 2016 meetup, in London, Thursday, > November 24 (agenda & speakers TBC): > > https://www.eventbrite.co.uk/e/cloudstack-european-user-group-tickets-27604537916 > > VENUE: BT Centre showcase, 81 Newgate St, London, EC1A 7AJ. Nearest tube: St. > Paul's > > As well as talks from guest speakers, there will be the chance to meet with > other CloudStack users, lunch, and time to continue the discussions over a > beer or two in the evening. > > It would be great to see some of you there! Would have loved to come over, but I can't. Hope to see a big audience turn up! Wido > > Best regards, > > > steve.ro...@shapeblue.com > www.shapeblue.com > 53 Chandos Place, Covent Garden, London WC2N 4HSUK > @shapeblue > > >
Re: [DISCUSS] Replacing the VR
yes, technically we should be able to just make a new VR implementation available and then when people create their network offerings, they just pick which VR implementation they want to use for the different capabilities. *Will STEVENS* Lead Developer *CloudOps* *| *Cloud Solutions Experts 420 rue Guy *|* Montreal *|* Quebec *|* H3J 1S6 w cloudops.com *|* tw @CloudOps_ On Tue, Sep 13, 2016 at 11:41 AM, Dustin Wright < dwri...@untangledtechnology.com> wrote: > I would like to see a "virtual router offering" in the UI which lets you > pick the legacy VR or your own. Probably a component of the network > offering. I've had many cases were I needed Mikrotik RouterOS or pfSense to > match a clients on-premise gear. ACS should find a way to stay agnostic > IMO. > > On Tue, Sep 13, 2016 at 11:36 AM, Marty Godsey> wrote: > > > I like this idea as well. I would be willing to test both VyOS and > > Cloudrouter if you need an active service to test with. Specifically I am > > looking to test IPv6 since I provide IPv6 /64 spaces to my customers and > I > > am having to provide it via an external router at the moment which has a > > lot of manual configurations. > > > > Let me know if I can help in anyway. > > > > -Original Message- > > From: Will Stevens [mailto:williamstev...@gmail.com] > > Sent: Tuesday, September 13, 2016 7:21 AM > > To: dev@cloudstack.apache.org > > Subject: Re: [DISCUSS] Replacing the VR > > > > Ya. If we go this way, I like the approach of building the integration > and > > putting it through its paces as a stand alone VR before we consider > > replacing the old VR and making it the default. > > > > On Sep 13, 2016 6:52 AM, "Jayapal Uradi" > > wrote: > > > > > Hi, > > > > > > Instead of replacing the VR in first place we should add > > > VyOS/cloudrouter as provider. Once it is stable, network offerings (on > > > upgrade) can be updated to use it and we can drop the VR if we want at > > that release onwards. > > > > > > VR is stabilized over a period of time and some of them are running > > > without issues. When we replicate the ACS VR features in new solution > > > it takes some to find the missing pieces (hidden bugs). > > > > > > Thanks, > > > Jayapal > > > > > > > On Sep 13, 2016, at 2:52 PM, Nux! < > > > > > > > n...@li.nux.ro> wrote: > > > > > > > > Hi, > > > > > > > > I like the idea. > > > > > > > > Cloudrouter looks really promising, I'm not too keen on VyOS (it > > > > doesn't > > > have a proper http api etc). > > > > > > > > -- > > > > Sent from the Delta quadrant using Borg technology! > > > > > > > > Nux! > > > > www.nux.ro > > > > > > > > - Original Message - > > > >> From: "Will Stevens" > > > >> To: dev@cloudstack.apache.org > > > >> Sent: Monday, 12 September, 2016 21:20:11 > > > >> Subject: [DISCUSS] Replacing the VR > > > > > > > >> *Disclaimer:* This is a thought experiment and should be treated as > > > such. > > > >> Please weigh in with the good and bad of this idea... > > > >> > > > >> A couple of us have been discussing the idea of potentially > > > >> replacing > > > the > > > >> ACS VR with the VyOS [1] (Open Source Vyatta VM). There may be a > > > license > > > >> issue because I think it is licensed under GPL, but for the sake of > > > >> discussion, let's assume we can overcome any license issues. > > > >> > > > >> I have spent some time recently with the VyOS and I have to admit, > > > >> I was pretty impressed. It is simple and intuitive and it gives > > > >> you a lot > > > more > > > >> options for auditing the configuration etc... > > > >> > > > >> Items of potential interest: > > > >> - Clean up our current VR script spaghetti to a simpler more > > > >> auditable configuration workflow. > > > >> - Gives a cleaner path for IPv6 support. > > > >> - Handles VPN configuration via the same configuration interface. > > > >> - Support for OSPF & BGP. > > > >> - VPN support through OpenVPN & StrongSwan. > > > >> - Easily supports HA (redundant routers) through VRRP. > > > >> - VXLAN support. > > > >> - Transaction based changes to the VR with rollback on error. > > > >> > > > >> Items that could be difficult to solve: > > > >> - Userdata password reset workflow and implementation. > > > >> - Upgrade process. > > > >> > > > >> The VyOS is not the only option if we were to consider this > approach. > > > >> Another option, which I don't know as well, would be CloudRouter > > > >> (AGPL > > > >> license) [2] which is purely API driven. > > > >> > > > >> Anyway, would love to hear your thoughts... > > > >> > > > >> Will > > > >> > > > >> [1] https://vyos.io/ > > > >> [2] https://cloudrouter.org/ > > > > > > > > > > > > > > > DISCLAIMER > > > == > > > This e-mail may contain privileged and confidential information which > > > is the property of Accelerite, a Persistent Systems business. It is > > > intended only for the use of the individual or entity to
HAProxy [native virtual CS Loadbalancer] - SSL offload support - CLOUDSTACK-9499
Hi, SSL offload support in Cloudstack and documented here: https://cwiki.apache.org/confluence/display/CLOUDSTACK/ SSL+Termination+Support is currently only available to NetScaler LB devices. If we try to attach a certificate to a CloudStack Virtual Router LB: assignCertToLoadBalancer=3b0621cd-203f-46a9- b3ad-97e7e70c77ab=2556 It returns the following error: 2016-09-05 18:32:16,244 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl] (API-Job-Executor-111:ctx-4f7864f6 job-48170) Complete async job-48170, jobStatus: FAILED, resultCode: 530, result: org.apache.cloudstack.api. response.ExceptionResponse/null/ {"uuidList":[],"errorcode":431,"errortext":"Ssl termination not supported by the loadbalancer"} The CloudStack VR uses haproxy for LB and ssl offloading is something haproxy can handle. The standard type of configuration issued by cloudstack: listen 8_8_8_8-443 8.8.8.8:443 balance roundrobin server 8_8_8_8-443_0 192.168.1.2:443 check server 8_8_8_8-443_1 192.168.1.3:443 check By default CS configures it's loadbalancers in tcp mode. To enable SSL offloading we would however need this kind of configuration: listen 8_8_8_8-443 bind 8.8.8.8:443 ssl crt /etc/haproxy/ssl-cert-3b0621cd-203f-46a9-b3ad-97e7e70c77ab.pem crt /etc/haproxy/ssl-cert-----.pem mode http balance roundrobin server 8_8_8_8-443_0 192.168.1.2:443 check ssl verify none server 8_8_8_8-443_1 192.168.1.3:443 check ssl verify none This could be implemented by modifying the API and the HAProxyConfigurator script. Also, in my example configuration I've put two certificates, HAProxy manages this pretty well so it would be nice to be able to assign more than one certificate to a LB. I've already opened a Jira issue for this case: CLOUDSTACK-9499 - https://issues.apache.org/jira/browse/CLOUDSTACK-9499 Kind regards, Alessandro
Re: [DISCUSS] Replacing the VR
I would like to see a "virtual router offering" in the UI which lets you pick the legacy VR or your own. Probably a component of the network offering. I've had many cases were I needed Mikrotik RouterOS or pfSense to match a clients on-premise gear. ACS should find a way to stay agnostic IMO. On Tue, Sep 13, 2016 at 11:36 AM, Marty Godseywrote: > I like this idea as well. I would be willing to test both VyOS and > Cloudrouter if you need an active service to test with. Specifically I am > looking to test IPv6 since I provide IPv6 /64 spaces to my customers and I > am having to provide it via an external router at the moment which has a > lot of manual configurations. > > Let me know if I can help in anyway. > > -Original Message- > From: Will Stevens [mailto:williamstev...@gmail.com] > Sent: Tuesday, September 13, 2016 7:21 AM > To: dev@cloudstack.apache.org > Subject: Re: [DISCUSS] Replacing the VR > > Ya. If we go this way, I like the approach of building the integration and > putting it through its paces as a stand alone VR before we consider > replacing the old VR and making it the default. > > On Sep 13, 2016 6:52 AM, "Jayapal Uradi" > wrote: > > > Hi, > > > > Instead of replacing the VR in first place we should add > > VyOS/cloudrouter as provider. Once it is stable, network offerings (on > > upgrade) can be updated to use it and we can drop the VR if we want at > that release onwards. > > > > VR is stabilized over a period of time and some of them are running > > without issues. When we replicate the ACS VR features in new solution > > it takes some to find the missing pieces (hidden bugs). > > > > Thanks, > > Jayapal > > > > > On Sep 13, 2016, at 2:52 PM, Nux! < > > > > > n...@li.nux.ro> wrote: > > > > > > Hi, > > > > > > I like the idea. > > > > > > Cloudrouter looks really promising, I'm not too keen on VyOS (it > > > doesn't > > have a proper http api etc). > > > > > > -- > > > Sent from the Delta quadrant using Borg technology! > > > > > > Nux! > > > www.nux.ro > > > > > > - Original Message - > > >> From: "Will Stevens" > > >> To: dev@cloudstack.apache.org > > >> Sent: Monday, 12 September, 2016 21:20:11 > > >> Subject: [DISCUSS] Replacing the VR > > > > > >> *Disclaimer:* This is a thought experiment and should be treated as > > such. > > >> Please weigh in with the good and bad of this idea... > > >> > > >> A couple of us have been discussing the idea of potentially > > >> replacing > > the > > >> ACS VR with the VyOS [1] (Open Source Vyatta VM). There may be a > > license > > >> issue because I think it is licensed under GPL, but for the sake of > > >> discussion, let's assume we can overcome any license issues. > > >> > > >> I have spent some time recently with the VyOS and I have to admit, > > >> I was pretty impressed. It is simple and intuitive and it gives > > >> you a lot > > more > > >> options for auditing the configuration etc... > > >> > > >> Items of potential interest: > > >> - Clean up our current VR script spaghetti to a simpler more > > >> auditable configuration workflow. > > >> - Gives a cleaner path for IPv6 support. > > >> - Handles VPN configuration via the same configuration interface. > > >> - Support for OSPF & BGP. > > >> - VPN support through OpenVPN & StrongSwan. > > >> - Easily supports HA (redundant routers) through VRRP. > > >> - VXLAN support. > > >> - Transaction based changes to the VR with rollback on error. > > >> > > >> Items that could be difficult to solve: > > >> - Userdata password reset workflow and implementation. > > >> - Upgrade process. > > >> > > >> The VyOS is not the only option if we were to consider this approach. > > >> Another option, which I don't know as well, would be CloudRouter > > >> (AGPL > > >> license) [2] which is purely API driven. > > >> > > >> Anyway, would love to hear your thoughts... > > >> > > >> Will > > >> > > >> [1] https://vyos.io/ > > >> [2] https://cloudrouter.org/ > > > > > > > > > > DISCLAIMER > > == > > This e-mail may contain privileged and confidential information which > > is the property of Accelerite, a Persistent Systems business. It is > > intended only for the use of the individual or entity to which it is > > addressed. If you are not the intended recipient, you are not > > authorized to read, retain, copy, print, distribute or use this > > message. If you have received this communication in error, please > > notify the sender and delete all copies of this message. Accelerite, a > > Persistent Systems business does not accept any liability for virus > infected mails. > > >
[GitHub] cloudstack issue #1666: CLOUDSTACK-9480: Egress Firewall: Incorrect use of A...
Github user cloudmonger commented on the issue: https://github.com/apache/cloudstack/pull/1666 ### ACS CI BVT Run **Sumarry:** Build Number 93 Hypervisor xenserver NetworkType Advanced Passed=102 Failed=1 Skipped=4 _Link to logs Folder (search by build_no):_ https://www.dropbox.com/sh/yj3wnzbceo9uef2/AAB6u-Iap-xztdm6jHX9SjPja?dl=0 **Failed tests:** * test_non_contigiousvlan.py * test_extendPhysicalNetworkVlan Failing since 11 runs **Skipped tests:** test_vm_nic_adapter_vmxnet3 test_static_role_account_acls test_3d_gpu_support test_deploy_vgpu_enabled_vm **Passed test suits:** test_deploy_vm_with_userdata.py test_affinity_groups_projects.py test_portable_publicip.py test_over_provisioning.py test_global_settings.py test_scale_vm.py test_service_offerings.py test_routers_iptables_default_policy.py test_loadbalance.py test_routers.py test_reset_vm_on_reboot.py test_snapshots.py test_deploy_vms_with_varied_deploymentplanners.py test_network.py test_router_dns.py test_login.py test_deploy_vm_iso.py test_list_ids_parameter.py test_public_ip_range.py test_multipleips_per_nic.py test_regions.py test_affinity_groups.py test_network_acl.py test_pvlan.py test_volumes.py test_ssvm.py test_nic.py test_deploy_vm_root_resize.py test_resource_detail.py test_secondary_storage.py test_vm_life_cycle.py test_disk_offerings.py --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack issue #1593: CLOUDSTACK-9417: Usage module refactoring
Github user serg38 commented on the issue: https://github.com/apache/cloudstack/pull/1593 @jburwell Creating a new table to hold one setting seems to be excessive. How about using sequence table? In this regard last_Id used by usage sanity checker is a sequence. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack issue #1593: CLOUDSTACK-9417: Usage module refactoring
Github user jburwell commented on the issue: https://github.com/apache/cloudstack/pull/1593 @serg38 I completely agree that it should be in the database, but it's not a configuration setting. Furthermore, it requires a different transactional behavior to operate properly. Therefore, it should be placed in a separate tracking table -- either a new table or as a column on an existing table. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack issue #1593: CLOUDSTACK-9417: Usage module refactoring
Github user serg38 commented on the issue: https://github.com/apache/cloudstack/pull/1593 @rhtyd @jburwell @rafaelweingartner I agree with @rhtyd to move sanity checker last_id to the DB. No reason to keep in in file system. How about using "usage.sanity.check.lastid in configuration table with the following attributes Category: Hidden component : management-server default value: 0 isdynamic: 0 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack issue #1658: Added an additional JSON diff output to the ApiXmlDo...
Github user jburwell commented on the issue: https://github.com/apache/cloudstack/pull/1658 @karuturi the point is that there is no discussion about who can commit. It is in black and white in Section 2.3 of our bylaws and the Apache Way. As I said in my previous comment, no one ever agreed that only RMs could commit to release branches. We agreed to the criteria for a PR to be merged. By nature of his deep involvement, Remi ended up merging all PRs because he was so active. However, that activity did not imply that committers had relinquished their rights under our bylaws. blueorganatan was under development until we had a hardware failure in the lab. Before development was interrupted, blueorganatan was posted detailed results to PRs with public exposure of the logs/results from the environment as the next item to address. When we resume development in the next week or so, exposing logs/results will be first item implemented. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack issue #1615: CLOUDSTACK-9438: Fix for CLOUDSTACK-9252 - Make NFS ...
Github user serg38 commented on the issue: https://github.com/apache/cloudstack/pull/1615 @koushik-das Yes, an integration test is in the works. I will post results here in few days --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack issue #1560: CLOUDSTACK-9386: DS template copies don’t get dele...
Github user rafaelweingartner commented on the issue: https://github.com/apache/cloudstack/pull/1560 @jburwell someone else already merged ;) --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack issue #1666: CLOUDSTACK-9480: Egress Firewall: Incorrect use of A...
Github user karuturi commented on the issue: https://github.com/apache/cloudstack/pull/1666 Started our internal CI to run smoke tests on this PR. It will post the results here. Thanks. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack pull request #1671: Adding support for cross-cluster storage migr...
Github user asfgit closed the pull request at: https://github.com/apache/cloudstack/pull/1671 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
CloudStack European User Group
Hi all, We're very excited to announce the Autumn 2016 meetup, in London, Thursday, November 24 (agenda & speakers TBC): https://www.eventbrite.co.uk/e/cloudstack-european-user-group-tickets-27604537916 VENUE: BT Centre showcase, 81 Newgate St, London, EC1A 7AJ. Nearest tube: St. Paul's As well as talks from guest speakers, there will be the chance to meet with other CloudStack users, lunch, and time to continue the discussions over a beer or two in the evening. It would be great to see some of you there! Best regards, steve.ro...@shapeblue.com www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
Re: [DISCUSS] Replacing the VR
Ya. If we go this way, I like the approach of building the integration and putting it through its paces as a stand alone VR before we consider replacing the old VR and making it the default. On Sep 13, 2016 6:52 AM, "Jayapal Uradi"wrote: > Hi, > > Instead of replacing the VR in first place we should add VyOS/cloudrouter > as provider. Once it is stable, network offerings (on upgrade) can be > updated to use it and we can drop the VR if we want at that release onwards. > > VR is stabilized over a period of time and some of them are running > without issues. When we replicate the ACS VR features in new solution it > takes some to find the missing pieces (hidden bugs). > > Thanks, > Jayapal > > > On Sep 13, 2016, at 2:52 PM, Nux! < > > > n...@li.nux.ro> wrote: > > > > Hi, > > > > I like the idea. > > > > Cloudrouter looks really promising, I'm not too keen on VyOS (it doesn't > have a proper http api etc). > > > > -- > > Sent from the Delta quadrant using Borg technology! > > > > Nux! > > www.nux.ro > > > > - Original Message - > >> From: "Will Stevens" > >> To: dev@cloudstack.apache.org > >> Sent: Monday, 12 September, 2016 21:20:11 > >> Subject: [DISCUSS] Replacing the VR > > > >> *Disclaimer:* This is a thought experiment and should be treated as > such. > >> Please weigh in with the good and bad of this idea... > >> > >> A couple of us have been discussing the idea of potentially replacing > the > >> ACS VR with the VyOS [1] (Open Source Vyatta VM). There may be a > license > >> issue because I think it is licensed under GPL, but for the sake of > >> discussion, let's assume we can overcome any license issues. > >> > >> I have spent some time recently with the VyOS and I have to admit, I was > >> pretty impressed. It is simple and intuitive and it gives you a lot > more > >> options for auditing the configuration etc... > >> > >> Items of potential interest: > >> - Clean up our current VR script spaghetti to a simpler more auditable > >> configuration workflow. > >> - Gives a cleaner path for IPv6 support. > >> - Handles VPN configuration via the same configuration interface. > >> - Support for OSPF & BGP. > >> - VPN support through OpenVPN & StrongSwan. > >> - Easily supports HA (redundant routers) through VRRP. > >> - VXLAN support. > >> - Transaction based changes to the VR with rollback on error. > >> > >> Items that could be difficult to solve: > >> - Userdata password reset workflow and implementation. > >> - Upgrade process. > >> > >> The VyOS is not the only option if we were to consider this approach. > >> Another option, which I don't know as well, would be CloudRouter (AGPL > >> license) [2] which is purely API driven. > >> > >> Anyway, would love to hear your thoughts... > >> > >> Will > >> > >> [1] https://vyos.io/ > >> [2] https://cloudrouter.org/ > > > > > DISCLAIMER > == > This e-mail may contain privileged and confidential information which is > the property of Accelerite, a Persistent Systems business. It is intended > only for the use of the individual or entity to which it is addressed. If > you are not the intended recipient, you are not authorized to read, retain, > copy, print, distribute or use this message. If you have received this > communication in error, please notify the sender and delete all copies of > this message. Accelerite, a Persistent Systems business does not accept any > liability for virus infected mails. >
Re: [DISCUSS] Replacing the VR
Ya. CloudRouter is interesting because it has a native api. For that reason it was brought up as an alternative to VyOS in our internal discussions. On Sep 13, 2016 5:23 AM, "Nux!"wrote: > Hi, > > I like the idea. > > Cloudrouter looks really promising, I'm not too keen on VyOS (it doesn't > have a proper http api etc). > > -- > Sent from the Delta quadrant using Borg technology! > > Nux! > www.nux.ro > > - Original Message - > > From: "Will Stevens" > > To: dev@cloudstack.apache.org > > Sent: Monday, 12 September, 2016 21:20:11 > > Subject: [DISCUSS] Replacing the VR > > > *Disclaimer:* This is a thought experiment and should be treated as such. > > Please weigh in with the good and bad of this idea... > > > > A couple of us have been discussing the idea of potentially replacing the > > ACS VR with the VyOS [1] (Open Source Vyatta VM). There may be a license > > issue because I think it is licensed under GPL, but for the sake of > > discussion, let's assume we can overcome any license issues. > > > > I have spent some time recently with the VyOS and I have to admit, I was > > pretty impressed. It is simple and intuitive and it gives you a lot more > > options for auditing the configuration etc... > > > > Items of potential interest: > > - Clean up our current VR script spaghetti to a simpler more auditable > > configuration workflow. > > - Gives a cleaner path for IPv6 support. > > - Handles VPN configuration via the same configuration interface. > > - Support for OSPF & BGP. > > - VPN support through OpenVPN & StrongSwan. > > - Easily supports HA (redundant routers) through VRRP. > > - VXLAN support. > > - Transaction based changes to the VR with rollback on error. > > > > Items that could be difficult to solve: > > - Userdata password reset workflow and implementation. > > - Upgrade process. > > > > The VyOS is not the only option if we were to consider this approach. > > Another option, which I don't know as well, would be CloudRouter (AGPL > > license) [2] which is purely API driven. > > > > Anyway, would love to hear your thoughts... > > > > Will > > > > [1] https://vyos.io/ > > [2] https://cloudrouter.org/ >
Re: [DISCUSS] Replacing the VR
Hi, Instead of replacing the VR in first place we should add VyOS/cloudrouter as provider. Once it is stable, network offerings (on upgrade) can be updated to use it and we can drop the VR if we want at that release onwards. VR is stabilized over a period of time and some of them are running without issues. When we replicate the ACS VR features in new solution it takes some to find the missing pieces (hidden bugs). Thanks, Jayapal > On Sep 13, 2016, at 2:52 PM, Nux! < > n...@li.nux.ro> wrote: > > Hi, > > I like the idea. > > Cloudrouter looks really promising, I'm not too keen on VyOS (it doesn't have > a proper http api etc). > > -- > Sent from the Delta quadrant using Borg technology! > > Nux! > www.nux.ro > > - Original Message - >> From: "Will Stevens">> To: dev@cloudstack.apache.org >> Sent: Monday, 12 September, 2016 21:20:11 >> Subject: [DISCUSS] Replacing the VR > >> *Disclaimer:* This is a thought experiment and should be treated as such. >> Please weigh in with the good and bad of this idea... >> >> A couple of us have been discussing the idea of potentially replacing the >> ACS VR with the VyOS [1] (Open Source Vyatta VM). There may be a license >> issue because I think it is licensed under GPL, but for the sake of >> discussion, let's assume we can overcome any license issues. >> >> I have spent some time recently with the VyOS and I have to admit, I was >> pretty impressed. It is simple and intuitive and it gives you a lot more >> options for auditing the configuration etc... >> >> Items of potential interest: >> - Clean up our current VR script spaghetti to a simpler more auditable >> configuration workflow. >> - Gives a cleaner path for IPv6 support. >> - Handles VPN configuration via the same configuration interface. >> - Support for OSPF & BGP. >> - VPN support through OpenVPN & StrongSwan. >> - Easily supports HA (redundant routers) through VRRP. >> - VXLAN support. >> - Transaction based changes to the VR with rollback on error. >> >> Items that could be difficult to solve: >> - Userdata password reset workflow and implementation. >> - Upgrade process. >> >> The VyOS is not the only option if we were to consider this approach. >> Another option, which I don't know as well, would be CloudRouter (AGPL >> license) [2] which is purely API driven. >> >> Anyway, would love to hear your thoughts... >> >> Will >> >> [1] https://vyos.io/ >> [2] https://cloudrouter.org/ DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.
[GitHub] cloudstack pull request #1560: CLOUDSTACK-9386: DS template copies don’t g...
Github user asfgit closed the pull request at: https://github.com/apache/cloudstack/pull/1560 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack issue #1671: Adding support for cross-cluster storage migration f...
Github user karuturi commented on the issue: https://github.com/apache/cloudstack/pull/1671 the failed test(test_extendPhysicalNetworkVlan) is not due to this PR. Its a test case cleanup issue. This PR looks good. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack issue #1671: Adding support for cross-cluster storage migration f...
Github user cloudmonger commented on the issue: https://github.com/apache/cloudstack/pull/1671 ### ACS CI BVT Run **Sumarry:** Build Number 92 Hypervisor xenserver NetworkType Advanced Passed=102 Failed=1 Skipped=4 _Link to logs Folder (search by build_no):_ https://www.dropbox.com/sh/yj3wnzbceo9uef2/AAB6u-Iap-xztdm6jHX9SjPja?dl=0 **Failed tests:** * test_non_contigiousvlan.py * test_extendPhysicalNetworkVlan Failing since 10 runs **Skipped tests:** test_vm_nic_adapter_vmxnet3 test_static_role_account_acls test_3d_gpu_support test_deploy_vgpu_enabled_vm **Passed test suits:** test_deploy_vm_with_userdata.py test_affinity_groups_projects.py test_portable_publicip.py test_over_provisioning.py test_global_settings.py test_scale_vm.py test_service_offerings.py test_routers_iptables_default_policy.py test_loadbalance.py test_routers.py test_reset_vm_on_reboot.py test_snapshots.py test_deploy_vms_with_varied_deploymentplanners.py test_network.py test_router_dns.py test_login.py test_deploy_vm_iso.py test_list_ids_parameter.py test_public_ip_range.py test_multipleips_per_nic.py test_regions.py test_affinity_groups.py test_network_acl.py test_pvlan.py test_volumes.py test_ssvm.py test_nic.py test_deploy_vm_root_resize.py test_resource_detail.py test_secondary_storage.py test_vm_life_cycle.py test_disk_offerings.py --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
Re: [DISCUSS] Replacing the VR
Hi, I like the idea. Cloudrouter looks really promising, I'm not too keen on VyOS (it doesn't have a proper http api etc). -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - > From: "Will Stevens"> To: dev@cloudstack.apache.org > Sent: Monday, 12 September, 2016 21:20:11 > Subject: [DISCUSS] Replacing the VR > *Disclaimer:* This is a thought experiment and should be treated as such. > Please weigh in with the good and bad of this idea... > > A couple of us have been discussing the idea of potentially replacing the > ACS VR with the VyOS [1] (Open Source Vyatta VM). There may be a license > issue because I think it is licensed under GPL, but for the sake of > discussion, let's assume we can overcome any license issues. > > I have spent some time recently with the VyOS and I have to admit, I was > pretty impressed. It is simple and intuitive and it gives you a lot more > options for auditing the configuration etc... > > Items of potential interest: > - Clean up our current VR script spaghetti to a simpler more auditable > configuration workflow. > - Gives a cleaner path for IPv6 support. > - Handles VPN configuration via the same configuration interface. > - Support for OSPF & BGP. > - VPN support through OpenVPN & StrongSwan. > - Easily supports HA (redundant routers) through VRRP. > - VXLAN support. > - Transaction based changes to the VR with rollback on error. > > Items that could be difficult to solve: > - Userdata password reset workflow and implementation. > - Upgrade process. > > The VyOS is not the only option if we were to consider this approach. > Another option, which I don't know as well, would be CloudRouter (AGPL > license) [2] which is purely API driven. > > Anyway, would love to hear your thoughts... > > Will > > [1] https://vyos.io/ > [2] https://cloudrouter.org/
[GitHub] cloudstack issue #1615: CLOUDSTACK-9438: Fix for CLOUDSTACK-9252 - Make NFS ...
Github user koushik-das commented on the issue: https://github.com/apache/cloudstack/pull/1615 @nvazquez @serg38 From last comment looks like there is some open item related to marvin tests. Can you please address it? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---