Re: IMPORTANT: Moving to Gitbox/Github

2017-04-14 Thread Wido den Hollander 

> Op 14 april 2017 om 21:26 schreef Wido den Hollander :
> 
> 
> Hi,
> 
> At the moment the people from Infra [0] are busy with moving the CloudStack 
> repositories to Gitbox/Github [1].
> 
> This means that we will be able to label PRs on Github, but only people who 
> are in the right group on Github are able to do so. Any committer should be 
> able to be added to that group.
> 
> A requirement is that 2FA [2] is enabled on your account, so if you don't 
> have that, please do so.
> 
> It will take a bit of time before we sort this all out.
> 
> I see that my Github account currently has the right permissions, so I'll 
> start adding some labels to PRs to give it a try.
> 
> Suggestions, help and more are very welcome! Let's make contributing to 
> CloudStack easier and make our life for testing it easier as well!

I forgot to add, the Git repo URL changed due to this.

https://gitbox.apache.org/repos/asf/cloudstack.git

This is how my remote looks like:

wido@wido-laptop:~/repos/cloudstack$ git remote -v
forkg...@github.com:wido/cloudstack.git (fetch)
forkg...@github.com:wido/cloudstack.git (push)
github  https://github.com/apache/cloudstack.git (fetch)
github  https://github.com/apache/cloudstack.git (push)
origin  https://wid...@gitbox.apache.org/repos/asf/cloudstack.git (fetch)
origin  https://wid...@gitbox.apache.org/repos/asf/cloudstack.git (push)
wido@wido-laptop:~/repos/cloudstack$

Wido

> 
> Wido
> 
> [0]: https://issues.apache.org/jira/browse/INFRA-13885
> [1]: https://gitbox.apache.org/repos/asf
> [2]: https://help.github.com/articles/about-two-factor-authentication/

IMPORTANT: Moving to Gitbox/Github

2017-04-14 Thread Wido den Hollander 
Hi,

At the moment the people from Infra [0] are busy with moving the CloudStack 
repositories to Gitbox/Github [1].

This means that we will be able to label PRs on Github, but only people who are 
in the right group on Github are able to do so. Any committer should be able to 
be added to that group.

A requirement is that 2FA [2] is enabled on your account, so if you don't have 
that, please do so.

It will take a bit of time before we sort this all out.

I see that my Github account currently has the right permissions, so I'll start 
adding some labels to PRs to give it a try.

Suggestions, help and more are very welcome! Let's make contributing to 
CloudStack easier and make our life for testing it easier as well!

Wido

[0]: https://issues.apache.org/jira/browse/INFRA-13885
[1]: https://gitbox.apache.org/repos/asf
[2]: https://help.github.com/articles/about-two-factor-authentication/

Re: [DISCUSS][PROPOSAL] CA authority plugin definition

2017-04-14 Thread John Kinsella 
I’d suggest taking a look at using Dogtag[1] as well. Actually, that’s what the 
Other Guys also suggest[2].

1: http://pki.fedoraproject.org/wiki/PKI_Main_Page 

2: https://wiki.openstack.org/wiki/PKI 


> On Apr 14, 2017, at 7:57 AM, Simon Weller  wrote:
> 
> Daan,
> 
> 
> What about integrating some like Vault (https://github.com/hashicorp/vault 
> )?
> 
> 
> - Si
> 
> 
> From: Daan Hoogland  >
> Sent: Friday, April 14, 2017 5:46 AM
> To: dev@cloudstack.apache.org 
> Subject: [DISCUSS][PROPOSAL] CA authority plugin definition
> 
> Devs,
> 
> Following a discussion with a client they came up with the idea to create a 
> pluggable CA-framework. A plugin would serve components in cloudstack that so 
> require (management servers, agents, load balancers, SVMs, etc.) with 
> certificates answering certificate requests and validating certificates on 
> request.
> 
> A default plugin can be written that serves according to its own self signed 
> root certificate and have its own revocation list to be managed by the admin. 
> Other plugin could forward by mail or web requests to external parties.
> 
> A CA-plugin will have to
> 
> -  Setup, for the default this means creating its certificate, for 
> others it might mean install an intermediate certificate or configure a mail, 
> or website address.
> 
> -  Accept and answer certificate requests
> 
> oFor client certificates
> 
> oFor server certificates
> 
> -  Accept revocation requests
> 
> -  Validate a connection request according to origin and certificate 
> and . What extra data is is defined by the plugin and can be 
> credentials or field-definitions referring the x509 entries or for instance 
> port numbers allowed… this is basically free to the implementer.
> 
> A next step will have to be integrating the request calls with installs on 
> targets but I think as is this feature merits itself as it could be used with 
> out of band configuration management tools as well.
> 
> Any thoughts, remarks and critiques are welcome,
> 
> daan.hoogl...@shapeblue.com
> www.shapeblue.com  >
> Shapeblue - The CloudStack Company >
> www.shapeblue.com 
> Background Cloudstack relies on a fixed download site when it fetches the 
> built-in guest VM templates. That download site has historically
> 
> 
> 
> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> @shapeblue

[GitHub] cloudstack issue #2044: CLOUDSTACK-9877 Cleanup unlinked templates

2017-04-14 Thread serg38 
Github user serg38 commented on the issue:

https://github.com/apache/cloudstack/pull/2044
  
@DaanHoogland Not for us since we still use link clones but I am sure tons 
of other might be affected. Interestingly enough that with PR 1773 merged the 
default behavior in API is not to allow template deletion if there are active 
VMs and only if 'forced' flag is used it will be executed
# c is an option already but I suggest one of the following
#d introduce another global config with default value = false e.g. 
vmware.cleanup.fullclonedtemplate that would be a switch old/new behaviur in 
combination with storage.template.cleanup.enabled
#e make 0 as a default value for vmware.full.clone.template.cleanup.period 
and when you  interpret 0 it means that full clone cleanup thread thread never

#e seems to be a good compromise that doesn't require too many changes


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Re: [DISCUSS][PROPOSAL] CA authority plugin definition

2017-04-14 Thread Simon Weller 
Yeah, I agree it would be better as a plugin. We feel a big thing missing in 
ACS right now is a KMS style service.



From: Daan Hoogland 
Sent: Friday, April 14, 2017 10:05 AM
To: dev@cloudstack.apache.org
Subject: Re: [DISCUSS][PROPOSAL] CA authority plugin definition

Simon, I can think of use cases for that and it is an interesting topic. I can 
also see it as being implemented in a CA-plugin. I do not think it should be in 
the base of this framework though. That would complicate cloudstack for simple 
users to much I think. On the other hand, it would have more use cases then 
just for CA-plugins (fantasy running now)

On 14/04/17 16:57, "Simon Weller"  wrote:

Daan,


What about integrating some like Vault (https://github.com/hashicorp/vault)?
[https://avatars2.githubusercontent.com/u/761456?v=3=400]

GitHub - hashicorp/vault: A tool for managing 
secrets.
github.com
README.md Vault . Please note: We take Vault's security and our users' trust 
very seriously. If you believe you have found a security issue in Vault, please 
...





- Si


From: Daan Hoogland 
Sent: Friday, April 14, 2017 5:46 AM
To: dev@cloudstack.apache.org
Subject: [DISCUSS][PROPOSAL] CA authority plugin definition

Devs,

Following a discussion with a client they came up with the idea to create a 
pluggable CA-framework. A plugin would serve components in cloudstack that so 
require (management servers, agents, load balancers, SVMs, etc.) with 
certificates answering certificate requests and validating certificates on 
request.

A default plugin can be written that serves according to its own self 
signed root certificate and have its own revocation list to be managed by the 
admin. Other plugin could forward by mail or web requests to external parties.

A CA-plugin will have to

-  Setup, for the default this means creating its certificate, for 
others it might mean install an intermediate certificate or configure a mail, 
or website address.

-  Accept and answer certificate requests

oFor client certificates

oFor server certificates

-  Accept revocation requests

-  Validate a connection request according to origin and 
certificate and . What extra data is is defined by the plugin and 
can be credentials or field-definitions referring the x509 entries or for 
instance port numbers allowed… this is basically free to the implementer.

A next step will have to be integrating the request calls with installs on 
targets but I think as is this feature merits itself as it could be used with 
out of band configuration management tools as well.

Any thoughts, remarks and critiques are welcome,

daan.hoogl...@shapeblue.com
www.shapeblue.com
Shapeblue - The CloudStack Company
www.shapeblue.com
Background Cloudstack relies on a fixed download site when it fetches the 
built-in guest VM templates. That download site has historically



Shapeblue - The CloudStack Company
Shapeblue - The CloudStack Company
www.shapeblue.com
Background Cloudstack relies on a fixed download site when it fetches the 
built-in guest VM templates. That download site has historically



www.shapeblue.com
Background Cloudstack relies on a fixed download site when it fetches the 
built-in guest VM templates. That download site has historically



53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue






daan.hoogl...@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue

[GitHub] cloudstack issue #2046: CLOUDSTACK-7958: Add configuration for limit to CIDR...

2017-04-14 Thread wido 
Github user wido commented on the issue:

https://github.com/apache/cloudstack/pull/2046
  
@PaulAngus This is what we talked about in Prague. Mind taking a look?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1722: CLOUDSTACK-9558 Cleanup the snapshots on the primary...

2017-04-14 Thread cloudmonger 
Github user cloudmonger commented on the issue:

https://github.com/apache/cloudstack/pull/1722
  
### ACS CI BVT Run
 **Sumarry:**
 Build Number 534
 Hypervisor xenserver
 NetworkType Advanced
 Passed=111
 Failed=1
 Skipped=7

_Link to logs Folder (search by build_no):_ 
https://www.dropbox.com/sh/yj3wnzbceo9uef2/AAB6u-Iap-xztdm6jHX9SjPja?dl=0


**Failed tests:**
* test_routers_network_ops.py

 * test_01_RVR_Network_FW_PF_SSH_default_routes_egress_true Failed


**Skipped tests:**
test_01_test_vm_volume_snapshot
test_vm_nic_adapter_vmxnet3
test_static_role_account_acls
test_11_ss_nfs_version_on_ssvm
test_nested_virtualization_vmware
test_3d_gpu_support
test_deploy_vgpu_enabled_vm

**Passed test suits:**
test_deploy_vm_with_userdata.py
test_affinity_groups_projects.py
test_portable_publicip.py
test_over_provisioning.py
test_global_settings.py
test_scale_vm.py
test_service_offerings.py
test_routers_iptables_default_policy.py
test_loadbalance.py
test_routers.py
test_reset_vm_on_reboot.py
test_deploy_vms_with_varied_deploymentplanners.py
test_network.py
test_router_dns.py
test_non_contigiousvlan.py
test_login.py
test_deploy_vm_iso.py
test_list_ids_parameter.py
test_public_ip_range.py
test_multipleips_per_nic.py
test_metrics_api.py
test_regions.py
test_affinity_groups.py
test_network_acl.py
test_pvlan.py
test_volumes.py
test_nic.py
test_deploy_vm_root_resize.py
test_resource_detail.py
test_secondary_storage.py
test_vm_life_cycle.py
test_disk_offerings.py


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #2046: CLOUDSTACK-7958: Add configuration for limit to CIDR...

2017-04-14 Thread wido 
Github user wido commented on the issue:

https://github.com/apache/cloudstack/pull/2046
  
@DaanHoogland: I improved the logging as you suggested/requested.

A TRACE for every request and WARN when a request is denied. Tried this 
locally:


2017-04-14 15:45:58,901 WARN  [c.c.a.ApiServlet] 
(catalina-exec-17:ctx-5955fcab ctx-c572b42e) (logid:7b251506) Request by 
accountId 2 was denied since 192.168.122.1 does not match 127.0.0.1/8,::1/128


In this case only localhost (IPv4/IPv6) is allowed to perform requests.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request #2046: CLOUDSTACK-7958: Add configuration for limit ...

2017-04-14 Thread DaanHoogland 
Github user DaanHoogland commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/2046#discussion_r111591078
  
--- Diff: server/src/com/cloud/api/ApiServlet.java ---
@@ -290,6 +292,17 @@ void processRequestInContext(final HttpServletRequest 
req, final HttpServletResp
 CallContext.register(accountMgr.getSystemUser(), 
accountMgr.getSystemAccount());
 }
 
+if (CallContext.current().getCallingAccount().getType() == 
Account.ACCOUNT_TYPE_ADMIN) {
+s_logger.debug("CIDRs from which Admin accounts are 
allowed to perform API calls " + adminCidrs);
--- End diff --

I was thinking trace here and debug or info on the first load of the cidr


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request #2046: CLOUDSTACK-7958: Add configuration for limit ...

2017-04-14 Thread wido 
Github user wido commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/2046#discussion_r111589656
  
--- Diff: server/src/com/cloud/api/ApiServlet.java ---
@@ -290,6 +292,17 @@ void processRequestInContext(final HttpServletRequest 
req, final HttpServletResp
 CallContext.register(accountMgr.getSystemUser(), 
accountMgr.getSystemAccount());
 }
 
+if (CallContext.current().getCallingAccount().getType() == 
Account.ACCOUNT_TYPE_ADMIN) {
+s_logger.debug("CIDRs from which Admin accounts are 
allowed to perform API calls " + adminCidrs);
--- End diff --

You suggest setting this to TRACE instead of debug?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request #2046: CLOUDSTACK-7958: Add configuration for limit ...

2017-04-14 Thread wido 
Github user wido commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/2046#discussion_r111589706
  
--- Diff: server/src/com/cloud/api/ApiServlet.java ---
@@ -290,6 +292,17 @@ void processRequestInContext(final HttpServletRequest 
req, final HttpServletResp
 CallContext.register(accountMgr.getSystemUser(), 
accountMgr.getSystemAccount());
 }
 
+if (CallContext.current().getCallingAccount().getType() == 
Account.ACCOUNT_TYPE_ADMIN) {
+s_logger.debug("CIDRs from which Admin accounts are 
allowed to perform API calls " + adminCidrs);
+if 
(!NetUtils.isIpInCidrList(InetAddress.getByName(remoteAddress), 
adminCidrs.split(","))) {
+auditTrailSb.append(" " + 
HttpServletResponse.SC_UNAUTHORIZED + " " + "IP-Address of remote not in 
configured Admin CIDR list");
+final String serializedResponse =
+
apiServer.getSerializedApiError(HttpServletResponse.SC_UNAUTHORIZED, 
"IP-Address of remote not in configured Admin CIDR list",
+params, responseType);
+HttpUtils.writeHttpResponse(resp, serializedResponse, 
HttpServletResponse.SC_UNAUTHORIZED, responseType, 
apiServer.getJSONContentType());
--- End diff --

True, true. I would say WARN?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request #2046: CLOUDSTACK-7958: Add configuration for limit ...

2017-04-14 Thread wido 
Github user wido commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/2046#discussion_r111589627
  
--- Diff: api/src/org/apache/cloudstack/config/ApiServiceConfiguration.java 
---
@@ -28,6 +28,8 @@
 "API end point. Can be used by CS components/services deployed 
remotely, for sending CS API requests", true);
 public static final ConfigKey DefaultUIPageSize = new 
ConfigKey("Advanced", Long.class, "default.ui.page.size", "20",
 "The default pagesize to be used by UI and other clients when 
making list* API calls", true, ConfigKey.Scope.Global);
+public static final ConfigKey ManagementAdminCidr = new 
ConfigKey("Advanced", String.class, "management.admin.cidr",
+"0.0.0.0/0,::/0", "Comma separated list of IPv4/IPv6 CIDRs 
from which Admin accounts can perform API calls", true, ConfigKey.Scope.Global);
--- End diff --

I agree. I have set it to open for all for now. We can submit a different 
PR afterwards to change the default imho.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request #2046: CLOUDSTACK-7958: Add configuration for limit ...

2017-04-14 Thread wido 
Github user wido commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/2046#discussion_r111589567
  
--- Diff: core/src/com/cloud/network/HAProxyConfigurator.java ---
@@ -538,7 +536,7 @@ private String getLbSubRuleForStickiness(final 
LoadBalancerTO lbTO) {
 if (stickinessSubRule != null && !destsAvailable) {
 s_logger.warn("Haproxy stickiness policy for lb rule: " + 
lbTO.getSrcIp() + ":" + lbTO.getSrcPort() + ": Not Applied, cause:  backends 
are unavailable");
 }
-if (publicPort.equals(NetUtils.HTTP_PORT) && !keepAliveEnabled || 
httpbasedStickiness) {
+if (publicPort == NetUtils.HTTP_PORT && !keepAliveEnabled || 
httpbasedStickiness) {
--- End diff --

It is a port number so it should be a Int. It's a part of the NetUtils 
refactor. I found that only HTTP/HTTPS port were Strings.

I wanted to make the change in other files as small as possible.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Re:Re: [4.10] VPN disconnected while network changes taken

2017-04-14 Thread Haijiao 
Sure, Karuturi


Logged a bug in Jira,  thanks!


CLOUDSTACK-9878 Remote Access VPN that losing connection when new network 
configs are introduced
https://issues.apache.org/jira/browse/CLOUDSTACK-9878






在2017年04月14 13时14分, "Rajani Karuturi"写道:

Hi Haijiao,

Thanks for testing. Can you log a bug for this please? It can be
a blocker for 4.10.

@Will,

Did you get a chance to take a look at this issue?

Thanks,

~ Rajani

http://cloudplatform.accelerite.com/

On April 12, 2017 at 7:12 AM, Will Stevens
(wstev...@cloudops.com) wrote:

Thanks, I will have a look.

*Will STEVENS*
Lead Developer



On Tue, Apr 11, 2017 at 8:58 PM, Haijiao <18602198...@163.com>
wrote:

HI, Will
It's a Remote Access VPN that losing connection while new
network configs
introduced.
Thanks !

在2017年04月12 02时26分, "Will Stevens"写道:

Is this a Site-to-Site VPN connection or the Remote Access VPN
that is
losing connection when new network configs are introduced?

Thanks,

*Will STEVENS*
Lead Developer



On Sat, Apr 8, 2017 at 12:49 AM, Haijiao <18602198...@163.com>
wrote:

Hi,

We built and tested the ACS 4.10 from the latest master (Apr.7,
2017)

Our environment is,
- ACS: 4.10.0.0-SNAPSHOT
- Management Server: Centos7.2 1151
- Host: Centos7.2 1151
- System VM: systemvm64template-master-4.10.0-kvm.qcow2.bz2
- Network: Isolated Network
- Network Offering: Offering for Isolated networks with Source
Nat

service

enabled

We can successfully setup VPN and it works as expected. However,
once

we

take any network changes below, the VPN connnection will be
immediately
disconnected.

- Update firewall rules (add/change)
- Update port fowarding
- Update LB
- Add one more VPN account

Is there some configuration we missed ? Or it's due to the new
VPN
component (StrongSWAN) introcuced in 4.10 ?

[GitHub] cloudstack issue #2044: CLOUDSTACK-9877 Cleanup unlinked templates

2017-04-14 Thread DaanHoogland 
Github user DaanHoogland commented on the issue:

https://github.com/apache/cloudstack/pull/2044
  
ah ok, I was not aware of that @serg38 . I'll look it up, except from not 
enabling the feature, how would you handle this?
a. To not allow restore
b. To recognise that the disk is fully cloned and bypass the null-template 
(if almighty vmware allows)
c. To allow for choosing a successor-template
d. ...
Also, Is this a blocker for you?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Re: [DISCUSS][PROPOSAL] CA authority plugin definition

2017-04-14 Thread Daan Hoogland 
Simon, I can think of use cases for that and it is an interesting topic. I can 
also see it as being implemented in a CA-plugin. I do not think it should be in 
the base of this framework though. That would complicate cloudstack for simple 
users to much I think. On the other hand, it would have more use cases then 
just for CA-plugins (fantasy running now)

On 14/04/17 16:57, "Simon Weller"  wrote:

Daan,


What about integrating some like Vault (https://github.com/hashicorp/vault)?


- Si


From: Daan Hoogland 
Sent: Friday, April 14, 2017 5:46 AM
To: dev@cloudstack.apache.org
Subject: [DISCUSS][PROPOSAL] CA authority plugin definition

Devs,

Following a discussion with a client they came up with the idea to create a 
pluggable CA-framework. A plugin would serve components in cloudstack that so 
require (management servers, agents, load balancers, SVMs, etc.) with 
certificates answering certificate requests and validating certificates on 
request.

A default plugin can be written that serves according to its own self 
signed root certificate and have its own revocation list to be managed by the 
admin. Other plugin could forward by mail or web requests to external parties.

A CA-plugin will have to

-  Setup, for the default this means creating its certificate, for 
others it might mean install an intermediate certificate or configure a mail, 
or website address.

-  Accept and answer certificate requests

oFor client certificates

oFor server certificates

-  Accept revocation requests

-  Validate a connection request according to origin and 
certificate and . What extra data is is defined by the plugin and 
can be credentials or field-definitions referring the x509 entries or for 
instance port numbers allowed… this is basically free to the implementer.

A next step will have to be integrating the request calls with installs on 
targets but I think as is this feature merits itself as it could be used with 
out of band configuration management tools as well.

Any thoughts, remarks and critiques are welcome,

daan.hoogl...@shapeblue.com
www.shapeblue.com
Shapeblue - The CloudStack Company
www.shapeblue.com
Background Cloudstack relies on a fixed download site when it fetches the 
built-in guest VM templates. That download site has historically



53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue






daan.hoogl...@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue

[GitHub] cloudstack issue #2044: CLOUDSTACK-9877 Cleanup unlinked templates

2017-04-14 Thread serg38 
Github user serg38 commented on the issue:

https://github.com/apache/cloudstack/pull/2044
  
@DaanHoogland Thanks. But for #1 the requirement for the code changes is 
that the template is deleted from cloudstack. In this condition  
restoreVirtualMachines when template ID is not specified  will use a local 
template copy on PS for either full or link clone.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #2044: CLOUDSTACK-9877 Cleanup unlinked templates

2017-04-14 Thread DaanHoogland 
Github user DaanHoogland commented on the issue:

https://github.com/apache/cloudstack/pull/2044
  
@serg38 
ad 1. yes they can, if you look in the ticket there is a part of 
description that describes this possibility. But that said I don't see how 
restore is going to be hindered if the vm was created using a full clone. The 
image is not deleted.
ad 2. No it is only marking templates for gc and not touching any cleanup 
process, it relies on the regular process to do the actual cleanup. The benefit 
is that short lived templates that will be replaced by cron jobs for instance 
will be cleaned without having to wait until the VMs cloned from it are all 
gone (on a per primary store basis btw)
ad 3. Yes so far it is I have not studied other hypervisors on this area. 
The code is now in the vmware plugin but not tightly coupled to the vmware API 
so generalizing it shoud be rather trivial.
ad 4. the host scan task was an empty placeholder with only todo. The 
vcente clusters are not scanned for new hosts atm. If you look at the old code 
you can find that the task consists of only a comment:
```
private Runnable getHostScanTask() {
return new Runnable() {
@Override
public void run() {
// TODO scan vSphere for newly added hosts.
// we are going to both support adding host from CloudStack 
UI and
// adding host via vSphere server
//
// will implement host scanning later
}
};
}
```


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Re: [DISCUSS][PROPOSAL] CA authority plugin definition

2017-04-14 Thread Simon Weller 
Daan,


What about integrating some like Vault (https://github.com/hashicorp/vault)?


- Si


From: Daan Hoogland 
Sent: Friday, April 14, 2017 5:46 AM
To: dev@cloudstack.apache.org
Subject: [DISCUSS][PROPOSAL] CA authority plugin definition

Devs,

Following a discussion with a client they came up with the idea to create a 
pluggable CA-framework. A plugin would serve components in cloudstack that so 
require (management servers, agents, load balancers, SVMs, etc.) with 
certificates answering certificate requests and validating certificates on 
request.

A default plugin can be written that serves according to its own self signed 
root certificate and have its own revocation list to be managed by the admin. 
Other plugin could forward by mail or web requests to external parties.

A CA-plugin will have to

-  Setup, for the default this means creating its certificate, for 
others it might mean install an intermediate certificate or configure a mail, 
or website address.

-  Accept and answer certificate requests

oFor client certificates

oFor server certificates

-  Accept revocation requests

-  Validate a connection request according to origin and certificate 
and . What extra data is is defined by the plugin and can be 
credentials or field-definitions referring the x509 entries or for instance 
port numbers allowed… this is basically free to the implementer.

A next step will have to be integrating the request calls with installs on 
targets but I think as is this feature merits itself as it could be used with 
out of band configuration management tools as well.

Any thoughts, remarks and critiques are welcome,

daan.hoogl...@shapeblue.com
www.shapeblue.com
Shapeblue - The CloudStack Company
www.shapeblue.com
Background Cloudstack relies on a fixed download site when it fetches the 
built-in guest VM templates. That download site has historically



53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue

[GitHub] cloudstack issue #2044: CLOUDSTACK-9877 Cleanup unlinked templates

2017-04-14 Thread serg38 
Github user serg38 commented on the issue:

https://github.com/apache/cloudstack/pull/2044
  
@DaanHoogland Can you clarify few questions/concerns
1. This change will likely to break restoreVirtualMachine functions. At the 
very least users should be able to turn off new behavior with a global setting 
that will enable/disable such cleanup.
2. Does this affect a normal template cleanup that will delete both full 
and linked clone templates from PS when all VMs that use them are gone?
3. You introduce vmware.full.clone.template.cleanup.period as vmware 
specific setting. Is this only applicable to vmware?
4. Some changes are done to Vmware-Host-Scan  task that seems to be 
unrelated to scope of this PR.



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1762: CLOUDSTACK-9595 Transactions are not getting retried...

2017-04-14 Thread serg38 
Github user serg38 commented on the issue:

https://github.com/apache/cloudstack/pull/1762
  
@yvsubhash Please, take this up. So far this PR hasn't moved forward.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #2043: CLOUDSTACK-9876: Removed test test_01_test_vm_volume...

2017-04-14 Thread serg38 
Github user serg38 commented on the issue:

https://github.com/apache/cloudstack/pull/2043
  
LGTM on the code change.
@borisstoyanov @rhtyd @DaanHoogland Can we re-kick vmware test for this PR?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request #2046: CLOUDSTACK-7958: Add configuration for limit ...

2017-04-14 Thread DaanHoogland 
Github user DaanHoogland commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/2046#discussion_r111568764
  
--- Diff: api/src/org/apache/cloudstack/config/ApiServiceConfiguration.java 
---
@@ -28,6 +28,8 @@
 "API end point. Can be used by CS components/services deployed 
remotely, for sending CS API requests", true);
 public static final ConfigKey DefaultUIPageSize = new 
ConfigKey("Advanced", Long.class, "default.ui.page.size", "20",
 "The default pagesize to be used by UI and other clients when 
making list* API calls", true, ConfigKey.Scope.Global);
+public static final ConfigKey ManagementAdminCidr = new 
ConfigKey("Advanced", String.class, "management.admin.cidr",
+"0.0.0.0/0,::/0", "Comma separated list of IPv4/IPv6 CIDRs 
from which Admin accounts can perform API calls", true, ConfigKey.Scope.Global);
--- End diff --

argument for this default: backwards compatible
argument against: inherent security risk


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request #2046: CLOUDSTACK-7958: Add configuration for limit ...

2017-04-14 Thread DaanHoogland 
Github user DaanHoogland commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/2046#discussion_r11156
  
--- Diff: server/src/com/cloud/api/ApiServlet.java ---
@@ -290,6 +292,17 @@ void processRequestInContext(final HttpServletRequest 
req, final HttpServletResp
 CallContext.register(accountMgr.getSystemUser(), 
accountMgr.getSystemAccount());
 }
 
+if (CallContext.current().getCallingAccount().getType() == 
Account.ACCOUNT_TYPE_ADMIN) {
+s_logger.debug("CIDRs from which Admin accounts are 
allowed to perform API calls " + adminCidrs);
+if 
(!NetUtils.isIpInCidrList(InetAddress.getByName(remoteAddress), 
adminCidrs.split(","))) {
+auditTrailSb.append(" " + 
HttpServletResponse.SC_UNAUTHORIZED + " " + "IP-Address of remote not in 
configured Admin CIDR list");
+final String serializedResponse =
+
apiServer.getSerializedApiError(HttpServletResponse.SC_UNAUTHORIZED, 
"IP-Address of remote not in configured Admin CIDR list",
+params, responseType);
+HttpUtils.writeHttpResponse(resp, serializedResponse, 
HttpServletResponse.SC_UNAUTHORIZED, responseType, 
apiServer.getJSONContentType());
--- End diff --

this you do want to log on every attempt (WARN or INFO???)


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request #2046: CLOUDSTACK-7958: Add configuration for limit ...

2017-04-14 Thread DaanHoogland 
Github user DaanHoogland commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/2046#discussion_r111568831
  
--- Diff: server/src/com/cloud/api/ApiServlet.java ---
@@ -290,6 +292,17 @@ void processRequestInContext(final HttpServletRequest 
req, final HttpServletResp
 CallContext.register(accountMgr.getSystemUser(), 
accountMgr.getSystemAccount());
 }
 
+if (CallContext.current().getCallingAccount().getType() == 
Account.ACCOUNT_TYPE_ADMIN) {
+s_logger.debug("CIDRs from which Admin accounts are 
allowed to perform API calls " + adminCidrs);
--- End diff --

you don't want to log this on every call.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request #2046: CLOUDSTACK-7958: Add configuration for limit ...

2017-04-14 Thread DaanHoogland 
Github user DaanHoogland commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/2046#discussion_r111568225
  
--- Diff: core/src/com/cloud/network/HAProxyConfigurator.java ---
@@ -538,7 +536,7 @@ private String getLbSubRuleForStickiness(final 
LoadBalancerTO lbTO) {
 if (stickinessSubRule != null && !destsAvailable) {
 s_logger.warn("Haproxy stickiness policy for lb rule: " + 
lbTO.getSrcIp() + ":" + lbTO.getSrcPort() + ": Not Applied, cause:  backends 
are unavailable");
 }
-if (publicPort.equals(NetUtils.HTTP_PORT) && !keepAliveEnabled || 
httpbasedStickiness) {
+if (publicPort == NetUtils.HTTP_PORT && !keepAliveEnabled || 
httpbasedStickiness) {
--- End diff --

why this? equals() seems more what is intended then ==
is making it an int really the best? as opposed to Integer (or String for 
that matter)


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request #2046: CLOUDSTACK-7958: Add configuration for limit ...

2017-04-14 Thread wido 
GitHub user wido opened a pull request:

https://github.com/apache/cloudstack/pull/2046

CLOUDSTACK-7958: Add configuration for limit to CIDRs for Admin API calls

The global setting 'management.admin.cidr' is set to 0.0.0.0/0,::/0
by default preserve the current behavior and thus allow API calls
for Admin accounts from all IPv4 and IPv6 subnets.

Users can set it to a comma-separated list of IPv4/IPv6 subnets to
restrict API calls for Admin accounts to certain parts of their network(s).

This is to improve Security. Should a attacker steal the Access/Secret key
of a Admin account he/she still needs to be in a subnet from where Admin 
accounts
are allowed to perform API calls.

This is a good security measure for APIs which are connected to the public 
internet.


This PR also includes a commit to cleanup and improve NetUtils.

No existing methods have been altered. That has been verified by adding 
additional Unit Tests for this.

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/wido/cloudstack admin-cidr

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cloudstack/pull/2046.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #2046


commit 770b0bdd4f20deefcb11d9c7b7713e06e3281e8e
Author: Wido den Hollander 
Date:   2017-04-13T15:23:24Z

Cleanup and Improve NetUtils

This class had many unused methods, inconsistent names and redundant code.

This commit cleans up code, renames a few methods and constants.

Methods were renamed to clearly show that they are for IPv4 or IPv6.

Tests were improved and added to test the changes that were made to the 
code.

Signed-off-by: Wido den Hollander 

commit fb6ab51ba384cb2ae3eed788f3c241b4c28c9bf5
Author: Wido den Hollander 
Date:   2017-04-13T15:23:36Z

CLOUDSTACK-7958: Add configuration for limit to CIDRs

The global setting 'management.admin.cidr' is set to 0.0.0.0/0,::/0
by default preserve the current behavior and thus allow API calls
for Admin accounts from all IPv4 and IPv6 subnets.

Users can set it to a comma-separated list of IPv4/IPv6 subnets to
restrict API calls for Admin accounts to certain parts of their network(s).

This is to improve Security. Should a attacker steal the Access/Secret key
of a Admin account he/she still needs to be in a subnet from where Admin 
accounts
are allowed to perform API calls.

This is a good security measure for APIs which are connected to the public 
internet.

Signed-off-by: Wido den Hollander 




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[DISCUSS][PROPOSAL] CA authority plugin definition

2017-04-14 Thread Daan Hoogland 
Devs,

Following a discussion with a client they came up with the idea to create a 
pluggable CA-framework. A plugin would serve components in cloudstack that so 
require (management servers, agents, load balancers, SVMs, etc.) with 
certificates answering certificate requests and validating certificates on 
request.

A default plugin can be written that serves according to its own self signed 
root certificate and have its own revocation list to be managed by the admin. 
Other plugin could forward by mail or web requests to external parties.

A CA-plugin will have to

-  Setup, for the default this means creating its certificate, for 
others it might mean install an intermediate certificate or configure a mail, 
or website address.

-  Accept and answer certificate requests

oFor client certificates

oFor server certificates

-  Accept revocation requests

-  Validate a connection request according to origin and certificate 
and . What extra data is is defined by the plugin and can be 
credentials or field-definitions referring the x509 entries or for instance 
port numbers allowed… this is basically free to the implementer.

A next step will have to be integrating the request calls with installs on 
targets but I think as is this feature merits itself as it could be used with 
out of band configuration management tools as well.

Any thoughts, remarks and critiques are welcome,

daan.hoogl...@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue

[GitHub] cloudstack pull request #2045: Fix snmptrap alert bug

2017-04-14 Thread WingkaiHo 
GitHub user WingkaiHo opened a pull request:

https://github.com/apache/cloudstack/pull/2045

Fix snmptrap alert bug

Fix snmptrap alerts info omit to send the field of SnmpConstants.sysUpTime. 

So when standard snmptrapd  receive alerts package the field OID will 
dislocation

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/WingkaiHo/cloudstack fix-snmptrap-bug

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cloudstack/pull/2045.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #2045


commit 83d4c26d64c1c8bb393f7e3eb7281c787c8e558f
Author: WingkaiHo 
Date:   2017-04-14T10:01:55Z

fix snmptrap alerts info omit to send the field of SnmpConstants.sysUpTime




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #2030: WIP: CLOUDSTACK-9864 cleanup stale worker VMs after ...

2017-04-14 Thread DaanHoogland 
Github user DaanHoogland commented on the issue:

https://github.com/apache/cloudstack/pull/2030
  
show me the money (tm)


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request #2030: WIP: CLOUDSTACK-9864 cleanup stale worker VMs...

2017-04-14 Thread DaanHoogland 
GitHub user DaanHoogland reopened a pull request:

https://github.com/apache/cloudstack/pull/2030

WIP: CLOUDSTACK-9864 cleanup stale worker VMs after job expiry time



You can merge this pull request into a Git repository by running:

$ git pull https://github.com/shapeblue/cloudstack snapshot-housekeeping

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cloudstack/pull/2030.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #2030


commit 40869570fc510fac0d2357f272e96cd4a4518176
Author: Daan Hoogland 
Date:   2017-03-30T14:35:37Z

CE-113 trace logging and rethrow instead of nesting CloudRuntimeException

commit 66d7d846352d52cc539b1dafb5e4d0f1620829a5
Author: Daan Hoogland 
Date:   2017-04-05T12:19:14Z

CE-113 configure workervm gc based on job expiry

commit 996f5834e6a0a9e4dc57d436ceeb5b89e6dc9974
Author: Daan Hoogland 
Date:   2017-04-05T15:35:41Z

CE-113 extra trace log of worker VMs

commit 9a8ea7c0d1c9775ad7e4200db2b3eca93e121909
Author: Daan Hoogland 
Date:   2017-04-06T09:33:53Z

CE-113 removed TODOs

commit e2c0f09609b48f4539f13edcc742ca7e06f0cca2
Author: Daan Hoogland 
Date:   2017-04-07T12:54:19Z

CE-113 use of duration (instead of the old clock-tick-based code




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request #2030: WIP: CLOUDSTACK-9864 cleanup stale worker VMs...

2017-04-14 Thread DaanHoogland 
Github user DaanHoogland closed the pull request at:

https://github.com/apache/cloudstack/pull/2030


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #2030: WIP: CLOUDSTACK-9864 cleanup stale worker VMs after ...

2017-04-14 Thread DaanHoogland 
Github user DaanHoogland commented on the issue:

https://github.com/apache/cloudstack/pull/2030
  
renaming and close-opening for retests. "it works on my laptop (tm)"


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request #2044: CLOUDSTACK-9877 Cleanup unlinked templates

2017-04-14 Thread DaanHoogland 
GitHub user DaanHoogland opened a pull request:

https://github.com/apache/cloudstack/pull/2044

CLOUDSTACK-9877 Cleanup unlinked templates

This implements CLOUDSTACK-9877 by marking templates for gc when
1. the template they where created with is deleted from cloudstack
2. all vms that still use it were created as full clones

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/shapeblue/cloudstack 
cleanup-unlinked-templates

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cloudstack/pull/2044.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #2044


commit 7a051b31587e43f94b49bf6f26478b33fc8c4c42
Author: Daan Hoogland 
Date:   2017-03-23T15:45:43Z

CE-110 move config to public fields

commit cf495adfd3fea9fc4806bb1453bbe05d2200f155
Author: Daan Hoogland 
Date:   2017-04-14T07:33:35Z

CE-110 remove duplicate-unused functionality

commit 5cd18ebfb61839816f827eef8b0604c052edf96d
Author: Daan Hoogland 
Date:   2017-04-14T07:41:46Z

CE-110 task for marking cleaning fully cloned templates
  implemented by marking them for GC




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #2043: CLOUDSTACK-9876: Removed test test_01_test_vm_volume...

2017-04-14 Thread karuturi 
Github user karuturi commented on the issue:

https://github.com/apache/cloudstack/pull/2043
  
@rhtyd @serg38 can you review?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1941: CLOUDSTACK-8663: Fixed various issues to allow VM sn...

2017-04-14 Thread karuturi 
Github user karuturi commented on the issue:

https://github.com/apache/cloudstack/pull/1941
  
Thanks! will take a look.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1762: CLOUDSTACK-9595 Transactions are not getting retried...

2017-04-14 Thread yvsubhash 
Github user yvsubhash commented on the issue:

https://github.com/apache/cloudstack/pull/1762
  
@serg38 Is the refactoring suggested by rafael taken care by  @nvazquez, 
else I would take it up


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Travis CI failures in PR#1996

2017-04-14 Thread Jayapal Uradi 
Hi All,

In PR# 1996 travis CI is failing for the 9 tests always. I tried force pushing 
many times but still the issues are failing.

I have gone through the logs[1] for the travis CI. I have observed the below.

1. It seems the deploy datacenter is not up correctly.

Connection to localhost 8096 port [tcp/*] succeeded!

Starting DataCenter deployment

 Log Folder Path: 
/tmp//MarvinLogs//DeployDataCenter__Apr_13_2017_09_05_04_ET95HW. All logs will 
be available here 

 Deploy DC Started 

=== Data Center Settings are dumped to 
/tmp//MarvinLogs//DeployDataCenter__Apr_13_2017_09_05_04_ET95HW/dc_entries.obj===

Deploy DC Successful=
/home/travis/.travis/job_stages: line 153: 16004 Terminated  
travis_jigger $! $timeout $cmd

2. The tests setup is failing  and the TestName is showing None.

 Marvin Init Successful 
=== TestName: None | Status : EXCEPTION ===

===final results are now copied to: /tmp//MarvinLogs/test_suite_C0SKM5===



+---+-+-++
|   Test|   Result| Tim | Test file 
 |
|   | |  e  |   
 |
+===+=+=++
| ContextSuite context=TestDeployVm | exceptions. | 0   | test_affinity_groups  
 |
| WithAffinityGroup>:setup  | TypeError   | |   
 |


Can some one who has access, please look into it.

[1] https://s3.amazonaws.com/archive.travis-ci.org/jobs/221647776/log.txt


Thanks,
Jayapal



DISCLAIMER
==
This e-mail may contain privileged and confidential information which is the 
property of Accelerite, a Persistent Systems business. It is intended only for 
the use of the individual or entity to which it is addressed. If you are not 
the intended recipient, you are not authorized to read, retain, copy, print, 
distribute or use this message. If you have received this communication in 
error, please notify the sender and delete all copies of this message. 
Accelerite, a Persistent Systems business does not accept any liability for 
virus infected mails.

[GitHub] cloudstack issue #2006: CLOUDSTACK-9833: Move configuration parameters from ...

2017-04-14 Thread harikrishna-patnala 
Github user harikrishna-patnala commented on the issue:

https://github.com/apache/cloudstack/pull/2006
  
Thanks @jayapalu I have also added some content security policy in HTTP 
servlet response to detect and mitigate certain type of attacks.
Restricted image source, style sheets, java scripts, URLs to be loaded only 
from self.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #2006: CLOUDSTACK-9833: Move configuration parameters from ...

2017-04-14 Thread jayapalu 
Github user jayapalu commented on the issue:

https://github.com/apache/cloudstack/pull/2006
  
Code LGTM


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---