[jira] [Updated] (CLOUDSTACK-10169) Clean up old and obsolete branches

2018-04-13 Thread JIRA 

 [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10169?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Rafael Weingärtner updated CLOUDSTACK-10169:

Description: 
The following is full list of branches available on 
https://github.com/apache/cloudstack and the old ones can be deleted.

||Branch name||Ticket number||POM version||Last updated||Last commit||HEAD on 
master||PR number||Should be deleted||
|4.0|-|4.0.2|Jul 19 
2013|[8f4b9bc|https://github.com/apache/cloudstack/commit/8f4b9bccfed63a37762907bdd058506f4e7b6e6d)]|No|-|{color:#d04437}*No*{color}|
|4.1|-|4.1.2-SNAPSHOT|Dec 10 
2013|[1b7c886|https://github.com/apache/cloudstack/commit/1b7c886bb1a4cd28840a13e199fedc8c2e865011)]|No|-|{color:#d04437}*No*{color}|
|4.2|-|4.2.1-SNAPSHOT|May 13 
2015|[709e0c0|https://github.com/apache/cloudstack/commit/709e0c093fc280cee79b30c7ee0a11331ebbae57)]|No|-|{color:#d04437}*No*{color}|
|4.3|-|4.3.2|Aug 12 
2015|[c116ca9|https://github.com/apache/cloudstack/commit/c116ca968e552f079e1ebfe855b4bfa02d368f74)]|No|-|{color:#d04437}*No*{color}|
|4.4|-|4.4.5-SNAPSHOT|Sep 1 
2015|[b0a4593|https://github.com/apache/cloudstack/commit/b0a45931527cb57e4d23edab36adf4fac1ffa494)]|No|-|{color:#d04437}*No*{color}|
|4.5|-|4.5.3-SNAPSHOT|Oct 18 
2016|[e731c70|https://github.com/apache/cloudstack/commit/e731c70cf7ab72b593cde10af8e49673a21b9f9c)]|No|-|{color:#d04437}*No*{color}|
|4.6|-|4.6.3-SNAPSHOT|Oct 18 
2016|[08b4052|https://github.com/apache/cloudstack/commit/08b40525955881869340a8ae3b268dea6edd926b)]|No|-|{color:#d04437}*No*{color}|
|4.7|-|4.7.2-SNAPSHOT|Nov 8 
2016|[0279ac2|https://github.com/apache/cloudstack/commit/0279ac20e46cbbc7f699dc41eafbe31fe0c4797b)]|Yes|-|{color:#d04437}*No*{color}|
|4.8|-|4.8.2.0-SNAPSHOT|Feb 28 
2017|[113ce13|https://github.com/apache/cloudstack/commit/113ce13bda9d4a095ff3a22d6fedf925117f4f6f)]|Yes|-|{color:#d04437}*No*{color}|
|4.9|-|4.9.4.0-SNAPSHOT|Nov 15 
2017|[f250b3a|https://github.com/apache/cloudstack/commit/f250b3ae0cf7efeef486f15474b606299d17318e)]|Yes|-|{color:#d04437}*No*{color}|
|4.10|-|4.10.1.0-SNAPSHOT|Nov 16 
2017|[330f241|https://github.com/apache/cloudstack/commit/330f24117cc5c90b85db291981652a2191417d5a)]|Yes|-|{color:#d04437}*No*{color}|
|GA-4.10.0.0|-|4.10.0.0|Jul 3 
2017|[9d2893d|https://github.com/apache/cloudstack/commit/9d2893d44a3c3a4829be0964cc991272c1d13e4d)]|Yes|-|{color:#d04437}*No*{color}|
|GA-4.4.1|-|4.4.1|Oct 14 
2014|[8db506b|https://github.com/apache/cloudstack/commit/8db506b536f3139250d33df571c98c1c3fa83650)]|No|-|{color:#d04437}*No*{color}|
|GA-4.4.2|-|4.4.2|Nov 21 
2014|[e0420a6|https://github.com/apache/cloudstack/commit/e0420a6fec738d728bc59ba65bc5e12809bde0eb)]|No|-|{color:#d04437}*No*{color}|
|GA-4.4.3|-|4.4.3|Apr 15 
2015|[e9441d4|https://github.com/apache/cloudstack/commit/e9441d47867104505ef260c1857549f93df96aba)]|No|-|{color:#d04437}*No*{color}|
|GA-4.4.4|-|4.4.4|Jun 18 
2015|[6f41061|https://github.com/apache/cloudstack/commit/6f41061e1428527c3f826d268377557ce607196b)]|No|-|{color:#d04437}*No*{color}|
|GA-4.5.1|-|4.5.1|May 5 
2015|[53da82e|https://github.com/apache/cloudstack/commit/53da82e4ac2bc88d98ac6bd9a1bb7131a3a8ebee)]|No|-|{color:#d04437}*No*{color}|
|GA-4.9.2.0|-|4.9.2.0|Jan 3 
2017|[dfc39c1|https://github.com/apache/cloudstack/commit/dfc39c1f088dc9979a53bd0de4dfd0e5b266bd0f)]|Yes|-|{color:#d04437}*No*{color}|
|GA-4.9.3.0|-|4.9.3.0|Aug 28 
2017|[d145944|https://github.com/apache/cloudstack/commit/d145944be0d04724802ff132399514bf71c3e7b0)]|Yes|-|{color:#d04437}*No*{color}|
|HA-abstractinvestigatorimpl-nullstate|-|4.5.1-SNAPSHOT|May 1 
2015|[ece3ff6|https://github.com/apache/cloudstack/commit/ece3ff68f7d03e897af671a16bf12b64213bfcc4)]|No|Closed
 ([222|https://github.com/apache/cloudstack/pull/222])|Yes|
|Health-Check-UI|-|4.2.0-SNAPSHOT|Mar 15 
2013|[136e527|https://github.com/apache/cloudstack/commit/136e527c63c12eeb62a12bfae8aea7bfd2e12206)]|Yes|-|Yes|
|LDAP-UI|-|4.1.0-SNAPSHOT|Feb 19 
2013|[bff3d8a|https://github.com/apache/cloudstack/commit/bff3d8ac9a0566addeb24d4c4c16ceab99b242b6)]|Yes|-|Yes|
|Reset-VM|-|4.1.0-SNAPSHOT|Feb 21 
2013|[35d8905|https://github.com/apache/cloudstack/commit/35d89050817324876c4411998c81abdac3501563)]|Yes|-|Yes|
|SHA512Salted|-|4.2.0-SNAPSHOT|Apr 1 
2013|[a18aaed|https://github.com/apache/cloudstack/commit/a18aaed097e977ca65c0fc4a956beb11058ad179)]|No|-|Yes|
|UI-dedicatedResources|-|4.2.0-SNAPSHOT|Apr 19 
2013|[ff4a487|https://github.com/apache/cloudstack/commit/ff4a4876c767cec15e4248821cc48bb01bf55051)]|Yes|-|Yes|
|UI-explicitDedication|-|4.2.0-SNAPSHOT|May 30 
2013|[8e7d4cf|https://github.com/apache/cloudstack/commit/8e7d4cf0c5959188245df3037e6028c885c50597)]|No|-|Yes|
|add_XS_71_72|-|4.11.0.0-SNAPSHOT|Nov 29 
2017|[1421a6e|https://github.com/apache/cloudstack/commit/1421a6e07a76fe3a91cd342c9f43266305f23ff2)]|Yes|-|{color:#f79232}*Maybe*{color}|
|add_remove_nics|-|4.1.0-SNAPSHOT|Jan 30

[jira] [Resolved] (CLOUDSTACK-10354) Remove branches CS-2163, Commit-Ratio, dedicate*, and bugfix*

2018-04-13 Thread JIRA 

 [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10354?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Rafael Weingärtner resolved CLOUDSTACK-10354.
-
Resolution: Fixed

> Remove branches CS-2163, Commit-Ratio, dedicate*, and bugfix*
> -
>
> Key: CLOUDSTACK-10354
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10354
> Project: CloudStack
>  Issue Type: Sub-task
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rafael Weingärtner
>Assignee: Rafael Weingärtner
>Priority: Major
>
> Following the protocol defined in [1]. We will remove branches "Remove 
> branches matching the expressions.
> {code:java}
> CS-2163, Commit-Ratio, dedicate*, and bugfix*
> {code}
> The branches that will be removed are the following:
> * CS-2163
> * Commit-Ratio
> * dedicate-guest-vlan-ranges
> * dedicate-guest-vlan-ranges_2
> * dedicate_public_ip_range
> * dedicate_public_ip_range_2
> * bugfix/CID-1114591
> * bugfix/CID-1114601
> * bugfix/CID-1116300
> * bugfix/CID-1116654
> * bugfix/CID-1116850
> * bugfix/CID-116538
> * bugfix/CID-1192805
> * bugfix/CID-1192810
> * bugfix/CID-1212198
> * bugfix/CID-106
> * bugfix/CID-1230585
> * bugfix/CID-1230587
> * bugfix/CID-1230587-2ndtime
> * bugfix/CID-1232333
> * bugfix/CID-1240106
> * bugfix/CID-1241966
> * bugfix/CID-1241967
> * bugfix/CID-1249800
> * bugfix/CID-1249801
> * bugfix/CID-1249803
> * bugfix/CID-1254835
> * bugfix/CS-7580
> * bugfix/CS-7665
> * bugfix/TO-hierarchy-flatening
> [1] 
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Clean+up+old+and+obsolete+branches+protocol



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-9114) restartnetwork with cleanup should not update/restart both routers at once

2018-04-13 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-9114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16436918#comment-16436918
 ] 

ASF GitHub Bot commented on CLOUDSTACK-9114:


nitin-maharana commented on a change in pull request #2508: CLOUDSTACK-9114: 
Reduce VR downtime during network restart
URL: https://github.com/apache/cloudstack/pull/2508#discussion_r181297798
 
 

 ##
 File path: ui/scripts/network.js
 ##
 @@ -1100,11 +1100,23 @@
 });
 
args.$form.find('.form-item[rel=cleanup]').find('input').attr('checked', 
'checked'); //checked
 
args.$form.find('.form-item[rel=cleanup]').css('display', 'inline-block'); 
//shown
+
args.$form.find('.form-item[rel=makeredundant]').find('input').attr('checked', 
'checked'); //checked
+
args.$form.find('.form-item[rel=makeredundant]').css('display', 
'inline-block'); //shown
+
+if 
(Boolean(args.context.networks[0].redundantrouter)) {
 
 Review comment:
   @rhtyd, When we say redundant networks, that means it already contains the 
new upgraded VR(after Blue-Green deployment), we created after a restart? If 
that is the case, I think it would be great, if we give a different name 
instead of redundant. Because there is a chance we will misinterpret as RVR.


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> restartnetwork with cleanup should not update/restart both routers at once
> --
>
> Key: CLOUDSTACK-9114
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9114
> Project: CloudStack
>  Issue Type: Improvement
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Wei Zhou
>Assignee: Wei Zhou
>Priority: Major
>
> for now, restartnetwork with cleanup will stop both RVRs at first, then start 
> two  new RVRs.
> to reduce the downtime of network, we'd better restart the RVRs one by one.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10304) SystemVM - Apache Web Server Version Number Information Disclosure

2018-04-13 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16437019#comment-16437019
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10304:
-

DaanHoogland closed pull request #2563: CLOUDSTACK-10304: turn off apache2 
server tokens and signature in systemvms
URL: https://github.com/apache/cloudstack/pull/2563
 
 
   

This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git a/systemvm/debian/etc/apache2/conf-enabled/security.conf 
b/systemvm/debian/etc/apache2/conf-enabled/security.conf
new file mode 100644
index 000..498d147c3f2
--- /dev/null
+++ b/systemvm/debian/etc/apache2/conf-enabled/security.conf
@@ -0,0 +1,3 @@
+ServerTokens Prod
+ServerSignature Off
+TraceEnable Off
diff --git a/systemvm/debian/opt/cloud/bin/setup/common.sh 
b/systemvm/debian/opt/cloud/bin/setup/common.sh
index a84d8814a8b..e24a27790b7 100755
--- a/systemvm/debian/opt/cloud/bin/setup/common.sh
+++ b/systemvm/debian/opt/cloud/bin/setup/common.sh
@@ -496,9 +496,6 @@ clean_ipalias_config() {
 
 setup_apache2_common() {
   sed -i 's/^Include ports.conf.*/# CS: Done by Python CsApp config\n#Include 
ports.conf/g' /etc/apache2/apache2.conf
-  [ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerTokens 
.*/ServerTokens Prod/g" /etc/apache2/conf.d/security
-  [ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerSignature 
.*/ServerSignature Off/g" /etc/apache2/conf.d/security
-
   # Disable listing of http://SSVM-IP/icons folder for security issue. see 
article 
http://www.i-lateral.com/tutorials/disabling-the-icons-folder-on-an-ubuntu-web-server/
   [ -f /etc/apache2/mods-available/alias.conf ] && sed -i s/"Options Indexes 
MultiViews"/"Options -Indexes MultiViews"/ 
/etc/apache2/mods-available/alias.conf
 


 


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> SystemVM - Apache Web Server Version Number Information Disclosure
> --
>
> Key: CLOUDSTACK-10304
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10304
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>  Components: SystemVM
>Affects Versions: 4.11.0.0
>Reporter: Julian Gilbert
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> {color:#00}The Secondary Storage System VM discloses its Apache Web 
> Server version number in HTTP headers and error pages. This type of 
> information disclosure can lead to medium vulnerabilities being reported in 
> web vulnerability scanners and reveals the Apache server version 
> unnecessarily.{color}
> {color:#00}The apache2 directory structure no longer contains 
> /etc/apache2/conf.d/ in Debian 9 and therefore the appropriate apache2 
> security configuration file is in another location. The 
> /opt/cloud/bin/setup/common.sh script has not been updated to reflect 
> this.{color}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10304) SystemVM - Apache Web Server Version Number Information Disclosure

2018-04-13 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16437022#comment-16437022
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10304:
-

blueorangutan commented on issue #2563: CLOUDSTACK-10304: turn off apache2 
server tokens and signature in systemvms
URL: https://github.com/apache/cloudstack/pull/2563#issuecomment-381068164
 
 
   @rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted 
as I make progress.


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> SystemVM - Apache Web Server Version Number Information Disclosure
> --
>
> Key: CLOUDSTACK-10304
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10304
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>  Components: SystemVM
>Affects Versions: 4.11.0.0
>Reporter: Julian Gilbert
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> {color:#00}The Secondary Storage System VM discloses its Apache Web 
> Server version number in HTTP headers and error pages. This type of 
> information disclosure can lead to medium vulnerabilities being reported in 
> web vulnerability scanners and reveals the Apache server version 
> unnecessarily.{color}
> {color:#00}The apache2 directory structure no longer contains 
> /etc/apache2/conf.d/ in Debian 9 and therefore the appropriate apache2 
> security configuration file is in another location. The 
> /opt/cloud/bin/setup/common.sh script has not been updated to reflect 
> this.{color}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10304) SystemVM - Apache Web Server Version Number Information Disclosure

2018-04-13 Thread ASF subversion and git services (JIRA) 

[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16437020#comment-16437020
 ] 

ASF subversion and git services commented on CLOUDSTACK-10304:
--

Commit e71d4d4371fdf1595bb42f152ec544243f2087f2 in cloudstack's branch 
refs/heads/4.11 from [~rohithsharma]
[ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=e71d4d4 ]

CLOUDSTACK-10304: turn off apache2 server tokens and signature in systemvms 
(#2563)

* systemvm: turn off apache2 server tokens and signature

This turns off apache2 server version signature/token in headers.

Signed-off-by: Rohit Yadav 

* systemvm: remove invalid code as conf.d is not available now

Signed-off-by: Rohit Yadav 


> SystemVM - Apache Web Server Version Number Information Disclosure
> --
>
> Key: CLOUDSTACK-10304
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10304
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>  Components: SystemVM
>Affects Versions: 4.11.0.0
>Reporter: Julian Gilbert
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> {color:#00}The Secondary Storage System VM discloses its Apache Web 
> Server version number in HTTP headers and error pages. This type of 
> information disclosure can lead to medium vulnerabilities being reported in 
> web vulnerability scanners and reveals the Apache server version 
> unnecessarily.{color}
> {color:#00}The apache2 directory structure no longer contains 
> /etc/apache2/conf.d/ in Debian 9 and therefore the appropriate apache2 
> security configuration file is in another location. The 
> /opt/cloud/bin/setup/common.sh script has not been updated to reflect 
> this.{color}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10304) SystemVM - Apache Web Server Version Number Information Disclosure

2018-04-13 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16437081#comment-16437081
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10304:
-

blueorangutan commented on issue #2563: CLOUDSTACK-10304: turn off apache2 
server tokens and signature in systemvms
URL: https://github.com/apache/cloudstack/pull/2563#issuecomment-381083667
 
 
   Packaging result: ✔centos6 ✔centos7 ✔debian. JID-1915


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> SystemVM - Apache Web Server Version Number Information Disclosure
> --
>
> Key: CLOUDSTACK-10304
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10304
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>  Components: SystemVM
>Affects Versions: 4.11.0.0
>Reporter: Julian Gilbert
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> {color:#00}The Secondary Storage System VM discloses its Apache Web 
> Server version number in HTTP headers and error pages. This type of 
> information disclosure can lead to medium vulnerabilities being reported in 
> web vulnerability scanners and reveals the Apache server version 
> unnecessarily.{color}
> {color:#00}The apache2 directory structure no longer contains 
> /etc/apache2/conf.d/ in Debian 9 and therefore the appropriate apache2 
> security configuration file is in another location. The 
> /opt/cloud/bin/setup/common.sh script has not been updated to reflect 
> this.{color}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-9114) restartnetwork with cleanup should not update/restart both routers at once

2018-04-13 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-9114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16437082#comment-16437082
 ] 

ASF GitHub Bot commented on CLOUDSTACK-9114:


rhtyd commented on a change in pull request #2508: CLOUDSTACK-9114: Reduce VR 
downtime during network restart
URL: https://github.com/apache/cloudstack/pull/2508#discussion_r181337283
 
 

 ##
 File path: ui/scripts/network.js
 ##
 @@ -1100,11 +1100,23 @@
 });
 
args.$form.find('.form-item[rel=cleanup]').find('input').attr('checked', 
'checked'); //checked
 
args.$form.find('.form-item[rel=cleanup]').css('display', 'inline-block'); 
//shown
+
args.$form.find('.form-item[rel=makeredundant]').find('input').attr('checked', 
'checked'); //checked
+
args.$form.find('.form-item[rel=makeredundant]').css('display', 
'inline-block'); //shown
+
+if 
(Boolean(args.context.networks[0].redundantrouter)) {
 
 Review comment:
   @nitin-maharana I'm not sure where the confusion is, a redundant network 
already has rVRs (backup+master) therefore no need to show the label/checkbox 
to user. This is same as the option you get when you restart VPC (see try that, 
restart VPC with 4.11+).


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> restartnetwork with cleanup should not update/restart both routers at once
> --
>
> Key: CLOUDSTACK-9114
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9114
> Project: CloudStack
>  Issue Type: Improvement
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Wei Zhou
>Assignee: Wei Zhou
>Priority: Major
>
> for now, restartnetwork with cleanup will stop both RVRs at first, then start 
> two  new RVRs.
> to reduce the downtime of network, we'd better restart the RVRs one by one.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10304) SystemVM - Apache Web Server Version Number Information Disclosure

2018-04-13 Thread ASF subversion and git services (JIRA) 

[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16437084#comment-16437084
 ] 

ASF subversion and git services commented on CLOUDSTACK-10304:
--

Commit e71d4d4371fdf1595bb42f152ec544243f2087f2 in cloudstack's branch 
refs/heads/master from [~rohithsharma]
[ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=e71d4d4 ]

CLOUDSTACK-10304: turn off apache2 server tokens and signature in systemvms 
(#2563)

* systemvm: turn off apache2 server tokens and signature

This turns off apache2 server version signature/token in headers.

Signed-off-by: Rohit Yadav 

* systemvm: remove invalid code as conf.d is not available now

Signed-off-by: Rohit Yadav 


> SystemVM - Apache Web Server Version Number Information Disclosure
> --
>
> Key: CLOUDSTACK-10304
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10304
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>  Components: SystemVM
>Affects Versions: 4.11.0.0
>Reporter: Julian Gilbert
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> {color:#00}The Secondary Storage System VM discloses its Apache Web 
> Server version number in HTTP headers and error pages. This type of 
> information disclosure can lead to medium vulnerabilities being reported in 
> web vulnerability scanners and reveals the Apache server version 
> unnecessarily.{color}
> {color:#00}The apache2 directory structure no longer contains 
> /etc/apache2/conf.d/ in Debian 9 and therefore the appropriate apache2 
> security configuration file is in another location. The 
> /opt/cloud/bin/setup/common.sh script has not been updated to reflect 
> this.{color}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10333) Secure VM Live migration for KVM

2018-04-13 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10333?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16437111#comment-16437111
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10333:
-

borisstoyanov commented on issue #2505: WIP CLOUDSTACK-10333: Secure Live VM 
Migration for KVM
URL: https://github.com/apache/cloudstack/pull/2505#issuecomment-38107
 
 
   @blueorangutan test


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Secure VM Live migration for KVM
> 
>
> Key: CLOUDSTACK-10333
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10333
> Project: CloudStack
>  Issue Type: Improvement
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> With use of CA framework to secure hosts, the current mechanisms don't secure 
> libvirtd to use those certificates (used by agent to connect to mgmt server). 
> This causes insecure vm migration over tcp instead of tls. The aim is to use 
> the same framework and certificates to secure live VM migration. This could 
> be coupled with securing of a host and renewal/provisioning of certificates 
> to host.
>  
> FS: 
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Secure+Live+VM+Migration+for+KVM



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10333) Secure VM Live migration for KVM

2018-04-13 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10333?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16437114#comment-16437114
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10333:
-

blueorangutan commented on issue #2505: WIP CLOUDSTACK-10333: Secure Live VM 
Migration for KVM
URL: https://github.com/apache/cloudstack/pull/2505#issuecomment-381089214
 
 
   @borisstoyanov a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has 
been kicked to run smoke tests


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Secure VM Live migration for KVM
> 
>
> Key: CLOUDSTACK-10333
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10333
> Project: CloudStack
>  Issue Type: Improvement
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> With use of CA framework to secure hosts, the current mechanisms don't secure 
> libvirtd to use those certificates (used by agent to connect to mgmt server). 
> This causes insecure vm migration over tcp instead of tls. The aim is to use 
> the same framework and certificates to secure live VM migration. This could 
> be coupled with securing of a host and renewal/provisioning of certificates 
> to host.
>  
> FS: 
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Secure+Live+VM+Migration+for+KVM



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10288) Config drive - Usedata corruption when gzipped

2018-04-13 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10288?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16437050#comment-16437050
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10288:
-

DaanHoogland commented on a change in pull request #2566: ConfigDrive fixes: 
CLOUDSTACK-10288, CLOUDSTACK-10289
URL: https://github.com/apache/cloudstack/pull/2566#discussion_r181329419
 
 

 ##
 File path: 
services/secondary-storage/server/src/org/apache/cloudstack/storage/resource/NfsSecondaryStorageResource.java
 ##
 @@ -480,7 +480,7 @@ public Answer 
createConfigDriveIsoForVM(HandleConfigDriveIsoCommand cmd) {
 for (String[] item : cmd.getVmData()) {
 String dataType = item[CONFIGDATA_DIR];
 String fileName = item[CONFIGDATA_FILE];
-String content = item[CONFIGDATA_CONTENT];
+String content = item[CONFIGDATA_CONTENT]; // base64
 
 Review comment:
   and remove the comment?


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Config drive - Usedata corruption when gzipped 
> ---
>
> Key: CLOUDSTACK-10288
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10288
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Affects Versions: 4.11.0.0
>Reporter: Rohit Yadav
>Assignee: Frank Maximus
>Priority: Major
>
> Should be able to create userdata via "echo hi | gzip | base64 -w0" and read 
> it back in VM via "mount -o loop /dev/sr1 /mnt/tmp; cat 
> /mnt/tmp/cloudstack/userdata/user_data.txt | gunzip" 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10288) Config drive - Usedata corruption when gzipped

2018-04-13 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10288?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16437056#comment-16437056
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10288:
-

DaanHoogland commented on a change in pull request #2566: ConfigDrive fixes: 
CLOUDSTACK-10288, CLOUDSTACK-10289
URL: https://github.com/apache/cloudstack/pull/2566#discussion_r181330373
 
 

 ##
 File path: test/integration/plugins/nuagevsp/nuage_lib.py
 ##
 @@ -0,0 +1,30 @@
+from marvin.cloudstackAPI import createSSHKeyPair, deleteSSHKeyPair
 
 Review comment:
   apache license is missing


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Config drive - Usedata corruption when gzipped 
> ---
>
> Key: CLOUDSTACK-10288
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10288
> Project: CloudStack
>  Issue Type: Bug
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Affects Versions: 4.11.0.0
>Reporter: Rohit Yadav
>Assignee: Frank Maximus
>Priority: Major
>
> Should be able to create userdata via "echo hi | gzip | base64 -w0" and read 
> it back in VM via "mount -o loop /dev/sr1 /mnt/tmp; cat 
> /mnt/tmp/cloudstack/userdata/user_data.txt | gunzip" 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10333) Secure VM Live migration for KVM

2018-04-13 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10333?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16437035#comment-16437035
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10333:
-

DaanHoogland commented on issue #2505: CLOUDSTACK-10333: Secure Live VM 
Migration for KVM
URL: https://github.com/apache/cloudstack/pull/2505#issuecomment-381072342
 
 
   As you announced extra commits , i'm marking this WIP @rhtyd 


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Secure VM Live migration for KVM
> 
>
> Key: CLOUDSTACK-10333
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10333
> Project: CloudStack
>  Issue Type: Improvement
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> With use of CA framework to secure hosts, the current mechanisms don't secure 
> libvirtd to use those certificates (used by agent to connect to mgmt server). 
> This causes insecure vm migration over tcp instead of tls. The aim is to use 
> the same framework and certificates to secure live VM migration. This could 
> be coupled with securing of a host and renewal/provisioning of certificates 
> to host.
>  
> FS: 
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Secure+Live+VM+Migration+for+KVM



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10333) Secure VM Live migration for KVM

2018-04-13 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10333?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16437046#comment-16437046
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10333:
-

blueorangutan commented on issue #2505: WIP CLOUDSTACK-10333: Secure Live VM 
Migration for KVM
URL: https://github.com/apache/cloudstack/pull/2505#issuecomment-381075071
 
 
   @borisstoyanov a Jenkins job has been kicked to build packages. I'll keep 
you posted as I make progress.


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Secure VM Live migration for KVM
> 
>
> Key: CLOUDSTACK-10333
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10333
> Project: CloudStack
>  Issue Type: Improvement
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> With use of CA framework to secure hosts, the current mechanisms don't secure 
> libvirtd to use those certificates (used by agent to connect to mgmt server). 
> This causes insecure vm migration over tcp instead of tls. The aim is to use 
> the same framework and certificates to secure live VM migration. This could 
> be coupled with securing of a host and renewal/provisioning of certificates 
> to host.
>  
> FS: 
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Secure+Live+VM+Migration+for+KVM



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10333) Secure VM Live migration for KVM

2018-04-13 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10333?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16437045#comment-16437045
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10333:
-

borisstoyanov commented on issue #2505: WIP CLOUDSTACK-10333: Secure Live VM 
Migration for KVM
URL: https://github.com/apache/cloudstack/pull/2505#issuecomment-381074947
 
 
   @blueorangutan package


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Secure VM Live migration for KVM
> 
>
> Key: CLOUDSTACK-10333
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10333
> Project: CloudStack
>  Issue Type: Improvement
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> With use of CA framework to secure hosts, the current mechanisms don't secure 
> libvirtd to use those certificates (used by agent to connect to mgmt server). 
> This causes insecure vm migration over tcp instead of tls. The aim is to use 
> the same framework and certificates to secure live VM migration. This could 
> be coupled with securing of a host and renewal/provisioning of certificates 
> to host.
>  
> FS: 
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Secure+Live+VM+Migration+for+KVM



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10333) Secure VM Live migration for KVM

2018-04-13 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10333?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16437098#comment-16437098
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10333:
-

blueorangutan commented on issue #2505: WIP CLOUDSTACK-10333: Secure Live VM 
Migration for KVM
URL: https://github.com/apache/cloudstack/pull/2505#issuecomment-381087052
 
 
   Packaging result: ✔centos6 ✔centos7 ✔debian. JID-1918


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Secure VM Live migration for KVM
> 
>
> Key: CLOUDSTACK-10333
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10333
> Project: CloudStack
>  Issue Type: Improvement
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Rohit Yadav
>Assignee: Rohit Yadav
>Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> With use of CA framework to secure hosts, the current mechanisms don't secure 
> libvirtd to use those certificates (used by agent to connect to mgmt server). 
> This causes insecure vm migration over tcp instead of tls. The aim is to use 
> the same framework and certificates to secure live VM migration. This could 
> be coupled with securing of a host and renewal/provisioning of certificates 
> to host.
>  
> FS: 
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Secure+Live+VM+Migration+for+KVM



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-9114) restartnetwork with cleanup should not update/restart both routers at once

2018-04-13 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-9114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16437138#comment-16437138
 ] 

ASF GitHub Bot commented on CLOUDSTACK-9114:


nitin-maharana commented on a change in pull request #2508: CLOUDSTACK-9114: 
Reduce VR downtime during network restart
URL: https://github.com/apache/cloudstack/pull/2508#discussion_r181347015
 
 

 ##
 File path: ui/scripts/network.js
 ##
 @@ -1100,11 +1100,23 @@
 });
 
args.$form.find('.form-item[rel=cleanup]').find('input').attr('checked', 
'checked'); //checked
 
args.$form.find('.form-item[rel=cleanup]').css('display', 'inline-block'); 
//shown
+
args.$form.find('.form-item[rel=makeredundant]').find('input').attr('checked', 
'checked'); //checked
+
args.$form.find('.form-item[rel=makeredundant]').css('display', 
'inline-block'); //shown
+
+if 
(Boolean(args.context.networks[0].redundantrouter)) {
 
 Review comment:
   @rhtyd, As I understand, this functionality is not applicable to RVRs? For 
RVRs, the upgrade procedure is same as the old way. (Reboot the back-up and 
then reboot the master). But from the snapshots, I see, it creates a new router 
for each restart. (r-46-VM creates r-47-VM) and (r-45-VM creates r-48-VM). 


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> restartnetwork with cleanup should not update/restart both routers at once
> --
>
> Key: CLOUDSTACK-9114
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9114
> Project: CloudStack
>  Issue Type: Improvement
>  Security Level: Public(Anyone can view this level - this is the 
> default.) 
>Reporter: Wei Zhou
>Assignee: Wei Zhou
>Priority: Major
>
> for now, restartnetwork with cleanup will stop both RVRs at first, then start 
> two  new RVRs.
> to reduce the downtime of network, we'd better restart the RVRs one by one.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)