[jira] [Commented] (CLOUDSTACK-10304) SystemVM - Apache Web Server Version Number Information Disclosure
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16437020#comment-16437020 ] ASF subversion and git services commented on CLOUDSTACK-10304: -- Commit e71d4d4371fdf1595bb42f152ec544243f2087f2 in cloudstack's branch refs/heads/4.11 from [~rohithsharma] [ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=e71d4d4 ] CLOUDSTACK-10304: turn off apache2 server tokens and signature in systemvms (#2563) * systemvm: turn off apache2 server tokens and signature This turns off apache2 server version signature/token in headers. Signed-off-by: Rohit Yadav * systemvm: remove invalid code as conf.d is not available now Signed-off-by: Rohit Yadav > SystemVM - Apache Web Server Version Number Information Disclosure > -- > > Key: CLOUDSTACK-10304 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10304 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: SystemVM >Affects Versions: 4.11.0.0 >Reporter: Julian Gilbert >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > {color:#00}The Secondary Storage System VM discloses its Apache Web > Server version number in HTTP headers and error pages. This type of > information disclosure can lead to medium vulnerabilities being reported in > web vulnerability scanners and reveals the Apache server version > unnecessarily.{color} > {color:#00}The apache2 directory structure no longer contains > /etc/apache2/conf.d/ in Debian 9 and therefore the appropriate apache2 > security configuration file is in another location. The > /opt/cloud/bin/setup/common.sh script has not been updated to reflect > this.{color} -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10304) SystemVM - Apache Web Server Version Number Information Disclosure
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16437019#comment-16437019 ] ASF GitHub Bot commented on CLOUDSTACK-10304: - DaanHoogland closed pull request #2563: CLOUDSTACK-10304: turn off apache2 server tokens and signature in systemvms URL: https://github.com/apache/cloudstack/pull/2563 This is a PR merged from a forked repository. As GitHub hides the original diff on merge, it is displayed below for the sake of provenance: As this is a foreign pull request (from a fork), the diff is supplied below (as it won't show otherwise due to GitHub magic): diff --git a/systemvm/debian/etc/apache2/conf-enabled/security.conf b/systemvm/debian/etc/apache2/conf-enabled/security.conf new file mode 100644 index 000..498d147c3f2 --- /dev/null +++ b/systemvm/debian/etc/apache2/conf-enabled/security.conf @@ -0,0 +1,3 @@ +ServerTokens Prod +ServerSignature Off +TraceEnable Off diff --git a/systemvm/debian/opt/cloud/bin/setup/common.sh b/systemvm/debian/opt/cloud/bin/setup/common.sh index a84d8814a8b..e24a27790b7 100755 --- a/systemvm/debian/opt/cloud/bin/setup/common.sh +++ b/systemvm/debian/opt/cloud/bin/setup/common.sh @@ -496,9 +496,6 @@ clean_ipalias_config() { setup_apache2_common() { sed -i 's/^Include ports.conf.*/# CS: Done by Python CsApp config\n#Include ports.conf/g' /etc/apache2/apache2.conf - [ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerTokens .*/ServerTokens Prod/g" /etc/apache2/conf.d/security - [ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerSignature .*/ServerSignature Off/g" /etc/apache2/conf.d/security - # Disable listing of http://SSVM-IP/icons folder for security issue. see article http://www.i-lateral.com/tutorials/disabling-the-icons-folder-on-an-ubuntu-web-server/ [ -f /etc/apache2/mods-available/alias.conf ] && sed -i s/"Options Indexes MultiViews"/"Options -Indexes MultiViews"/ /etc/apache2/mods-available/alias.conf This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > SystemVM - Apache Web Server Version Number Information Disclosure > -- > > Key: CLOUDSTACK-10304 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10304 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: SystemVM >Affects Versions: 4.11.0.0 >Reporter: Julian Gilbert >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > {color:#00}The Secondary Storage System VM discloses its Apache Web > Server version number in HTTP headers and error pages. This type of > information disclosure can lead to medium vulnerabilities being reported in > web vulnerability scanners and reveals the Apache server version > unnecessarily.{color} > {color:#00}The apache2 directory structure no longer contains > /etc/apache2/conf.d/ in Debian 9 and therefore the appropriate apache2 > security configuration file is in another location. The > /opt/cloud/bin/setup/common.sh script has not been updated to reflect > this.{color} -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10304) SystemVM - Apache Web Server Version Number Information Disclosure
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16437022#comment-16437022 ] ASF GitHub Bot commented on CLOUDSTACK-10304: - blueorangutan commented on issue #2563: CLOUDSTACK-10304: turn off apache2 server tokens and signature in systemvms URL: https://github.com/apache/cloudstack/pull/2563#issuecomment-381068164 @rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > SystemVM - Apache Web Server Version Number Information Disclosure > -- > > Key: CLOUDSTACK-10304 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10304 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: SystemVM >Affects Versions: 4.11.0.0 >Reporter: Julian Gilbert >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > {color:#00}The Secondary Storage System VM discloses its Apache Web > Server version number in HTTP headers and error pages. This type of > information disclosure can lead to medium vulnerabilities being reported in > web vulnerability scanners and reveals the Apache server version > unnecessarily.{color} > {color:#00}The apache2 directory structure no longer contains > /etc/apache2/conf.d/ in Debian 9 and therefore the appropriate apache2 > security configuration file is in another location. The > /opt/cloud/bin/setup/common.sh script has not been updated to reflect > this.{color} -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10333) Secure VM Live migration for KVM
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10333?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16437035#comment-16437035 ] ASF GitHub Bot commented on CLOUDSTACK-10333: - DaanHoogland commented on issue #2505: CLOUDSTACK-10333: Secure Live VM Migration for KVM URL: https://github.com/apache/cloudstack/pull/2505#issuecomment-381072342 As you announced extra commits , i'm marking this WIP @rhtyd This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Secure VM Live migration for KVM > > > Key: CLOUDSTACK-10333 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10333 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > With use of CA framework to secure hosts, the current mechanisms don't secure > libvirtd to use those certificates (used by agent to connect to mgmt server). > This causes insecure vm migration over tcp instead of tls. The aim is to use > the same framework and certificates to secure live VM migration. This could > be coupled with securing of a host and renewal/provisioning of certificates > to host. > > FS: > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Secure+Live+VM+Migration+for+KVM -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10333) Secure VM Live migration for KVM
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10333?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16437045#comment-16437045 ] ASF GitHub Bot commented on CLOUDSTACK-10333: - borisstoyanov commented on issue #2505: WIP CLOUDSTACK-10333: Secure Live VM Migration for KVM URL: https://github.com/apache/cloudstack/pull/2505#issuecomment-381074947 @blueorangutan package This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Secure VM Live migration for KVM > > > Key: CLOUDSTACK-10333 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10333 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > With use of CA framework to secure hosts, the current mechanisms don't secure > libvirtd to use those certificates (used by agent to connect to mgmt server). > This causes insecure vm migration over tcp instead of tls. The aim is to use > the same framework and certificates to secure live VM migration. This could > be coupled with securing of a host and renewal/provisioning of certificates > to host. > > FS: > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Secure+Live+VM+Migration+for+KVM -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10333) Secure VM Live migration for KVM
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10333?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16437046#comment-16437046 ] ASF GitHub Bot commented on CLOUDSTACK-10333: - blueorangutan commented on issue #2505: WIP CLOUDSTACK-10333: Secure Live VM Migration for KVM URL: https://github.com/apache/cloudstack/pull/2505#issuecomment-381075071 @borisstoyanov a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Secure VM Live migration for KVM > > > Key: CLOUDSTACK-10333 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10333 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > With use of CA framework to secure hosts, the current mechanisms don't secure > libvirtd to use those certificates (used by agent to connect to mgmt server). > This causes insecure vm migration over tcp instead of tls. The aim is to use > the same framework and certificates to secure live VM migration. This could > be coupled with securing of a host and renewal/provisioning of certificates > to host. > > FS: > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Secure+Live+VM+Migration+for+KVM -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10288) Config drive - Usedata corruption when gzipped
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10288?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16437050#comment-16437050 ] ASF GitHub Bot commented on CLOUDSTACK-10288: - DaanHoogland commented on a change in pull request #2566: ConfigDrive fixes: CLOUDSTACK-10288, CLOUDSTACK-10289 URL: https://github.com/apache/cloudstack/pull/2566#discussion_r181329419 ## File path: services/secondary-storage/server/src/org/apache/cloudstack/storage/resource/NfsSecondaryStorageResource.java ## @@ -480,7 +480,7 @@ public Answer createConfigDriveIsoForVM(HandleConfigDriveIsoCommand cmd) { for (String[] item : cmd.getVmData()) { String dataType = item[CONFIGDATA_DIR]; String fileName = item[CONFIGDATA_FILE]; -String content = item[CONFIGDATA_CONTENT]; +String content = item[CONFIGDATA_CONTENT]; // base64 Review comment: and remove the comment? This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Config drive - Usedata corruption when gzipped > --- > > Key: CLOUDSTACK-10288 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10288 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Affects Versions: 4.11.0.0 >Reporter: Rohit Yadav >Assignee: Frank Maximus >Priority: Major > > Should be able to create userdata via "echo hi | gzip | base64 -w0" and read > it back in VM via "mount -o loop /dev/sr1 /mnt/tmp; cat > /mnt/tmp/cloudstack/userdata/user_data.txt | gunzip" -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10288) Config drive - Usedata corruption when gzipped
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10288?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16437056#comment-16437056 ] ASF GitHub Bot commented on CLOUDSTACK-10288: - DaanHoogland commented on a change in pull request #2566: ConfigDrive fixes: CLOUDSTACK-10288, CLOUDSTACK-10289 URL: https://github.com/apache/cloudstack/pull/2566#discussion_r181330373 ## File path: test/integration/plugins/nuagevsp/nuage_lib.py ## @@ -0,0 +1,30 @@ +from marvin.cloudstackAPI import createSSHKeyPair, deleteSSHKeyPair Review comment: apache license is missing This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Config drive - Usedata corruption when gzipped > --- > > Key: CLOUDSTACK-10288 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10288 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Affects Versions: 4.11.0.0 >Reporter: Rohit Yadav >Assignee: Frank Maximus >Priority: Major > > Should be able to create userdata via "echo hi | gzip | base64 -w0" and read > it back in VM via "mount -o loop /dev/sr1 /mnt/tmp; cat > /mnt/tmp/cloudstack/userdata/user_data.txt | gunzip" -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10304) SystemVM - Apache Web Server Version Number Information Disclosure
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16437081#comment-16437081 ] ASF GitHub Bot commented on CLOUDSTACK-10304: - blueorangutan commented on issue #2563: CLOUDSTACK-10304: turn off apache2 server tokens and signature in systemvms URL: https://github.com/apache/cloudstack/pull/2563#issuecomment-381083667 Packaging result: ✔centos6 ✔centos7 ✔debian. JID-1915 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > SystemVM - Apache Web Server Version Number Information Disclosure > -- > > Key: CLOUDSTACK-10304 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10304 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: SystemVM >Affects Versions: 4.11.0.0 >Reporter: Julian Gilbert >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > {color:#00}The Secondary Storage System VM discloses its Apache Web > Server version number in HTTP headers and error pages. This type of > information disclosure can lead to medium vulnerabilities being reported in > web vulnerability scanners and reveals the Apache server version > unnecessarily.{color} > {color:#00}The apache2 directory structure no longer contains > /etc/apache2/conf.d/ in Debian 9 and therefore the appropriate apache2 > security configuration file is in another location. The > /opt/cloud/bin/setup/common.sh script has not been updated to reflect > this.{color} -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-9114) restartnetwork with cleanup should not update/restart both routers at once
[ https://issues.apache.org/jira/browse/CLOUDSTACK-9114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16437082#comment-16437082 ] ASF GitHub Bot commented on CLOUDSTACK-9114: rhtyd commented on a change in pull request #2508: CLOUDSTACK-9114: Reduce VR downtime during network restart URL: https://github.com/apache/cloudstack/pull/2508#discussion_r181337283 ## File path: ui/scripts/network.js ## @@ -1100,11 +1100,23 @@ }); args.$form.find('.form-item[rel=cleanup]').find('input').attr('checked', 'checked'); //checked args.$form.find('.form-item[rel=cleanup]').css('display', 'inline-block'); //shown + args.$form.find('.form-item[rel=makeredundant]').find('input').attr('checked', 'checked'); //checked + args.$form.find('.form-item[rel=makeredundant]').css('display', 'inline-block'); //shown + +if (Boolean(args.context.networks[0].redundantrouter)) { Review comment: @nitin-maharana I'm not sure where the confusion is, a redundant network already has rVRs (backup+master) therefore no need to show the label/checkbox to user. This is same as the option you get when you restart VPC (see try that, restart VPC with 4.11+). This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > restartnetwork with cleanup should not update/restart both routers at once > -- > > Key: CLOUDSTACK-9114 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9114 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Wei Zhou >Assignee: Wei Zhou >Priority: Major > > for now, restartnetwork with cleanup will stop both RVRs at first, then start > two new RVRs. > to reduce the downtime of network, we'd better restart the RVRs one by one. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10304) SystemVM - Apache Web Server Version Number Information Disclosure
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16437084#comment-16437084 ] ASF subversion and git services commented on CLOUDSTACK-10304: -- Commit e71d4d4371fdf1595bb42f152ec544243f2087f2 in cloudstack's branch refs/heads/master from [~rohithsharma] [ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=e71d4d4 ] CLOUDSTACK-10304: turn off apache2 server tokens and signature in systemvms (#2563) * systemvm: turn off apache2 server tokens and signature This turns off apache2 server version signature/token in headers. Signed-off-by: Rohit Yadav * systemvm: remove invalid code as conf.d is not available now Signed-off-by: Rohit Yadav > SystemVM - Apache Web Server Version Number Information Disclosure > -- > > Key: CLOUDSTACK-10304 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10304 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: SystemVM >Affects Versions: 4.11.0.0 >Reporter: Julian Gilbert >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > {color:#00}The Secondary Storage System VM discloses its Apache Web > Server version number in HTTP headers and error pages. This type of > information disclosure can lead to medium vulnerabilities being reported in > web vulnerability scanners and reveals the Apache server version > unnecessarily.{color} > {color:#00}The apache2 directory structure no longer contains > /etc/apache2/conf.d/ in Debian 9 and therefore the appropriate apache2 > security configuration file is in another location. The > /opt/cloud/bin/setup/common.sh script has not been updated to reflect > this.{color} -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10333) Secure VM Live migration for KVM
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10333?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16437098#comment-16437098 ] ASF GitHub Bot commented on CLOUDSTACK-10333: - blueorangutan commented on issue #2505: WIP CLOUDSTACK-10333: Secure Live VM Migration for KVM URL: https://github.com/apache/cloudstack/pull/2505#issuecomment-381087052 Packaging result: ✔centos6 ✔centos7 ✔debian. JID-1918 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Secure VM Live migration for KVM > > > Key: CLOUDSTACK-10333 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10333 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > With use of CA framework to secure hosts, the current mechanisms don't secure > libvirtd to use those certificates (used by agent to connect to mgmt server). > This causes insecure vm migration over tcp instead of tls. The aim is to use > the same framework and certificates to secure live VM migration. This could > be coupled with securing of a host and renewal/provisioning of certificates > to host. > > FS: > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Secure+Live+VM+Migration+for+KVM -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10333) Secure VM Live migration for KVM
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10333?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16437111#comment-16437111 ] ASF GitHub Bot commented on CLOUDSTACK-10333: - borisstoyanov commented on issue #2505: WIP CLOUDSTACK-10333: Secure Live VM Migration for KVM URL: https://github.com/apache/cloudstack/pull/2505#issuecomment-38107 @blueorangutan test This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Secure VM Live migration for KVM > > > Key: CLOUDSTACK-10333 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10333 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > With use of CA framework to secure hosts, the current mechanisms don't secure > libvirtd to use those certificates (used by agent to connect to mgmt server). > This causes insecure vm migration over tcp instead of tls. The aim is to use > the same framework and certificates to secure live VM migration. This could > be coupled with securing of a host and renewal/provisioning of certificates > to host. > > FS: > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Secure+Live+VM+Migration+for+KVM -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-10333) Secure VM Live migration for KVM
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10333?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16437114#comment-16437114 ] ASF GitHub Bot commented on CLOUDSTACK-10333: - blueorangutan commented on issue #2505: WIP CLOUDSTACK-10333: Secure Live VM Migration for KVM URL: https://github.com/apache/cloudstack/pull/2505#issuecomment-381089214 @borisstoyanov a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Secure VM Live migration for KVM > > > Key: CLOUDSTACK-10333 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10333 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rohit Yadav >Assignee: Rohit Yadav >Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > With use of CA framework to secure hosts, the current mechanisms don't secure > libvirtd to use those certificates (used by agent to connect to mgmt server). > This causes insecure vm migration over tcp instead of tls. The aim is to use > the same framework and certificates to secure live VM migration. This could > be coupled with securing of a host and renewal/provisioning of certificates > to host. > > FS: > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Secure+Live+VM+Migration+for+KVM -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CLOUDSTACK-9114) restartnetwork with cleanup should not update/restart both routers at once
[ https://issues.apache.org/jira/browse/CLOUDSTACK-9114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16437138#comment-16437138 ] ASF GitHub Bot commented on CLOUDSTACK-9114: nitin-maharana commented on a change in pull request #2508: CLOUDSTACK-9114: Reduce VR downtime during network restart URL: https://github.com/apache/cloudstack/pull/2508#discussion_r181347015 ## File path: ui/scripts/network.js ## @@ -1100,11 +1100,23 @@ }); args.$form.find('.form-item[rel=cleanup]').find('input').attr('checked', 'checked'); //checked args.$form.find('.form-item[rel=cleanup]').css('display', 'inline-block'); //shown + args.$form.find('.form-item[rel=makeredundant]').find('input').attr('checked', 'checked'); //checked + args.$form.find('.form-item[rel=makeredundant]').css('display', 'inline-block'); //shown + +if (Boolean(args.context.networks[0].redundantrouter)) { Review comment: @rhtyd, As I understand, this functionality is not applicable to RVRs? For RVRs, the upgrade procedure is same as the old way. (Reboot the back-up and then reboot the master). But from the snapshots, I see, it creates a new router for each restart. (r-46-VM creates r-47-VM) and (r-45-VM creates r-48-VM). This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > restartnetwork with cleanup should not update/restart both routers at once > -- > > Key: CLOUDSTACK-9114 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9114 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Wei Zhou >Assignee: Wei Zhou >Priority: Major > > for now, restartnetwork with cleanup will stop both RVRs at first, then start > two new RVRs. > to reduce the downtime of network, we'd better restart the RVRs one by one. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (CLOUDSTACK-10169) Clean up old and obsolete branches
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10169?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rafael Weingärtner updated CLOUDSTACK-10169: Description: The following is full list of branches available on https://github.com/apache/cloudstack and the old ones can be deleted. ||Branch name||Ticket number||POM version||Last updated||Last commit||HEAD on master||PR number||Should be deleted|| |4.0|-|4.0.2|Jul 19 2013|[8f4b9bc|https://github.com/apache/cloudstack/commit/8f4b9bccfed63a37762907bdd058506f4e7b6e6d)]|No|-|{color:#d04437}*No*{color}| |4.1|-|4.1.2-SNAPSHOT|Dec 10 2013|[1b7c886|https://github.com/apache/cloudstack/commit/1b7c886bb1a4cd28840a13e199fedc8c2e865011)]|No|-|{color:#d04437}*No*{color}| |4.2|-|4.2.1-SNAPSHOT|May 13 2015|[709e0c0|https://github.com/apache/cloudstack/commit/709e0c093fc280cee79b30c7ee0a11331ebbae57)]|No|-|{color:#d04437}*No*{color}| |4.3|-|4.3.2|Aug 12 2015|[c116ca9|https://github.com/apache/cloudstack/commit/c116ca968e552f079e1ebfe855b4bfa02d368f74)]|No|-|{color:#d04437}*No*{color}| |4.4|-|4.4.5-SNAPSHOT|Sep 1 2015|[b0a4593|https://github.com/apache/cloudstack/commit/b0a45931527cb57e4d23edab36adf4fac1ffa494)]|No|-|{color:#d04437}*No*{color}| |4.5|-|4.5.3-SNAPSHOT|Oct 18 2016|[e731c70|https://github.com/apache/cloudstack/commit/e731c70cf7ab72b593cde10af8e49673a21b9f9c)]|No|-|{color:#d04437}*No*{color}| |4.6|-|4.6.3-SNAPSHOT|Oct 18 2016|[08b4052|https://github.com/apache/cloudstack/commit/08b40525955881869340a8ae3b268dea6edd926b)]|No|-|{color:#d04437}*No*{color}| |4.7|-|4.7.2-SNAPSHOT|Nov 8 2016|[0279ac2|https://github.com/apache/cloudstack/commit/0279ac20e46cbbc7f699dc41eafbe31fe0c4797b)]|Yes|-|{color:#d04437}*No*{color}| |4.8|-|4.8.2.0-SNAPSHOT|Feb 28 2017|[113ce13|https://github.com/apache/cloudstack/commit/113ce13bda9d4a095ff3a22d6fedf925117f4f6f)]|Yes|-|{color:#d04437}*No*{color}| |4.9|-|4.9.4.0-SNAPSHOT|Nov 15 2017|[f250b3a|https://github.com/apache/cloudstack/commit/f250b3ae0cf7efeef486f15474b606299d17318e)]|Yes|-|{color:#d04437}*No*{color}| |4.10|-|4.10.1.0-SNAPSHOT|Nov 16 2017|[330f241|https://github.com/apache/cloudstack/commit/330f24117cc5c90b85db291981652a2191417d5a)]|Yes|-|{color:#d04437}*No*{color}| |GA-4.10.0.0|-|4.10.0.0|Jul 3 2017|[9d2893d|https://github.com/apache/cloudstack/commit/9d2893d44a3c3a4829be0964cc991272c1d13e4d)]|Yes|-|{color:#d04437}*No*{color}| |GA-4.4.1|-|4.4.1|Oct 14 2014|[8db506b|https://github.com/apache/cloudstack/commit/8db506b536f3139250d33df571c98c1c3fa83650)]|No|-|{color:#d04437}*No*{color}| |GA-4.4.2|-|4.4.2|Nov 21 2014|[e0420a6|https://github.com/apache/cloudstack/commit/e0420a6fec738d728bc59ba65bc5e12809bde0eb)]|No|-|{color:#d04437}*No*{color}| |GA-4.4.3|-|4.4.3|Apr 15 2015|[e9441d4|https://github.com/apache/cloudstack/commit/e9441d47867104505ef260c1857549f93df96aba)]|No|-|{color:#d04437}*No*{color}| |GA-4.4.4|-|4.4.4|Jun 18 2015|[6f41061|https://github.com/apache/cloudstack/commit/6f41061e1428527c3f826d268377557ce607196b)]|No|-|{color:#d04437}*No*{color}| |GA-4.5.1|-|4.5.1|May 5 2015|[53da82e|https://github.com/apache/cloudstack/commit/53da82e4ac2bc88d98ac6bd9a1bb7131a3a8ebee)]|No|-|{color:#d04437}*No*{color}| |GA-4.9.2.0|-|4.9.2.0|Jan 3 2017|[dfc39c1|https://github.com/apache/cloudstack/commit/dfc39c1f088dc9979a53bd0de4dfd0e5b266bd0f)]|Yes|-|{color:#d04437}*No*{color}| |GA-4.9.3.0|-|4.9.3.0|Aug 28 2017|[d145944|https://github.com/apache/cloudstack/commit/d145944be0d04724802ff132399514bf71c3e7b0)]|Yes|-|{color:#d04437}*No*{color}| |HA-abstractinvestigatorimpl-nullstate|-|4.5.1-SNAPSHOT|May 1 2015|[ece3ff6|https://github.com/apache/cloudstack/commit/ece3ff68f7d03e897af671a16bf12b64213bfcc4)]|No|Closed ([222|https://github.com/apache/cloudstack/pull/222])|Yes| |Health-Check-UI|-|4.2.0-SNAPSHOT|Mar 15 2013|[136e527|https://github.com/apache/cloudstack/commit/136e527c63c12eeb62a12bfae8aea7bfd2e12206)]|Yes|-|Yes| |LDAP-UI|-|4.1.0-SNAPSHOT|Feb 19 2013|[bff3d8a|https://github.com/apache/cloudstack/commit/bff3d8ac9a0566addeb24d4c4c16ceab99b242b6)]|Yes|-|Yes| |Reset-VM|-|4.1.0-SNAPSHOT|Feb 21 2013|[35d8905|https://github.com/apache/cloudstack/commit/35d89050817324876c4411998c81abdac3501563)]|Yes|-|Yes| |SHA512Salted|-|4.2.0-SNAPSHOT|Apr 1 2013|[a18aaed|https://github.com/apache/cloudstack/commit/a18aaed097e977ca65c0fc4a956beb11058ad179)]|No|-|Yes| |UI-dedicatedResources|-|4.2.0-SNAPSHOT|Apr 19 2013|[ff4a487|https://github.com/apache/cloudstack/commit/ff4a4876c767cec15e4248821cc48bb01bf55051)]|Yes|-|Yes| |UI-explicitDedication|-|4.2.0-SNAPSHOT|May 30 2013|[8e7d4cf|https://github.com/apache/cloudstack/commit/8e7d4cf0c5959188245df3037e6028c885c50597)]|No|-|Yes| |add_XS_71_72|-|4.11.0.0-SNAPSHOT|Nov 29 2017|[1421a6e|https://github.com/apache/cloudstack/commit/1421a6e07a76fe3a91cd342c9f43266305f23ff2)]|Yes|-|{color:#f79232}*Maybe*{color}| |add_remove_nics|-|4.1.0-SNAPSHOT|Jan 30 2013|[3dc6e8e|https://github.com/apache/cloudstack/com
[jira] [Resolved] (CLOUDSTACK-10354) Remove branches CS-2163, Commit-Ratio, dedicate*, and bugfix*
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10354?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rafael Weingärtner resolved CLOUDSTACK-10354. - Resolution: Fixed > Remove branches CS-2163, Commit-Ratio, dedicate*, and bugfix* > - > > Key: CLOUDSTACK-10354 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10354 > Project: CloudStack > Issue Type: Sub-task > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Rafael Weingärtner >Assignee: Rafael Weingärtner >Priority: Major > > Following the protocol defined in [1]. We will remove branches "Remove > branches matching the expressions. > {code:java} > CS-2163, Commit-Ratio, dedicate*, and bugfix* > {code} > The branches that will be removed are the following: > * CS-2163 > * Commit-Ratio > * dedicate-guest-vlan-ranges > * dedicate-guest-vlan-ranges_2 > * dedicate_public_ip_range > * dedicate_public_ip_range_2 > * bugfix/CID-1114591 > * bugfix/CID-1114601 > * bugfix/CID-1116300 > * bugfix/CID-1116654 > * bugfix/CID-1116850 > * bugfix/CID-116538 > * bugfix/CID-1192805 > * bugfix/CID-1192810 > * bugfix/CID-1212198 > * bugfix/CID-106 > * bugfix/CID-1230585 > * bugfix/CID-1230587 > * bugfix/CID-1230587-2ndtime > * bugfix/CID-1232333 > * bugfix/CID-1240106 > * bugfix/CID-1241966 > * bugfix/CID-1241967 > * bugfix/CID-1249800 > * bugfix/CID-1249801 > * bugfix/CID-1249803 > * bugfix/CID-1254835 > * bugfix/CS-7580 > * bugfix/CS-7665 > * bugfix/TO-hierarchy-flatening > [1] > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Clean+up+old+and+obsolete+branches+protocol -- This message was sent by Atlassian JIRA (v7.6.3#76005)