From 6dd2ce86b53e82b83112d085c52cb2590a4eeac0 Mon Sep 17 00:00:00 2001 From: Wei Zhou Date: Tue, 25 Jul 2023 09:32:58 +0800 Subject: [PATCH 1/4] UI: add step to create bearer token for kubernetes dashboard (#7764) Since Kubernetes v1.24.0, there is no auto-generation of secret-based service account token due to security reason. see https://github.com/kubernetes/kubernetes/pull/108309 To access kubernetes dashboard, users need to create a service account and an optional long-lived Bearer Token for the service account. --- ui/public/locales/en.json | 2 ++ ui/src/views/compute/KubernetesServiceTab.vue | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/ui/public/locales/en.json b/ui/public/locales/en.json index 287622c76e7..64144c55bb6 100644 --- a/ui/public/locales/en.json +++ b/ui/public/locales/en.json @@ -1093,6 +1093,8 @@ "label.kubernetes.cluster.stop": "Stop Kubernetes cluster", "label.kubernetes.cluster.upgrade": "Upgrade Kubernetes cluster", "label.kubernetes.dashboard": "Kubernetes dashboard UI", +"label.kubernetes.dashboard.create.token": "Create token for Kubernetes dashboard", +"label.kubernetes.dashboard.create.token.desc": "Since Kubernetes v1.24.0, there is no auto-generation of secret-based service account token due to security reason. You need to create a service account and an optional long-lived Bearer Token for the service account.", "label.kubernetes.isos": "Kubernetes ISOs", "label.kubernetes.service": "Kubernetes service", "label.kubernetes.version.add": "Add Kubernetes version", diff --git a/ui/src/views/compute/KubernetesServiceTab.vue b/ui/src/views/compute/KubernetesServiceTab.vue index f9021610fdc..96a99586db9 100644 --- a/ui/src/views/compute/KubernetesServiceTab.vue +++ b/ui/src/views/compute/KubernetesServiceTab.vue @@ -79,6 +79,11 @@ http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

+ +

+

+ +

{{ $t('label.token.for.dashboard.login') }}

From bde80f14aac1a9bf741c7de3f54ee053175c94e5 Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Tue, 25 Jul 2023 08:13:33 +0530 Subject: [PATCH 2/4] Fix NPE in management server logs due to /proc/cpuinfo output (#7765) Signed-off-by: Rohit Yadav --- .../main/java/com/cloud/server/StatsCollector.java | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/server/src/main/java/com/cloud/server/StatsCollector.java b/server/src/main/java/com/cloud/server/StatsCollector.java index 5197ccc3a3c..91410198e2f 100644 --- a/server/src/main/java/com/cloud/server/StatsCollector.java +++ b/server/src/main/java/com/cloud/server/StatsCollector.java @@ -974,8 +974,16 @@ public class StatsCollector extends ManagerBase implements ComponentMethodInterc private double getSystemCpuCyclesTotal() { String cpucaps = Script.runSimpleBashScript("cat /proc/cpuinfo | grep \"cpu MHz\" | grep \"cpu MHz\" | cut -f 2 -d : | tr -d ' '| tr '\\n' \" \""); double totalcpucap = 0; - for (String cpucap : cpucaps.split(" ")) { - totalcpucap += Double.parseDouble(cpucap); + if (StringUtils.isEmpty(cpucaps)) { + String totalCpus = Script.runSimpleBashScript("nproc --all| tr '\\n' \" \""); + String maxCpuSpeed = Script.runSimpleBashScript("lscpu | egrep 'CPU max MHz' | head -1 | cut -f 2 -d : | tr -d ' '| tr '\\n' \" \""); + if (StringUtils.isNotEmpty(totalCpus) && StringUtils.isNotEmpty(maxCpuSpeed)) { + totalcpucap = Double.parseDouble(totalCpus) * Double.parseDouble(maxCpuSpeed); + } + } else { + for (String cpucap : cpucaps.split(" ")) { + totalcpucap += Double.parseDouble(cpucap); + } } return totalcpucap; } From 4000fd09f1707f1e5518b1c85ceb975d4d04622c Mon Sep 17 00:00:00 2001 From: Wei Zhou Date: Tue, 25 Jul 2023 16:01:53 +0800 Subject: [PATCH 3/4] UI: fix userdataid or userdata content is passed when userdata append/override is unchecked (#7758) --- ui/src/views/compute/DeployVM.vue | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/ui/src/views/compute/DeployVM.vue b/ui/src/views/compute/DeployVM.vue index de74ab8f268..c6376969646 100644 --- a/ui/src/views/compute/DeployVM.vue +++ b/ui/src/views/compute/DeployVM.vue @@ -1969,7 +1969,8 @@ export default { deployVmData.dynamicscalingenabled = values.dynamicscalingenabled deployVmData.iothreadsenabled = values.iothreadsenabled deployVmData.iodriverpolicy = values.iodriverpolicy - if (values.userdata && values.userdata.length > 0) { + const isUserdataAllowed = !this.userdataDefaultOverridePolicy || (this.userdataDefaultOverridePolicy === 'ALLOWOVERRIDE' && this.doUserdataOverride) || (this.userdataDefaultOverridePolicy === 'APPEND' && this.doUserdataAppend) + if (isUserdataAllowed && values.userdata && values.userdata.length > 0) { deployVmData.userdata = this.$toBase64AndURIEncoded(values.userdata) } // step 2: select template/iso @@ -2092,7 +2093,9 @@ export default { } // step 7: select ssh key pair deployVmData.keypairs = this.sshKeyPairs.join(',') - deployVmData.userdataid = values.userdataid + if (isUserdataAllowed) { + deployVmData.userdataid = values.userdataid + } if (values.name) { deployVmData.name = values.name @@ -2128,7 +2131,7 @@ export default { idx++ } } - if (this.userDataValues) { + if (isUserdataAllowed && this.userDataValues) { for (const [key, value] of Object.entries(this.userDataValues)) { deployVmData['userdatadetails[' + idx + '].' + `${key}`] = value idx++ From f9b7bcfd1029fed89ca30158a44695c4c26e81d7 Mon Sep 17 00:00:00 2001 From: dahn Date: Tue, 25 Jul 2023 10:55:44 +0200 Subject: [PATCH 4/4] add remove tag to remove acl item method (#7750) --- .../network/vpc/NetworkACLManagerImpl.java | 13 +++-- .../vpc/NetworkACLManagerTest.java | 52 +++++++++++-------- 2 files changed, 38 insertions(+), 27 deletions(-) rename server/src/test/java/com/cloud/{ => network}/vpc/NetworkACLManagerTest.java (92%) diff --git a/server/src/main/java/com/cloud/network/vpc/NetworkACLManagerImpl.java b/server/src/main/java/com/cloud/network/vpc/NetworkACLManagerImpl.java index fa9385a774e..d95cf9ac7af 100644 --- a/server/src/main/java/com/cloud/network/vpc/NetworkACLManagerImpl.java +++ b/server/src/main/java/com/cloud/network/vpc/NetworkACLManagerImpl.java @@ -41,6 +41,8 @@ import com.cloud.network.vpc.NetworkACLItem.State; import com.cloud.network.vpc.dao.NetworkACLDao; import com.cloud.network.vpc.dao.VpcGatewayDao; import com.cloud.offering.NetworkOffering; +import com.cloud.server.ResourceTag; +import com.cloud.tags.dao.ResourceTagDao; import com.cloud.utils.component.ManagerBase; import com.cloud.utils.db.DB; import com.cloud.utils.db.EntityManager; @@ -73,6 +75,8 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana private VpcService _vpcSvc; @Inject private MessageBus _messageBus; + @Inject + private ResourceTagDao resourceTagDao; private List _networkAclElements; @@ -275,7 +279,7 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana if (s_logger.isDebugEnabled()) { s_logger.debug("Found a rule that is still in stage state so just removing it: " + rule); } - _networkACLItemDao.remove(rule.getId()); + removeRule(rule); } else if (rule.getState() == State.Add || rule.getState() == State.Active) { rule.setState(State.Revoke); _networkACLItemDao.update(rule.getId(), rule); @@ -353,8 +357,9 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana return rules; } - private void removeRule(final NetworkACLItem rule) { - _networkACLItemDao.remove(rule.getId()); + boolean removeRule(final NetworkACLItem rule) { + boolean rc = resourceTagDao.removeByIdAndType(rule.getId(), ResourceTag.ResourceObjectType.NetworkACL); + return rc && _networkACLItemDao.remove(rule.getId()); } @Override @@ -390,7 +395,7 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana /** * Updates and applies the network ACL rule ({@link NetworkACLItemVO}). - * We will first try to update the ACL rule in the database using {@link NetworkACLItemDao#update(Long, NetworkACLItemVO)}. If it does not work, a {@link CloudRuntimeException} is thrown. + * We will first try to update the ACL rule in the database using {@link NetworkACLItemDao#updateNumberFieldNetworkItem(long, int)}. If it does not work, a {@link CloudRuntimeException} is thrown. * If we manage to update the ACL rule in the database, we proceed to apply it using {@link #applyNetworkACL(long)}. If this does not work we throw a {@link CloudRuntimeException}. * If all is working we return the {@link NetworkACLItemVO} given as parameter. We wil set the state of the rule to {@link com.cloud.network.vpc.NetworkACLItem.State#Add}. */ diff --git a/server/src/test/java/com/cloud/vpc/NetworkACLManagerTest.java b/server/src/test/java/com/cloud/network/vpc/NetworkACLManagerTest.java similarity index 92% rename from server/src/test/java/com/cloud/vpc/NetworkACLManagerTest.java rename to server/src/test/java/com/cloud/network/vpc/NetworkACLManagerTest.java index 411f73aaf69..4dc75b432de 100644 --- a/server/src/test/java/com/cloud/vpc/NetworkACLManagerTest.java +++ b/server/src/test/java/com/cloud/network/vpc/NetworkACLManagerTest.java @@ -13,7 +13,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -package com.cloud.vpc; +package com.cloud.network.vpc; import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.anyList; @@ -30,6 +30,7 @@ import java.util.UUID; import javax.inject.Inject; +import com.cloud.server.ResourceTag; import org.apache.cloudstack.context.CallContext; import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService; import org.apache.cloudstack.framework.messagebus.MessageBus; @@ -58,18 +59,7 @@ import com.cloud.network.dao.NetworkDao; import com.cloud.network.dao.NetworkServiceMapDao; import com.cloud.network.dao.NetworkVO; import com.cloud.network.element.NetworkACLServiceProvider; -import com.cloud.network.vpc.NetworkACLItem; import com.cloud.network.vpc.NetworkACLItem.State; -import com.cloud.network.vpc.NetworkACLItemDao; -import com.cloud.network.vpc.NetworkACLItemVO; -import com.cloud.network.vpc.NetworkACLManager; -import com.cloud.network.vpc.NetworkACLManagerImpl; -import com.cloud.network.vpc.NetworkACLVO; -import com.cloud.network.vpc.PrivateGateway; -import com.cloud.network.vpc.VpcGateway; -import com.cloud.network.vpc.VpcGatewayVO; -import com.cloud.network.vpc.VpcManager; -import com.cloud.network.vpc.VpcService; import com.cloud.network.vpc.dao.NetworkACLDao; import com.cloud.network.vpc.dao.VpcGatewayDao; import com.cloud.offerings.dao.NetworkOfferingDao; @@ -88,7 +78,7 @@ import junit.framework.TestCase; @ContextConfiguration(loader = AnnotationConfigContextLoader.class) public class NetworkACLManagerTest extends TestCase { @Inject - NetworkACLManager _aclMgr; + NetworkACLManagerImpl _aclMgr; @Inject AccountManager _accountMgr; @@ -103,10 +93,6 @@ public class NetworkACLManagerTest extends TestCase { @Inject NetworkOfferingDao networkOfferingDao; @Inject - ConfigurationManager _configMgr; - @Inject - EntityManager _entityMgr; - @Inject NetworkModel _networkModel; @Inject List _networkAclElements; @@ -114,6 +100,8 @@ public class NetworkACLManagerTest extends TestCase { VpcService _vpcSvc; @Inject VpcGatewayDao _vpcGatewayDao; + @Inject + private ResourceTagDao resourceTagDao; private NetworkACLVO acl; private NetworkACLItemVO aclItem; @@ -154,9 +142,17 @@ public class NetworkACLManagerTest extends TestCase { } @Test - public void testApplyNetworkACL() throws Exception { + public void testApplyNetworkACLsOnGatewayAndInGeneral() throws Exception { driveTestApplyNetworkACL(true, true, true); + } + + @Test + public void testApplyNetworkACLsOnGatewayOnly() throws Exception { driveTestApplyNetworkACL(false, false, true); + } + + @Test + public void testApplyNetworkACLsButNotOnGateway() throws Exception { driveTestApplyNetworkACL(false, true, false); } @@ -168,11 +164,12 @@ public class NetworkACLManagerTest extends TestCase { // Prepare // Reset mocked objects to reuse Mockito.reset(_networkACLItemDao); + Mockito.reset(_networkDao); // Make sure it is handled final long aclId = 1L; final NetworkVO network = Mockito.mock(NetworkVO.class); - final List networks = new ArrayList(); + final List networks = new ArrayList<>(); networks.add(network); NetworkServiceMapDao ntwkSrvcDao = mock(NetworkServiceMapDao.class); @@ -194,7 +191,7 @@ public class NetworkACLManagerTest extends TestCase { // Create 4 rules to test all 4 scenarios: only revoke should // be deleted, only add should update - final List rules = new ArrayList(); + final List rules = new ArrayList<>(); final NetworkACLItemVO ruleActive = Mockito.mock(NetworkACLItemVO.class); final NetworkACLItemVO ruleStaged = Mockito.mock(NetworkACLItemVO.class); final NetworkACLItemVO rule2Revoke = Mockito.mock(NetworkACLItemVO.class); @@ -224,7 +221,6 @@ public class NetworkACLManagerTest extends TestCase { // Assert if conditions met, network ACL was applied final int timesProcessingDone = applyNetworkACLs && applyACLToPrivateGw ? 1 : 0; - Mockito.verify(_networkACLItemDao, Mockito.times(timesProcessingDone)).remove(revokeId); Mockito.verify(rule2Add, Mockito.times(timesProcessingDone)).setState(NetworkACLItem.State.Active); Mockito.verify(_networkACLItemDao, Mockito.times(timesProcessingDone)).update(addId, rule2Add); } @@ -235,9 +231,20 @@ public class NetworkACLManagerTest extends TestCase { assertTrue(_aclMgr.revokeNetworkACLItem(1L)); } + @Test + public void testRemoveRule() { + NetworkACLItem aclItem = Mockito.mock(NetworkACLItemVO.class); + when(aclItem.getId()).thenReturn(1l); + Mockito.when(resourceTagDao.removeByIdAndType(1l, ResourceTag.ResourceObjectType.NetworkACL)).thenReturn(true); + Mockito.when(_networkACLItemDao.remove(1l)).thenReturn(true); + assertTrue(_aclMgr.removeRule(aclItem)); + + } + @Test public void deleteNonEmptyACL() throws Exception { - final List aclItems = new ArrayList(); + Mockito.reset(_networkDao); + final List aclItems = new ArrayList<>(); aclItems.add(aclItem); Mockito.when(_networkACLItemDao.listByACL(anyLong())).thenReturn(aclItems); Mockito.when(acl.getId()).thenReturn(3l); @@ -342,5 +349,4 @@ public class NetworkACLManagerTest extends TestCase { } } } - }