Upgrade paths from 4.5.1 exists to both 4.5.2, and 4.6.0. Since 4.5.2 and 4.6.0
are not release, and the bug affects 4.5 branch; this patch aims to port that
fix from master to both 4.5/master branches.
Ported from commit b6a7804
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
CLOUDSTACK-8710: Fixed applying iptables rules for s2s vpn
@remibergsma @wilderrodrigues
Moved applying iptables rules apply after vpn configuration so that vpn specific rules also get applied
* pr/690:
CLOUDSTACK-8710: Fixed applying iptables rules for s2s vpn
This closes#690
Signed-off-by: Remi Bergsma <github@remi.nl>
Logging before:
2015-08-12 16:30:07,126 Searching for 192.168.23.6 and replacing with 192.168.23.6 192.168.23.5: PSK "preSharedKey"
Logging after:
2015-08-12 16:30:07,126 Searching for 192.168.23.6 and replacing with 192.168.23.6 192.168.23.5: PSK "****"
- Adds unit test for ListAndSwitchSAMLAccountCmd
- Checks and logs in user only if they are enabled
- If saml user switches to a locked account, send appropriate error message
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit b30977911d)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
SAML authorized accounts might be across various domains, this allows for
switching of accounts only in case of SAML authenticated user accounts across
other accounts with the same SAML uid/username.
Moves the previous switch account logic to its own ui-custom module
(cherry picked from commit 1065661cd5)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
Conflicts:
plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
ui/index.jsp
When dumping XML use appropriate flags:
1, VIR_DOMAIN_XML_SECURE (dump security sensitive information too)
8, VIR_DOMAIN_XML_MIGRATABLE (dump XML suitable for migration)
Source:
https://libvirt.org/html/libvirt-libvirt-domain.html#virDomainXMLFlags
This fixes CVE 2015-3252: VNC password lost during VM migration across KVM
hosts. The issue is also seen when a VM is rebooted.
(cherry picked from commit cb2aca7516)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
... map returned by the following API calls by filtering these fields from the
details attribute in the HostResponse class:
* listHosts
* addHost
* cancelHostMaintenance
* listHosts
* prepareHostForMaintenance
* reconnectHost
* updateHost
This fix addresses CVE 2015-3251.
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit 3a48171bd8)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
Coverity regressions per 10 aug 2015Not all are in here, the db upgrade code seems to stay the main pitfall.
* pr/681:
coverity 1315775: proper getting of networkLabel
coverity 1315774: improvement of code to negate false positive
Signed-off-by: Daan Hoogland <daan@onecht.net>
Tests will confirm the behaviour of the newly added response fields of listSecurityGroups.
Signed-off-by: Wido den Hollander <wido@widodh.nl>
This closes#679
See issue CLOUDSTACK-8133 for more information.
Added null check by comment of Koushik Das.
Added brackets by comment of Wido den Hollander.
Removed a call to findById() by comment of Koushik Das.
Signed-off-by: Wido den Hollander <wido@widodh.nl>
* pr/674:
getUsedBytes should query the SolidFire cluster to acquire the size of the given volume if there is no volume_details info for that volume (and then create a volume_details row for this volume so we don't have to make that cluster call for this purpose again)
Signed-off-by: Mike Tutkowski
Signed-off-by: Mike Tutkowski <mike.tutkowski@solidfire.com>
- on new functionnality: upload volume/template from Local
- on the zone configuration wizard for the "Next" button
- update French messages properties from transifex
- Improve some French translations ("Téléverser" for "Upload")
Improve cloud-install-sys-tmplt to work in dev environment againThe script that you run to initially setup secondary storage, had some errors. As it now depends on /etc/cloudstack/management/db.properties, it did not work any more on my development environment.
I defined some defaults that work in development environments (those are sane defaults anyway), then check if the /etc/cloudstack/management/db.properties file exists. If so, it reads from there and gets the vars just like before. If not, it keeps the defaults unless of course someone overrides them on the command line.
While working on the script, I also fixed the indentation and found a query that was not yet using the -P mysql port variable.
I tested it both on my development environment as well as in an environment installed from RPM (where you'd have /etc/cloudstack/management/db.properties and that both worked.
PS @snuf please check if it also works again for you.
* pr/678:
clean-ups in the file
this query had no -P port specified so did not work
make sane defaults for MySQL settings
Signed-off-by: Remi Bergsma <github@remi.nl>
In dev environments, there is no /etc/cloudstack/management/db.properties file
That forces you to specify all parameters on the command line. This commit
sets some defaults, like port 3306, user root and localhost.
When available, it will still get settings from the config file and it will
also allow you to override it on the command line. So it is fully backwards
compatible.
Implemented condition that only admin or owner of the template can change its permissions ..... using updateTemplatePermissions API
Consider this scenario :
In a domain, there are three User Accounts UA1, UA2,UA3
A private template is registered by UA1
Through the updateTemplatePermissions API, UA1 gives permission to both UA2 and UA3
Now, UA2, having been shared the template, can remove the permission of UA3(or add permissions to another account).
EXPECTED BEHAVIOR :
UA2 should not be able to to add/remove permissions of other accounts.
* pr/658:
Implemented condition that only admin or owner of the template can change its permissions using updateTemplatePermissions API
Signed-off-by: Remi Bergsma <github@remi.nl>
* pr/547:
CLOUDSTACK-8601. VMFS storage added as local storage can be re-added as shared storage. Fail addition of a VMFS shared storage pool in case it has already been added as local storage in CS.
Signed-off-by: Mike Tutkowski <mike.tutkowski@solidfire.com>
CLOUDSTACK-8704: Schedule restart of router VMs ahead of user VMs as part of HA
VRs are scheduled for HA ahead of user VMs.
Refer to the bug for more details.
* pr/656:
CLOUDSTACK-8704: Schedule restart of router VMs ahead of user VMs as part of HA VRs are scheduled for HA ahead of user VMs
Signed-off-by: Remi Bergsma <github@remi.nl>
Milamber
Rohit Yadav
Remi Bergsma
John Burwell
Radu Stefanache
Daan Hoogland
Rajani Karuturi
Boris Schrijver
shweta agarwal
Jayapal
Priti Sarap
pavan018
Mike Tutkowski
Daan Hoogland
sanjeev
Maneesha.P
Anshul Gangwar
Koushik Das