Now VPN connection can be created as "passive", which would enable the ability
of remote peer initiate the connection. So it's possible for VPC VR to
establish the connection to another VPC VR of CloudStack.
Test case also included.
The test case would create 2 vpcs and using VPN to connect them.
1) vxlan will use bridge scheme 'brvx-<vni>'. Multiple physical networks can host guest
traffic type with vxlan isolation, so long as they don't use the same VNI range.
2) Guest traffic labels can be physical interface if bridge by given name is not found.
Normally we take traffic label name, find the matching bridge, then resolve that to a
physical interface. Then we create guest bridges on that interface. Now we can just
specify the interface.
TODO:
1. error handling of no domains present, nested hierarchy
2. handling the case when the api call fails for a specific user/users
3. test cases for LdapUserManager
Signed-off-by: Ian Duffy <ian@ianduffy.ie>
In case of VMware, once the state of the old root volume has been updated to destroyed force expunge it from primary storage to avoid the garbage collector from trying to delete the new root volume
1) added createDetail to ResourceDetailDao interface to provide generic way of creating resourceDetail DB objects
2) added resource details support for firewall rules
The following types were not setup to discover extensions
com.cloud.network.element.FirewallServiceProvider
com.cloud.network.element.PortForwardingServiceProvider
com.cloud.network.element.StaticNatServiceProvider
com.cloud.network.element.NetworkACLServiceProvider
com.cloud.network.element.LoadBalancingServiceProvider
com.cloud.network.element.Site2SiteVpnServiceProvider
1) Added support for Zone resource details
2) Renamed DcDetailsDao to DataCenterDetailsDao to follow the CS name convention for DataCenter related classes
This is not perfect fix but should address 99% of the issues. The only
time an issue could happen is if something in the bootstrap or system
context tried to lock a row. Which shouldn't happen at the moment. If
we find that to be an issue, the LockMasterListener could move to system
context and be inject here.
* changed name for TaggedResourceType enum to ResourceObjectType as this enum is used both by ResourceMetaData and ResourceTags code
* enhanced the enum with extra fields resourceTagsSupport (boolean) and metadataSupport identifying if the resource supports tags and/or metadata.
* cleanup unused @Inject objects from the ResourceMetaDataManager
Detail: Previously the cloud user has full password-less sudo access.
This commit changes that to only allow access to a specific list of
commands. Been tested in production on ACS 4.0 and 4.2 mangement servers.
BUG-ID: CLOUDSTACK-967
Bugfix-for:
Reviewed-by:
Reported-by:
Signed-off-by: John Kinsella <jlk@stratosec.co> 1382560936 -0700
Alena Prokharchyk
Min Chen
Edison Su
Rajani Karuturi
Mike Tutkowski
Wei Zhou
Sheng Yang
Darren Shepherd
Will Stevens
ynojima
Marcus Sorensen
Likitha Shetty
Laszlo Hornyak
Anthony Xu
John Kinsella