Support access to a host’s out-of-band management interface (e.g. IPMI, iLO,
DRAC, etc.) to manage host power operations (on/off etc.) and querying current
power state in CloudStack.
Given the wide range of out-of-band management interfaces such as iLO and iDRA,
the service implementation allows for development of separate drivers as plugins.
This feature comes with a ipmitool based driver that uses the
ipmitool (http://linux.die.net/man/1/ipmitool) to communicate with any
out-of-band management interface that support IPMI 2.0.
This feature allows following common use-cases:
- Restarting stalled/failed hosts
- Powering off under-utilised hosts
- Powering on hosts for provisioning or to increase capacity
- Allowing system administrators to see the current power state of the host
For testing this feature `ipmisim` can be used:
https://pypi.python.org/pypi/ipmisim
FS:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Out-of-band+Management+for+CloudStack
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
- Makes role permissions orderable in UI/backend
- Role permissions evaluated by fixed order
- Rules draggable in UI
- Migration script adds a default order
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
This feature allows root administrators to define new roles and associate API
permissions to them.
A limited form of role-based access control for the CloudStack management server
API is provided through a properties file, commands.properties, embedded in the
WAR distribution. Therefore, customizing API permissions requires unpacking the
distribution and modifying this file consistently on all servers. The old system
also does not permit the specification of additional roles.
FS:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dynamic+Role+Based+API+Access+Checker+for+CloudStack
DB-Backed Dynamic Role Based API Access Checker for CloudStack brings following
changes, features and use-cases:
- Moves the API access definitions from commands.properties to the mgmt server DB
- Allows defining custom roles (such as a read-only ROOT admin) beyond the
current set of four (4) roles
- All roles will resolve to one of the four known roles types (Admin, Resource
Admin, Domain Admin and User) which maintains this association by requiring
all new defined roles to specify a role type.
- Allows changes to roles and API permissions per role at runtime including additions or
removal of roles and/or modifications of permissions, without the need
of restarting management server(s)
Upgrade/installation notes:
- The feature will be enabled by default for new installations, existing
deployments will continue to use the older static role based api access checker
with an option to enable this feature
- During fresh installation or upgrade, the upgrade paths will add four default
roles based on the four default role types
- For ease of migration, at the time of upgrade commands.properties will be used
to add existing set of permissions to the default roles. cloud.account
will have a new role_id column which will be populated based on default roles
as well
Dynamic-roles migration tool: scripts/util/migrate-dynamicroles.py
- Allows admins to migrate to the dynamic role based checker at a future date
- Performs a harder one-way migrate and update
- Migrates rules from existing commands.properties file into db and deprecates it
- Enables an internal hidden switch to enable dynamic role based checker feature
Deprecate commands.properties
- Fixes apidocs and marvin to be independent of commands.properties usage
- Removes bundling of commands.properties in deb/rpm packaging
- Removes file references across codebase
Reviewed-by: John Burwell <john.burwell@shapeblue.com>
QA-by: Boris Stoyanov <boris.stoyanov@shapeblue.com>
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
Refactored code to use test_data instead of hardcoded NetScaler credentials
Refactored code to remove large scale duplication
Fixed some minor logic error in the existing tests
This patch has not added or removed any of the original test-cases.
Signed-off-by: SrikanteswaraRao Talluri <talluri@apache.org>
This reverts commit e921ec6ec7.
CLOUDSTACK-7408: sshClient.py - removing function load_host_keys(). This function is used to load host keys from local host keys file and to save back the host key. It is not needed while running test cases because we are connecting to unknown host anyway and don't want to use any local host key file. We have the AutoAddPolicy for missing host key file, hence whenever ssh connects to a new host, it will save the host key in memory temporarily.
Signed-off-by: SrikanteswaraRao Talluri <talluri@apache.org>
Test data to deploy new data center and execute test using the deployed zone
Signed-off-by: sanjeev <sanjeev@apache.org>
Incorporated review comments provided in RR 25097
Fixed review comments mentioned in RR25293
Conflicts:
tools/marvin/marvin/config/test_data.py
(cherry picked from commit 9e5da759b3)
CLOUDSTACK-4840 changed test_data.py to make the lbrule publicport be 22,
instead of 2222. In doing so, this caused the following tests to fail, as they
hit a problem where they tried to use port 22 for both the lbrule and for other
purposes:
integration.smoke.test_network.TestDeleteAccount.test_delete_account
integration.smoke.test_network.TestReleaseIP.test_releaseIP
The reason the change appears to have been made was that in
test_lb_secondary_ip.py, despite setting up the load balancer using lbrule, the
tests then used the SSH port from natrule to try and access the VM. By changing
lbrule to use port 22 (the same as natrule) this avoided the problem.
This patch updates test_lb_secondary_ip.py to use the SSH port in lbrule where
necessary to access the VMs, and reverts the change to test_data.py
John Burwell
Rohit Yadav
Abhinandan Prateek
Abhinandan Prateek
SrikanteswaraRao Talluri
Gaurav Aradhye
Chandan Purushothama
Doug Clark
Prashant Kumar Mishra
sailajamada
sanjeev
Ashutosh K
Sangeetha Hariharan
Santhosh Edukulla
Alex Brett