The code that would propage userdata to router, when updateVirtualMachine api
is called, was missing. As per the docs [0], userdata should be a base64 encoded
string upto 2KB which is put on domr's html directory adn using HTTP GET the
userdata information can be obtained from the domr.
The updateVirtualMachine api [0] would accept a base64 encoded string
and decoded and put into the domr's /var/www/html/userdata/<uservm ip>/user-data
file. The operation does not require the VM to be in stopped state, though it is
advised to stop and call this api in case the user vm has a script which gets
the userdata information from domr while starting.
For example, this script can be used to fetch the data:
server_ip=$(grep dhcp-server-identifier /var/lib/dhclient-eth0.leases | tail -1 | awk '{print $NF}' | tr '\;' ' ')
wget http://${server_ip}/latest/user-data
This feature can be useful, for example to use into puppet facts [1], or to do
automation and horizontal scaling etc. based on userdata.
[0] http://incubator.apache.org/cloudstack/docs/api/apidocs-4.0.0/domain_admin/updateVirtualMachine.html
[1] http://geek.jasonhancock.com/2011/11/09/cloudstack-userdata-into-puppet-facts/
BUG-ID : CLOUDSTACK-424
Reviewed-by: Rohit Yadav <bhaisaab@apache.org>
Reported-by: Nick Wales
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
within cloud.server.ConfigurationServerImpl.generateDefaultKeystore
Description:
The reason which failed in generation of the certificate is not displayed now.
At that time, IOException which does not include the reason is raised.
In order to solve the problem quickly, the reason should be included in the message.
(Now)
WARN [cloud.server.ConfigurationServerImpl] (main:) Would use fail-safe keystore to continue.
java.io.IOException: Fail to generate certificate!
at com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(ConfigurationServerImpl.java:490)
(Fix)
WARN [cloud.server.ConfigurationServerImpl] (main:) Would use fail-safe keystore to continue.
java.io.IOException: Fail to generate certificate!: sudo: sorry, you must have a tty to run sudo
at com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(ConfigurationServerImpl.java:490)
Testing Completed:
mvn clean install
mvn -pl :cloud-client-ui jetty:run
And generation of the certificate was made to fail, checked it.
Signed-off-by: Chip Childers <chip.childers@gmail.com>
* send StartupAnswer right after StartupCommand is recieved
* if post processor going wrong, send out readycommand with error message to agent, then agent will exit
Any forked process that runs from maven surefire plugin gets it own separate
heap which may cause build issues. Patch fixes the issue by explicity args to
the surefire plugin for cloud-server.
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
* attache is not forForward()
* and the Disconnect came through cluster notification event
The fix will prevent delayed AgentDisconnect cluster notification processing.
The authenticators now have an encode function that cloudstack will use to encode the user supplied password before storing it in the database. This makes it easier to add other authenticators with other hashing algorithms. The requires a two step approach to creating the admin account at first start as the authenticators are only present in the management-server component locator.
The SHA256 salted authenticator make use of this new system and adds a hashing algorithm based on SHA256 with a salt. This type of hash is far less susceptible to rainbow table attacks.
To make use of these new features the users password will be sent over the wire just as he typed it and it will be transformed into a hash on the server and compared with the stored password. This means that the hash will not go over the wire anymore.
The default authenticator in components.xml is still set to md5 for backwards compatibility. For new installations the sha256 could be enabled.
If cleanup=true, network elements and resources are shutdown and
reimplemented. Else, shutdown/reimplementation is skipped. Enabled
cleanup checkbox in CS UI.
For both cases, VRs are only deployed for Pods with no running
or starting VRs and Pods having running or starting user vms.
New DAO helpers introduced:
HostPodDao: listByDataCenterIdVMTypeAndStates
DomainRouterDao: listByPodId and listByPodIdAndStates
VMInstanceDao: listByPodId and corrected definition of listByTypeAndState
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
Deepak Garg
Vijay Venkatachalam
Pranav Saxena
Rohit Yadav
Alena Prokharchyk
Laszlo Hornyak
Satoshi Kobayashi
Dave Cahill
Edison Xu
Joe Brockmeier
Hugo Trippaers
Edison Su
Jessica Wang
Min Chen
Edison Su