This feature allows root administrators to define new roles and associate API
permissions to them.
A limited form of role-based access control for the CloudStack management server
API is provided through a properties file, commands.properties, embedded in the
WAR distribution. Therefore, customizing API permissions requires unpacking the
distribution and modifying this file consistently on all servers. The old system
also does not permit the specification of additional roles.
FS:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dynamic+Role+Based+API+Access+Checker+for+CloudStack
DB-Backed Dynamic Role Based API Access Checker for CloudStack brings following
changes, features and use-cases:
- Moves the API access definitions from commands.properties to the mgmt server DB
- Allows defining custom roles (such as a read-only ROOT admin) beyond the
current set of four (4) roles
- All roles will resolve to one of the four known roles types (Admin, Resource
Admin, Domain Admin and User) which maintains this association by requiring
all new defined roles to specify a role type.
- Allows changes to roles and API permissions per role at runtime including additions or
removal of roles and/or modifications of permissions, without the need
of restarting management server(s)
Upgrade/installation notes:
- The feature will be enabled by default for new installations, existing
deployments will continue to use the older static role based api access checker
with an option to enable this feature
- During fresh installation or upgrade, the upgrade paths will add four default
roles based on the four default role types
- For ease of migration, at the time of upgrade commands.properties will be used
to add existing set of permissions to the default roles. cloud.account
will have a new role_id column which will be populated based on default roles
as well
Dynamic-roles migration tool: scripts/util/migrate-dynamicroles.py
- Allows admins to migrate to the dynamic role based checker at a future date
- Performs a harder one-way migrate and update
- Migrates rules from existing commands.properties file into db and deprecates it
- Enables an internal hidden switch to enable dynamic role based checker feature
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
Quota service while allowing for scalability will make sure that the cloud is
not exploited by attacks, careless use and program errors. To address this
problem, we propose to employ a quota-enforcement service that allows resource
usage within certain bounds as defined by policies and available quotas for
various entities. Quota service extends the functionality of usage server to
provide a measurement for the resources used by the accounts and domains using a
common unit referred to as cloud currency in this document. It can be configured
to ensure that your usage won’t exceed the budget allocated to accounts/domain
in cloud currency. It will let user know how much of the cloud resources he is
using. It will help the cloud admins, if they want, to ensure that a user does
not go beyond his allocated quota. Per usage cycle if a account is found to be
exceeding its quota then it is locked. Locking an account means that it will not
be able to initiat e a new resource allocation request, whether it is more
storage or an additional ip. Needless to say quota service as well as any action
on the account is configurable.
Changes from Github code review:
- Added marvin test for quota plugin API
- removed unused commented code
- debug messages in debug enabled check
- checks for nulls, fixed access to member variables and feature
- changes based on PR comments
- unit tests for UsageTypes
- unit tests for all Cmd classes
- unit tests for all service and manager impls
- try-catch-finally or try-with-resource in dao impls for failsafe db switching
- remove dead code
- add missing quota calculation case (regression fixed)
- replace tabs with spaces in pom.xmls
- quota: though default value for quota_calculated is 0, the usage server
makes it null while entering usage entries. Flipping the condition so
as to acocunt for that.
- quotatypes: fix NPE in quota type
- quota framework test fixes
- made statement period configurable
- changed default email templates to reflect the fact that exhausted quota may not result in a locked account
- added quotaUpdateCmd that refreshes quota balances and sends alerts and statements
- report quotaSummary command returns quota balance, quota usage and state for all account
- made UI framework changes to allow for text area input in edit views
- process usage entries that have greater than 0 usage
- orocess quota entries only if tariff is non zero
- if there are credit entries but no balance entry create a dummy balance entry
- remove any credit entries that are before the last balance entry
when displaying balance statement
- on a rerun the last balance is now getting added
FS: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Quota+Service+-+FS
PR: https://github.com/apache/cloudstack/pull/768
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
1. provide compatibility with the Big Cloud Fabric (BCF) controller
L2 Connectivity Service in both VPC and non-VPC modes
2. virtual network terminology updates: VNS --> BCF_SEGMENT
3. uses HTTPS with trust-always certificate handling
4. topology sync support with BCF controller
5. support multiple (two) BCF controllers with HA
6. support VM migration
7. support Firewall, Static NAT, and Source NAT with NAT enabled option
8. add VifDriver for Indigo Virtual Switch (IVS)
This closes#151
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
This is a plugin that puts in ovm3 support ranging from 3.3.1 to 3.3.2. Basic
functionality is in here, advanced networking etc..
Snapshots only work when a VM is stopped now due to the semantics of OVM's raw
image implementation (so snapshots should work on a storage level underneath the
hypervisor shrug)
This closes#113
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
This commit produces event bus messages to a "cloudstack" topic
in Apache Kafka. Configuration is expected to be found in
/etc/cloudstack/management/kafka.producer.properties and will
generally be of the form:
bootstrap.servers=kafka-host1:9092,kafka-host2:9092
key.serializer=org.apache.kafka.common.serialization.StringSerializer
value.serializer=org.apache.kafka.common.serialization.StringSerializer
There is no way to parameterize the topic yet, and the consuming
code is just place-holder. I think adding a consumer within cloudstack
is very debatable and likely not needed.
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
This is a feature to handle DNS entries by means of an external DNS Provider,
such as Bind. These entries include DNS domains and reverse domains, VM records
and reverse records.
For a complete description, please refer to the design document available at
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Bind+and+PowerDNS+integration+by+Globo+DNSAPI
For the discussion about this feature on the dev mailing list, please refer to
http://markmail.org/thread/fvwf36hpxotiibka
Summary:
- new Network Service Provider called GloboDNS
- new Network Element to manage network domains and VM records (entries) on an external API
- new Network Resource to communicate with GloboDNS (open source)
- new API command to add DNS server
- new global option to determine if this provider should override VM entries on external DNS server
- changes in UI to include GloboDNS in Providers list
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
This a NexentaStor iSCSI volume driver.
Now implemented only following functions:
* create volume
* delete volume
Currently delete volume still in progress.
Signed-off-by: Edison Su <sudison@gmail.com>
this checkin adds support for plug-in that provides an in memory event
bus which could be used as alternative to RabbitMQ based event bus. Both
publisher are subscriber should be running with management server to use
in-memroy event bus.
Adding the missing file
During HA and maintenance call different planners (if the original planners are not able to find capacity) which skip some heurestics
This patch adds a network plugin to support Palo Alto Networks firewall (their appliance and their VM series firewall).
More information in the FS: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Palo+Alto+Firewall+Integration
Features supported are:
- List/Add/Delete Palo Alto service provider
- List/Add/Delete Palo Alto network service offering
- List/Add/Delete Palo Alto network with above service offering
- Add instance to the new network (creates the public IP and private gateway/cidr on the PA as well as the source nat rule)
- List/Add/Delete Ingress Firewall rule
- List/Add/Delete Egress Firewall rule
- List/Add/Delete Port Forwarding rule
- List/Add/Delete Static Nat rule
- Supports Palo Alto Networks 'Log Forwarding' profile globally per device (additional docs to come)
- Supports Palo Alto Networks 'Security Profile Groups' functionality globally per device (additional docs to come)
Knowns limitations:
- Only supports one public IP range in CloudStack.
- Currently not verifying SSL certificates when creating a connection between CloudStack and the Palo Alto Networks firewall.
- Currently not tracking usage on Public IPs.
Signed-off-by: Sheng Yang <sheng.yang@citrix.com>
architecture allows additional functionality to be easily added. Incorporating the plugin in CloudStack will allow
the community to participate in improving the features available with Hyper-V. The plugin uses a Director Connect
Agent architecture described here: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Progress
Add ability to pass kvp data via the key cloudstack-vm-userdata
Rearrange code to make it clearer what .NET objects are being used.
Test failures are easier to deal with if test key is not deleted.
Acquire management/pod ip for control ip when VR deploys in HyperV
Fixed deletion on VM's on hyperv host when mgmt server gets restarted due to HA
Implementation for attach iso command. Attaches an iso to a given vm.
Initial patch for VXLAN support.
Fully functional, hopefully, for GuestNetwork - AdvancedZone.
Patch Note:
in cloudstack-server
- Add isolation method VXLAN
- Add VxlanGuestNetworkGuru as plugin for VXLAN isolation
- Modify NetworkServiceImpl to handle extended vNet range for VXLAN isolation
- Add VXLAN isolation option in zoneWizard UI
in cloudstack-agent (kvm)
- Add modifyvxlan.sh script that handle bridge/vxlan interface manipulation script
-- Usage is exactly same to modifyvlan.sh
- BridgeVifDriver will call modifyvxlan.sh instead of modifyvlan.sh when VXLAN is used for isolation
Database changes:
- No change in database structure.
- VXLAN isolation uses same tables that VLAN uses to store vNet allocation status.
Known Issue and/or TODO:
- Some resource still says 'VLAN' in log even if VXLAN is used
- in UI, "Network - GuestNetworks" dosen't display VNI
-- VLAN ID field displays "N/A"
- Documentation!
Signed-off-by : Toshiaki Hatano <haeena@haeena.net>
Initial patch for VXLAN support.
Fully functional, hopefully, for GuestNetwork - AdvancedZone.
Patch Note:
in cloudstack-server
- Add isolation method VXLAN
- Add VxlanGuestNetworkGuru as plugin for VXLAN isolation
- Modify NetworkServiceImpl to handle extended vNet range for VXLAN isolation
- Add VXLAN isolation option in zoneWizard UI
in cloudstack-agent (kvm)
- Add modifyvxlan.sh script that handle bridge/vxlan interface manipulation script
-- Usage is exactly same to modifyvlan.sh
- BridgeVifDriver will call modifyvxlan.sh instead of modifyvlan.sh when VXLAN is used for isolation
Database changes:
- No change in database structure.
- VXLAN isolation uses same tables that VLAN uses to store vNet allocation status.
Known Issue:
- Some resource still says 'VLAN' in log even if VXLAN is used
- in UI, "Network - GuestNetworks" dosen't display VNI
-- VLAN ID field displays "N/A"
Stratosphere SSP is an SDN solution which creates virtual L2
networks backed by vxlan and vlan. SSP will ask hypervisor to set a
specific vlan, then SSP will interact with openflow switches and
put vxlan/vlan translation flow rules.
This plugin provides SSP as "connctivity" service provider.
Signed-off-by: Hiroaki KAWAI <kawai@stratosphere.co.jp>
This feature allows a user to deploy VMs only in the resources dedicated to his account or domain.
1. Resources(Zones, Pods, Clusters or hosts) can be dedicated to an account or domain.
Implemented 12 new APIs to dedicate/list/release resources:
- dedicateZone, listDedicatedZones, releaseDedicatedZone for a Zone.
- dedicatePod, listDedicatedPods, releaseDedicatedPod for a Pod.
- dedicateCluster, listDedicatedClusters, releaseDedicatedCluster for a Cluster
- dedicateHost, listDedicatedHosts, releaseDedicatedHost for a Host.
2. Once a resource(eg. pod) is dedicated to an account, other resources(eg. clusters/hosts) inside that cannot be further dedicated.
3. Once a resource is dedicated to a domain, other resources inside that can be further dedicated to its sub-domain or account.
4. If any resource (eg.cluster) is dedicated to a account/domain, then resources(eg. Pod) above that cannot be dedicated to different accounts/domain (not belonging to the same domain)
5. To use Explicit dedication, user needs to create an Affinity Group of type 'ExplicitDedication'
6. A VM can be deployed with the above affinity group parameter as an input.
7. A new ExplicitDedicationProcessor has been added which will process the affinity group of type 'Explicit Dedication' for a deployment of a VM that demands dedicated resources.
This processor implements the AffinityGroupProcessor adapter. This processor will update the avoid list.
8. A VM requesting dedication will be deployed on dedicatd resources if available with the user account.
9. A VM requesting dedication can also be deployed on the dedicated resources available with the parent domains iff no dedicated resources are available with the current user's account or
domain.
10. A VM (without dedication) can be deployed on shared host but not on dedicated hosts.
11. To modify the dedication, the resource has to be released first.
12. Existing Private zone functionality has been redirected to Explicit dedication of zones.
13. Updated the db upgrade schema script. A new table "dedicated_resources" has been added.
14. Added the right permissions in commands.properties
15. Unit tests: For the new APIs and Service, added unit tests under : plugins/dedicated-resources/test/org/apache/cloudstack/dedicated/DedicatedApiUnitTest.java
16. Marvin Test: To dedicate host, create affinity group, deploy-vm, check if vm is deployed on the dedicated host.
1. A new implicit planner which extends the functionality provided by FirstFitPlanner.
2. Implicit planner can be used in either strict or preferred mode. In strict mode it tries to deploy a vm of a given account on a host on which vms of the account are already running. If no such host is found it'll search for an empty host to service the request. Otherwise the deploy vm request fails.
3. In preferred mode, if a host which is running vms of the account or an empty host isn't found, the planner then tries to deploy on any other host provided it isn't running implicitly dedicated strict vms of any other account.
4. Updated the createServiceOffering api to configure the details for the planner that the service offering is using.
5. Made db changes to store the service offering details for the planner.
6. Unit tests for testing the implicit planner functionality.
7. Marvin test for validating the functionality.
This reverts commit 8e917b1ad3.
Fixing the eclipse setting issue caused by excluding <cs.target.dir>.
This also fixes the incubation -> graduation links in the various poms.
Conflicts:
pom.xml
commit 7ce45ea108
Author: Koushik Das <koushik.das@citrix.com>
Date: Mon Apr 15 18:36:33 2013 +0530
Fixed indentation and line ending
commit 0232048f90
Merge: 735c4c897911e9
Author: Koushik Das <koushik.das@citrix.com>
Date: Mon Apr 15 17:05:59 2013 +0530
Merge branch 'master' into cisco-vnmc-api-integration
Conflicts:
api/src/org/apache/cloudstack/api/ApiConstants.java
client/tomcatconf/commands.properties.in
setup/db/db/schema-410to420.sql
tools/marvin/marvin/integration/lib/base.py
commit 735c4c8955
Author: Koushik Das <koushik.das@citrix.com>
Date: Mon Apr 15 15:20:37 2013 +0530
Fixed unit tests based on recent changes in the Vnmc resource code
commit f166f2d0bf
Author: Koushik Das <koushik.das@citrix.com>
Date: Mon Apr 15 14:50:25 2013 +0530
added tests to register vnmc and asa appliance in cloudstack
commit f38be4810e
Author: Koushik Das <koushik.das@citrix.com>
Date: Mon Apr 8 18:42:06 2013 +0530
Removed unwanted files
commit 902ce426c1
Author: Koushik Das <koushik.das@citrix.com>
Date: Mon Apr 8 17:59:30 2013 +0530
Fixed auto-wiring of components for Cisco Vnmc
commit 08467ee307
Author: Koushik Das <koushik.das@citrix.com>
Date: Mon Apr 8 16:04:54 2013 +0530
Fixed compilation issues, incorrect merges from last commit
commit 67f11d46ad
Merge: 3422ceec9c68e1
Author: Koushik Das <koushik.das@citrix.com>
Date: Mon Apr 8 15:11:10 2013 +0530
Merge branch 'master' into cisco-vnmc-api-integration
commit 3422ceefb6
Author: Koushik Das <koushik.das@citrix.com>
Date: Mon Apr 8 14:42:32 2013 +0530
Correctly associating nat, acl policy sets to edge security profile in VNMC
commit 9c1e193fca
Author: Koushik Das <koushik.das@citrix.com>
Date: Sun Apr 7 21:22:22 2013 +0530
Passing correct subnet mask while creating edge firewall in VNMC
commit 05e3d04b55
Author: Koushik Das <koushik.das@citrix.com>
Date: Tue Apr 2 17:50:57 2013 +0530
Added changes related to icmp
commit bcecb589de
Author: Koushik Das <koushik.das@citrix.com>
Date: Mon Apr 1 13:57:21 2013 +0530
Some xml file renames
commit 9c1ee93f2e
Author: Koushik Das <koushik.das@citrix.com>
Date: Sat Mar 30 15:54:25 2013 +0530
Fixed PF and static NAT rule creation in VNMC
commit 7e6159fa05
Author: Koushik Das <koushik.das@citrix.com>
Date: Wed Mar 27 18:53:49 2013 +0530
Added more unit tests for Cisco Vnmc element
commit fc0ed9adb6
Author: Koushik Das <koushik.das@citrix.com>
Date: Wed Mar 27 16:48:28 2013 +0530
Cleaning up VNMC config as part of network shutdown
commit 5a427d48e2
Author: Koushik Das <koushik.das@citrix.com>
Date: Wed Mar 27 02:22:54 2013 +0530
Added unit test for Vnmc network element implement() method
commit 48cbf34d3b
Author: Koushik Das <koushik.das@citrix.com>
Date: Wed Mar 27 02:20:45 2013 +0530
Passing correct gateway ip while creating vservice node and guest port profile in Nexus
commit 2c386c61ef
Author: Koushik Das <koushik.das@citrix.com>
Date: Fri Mar 22 13:50:52 2013 +0530
Nexus 1000v fix
commit 4d2168bfa9
Author: Koushik Das <koushik.das@citrix.com>
Date: Fri Mar 22 00:30:01 2013 +0530
Egress firewall rule
commit e81ab3a2f4
Author: Koushik Das <koushik.das@citrix.com>
Date: Thu Mar 21 10:50:29 2013 +0530
More tests for VnmcResource class
commit 9e9c179212
Author: Koushik Das <koushik.das@citrix.com>
Date: Thu Mar 21 00:25:10 2013 +0530
Fixed build issue from master merge
commit f0c1af2b5c
Merge: 4f305c2873ec27
Author: Koushik Das <koushik.das@citrix.com>
Date: Wed Mar 20 16:20:10 2013 +0530
Merge branch 'master' into cisco-vnmc-api-integration
Conflicts:
api/src/com/cloud/network/Network.java
api/src/org/apache/cloudstack/api/ApiConstants.java
client/tomcatconf/components-nonoss.xml.in
client/tomcatconf/nonossComponentContext.xml.in
plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/manager/VmwareManagerImpl.java
plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java
setup/db/db/schema-410to420.sql
vmware-base/src/com/cloud/hypervisor/vmware/mo/HypervisorHostHelper.java
commit 4f305c2beb
Author: Koushik Das <koushik.das@citrix.com>
Date: Wed Mar 20 15:09:34 2013 +0530
Initial set of tests, will add more in subsequent commits
commit 50bfcc1f75
Author: Koushik Das <koushik.das@citrix.com>
Date: Wed Mar 20 15:02:14 2013 +0530
Updated pom to copy xmls to target location during build
commit 45bc92b826
Author: Koushik Das <koushik.das@citrix.com>
Date: Wed Mar 20 14:58:59 2013 +0530
Fixed cpmpilation issue as missed out adding this file
commit 2ce7cdc756
Author: Koushik Das <koushik.das@citrix.com>
Date: Sun Mar 17 17:02:25 2013 +0530
Creating vservice node and associating it with port profile in nexus for guest VMs
commit 387545caff
Author: Koushik Das <koushik.das@citrix.com>
Date: Sat Mar 16 11:14:43 2013 +0530
Added license headers to XML files
commit 43e2997421
Author: Koushik Das <koushik.das@citrix.com>
Date: Wed Mar 13 11:51:59 2013 +0530
Changes related to instantiating the dao components
commit 99e88ecbf9
Author: Koushik Das <koushik.das@citrix.com>
Date: Tue Mar 12 23:40:35 2013 +0530
Fix build errors after merge from master
commit 7c20b120c2
Author: Koushik Das <koushik.das@citrix.com>
Date: Tue Mar 12 23:31:46 2013 +0530
Fixing poms and other xmls
commit ee868759a8
Merge: 9c94b6da1b33ca
Author: Koushik Das <koushik.das@citrix.com>
Date: Tue Mar 12 14:44:59 2013 +0530
Merge branch 'master' into cisco-vnmc-api-integration
Conflicts:
api/src/com/cloud/network/Network.java
api/src/org/apache/cloudstack/api/ApiConstants.java
plugins/pom.xml
setup/db/create-schema.sql
commit 9c94b6d231
Author: Koushik Das <koushik.das@citrix.com>
Date: Fri Mar 8 22:20:23 2013 +0530
Fixed XML to create static route in VNMC correctly
commit ef069b3323
Author: Koushik Das <koushik.das@citrix.com>
Date: Fri Mar 8 15:26:26 2013 +0530
Added logic for revoking ACL, PF and Static NAT rules
commit 4c65b70668
Author: Koushik Das <koushik.das@citrix.com>
Date: Fri Mar 8 13:51:37 2013 +0530
Renamed delete-acl-rule -> delete-rule
commit aa94eca516
Author: Koushik Das <koushik.das@citrix.com>
Date: Fri Mar 8 00:38:52 2013 +0530
- Creating static routes in VNMC as part of edge firewall configuration
- Passing order parameter while creating rules so that they are evaluated in a specific order
- Added methods in VnmcResource for listing acl policies and rules belonging to variouos policies. This is used to compute order while creation of various rules in VNMC
commit cc824e8585
Author: Koushik Das <koushik.das@citrix.com>
Date: Thu Mar 7 12:16:29 2013 +0530
Adding appropriate ACL rules for PF and static NAT
commit fb23c50365
Author: Koushik Das <koushik.das@citrix.com>
Date: Fri Mar 1 17:21:45 2013 +0530
Added logic for deleting various VNMC artifacts. Added/updated relevant xmls as well.
commit 970c21a9a3
Author: Koushik Das <koushik.das@citrix.com>
Date: Fri Mar 1 01:54:10 2013 +0530
Added implementation for delete of asa and vnmc apis
commit 22e1455142
Author: Koushik Das <koushik.das@citrix.com>
Date: Fri Mar 1 01:19:43 2013 +0530
List asa api to return guest network if associated. From this it can be inferred if asa is available or not
commit 32223736c9
Author: Koushik Das <koushik.das@citrix.com>
Date: Fri Mar 1 00:50:55 2013 +0530
Added Vmware cluster info along with asa1kv appliance.
This is used to select the correct n1kv vsm for configuring the guest network
commit deed3cc951
Author: Koushik Das <koushik.das@citrix.com>
Date: Mon Feb 25 18:03:59 2013 +0530
Added support for static NAT rules.
- Xmls for creating static nat rules in VNMC
- applyStaticNats implementation in VNMC network element
- handler for static nat in resource class
commit 681f0b7b50
Author: Koushik Das <koushik.das@citrix.com>
Date: Mon Feb 25 10:44:13 2013 +0530
Added implementation for firewall and port forwarding rules in Cisco VNMC element class
commit 66b01a6589
Author: Koushik Das <koushik.das@citrix.com>
Date: Fri Feb 22 19:19:44 2013 +0530
VNMC xml for deleting NAT policy
commit 5d98686768
Author: Koushik Das <koushik.das@citrix.com>
Date: Fri Feb 22 19:16:41 2013 +0530
Added support for PF/DNAT rules.
Created methods in VNMCConnection class to create PF rules. Also moved out common code for PF and source NAT in methods.
Updated the corresponding VNMC resource class.
commit 8db2fbeb8f
Author: Koushik Das <koushik.das@citrix.com>
Date: Fri Feb 22 18:21:45 2013 +0530
Added xml for creating NAT policy set in VNMC
commit f2da0d50ca
Author: Koushik Das <koushik.das@citrix.com>
Date: Fri Feb 22 18:17:53 2013 +0530
Added VNMC XMLs for supporting PF/DNAT rules.
Also moved out some XMLs related to source NAT to common files so that these can be used for both source NAT and DNAT
commit 124a48819d
Author: Koushik Das <koushik.das@citrix.com>
Date: Thu Feb 21 17:53:12 2013 +0530
Separated out creation of ACL policy set and policy in VNMC
commit 1e38515f35
Author: Koushik Das <koushik.das@citrix.com>
Date: Thu Feb 21 11:54:44 2013 +0530
Added changes to create ingress fw rules in VNMC
commit cb2fba9e7c
Author: Koushik Das <koushik.das@citrix.com>
Date: Thu Feb 14 16:23:05 2013 +0530
Source NAT in VNMC
commit 720fe2f908
Author: Koushik Das <koushik.das@citrix.com>
Date: Wed Feb 13 14:16:47 2013 +0530
Fix Vnmc test file
commit d6dbe790c6
Author: Koushik Das <koushik.das@citrix.com>
Date: Wed Feb 13 12:07:03 2013 +0530
Added db. tables for asa1kv devices and their mapping with guest network
commit 3fd7e30f6e
Author: Koushik Das <koushik.das@citrix.com>
Date: Wed Feb 13 11:52:12 2013 +0530
Changes:
- Added implementation for add/list asa1kv APIs
- Added agent command for associating asa1kv appliance with logical edge firewall in VNMC
- Added handler for the above agent command in VNMC resource class
- Updated VNMC element class to support the above
commit d08e2a1faf
Author: Koushik Das <koushik.das@citrix.com>
Date: Wed Feb 13 11:40:58 2013 +0530
Added lifecycle APIs for Cisco Asa 1000v appliance.
Added corresponding Dao and VO classes.
Also added mapping Dao and VO for guest netwok and asa appliance
commit 6b999ec867
Author: Koushik Das <koushik.das@citrix.com>
Date: Tue Feb 12 00:05:39 2013 +0530
Changes:
a. Added handlers for CreateLogicalEdgeFirewall and ConfigureNexusVSMForASA commands
b. Logic for add/list vnmc device API
c. Partial implementation for network element implement()
commit 0656250308
Author: Koushik Das <koushik.das@citrix.com>
Date: Mon Feb 11 23:48:19 2013 +0530
Moved VNMC provider creation to Network.java. The plugin code would have been the ideal place to keep it but current state of the code doesn't allow it.
commit dc402eaa7a
Author: Koushik Das <koushik.das@citrix.com>
Date: Mon Feb 11 23:35:19 2013 +0530
Added new commands for the following:
a. Logical edge firewall creation in VNMC
b. Asa1kv vservice node creation and updating asa1kv inside port profile with guest network vlan id in n1kv VSM
commit d6cdfe35f8
Author: Koushik Das <koushik.das@citrix.com>
Date: Mon Feb 11 23:06:36 2013 +0530
Added helper method to create port profile in n1kv VSM with additional parameters VDC tenant and edge security profile
Added helper method to create a vservice node in n1kv VSM
commit db42da17e9
Author: Koushik Das <koushik.das@citrix.com>
Date: Mon Feb 11 22:44:01 2013 +0530
Added database table for storing VNMC devices
commit f991436335
Author: Koushik Das <koushik.das@citrix.com>
Date: Fri Feb 8 16:00:15 2013 +0530
Added support for network offering creation with VNMC as provider for firewall, port forwarding, source nat
commit 74de210359
Author: Koushik Das <koushik.das@citrix.com>
Date: Fri Feb 8 15:06:11 2013 +0530
Added name attribute for the VNMC lifecycle commands
commit 6ce25ef11d
Author: Chiradeep Vittal <chiradeep@apache.org>
Date: Wed Jan 16 16:44:28 2013 -0800
Fix licensing
commit 392cd8ed63
Author: Chiradeep Vittal <chiradeep@apache.org>
Date: Wed Jan 16 16:38:19 2013 -0800
cisco-vnmc: Fix api to use new conventions
commit 6b142bbaab
Author: Chiradeep Vittal <chiradeep@apache.org>
Date: Wed Jan 16 15:33:33 2013 -0800
WIP: configure ASA port profile
Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>
commit 1ae21ea49a
Author: Chiradeep Vittal <chiradeep@apache.org>
Date: Wed Jan 16 15:33:01 2013 -0800
WIP rename device to resource to better reflect nature of VNMC
Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>
commit 84d218f972
Author: Chiradeep Vittal <chiradeep@apache.org>
Date: Wed Jan 16 15:32:54 2013 -0800
WIP: fixes for associating ASA1000v to tenant
Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>
commit d74c6a9ac2
Author: Chiradeep Vittal <chiradeep@apache.org>
Date: Wed Jan 16 15:32:45 2013 -0800
WIP: fixes for associating ASA1000v to tenant
Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>
commit 9350d10849
Author: Chiradeep Vittal <chiradeep@apache.org>
Date: Wed Jan 16 15:32:29 2013 -0800
WIP: admin commands for adding / listing VNMC
Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>
commit a8031a0cfe
Author: Chiradeep Vittal <chiradeep@apache.org>
Date: Wed Jan 16 15:30:41 2013 -0800
WIP ASA 1000v listing"
Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>
commit f9cc674b9c
Author: Chiradeep Vittal <chiradeep@apache.org>
Date: Wed Jan 16 15:30:36 2013 -0800
WIP : edge firewall
Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>
commit 6a0964af00
Author: Chiradeep Vittal <chiradeep@apache.org>
Date: Wed Jan 16 15:30:30 2013 -0800
WIP : edge security policy
Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>
commit e32295e8cf
Author: Chiradeep Vittal <chiradeep@apache.org>
Date: Wed Jan 16 15:30:24 2013 -0800
WIP : dhcp server policy
Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>
commit 446a9b8491
Author: Chiradeep Vittal <chiradeep@apache.org>
Date: Wed Jan 16 15:30:18 2013 -0800
WIP : dhcp server policy
Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>
commit e35e0eb59b
Author: Chiradeep Vittal <chiradeep@apache.org>
Date: Wed Jan 16 15:30:14 2013 -0800
Move unit test
Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>
commit 2b43a3e74e
Author: Chiradeep Vittal <chiradeep@apache.org>
Date: Wed Jan 16 15:30:08 2013 -0800
Move unit test
Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>
commit 11b804a894
Author: Chiradeep Vittal <chiradeep@apache.org>
Date: Wed Jan 16 15:29:54 2013 -0800
WIP: XML control of VNMC
Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>
- Supports DHCP, Source NAT, Static NAT, Firewall rules, Port Forwarding
- Renamed MidokuraMidonet to MidoNet
- Related Jira ticket is CLOUDSTACK-996
Signed-off-by: Dave Cahill <dcahill@midokura.com>
Signed-off-by: Hugo Trippaers <htrippaers@schubergphilis.com>
following changes
- introduced notion of event bus with publish, subscribe, unsubscribe
semantics
- a plug-in can implement the EventBus abstraction to provide event
bug to CloudStack
- A rabbitMQ based plug-in that can interact with AMQP servers to
provide message broker based event-bug
- stream lines, action events, usage events, alerts publishing in to
convineance classed which are also used to publish corresponding
event on to event bus
- introduced notion of state change event. On a state change, in the
state machine corrsponding to the resource, a state change event is
published on the event bug
- associated a state machined with Snapshot and Network objects
- Virtual Machine, Volume, Snaphost, Network object state changes wil
result in a state change event
- Fixed new join dao impls as spring components
- Fixed component context xml to load api rate limit checker
- Fixed root pom.xml for duplicate plugin
- Fixed list data centers method
- Fixed following conflicts:
api/src/org/apache/cloudstack/api/command/admin/network/CreateNetworkOfferingCmd.java
api/src/org/apache/cloudstack/api/command/user/offering/ListServiceOfferingsCmd.java
api/src/org/apache/cloudstack/api/command/user/template/DeleteTemplateCmd.java
api/src/org/apache/cloudstack/api/command/user/template/ExtractTemplateCmd.java
plugins/api/discovery/src/org/apache/cloudstack/discovery/ApiDiscoveryServiceImpl.java
server/src/com/cloud/api/ApiDBUtils.java
server/src/com/cloud/api/ApiServer.java
server/src/com/cloud/api/query/QueryManagerImpl.java
server/src/com/cloud/configuration/DefaultComponentLibrary.java
server/src/com/cloud/server/ManagementServerImpl.java
server/src/com/cloud/storage/swift/SwiftManagerImpl.java
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
- Introduces api/discovery plugin that helps discover apis on the mgmt server
- It's a pluggable service, therefore has it's own api-discovery_commands.properties
where the discovery api, listApi can be blacklisted (by removing it), or it's
role mask can be changed
- By default its response has all the apis
- Changes in other parts of the code to make it work, viz. components.xml, pom.xml,
and in ApiServer where it is used as an adapter to get apiname, cmd mappings
The ApiDiscoveryService interface is a contract that the implementing class will
provide:
1. A means to get all the apis as a list of response, plugin is free to implement
the response class, as long as it extends on the BaseResponse:
ListResponse<? extends BaseResponse> listApis();
2. Provides a map of apiname as the key and cmd class as the value:
Map<String, Class<?>> getApiNameCmdClassMapping();
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
Multiple fixes:
1. changes to the mvn configuration
a. include simulator to client.war
b. activate simulator by profile
2. templates for simulator
3. developer prefill for simulator
a. Use deplydb-simulator to setup simulator db
4. Inherit components-simulator.xml from components.xml
5. ListVolumesCommand missed for MockStorageManager
6. Include simulator properties into utils/db.properties
TODO:
Secondary storage VMs don't come up because ComponentLocator doesn't
retain a unique set of adapaters by name. Fix this in subsequent
checkin.
Simulator just like any hypervisor should be a plugin.
resurrecting it to aid api refactoring tests. WIP
Signed-off-by: Prasanna Santhanam <tsp@apache.org>
The authenticators now have an encode function that cloudstack will use to encode the user supplied password before storing it in the database. This makes it easier to add other authenticators with other hashing algorithms. The requires a two step approach to creating the admin account at first start as the authenticators are only present in the management-server component locator.
The SHA256 salted authenticator make use of this new system and adds a hashing algorithm based on SHA256 with a salt. This type of hash is far less susceptible to rainbow table attacks.
To make use of these new features the users password will be sent over the wire just as he typed it and it will be transformed into a hash on the server and compared with the stored password. This means that the hash will not go over the wire anymore.
The default authenticator in components.xml is still set to md5 for backwards compatibility. For new installations the sha256 could be enabled.
Rohit Yadav
Remi Bergsma
Abhinandan Prateek
Daan Hoogland
KC Wang
Funs
Pierre-Yves Ritschard
Hugo Trippaers
Daniel Vega
Ritu Sabharwal
Suresh Ramamurthy
Vania Xu
Daan Hoogland
Tim Mackey
punith-cloudbyte
Syed Ahmed
Victor Rodionov
Murali Reddy
Nitin Mehta
Min Chen
tuna
Will Stevens
Devdeep Singh
Donal Lafferty
Pedro Marques
ynojima
Toshiaki Hatano
Alex Huang
Prasanna Santhanam
Chip Childers
Edison Su
Hiroaki KAWAI
Saksham Srivastava
Edison Su
Alex Huang
Koushik Das
Prachi Damle
Dave Cahill
Anshul Gangwar
Rohit Yadav
Kelven Yang
Kanzhe Jiang
frank
Murali Reddy
Wido den Hollander
Darren Shepherd
olivier lamy
Darren Shepherd
Darren Shepherd