Release 4.16.0.0 introduced a feature for migrating system VM volumes (#4385). However, it was enabled only for VMWare.
This PR intends to enable the feature for KVM too.
Co-authored-by: GutoVeronezi <daniel@scclouds.com.br>
This PR fixes#6544 where it could not list networks in a project even after network permissions are set.
* Added test cases to existing component tests to test network permissions
* Moved test_network_permissions.py from component to smoke tests
* Added test_network_permissions to travis.yml under smoke tests
* add global setting to allow parallel execution on vmware
* cleanup setting distribution for vmware.create.full.clone
* query setting in vmware guru
* don´t touch other hypervisor's commands
* guru hierarchy cleanup
- Refactor IPv6 related tests
- Adds smoke test for IPv4 network to IPv6 upgrade
- Adds smoke test for IPv6 VPC
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
* Fix global setting reference for max secondary storage usage based on account or project
* Changed a variable naming
* Replaced config enum usage with configkey class for global settings
* Fixed grammar mistake
* Fixed code smells
* Allow for arbitrary disk offering details to be saved/displayed
Similar to service offering details, allow details to be provided and
displayed. Can be used for classification of offerings, etc.
Signed-off-by: Marcus Sorensen <mls@apple.com>
* Update server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
Co-authored-by: Daniel Augusto Veronezi Salvador <38945620+GutoVeronezi@users.noreply.github.com>
Co-authored-by: Daniel Augusto Veronezi Salvador <38945620+GutoVeronezi@users.noreply.github.com>
This PR enhances the existing PowerFlex/ScaleIO storage plugin to support separate (storage) network for Hosts(KVM)/Storage connection, mainly the SDC (ScaleIo Data Client) connection.
* refactor and log trace
* tracelogs
* shuffle pools with real randomiser
* sinlge retrieval of async job context
* some review comments addressed
* Apply suggestions from code review
Co-authored-by: Daniel Augusto Veronezi Salvador <38945620+GutoVeronezi@users.noreply.github.com>
* log formatting
* integration test for distribution of volumes over storages
* move test to smoke tests
* imports
* sonarcloud issue # AYCOmVntKzsfKlhz0HDh
* spellos
* review comments
* review comments
* sonarcloud issues
* unittest
* import
* Update AbstractStoragePoolAllocatorTest.java
Co-authored-by: Daan Hoogland <dahn@onecht.net>
Co-authored-by: Daniel Augusto Veronezi Salvador <38945620+GutoVeronezi@users.noreply.github.com>
* login/-out constants
* no request listener
* store session as value, using id as key
* Apply suggestions from sonarcloud.io code review
three instances of unsafe parameters to logging
* new sonar issues
* sonar issues
* Prevent NPE on reboot stopped VM
* Use VM UUID instead of VM ID
* Apply suggestion
* Refactor and fix start VM output
* Use format instead of concatenation
* Fix, change network.disable.rpfilter type from integer to boolean.
`network.disable.rpfilter` global setting doesn't accept boolean values.
* Changed consoleproxy.disable.rpfilter global setting type from integer to boolean.
The issue is found in the smoke test `test/integration/smoke/test_network_ipv6.py`.
sometimes the test failed with error below
```
FAIL: Test to verify IPv6 network
----------------------------------------------------------------------
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/marvin/lib/decoratorGenerators.py", line 30, in test_wrapper
return test(self, *args, **kwargs)
File "/marvin/test_network_ipv6.py", line 1215, in test_01_verify_ipv6_network
self.checkNetworkRouting()
File "/marvin/test_network_ipv6.py", line 1060, in checkNetworkRouting
"Ping from VM %s of network %s to VM %s of network %s is unsuccessful" % (self.routing_test_vm.id, self.routing_test_network.id, self.virtual_machine.id, self.network.id))
AssertionError: False is not true : Ping from VM 0aa36a76-09c6-476f-97c5-b9cea27a5b7c of network 27a2b244-e319-46c5-a779-d6ae73eb9ac2 to VM ae13ea17-1f35-4ca7-83c1-e13126f8df79 of network 1f38a686-69f3-41ed-a75e-cd3f822497d8 is unsuccessful
```
After investigation, we found the egress traffic is dropped by `nft`.
a correct nft chain looks like
```
root@r-282-VM:~# nft list chain ip6 ip6_firewall fw_chain_egress
table ip6 ip6_firewall {
chain fw_chain_egress {
counter packets 0 bytes 0 accept
}
}
```
However, some VRs has the following nft chain
```
root@r-280-VM:~# nft list chain ip6 ip6_firewall fw_chain_egress
table ip6 ip6_firewall {
chain fw_chain_egress {
counter packets 0 bytes 0 drop
}
}
```
It is because the ingress rule does not have correct `default_egress_policy`
```
root@r-280-VM:~# cat /etc/cloudstack/ipv6firewallrules.json
{
"0": {
"already_added": false,
"default_egress_policy": true,
"dest_cidr_list": [],
"guest_ip6_cidr": "fd17:ac56:1234:1a96::/64",
"id": 0,
"protocol": "all",
"purpose": "Ipv6Firewall",
"revoked": false,
"source_cidr_list": [],
"src_ip": "",
"traffic_type": "Egress"
},
"1263": {
"already_added": false,
"default_egress_policy": false,
"dest_cidr_list": [
"::/0"
],
"guest_ip6_cidr": "fd17:ac56:1234:1a96::/64",
"icmp_code": -1,
"icmp_type": -1,
"id": 1263,
"protocol": "icmp",
"purpose": "Ipv6Firewall",
"revoked": false,
"source_cidr_list": [
"::/0"
],
"traffic_type": "Ingress"
},
"id": "ipv6firewallrules"
}
```
in mose time, the Egress rule is processed before Ingress rule.
But when the Ingress rule is processed at first, the nft chain will be wrong.
Rohit Yadav
Daniel Augusto Veronezi Salvador
João Jandre
John Bampton
SadiJr
Rodrigo D. Lopez
Abhishek Kumar
Harikrishna
David Jumani
dahn
mprokopchuk
Wei Zhou
Marcus Sorensen
Suresh Kumar Anaparti
nvazquez
Pearl Dsilva
dahn
HuangWei
Sina Kashipazha