* 4.6:
more poms didn't get updated with script
implemented upgrade path from 4.6.0 to 4.6.1
checkstyle pom didn't get updated with script
debian: add 4.6.1-snapshot to changelog
Updating pom.xml version numbers for release 4.6.1-SNAPSHOT
Updating pom.xml version numbers for release 4.6.0
squashed commit for dockerfiles part#2 including comments from PR#910This PR replace PR#910 which include fix from comments in PR#910.
This PR simplify download of systemvm templates, work with docker-compose and enable integration-api port and use of localstorage without reconfiguration of cloudstack.
Rebased on Oct28.
* pr/999:
squashed commit for dockerfiles part#2 including comments from PR#910
Signed-off-by: Remi Bergsma <github@remi.nl>
CLOUDSTACK-8925 - Default allow for Egress rules is not being configured properly in VR iptables rulesThis PR fixes the router default policy for egress. When the default is DENY, the router still allows outgoing connections.
The test component/test_routers_network_ops.py was improved to cover that case as well. The results were:
Test redundant router internals ... === TestName: test_01_isolate_network_FW_PF_default_routes_egress_true | Status : SUCCESS ===
ok
Test redundant router internals ... === TestName: test_02_isolate_network_FW_PF_default_routes_egress_false | Status : SUCCESS ===
ok
Test redundant router internals ... === TestName: test_01_RVR_Network_FW_PF_SSH_default_routes_egress_true | Status : SUCCESS ===
ok
Test redundant router internals ... === TestName: test_02_RVR_Network_FW_PF_SSH_default_routes_egress_false | Status : SUCCESS ===
ok
----------------------------------------------------------------------
Ran 4 tests in 3636.656s
OK
/tmp//MarvinLogs/test_routers_network_ops_QDL429/results.txt (END)
* pr/1023:
CLOUDSTACK-8925 - Implement the default egress DENY/ALLOW properly
CLOUDSTACK-8925 - Improve the default egress tests in order to cover newly entered rules
CLOUDSTACK-8925 - Add egress dataset to test_data.py
CLOUDSTACK-8925 - Drop the traffic when default egress is set to false
Signed-off-by: Remi Bergsma <github@remi.nl>
CLOUDSTACK-8960: Remove Citrix Resources from test_data.pyReplace URLs related to templates and ISOs with the ones accessbile to everybody in the community.
I have copied all the templates and ISOs to my webspace at http://people.apache.org/~sanjeev/ so they can be accessible from anywhere.
* pr/939:
CLOUDSTACK-8960: Remove Citrix Resources from test_data.py Replace URLs related to templates and ISOs with the ones accessbile to everybody in the community
Signed-off-by: Remi Bergsma <github@remi.nl>
Add optional fields: iprange and fordisplay to Marvin base.py class method Vpn.create
Add optional field: passive to Marvin base.py class method Vpn.createVpnConnection
CLOUDSTACK-8756:Incorrect guest os mapping in CCP 4.2.1-6 for CentOS 5.9Check the bug 8756 for more details
* pr/728:
CLOUDSTACK-8756:Incorrect guest os mapping in CCP 4.2.1-6 for CentOS 5.9
Signed-off-by: Rajani Karuturi <rajani.karuturi@citrix.com>
- Changing refactored the utils.get_process_status() function
- Adding 2 tests: test_01_single_VPC_iptables_policies and test_02_routervm_iptables_policies
CLOUDSTACK-8716: Verify creation of snapshot from volume when the task is performed repeatedly in zone wide primary StorageOn VMWare with a Zone wide primary storage and more than two clusters verify successful creation of snapshot multiple times.
* pr/665:
CLOUDSTACK-8716: Verify creation of snapshot from volume when the task is performed repeatedly in zone wide primary Storage
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
Example of problem:
ATTENTION: Merging pull request #731 from remibergsma/centos7-kvm into 'master' branch in 5 seconds. CTRL+c to abort..
-n 5
-n 4
-n 3
-n 2
-n 1
-n 0
Should be compatible with more environments if printf is used instead.
CLOUDSTACK-8716: Verify creation of snapshot from volume when the task is performed repeatedly in zone wide primary Storage
-Removing redundent code
-Added validate list function for list snapshot operation
CLOUDSTACK-8716: Verify creation of snapshot from volume when the task is performed repeatedly in zone wide primary Storage
Removed duplicate test data related to vm properties.Modified tests dependent on it
Removed duplicte service offerings from test data and modified tests dependent on it
Bug-Id: CLOUDSTACK-8617
This closes#644
- Adding keepalived installation in the right script. I added the change on the buildsystemvm.sh, which is no longer used.
Signed-off-by: wilderrodrigues <wrodrigues@schubergphilis.com>
* Move config options to SAML plugin
This moves all configuration options from Config.java to SAML auth manager. This
allows us to use the config framework.
* Make SAML2UserAuthenticator validate SAML token in httprequest
* Make logout API use ConfigKeys defined in saml auth manager
* Before doing SAML auth, cleanup local states and cookies
* Fix configurations in 4.5.1 to 4.5.2 upgrade path
* Fail if idp has no sso URL defined
* Add a default set of SAML SP cert for testing purposes
Now to enable and use saml, one needs to do a deploydb-saml after doing a deploydb
* UI remembers login selections, IDP server
- CLOUDSTACK-8458:
* On UI show dropdown list of discovered IdPs
* Support SAML Federation, where there may be more than one IdP
- New datastructure to hold metadata of SP or IdP
- Recursive processing of IdP metadata
- Fix login/logout APIs to get new interface and metadata data structure
- Add org/contact information to metadata
- Add new API: listIdps that returns list of all discovered IdPs
- Refactor and cleanup code and tests
- CLOUDSTACK-8459:
* Add HTTP-POST binding to SP metadata
* Authn requests must use either HTTP POST/Artifact binding
- CLOUDSTACK-8461:
* Use unspecified x509 cert as a fallback encryption/signing key
In case a IDP's metadata does not clearly say if their certificates need to be
used as signing or encryption and we don't find that, fallback to use the
unspecified key itself.
- CLOUDSTACK-8462:
* SAML Auth plugin should not do authorization
This removes logic to create user if they don't exist. This strictly now
assumes that users have been already created/imported/authorized by admins.
As per SAML v2.0 spec section 4.1.2, the SP provider should create authn requests using
either HTTP POST or HTTP Artifact binding to transfer the message through a
user agent (browser in our case). The use of HTTP Redirect was one of the reasons
why this plugin failed to work for some IdP servers that enforce this.
* Add new User Source
By reusing the source field, we can find if a user has been SAML enabled or not.
The limitation is that, once say a user is imported by LDAP and then SAML
enabled - they won't be able to use LDAP for authentication
* UI should allow users to pass in domain they want to log into, though it is
optional and needed only when a user has accounts across domains with same
username and authorized IDP server
* SAML users need to be authorized before they can authenticate
- New column entity to track saml entity id for a user
- Reusing source column to check if user is saml enabled or not
- Add new source types, saml2 and saml2disabled
- New table saml_token to solve the issue of multiple users across domains and
to enforce security by tracking authn token and checking the samlresponse for
the tokens
- Implement API: authorizeSamlSso to enable/disable saml authentication for a
user
- Stubs to implement saml token flushing/expiry
- CLOUDSTACK-8463:
* Use username attribute specified in global setting
Use username attribute defined by admin from a global setting
In case of encrypted assertion/attributes:
- Decrypt them
- Check signature if provided to check authenticity of message using IdP's
public key and SP's private key
- Loop through attributes to find the username
- CLOUDSTACK-8538:
* Add new global config for SAML request sig algorithm
- CLOUDSTACK-8539:
* Add metadata refresh timer task and token expiring
- Fix domain path and save it to saml_tokens
- Expire hour old saml tokens
- Refresh metadata based on timer task
- Fix unit tests
This closes#489
(cherry picked from commit 20ce346f3a)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
Conflicts:
client/WEB-INF/classes/resources/messages_hu.properties
plugins/hypervisors/xenserver/src/com/cloud/hypervisor/xenserver/resource/wrapper/xenbase/CitrixCheckHealthCommandWrapper.java
plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
ui/scripts/ui-custom/login.js
Revert the fix to throw failed test on exception, will fix that in a separate branch so all the other fixes can be committed already and not raise failure on an old intermittent issue that was hidden
Signed-off-by: Daan Hoogland <daan@onecht.net>
Add urandom as random source in before_script.sh
Remove commented lines in before_script.sh
Remove commented lines in install.sh
Signed-off-by: Daan Hoogland <daan@onecht.net>
host command not present in build env, switch to getent
second phase of dep download turning some error, print failure log
Signed-off-by: Daan Hoogland <daan@onecht.net>
The console-setup service brings a nice font to the console, but why would we want to use it. In most cases it takes a <10 seconds to set it up. When using nested hypervising, I found this takes much longer time that causes tests to time-out. I'd suggest turning off these services. They are not required for the services the systemvm provides.
This commit fixes a chmod issue where extracted vmdk file is not readable by all
users/groups. The other improvement is to use ovftool to build systemvm template
for vmware if it's available. This is based on a dev ML discussion and a suggested
approach by Ilya: http://markmail.org/message/kntsetgxdbppfh22
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
- Removes awsapi db properties usage across codebase
- Removes references from spring xmls, test cases and TransactionLegacy
- Adds sql command to drop database cloudbridge in schema-451to460-cleanup.sql
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
added a new environment variable RUNUNITTESTS
running full build if RUNUNITESTS is true else skipping tests
job1 now runs only unittests
removed some of the test files from job9 and job10 as they are timing
out.
This closes#218
ssl._create_unverified_context is not available for all Python 2.x environment,
the fix would check if the attribute is available before trying to set it
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
Starting 4.5, we won't be using 32bit systemvmtemplate. Removing dead code as
it's already far behind in terms of maintenance compared to the 64bit definitions.
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
1. provide compatibility with the Big Cloud Fabric (BCF) controller
L2 Connectivity Service in both VPC and non-VPC modes
2. virtual network terminology updates: VNS --> BCF_SEGMENT
3. uses HTTPS with trust-always certificate handling
4. topology sync support with BCF controller
5. support multiple (two) BCF controllers with HA
6. support VM migration
7. support Firewall, Static NAT, and Source NAT with NAT enabled option
8. add VifDriver for Indigo Virtual Switch (IVS)
This closes#151
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
/var/log fills up /var and fails operation of normal services. This fix
restricts /var/log to 100-200M. The fix for CLOUDSTACK-6885 tries to make sure
we don't keep a lot of logs.
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
/var/log fills up /var and fails operation of normal services. This fix
restricts /var/log to 100-200M. The fix for CLOUDSTACK-6885 tries to make sure
we don't keep a lot of logs.
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
These are failing on my machine with cloud.log lines like
2014-08-07 14:34:09,509 Add dev eth2 table Table_eth2 10.0.2.0/24
2014-08-07 14:34:09,511 Address 10.0.2.106/24 on device eth2 not configured
2014-08-07 14:34:10,513 Device eth2 cannot be configured - device was not found
I think it's correct that they are failing -- this is work in progress.
Any cd command will cause rvm to override the trap handler in the shell
These means that vagrant_destroy will not get called at the end because in the node function it cds
Run the nose tests in a subshell
This approach is instead of serverspec, but filling the same purpose. It's
main advantage is that it uses nose and python, just like the existing
marvin-based integration test suite.
Replace chef with a python script
configure.py will read the bags and (hopefully) create the desired state
At this stage this is ipassociation
This code should work for both VR and VPCrs
TODO:
iptables
ip route throw (present in VR but not in VPCr
Determine default route
Unit tests
----
Author: Ian Southam <isoutham@schubergphilis.com>
First commit towards moving systemvm to chef based configuration
In this commit
1. cmdline json databag is created
2. ip association data bag is created
3. Basic chef cookbook to manage ips and routes
Conflicts:
systemvm/patches/debian/config/etc/init.d/cloud-early-config
systemvm/patches/debian/config/var/chef/cookbooks/README
tools/appliance/definitions/systemvm64template/postinstall.sh
----
Because we've refactored the systemvm template the change to
postinstall.sh now gets its own chef.sh file.
This is a plugin that puts in ovm3 support ranging from 3.3.1 to 3.3.2. Basic
functionality is in here, advanced networking etc..
Snapshots only work when a VM is stopped now due to the semantics of OVM's raw
image implementation (so snapshots should work on a storage level underneath the
hypervisor shrug)
This closes#113
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
added it in the zone block.
CLOUDSTACK-8229
Testing: tested with KVM and zone deployment was fine.
In the config file, zone wide primary storage details looks like this:
"primaryStorages": [
{
"url": "nfs://10.147.28.7/export/home/talluri/primary1",
"XRT_PriStorageType": "NFS",
"name": "XenRT-Zone-0-Pod-0-Cluster-0-Primary-Store-0",
"hypervisor": "KVM",
"scope" : "zone"
}
],
reviewed-by: talluri
Revert "Automation of CCP Objects Verification after external changes made to the original setup Purpose of this code:"
This reverts commit 7461297f3e.
Generate CCP Objects (VMs, Volumes, Snapshots, VPC, etc..) and CCP Use Cases (Networking, Data Content,etc) before an external action on the CCP Setup and verify the integrity of the CCP Objects and the Use Cases after the external action on the CCP Setup. The integrity of the CCP Objects is verified by performing operations that test the Usability of the objects. This validates the intactness of the setup after an external action. The submitted patch covers only few major use cases. It proves that similar code can be added in future to address similar goals in verifying the integrity of CCP objects belonging to different components of the product.
The code format can be followed to verify validity of real time business use cases while any code changes (CCP,hypervisor,external devices code, etc…) happen over a period of time.
The following are the scenarios that the code format can be used for:
1.Upgrade Validity Verification
a. CCP Upgrade
b. Hypervisors Upgrade
c. External Devices Upgrade
d. System VM Template Changes.
2.Patch Validity Verification
Code can be used as one of the primary Components to validity Upgrades. It will facilitate the automation of Upgrade Test Verification completely.
How to use the code:
*Kindly make the corresponding substitutions in the commands listed below.
Execute:
nosetests --with-marvin --marvin-config=$CONFIG $BASEDIR/integration/component/ test_minimal_ug_check.py --load -a tags=preupgrade
After Upgrade or any Changes done to the Setup, Verify that the existing CCP objects are not affected due to the external changes.
Execute:
nosetests --with-marvin --marvin-config=$CONFIG $BASEDIR/integration/component/ test_minimal_ug_check.py --load -a tags=postupgrade
Signed-off-by: SrikanteswaraRao Talluri <talluri@apache.org>
edit checkstyle pom on rc creation
xapi release version dep
update debian package changelog on version upgrade
sign release branch instead of release tree
(cherry picked from commit dd508b3b9f)
edit checkstyle pom on rc creation
xapi release version dep
update debian package changelog on version upgrade
sign release branch instead of release tree
Refactored code to use test_data instead of hardcoded NetScaler credentials
Refactored code to remove large scale duplication
Fixed some minor logic error in the existing tests
This patch has not added or removed any of the original test-cases.
Signed-off-by: SrikanteswaraRao Talluri <talluri@apache.org>
This reverts commit e921ec6ec7.
CLOUDSTACK-7408: sshClient.py - removing function load_host_keys(). This function is used to load host keys from local host keys file and to save back the host key. It is not needed while running test cases because we are connecting to unknown host anyway and don't want to use any local host key file. We have the AutoAddPolicy for missing host key file, hence whenever ssh connects to a new host, it will save the host key in memory temporarily.
Signed-off-by: SrikanteswaraRao Talluri <talluri@apache.org>
Installed flask package and removed the disk expert recipe in
system vm template to keep only one partition
Signed-off-by: Frank Zhang <frank.zhang@citrix.com>
This reverts commit e921ec6ec7.
CLOUDSTACK-7408: sshClient.py - removing function load_host_keys(). This function is used to load host keys from local host keys file and to save back the host key. It is not needed while running test cases because we are connecting to unknown host anyway and don't want to use any local host key file. We have the AutoAddPolicy for missing host key file, hence whenever ssh connects to a new host, it will save the host key in memory temporarily.
Signed-off-by: SrikanteswaraRao Talluri <talluri@apache.org>
Test data to deploy new data center and execute test using the deployed zone
Signed-off-by: sanjeev <sanjeev@apache.org>
Incorporated review comments provided in RR 25097
Fixed review comments mentioned in RR25293
Conflicts:
tools/marvin/marvin/config/test_data.py
(cherry picked from commit 9e5da759b3)
Rajani Karuturi
Remi Bergsma
Carles Figuerola
Priti Sarap
Wilder Rodrigues
Mike Tutkowski
shweta agarwal
Pierre-Luc Dion
Miguel Ferreira
Michael Andersen
sanjeev
Patrick Dube
Rohit Yadav
Sowmya Krishnan
Ian Southam
SrikanteswaraRao Talluri
Rafael da Fonseca
Daan Hoogland
Abhinav Roy
Stefan Magnus Landrø
Gaurav Aradhye
Milamber
Laszlo Hornyak
Daan Hoogland
Abhinandan Prateek
Rajani Karuturi
sailajamada
Ian Duffy
KC Wang
prashant kumar mishra
Daan Hoogland
Yitao Jiang
Rene Moser
Leo Simons
Sander Botman
Hugo Trippaers
Funs
Ashutosh K
Pierre-Yves Ritschard
Chandan Purushothama
David Nalley
Chandan Purushothama
Wei Zhou
vetrivelc
Will Stevens
Sebastien Goasguen
Doug Clark
Edison Su
Harikrishna Patnala
Prashant Kumar Mishra