This feature allows root administrators to define new roles and associate API
permissions to them.
A limited form of role-based access control for the CloudStack management server
API is provided through a properties file, commands.properties, embedded in the
WAR distribution. Therefore, customizing API permissions requires unpacking the
distribution and modifying this file consistently on all servers. The old system
also does not permit the specification of additional roles.
FS:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dynamic+Role+Based+API+Access+Checker+for+CloudStack
DB-Backed Dynamic Role Based API Access Checker for CloudStack brings following
changes, features and use-cases:
- Moves the API access definitions from commands.properties to the mgmt server DB
- Allows defining custom roles (such as a read-only ROOT admin) beyond the
current set of four (4) roles
- All roles will resolve to one of the four known roles types (Admin, Resource
Admin, Domain Admin and User) which maintains this association by requiring
all new defined roles to specify a role type.
- Allows changes to roles and API permissions per role at runtime including additions or
removal of roles and/or modifications of permissions, without the need
of restarting management server(s)
Upgrade/installation notes:
- The feature will be enabled by default for new installations, existing
deployments will continue to use the older static role based api access checker
with an option to enable this feature
- During fresh installation or upgrade, the upgrade paths will add four default
roles based on the four default role types
- For ease of migration, at the time of upgrade commands.properties will be used
to add existing set of permissions to the default roles. cloud.account
will have a new role_id column which will be populated based on default roles
as well
Dynamic-roles migration tool: scripts/util/migrate-dynamicroles.py
- Allows admins to migrate to the dynamic role based checker at a future date
- Performs a harder one-way migrate and update
- Migrates rules from existing commands.properties file into db and deprecates it
- Enables an internal hidden switch to enable dynamic role based checker feature
Deprecate commands.properties
- Fixes apidocs and marvin to be independent of commands.properties usage
- Removes bundling of commands.properties in deb/rpm packaging
- Removes file references across codebase
Reviewed-by: John Burwell <john.burwell@shapeblue.com>
QA-by: Boris Stoyanov <boris.stoyanov@shapeblue.com>
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
- Fix threshold calculations for host and storage metric views
- Implement advance search box for all metrics views
- Save and pass context through navigation
- Add complex nav support, fix context usage
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
During creation of SSVM, checks and adds NetworkOffering.SystemStorageNetwork to
offerings only if storage network exists for the target datacenter
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
Increased the margin and padding to accomodate all the boxes inside toolbar.
(cherry picked from commit febaeb2a15)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
There 2 things which has been changed.
* We look on power_state_update_time instead of update_time. Didn't make sense to me at all to look at update_time.
* Due DB update optimisation, powerState will only be updated if < MAX_CONSECUTIVE_SAME_STATE_UPDATE_COUNT. That is why we can not rely on these information unless we make sure these are up to date.
Summary: In vCenter 6.0, response headers need to be fetched after service login for server cookie unlike previous versions of vCenter.
(cherry picked from commit 4a6e2cdeee)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
CLOUDSTACK-8443: Support CentOS 7 for 4.5This is based on two PRs:
- 731
- 757
This commit is based on the 4.5 branch for a future 4.5 release.
* pr/814:
CLOUDSTACK-8443: Support CentOS 7 for 4.5
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
CLOUDSTACK-8762: Check to confirm disk activity before starting a VMImplements a VM volume/disk file activity checker that checks if QCOW2 file
has been changed before starting the VM. This is useful as a pessimistic
approach to save VMs that were running on faulty hosts that CloudStack could
try to launch on other hosts while the host was not cleanly fenced. This is
optional and available only if you enable the settings in agent.properties
file, on per-host basis.
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
* pr/754:
CLOUDSTACK-8762: Confirm disk activity before starting a VM
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
Support live migration on older version of Libvirthttps://issues.apache.org/jira/browse/CLOUDSTACK-8792
A flag being passed to Libvirt assumes v1.0.0 or later.
We need to put a check in the code to pass in a different flag if the version of Libvirt is < 1.0.0.
* pr/771:
Support live migration on older version of Libvirt
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
Update L10N resource files on 4.5 branch with 4.5 translation strings from Transifex (20150901)
Fix an issue with the key message.admin.guide.read on pt_BR L10N in web UI at the root cause
* pr/770:
Update L10N resource files on 4.5 branch with 4.5 translation strings from Transifex (20150901) Fix an issue with the key message.admin.guide.read on pt_BR L10N in web UI at the root cause
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
CLOUDSTACK-8766: Fix infinite scrolling pagination for zonal iso/template listing
Due to aggregation of templates and isos on the UI/client side, it could result
that for each page we could end up having lesser templates/isos listed to have
the scroll shown that triggers infinite scrolling. The fix is to use similar
approach as in projects.js, to use the maximum pagesize of 500. In theory, there
is still a chance if there are 500 zones with the same template being listed
resulting in only one aggregated template which could cause the scroll to not
get shown; but in practice I believe this fix should work for most users.
* pr/750:
CLOUDSTACK-8766: Fix infinite scrolling pagination for zonal iso/template listing
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
Implements a VM volume/disk file activity checker that checks if QCOW2 file
has been changed before starting the VM. This is useful as a pessimistic
approach to save VMs that were running on faulty hosts that CloudStack could
try to launch on other hosts while the host was not cleanly fenced. This is
optional and available only if you enable the settings in agent.properties
file, on per-host basis.
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
Due to aggregation of templates and isos on the UI/client side, it could result
that for each page we could end up having lesser templates/isos listed to have
the scroll shown that triggers infinite scrolling. In theory, there
is still a chance if there are several zones with the same template being listed
resulting in only one aggregated template which could cause the scroll to not
get shown; but in practice I believe this fix should work for most users.
Page size set based on experimental data:
https://github.com/apache/cloudstack/pull/751#issuecomment-135661968
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
CLOUDSTACK-8766: Fix infinite scrolling pagination for zonal template listing
Uses listViewDataProvider to implement pagination on listTemplates API
requests in the UI, when a template's zone tab is viewed.
* pr/739:
CLOUDSTACK-8766: Fix infinite scrolling pagination for zonal template listing
Signed-off-by: Remi Bergsma <github@remi.nl>
Uses listViewDataProvider to implement pagination for listing templates and ISOs
in the zones tab. Dedupes isos and templates in the list views.
This closes#739
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
This is happening as ClusterServiceServletAdapter is started after ClusteredAgentManagerImpl.
Fix is to start ClusterServiceServletAdapter before ClusteredAgentManagerImpl.
(cherry-picked from c989921fb7)
Backported PR #678 to 4.5
This I changed:
``jasypt='/usr/share/cloudstack-common/lib/jasypt-1.9.0.jar'``
in master it is 1.9.2. I changed it to 1.9.0 here, to match the original script.
Original commit IDs:
2f858a7d08ee9b644e288a1e79f518
Signed-off-by: Remi Bergsma <github@remi.nl>
CLOUDSTACK-8748: VM UUID accessible in CreateVMSnapshotCommand and RevertToVMSnapshotCommand
This patch makes it possible to expose VM UUID to subsystems, this can be
useful for implementing VM Snapshots for KVM in future.
* pr/717:
CLOUDSTACK-8748: VM UUID accessible in CreateVMSnapshotCommand and RevertToVMSnapshotCommand
Signed-off-by: Remi Bergsma <github@remi.nl>
This patch makes it possible to expose VM UUID to subsystems, this can be
useful for implementing VM Snapshots for KVM in future.
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
Rohit Yadav
ramamurtis
Nitin Kumar Maharana
Daan Hoogland
Rene Moser
Pierre-Luc Dion
Boris Schrijver
Suresh Kumar Anaparti
Wido den Hollander
Rene Moser
Mike Tutkowski
Milamber
Remi Bergsma
Koushik Das
Rajani Karuturi