Support access to a host’s out-of-band management interface (e.g. IPMI, iLO,
DRAC, etc.) to manage host power operations (on/off etc.) and querying current
power state in CloudStack.
Given the wide range of out-of-band management interfaces such as iLO and iDRA,
the service implementation allows for development of separate drivers as plugins.
This feature comes with a ipmitool based driver that uses the
ipmitool (http://linux.die.net/man/1/ipmitool) to communicate with any
out-of-band management interface that support IPMI 2.0.
This feature allows following common use-cases:
- Restarting stalled/failed hosts
- Powering off under-utilised hosts
- Powering on hosts for provisioning or to increase capacity
- Allowing system administrators to see the current power state of the host
For testing this feature `ipmisim` can be used:
https://pypi.python.org/pypi/ipmisim
FS:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Out-of-band+Management+for+CloudStack
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
This feature allows root administrators to define new roles and associate API
permissions to them.
A limited form of role-based access control for the CloudStack management server
API is provided through a properties file, commands.properties, embedded in the
WAR distribution. Therefore, customizing API permissions requires unpacking the
distribution and modifying this file consistently on all servers. The old system
also does not permit the specification of additional roles.
FS:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dynamic+Role+Based+API+Access+Checker+for+CloudStack
DB-Backed Dynamic Role Based API Access Checker for CloudStack brings following
changes, features and use-cases:
- Moves the API access definitions from commands.properties to the mgmt server DB
- Allows defining custom roles (such as a read-only ROOT admin) beyond the
current set of four (4) roles
- All roles will resolve to one of the four known roles types (Admin, Resource
Admin, Domain Admin and User) which maintains this association by requiring
all new defined roles to specify a role type.
- Allows changes to roles and API permissions per role at runtime including additions or
removal of roles and/or modifications of permissions, without the need
of restarting management server(s)
Upgrade/installation notes:
- The feature will be enabled by default for new installations, existing
deployments will continue to use the older static role based api access checker
with an option to enable this feature
- During fresh installation or upgrade, the upgrade paths will add four default
roles based on the four default role types
- For ease of migration, at the time of upgrade commands.properties will be used
to add existing set of permissions to the default roles. cloud.account
will have a new role_id column which will be populated based on default roles
as well
Dynamic-roles migration tool: scripts/util/migrate-dynamicroles.py
- Allows admins to migrate to the dynamic role based checker at a future date
- Performs a harder one-way migrate and update
- Migrates rules from existing commands.properties file into db and deprecates it
- Enables an internal hidden switch to enable dynamic role based checker feature
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
Also factor out NicProfile specific methods and fix some DI config.
Conflicts:
server/src/org/cloud/network/router/deployment/VpcRouterDeploymentDefinition.java
server/test/org/cloud/network/router/deployment/VpcRouterDeploymentDefinitionTest.java
Implement the missing commands related to DHCP PV Lan and DHCP SubNet
Conflicts:
server/src/com/cloud/network/element/VirtualRouterElement.java
server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
server/src/com/cloud/network/rules/DhcpRules.java
server/src/com/cloud/network/rules/VirtualNetworkApplianceFactory.java
server/src/org/apache/cloudstack/network/topology/AdvancedNetworkTopology.java
server/src/org/apache/cloudstack/network/topology/BasicNetworkTopology.java
server/src/org/apache/cloudstack/network/topology/BasicNetworkVisitor.java
server/src/org/apache/cloudstack/network/topology/NetworkTopologyVisitor.java
This adds a spring bean xml to have EventBus for ACS, but the bean is commented
so the event bus service won't start by default. I'm adding this for any developer
who may want to hack on events and may use it just by uncommenting it and fixing
options.
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
- Have opensaml dependency to get version from root pom
- add com.cloud.api.auth.APIAuthenticationManagerImpl to spring ctx manager
- Fix getCommands() in APIAuthenticationManagerImpl
- Fix imports in resources, test and src classes
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
- This implements ManageBase, is a pluggable service
- Has a mechanism to return commands, useful for apidocs etc.
- Has a method to return APIAuthenticator based on API command name
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
Corrects problems from previous attempt. Fixes based on help comments from
the community and conflict resolution
Signed-off-by: Daan Hoogland <daan@onecht.net>
Adding the missing file
During HA and maintenance call different planners (if the original planners are not able to find capacity) which skip some heurestics
Rohit Yadav
Rajani Karuturi
wilderrodrigues
Koushik Das
Antonio Fornie
Daan Hoogland
Anthony Xu
Hugo Trippaers
Murali Reddy
Likitha Shetty
Prachi Damle
Min Chen
Alena Prokharchyk
Alex Huang
Ian Southam
Nitin Mehta
Kelven Yang
Darren Shepherd
Syed