from the management server
from the managment server. With out thix fix, password data bag is getting
updated on every network rule configuration and hence VR serving the password for guest
instance password requests every time
handle casting VmwareDistributedVirtualSwitchVlanSpec, to appropriate class
corresponding to vlan and pvlan. For pvvlan cast to VmwareDistributedVirtualSwitchPvlanSpec
for vlan cast to VmwareDistributedVirtualSwitchVlanIdSpec
CLOUDSTACK-9480: Egress Firewall: Incorrect use of Allow/Deny for ICMP
fix ensures, ICMP, TCP, UDP are handled similalry w.r.t egress rule action
CLOUDSTACK-9495: Egress rules functionalty broken when protocol=all specified
when protocol=all specified, CIDR was ignored. Fix ensures if CIDR is specified
its always used in configuring iptable rules
2 new marvin test cases to test /32 CIDR
this happens when IP is to be deleted and its the last ip associated with the interface
retrieve original nic_device_id from current ips.json for merge
- Allow forwarding on all public interfaces. Regression in 4.6 restricted only to 4.6.
+ for traffic originating from eth0 and outbound on any public interface forward to FW_OUTBOUND chain
+ for traffic on reverse path from eth0 and on any public interface use RELATED,ESTABLISHED to allow the traffic
- for each public interface, traffic originatig from the interace be marked with device number. On reverse path
corresponding 'ip rules' table will be looked for routing decision
- Ensure that FW_EGRESS_RULE chain exists after upgrading the router
- Flush allow all egress rule on 0.0.0.0/0, if such a rule exists in the config
it will be added later (CLOUDSTACK-9437)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
- Restricts default login auth handler to ldap and native-cloudstack users
- Refactors and create re-usable method to find domain by id/path
- Adds unit test for refactored method in DomainManagerImpl
- Adds smoke test for login handler
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
CLOUDSTACK-9134: set device_id as the first device_id not in use instead of nic count
when we restart vpc tiers, the old nics will be removed, and create a new nic.
however, the device_id was set to the nic count, which may be already used.
this commit get the first device_id not in use as the device_id of new nic.
This issue also happen when we add multiple networks to a vm and remove them.
* pr/1209:
CLOUDSTACK-9134: set device_id as the first device_id not in use instead of nic count
Signed-off-by: Daan Hoogland <daan@onecht.net>
CLOUDSTACK-9155 make sure logrotate is effective for cloud.logMany processes on the VRs log to cloud.log. When log rotate kicks in, the file is rotated but the scripts still write to the old inode (cloud.log.1 after rotate). Tis quickly fills up the tiny log partition.
Using 'copytruncate' is a small tradeoff, there is a slight change of missing a log entry, but in the old situation nothing ended up in cloud.log after rotate (except for stuff that was (re)started) so I think this is the best solution until we properly rewrite the script to either use their own script or syslog.
More details: https://issues.apache.org/jira/browse/CLOUDSTACK-9155
* pr/1235:
CLOUDSTACK-9155 make sure logrotate is effective
Signed-off-by: Remi Bergsma <github@remi.nl>
Many processes on the VRs log to cloud.log. When logrotate
kicks in, the file is rotated but the scripts still write
to the old inode (cloud.log.1 after rotate). Tis quickly
fills up the tiny log partition.
Using 'copytruncate' is a tradeoff, there is a slight
change of missing a log entry, but in the old situation
we were missing all of them after logrotate.
CLOUDSTACK-9151 - As a Developer I want the VRID to be set within the limits of KeepaliveDThis PR fixes a blocker issue!
- Just like with RVRs, use the VRID 51 instead of making it dependent on the VPCID
- Reason: arbitary unique number 0..255 used to differentiate multiple instances of vrrpd running on the same NIC (and hence same socket). virtual_router_id 51
* pr/1231:
CLOUDSTACK-9151 - Removes the replacement of the VRID in the CsRedundant file
Signed-off-by: Remi Bergsma <github@remi.nl>
Updating pom.xml version numbers for release 4.6.2-SNAPSHOTSet next version in 4.6 release branch to version 4.6.2-SNAPSHOT.
Using ` ./tools/build/setnextversion.sh`.
Ping @bhaisaab @DaanHoogland before we merge this, how will we be creating the upgrade paths from 4.6.2 to 4.7? After this PR is merged, we need to manually do a fwd-merge and make sure we keep the pom versions in master/4.7. Much like in #1071.
* pr/1186:
Fixed typo in iam/pom.xml
Updating pom.xml version numbers for release 4.6.2-SNAPSHOT
Signed-off-by: Daan Hoogland <daan@onecht.net>
- Just like with RVRs, use the VRID 51 instead of making it dependent on the VPCID
- Reason: arbitary unique number 0..255 used to differentiate multiple instances of vrrpd running on the same NIC (and hence same socket). virtual_router_id 51
[UI] bug fix: Delete added ACL lists is not available for Domain Admin and normal usersOnly the owner or domain admin/admin can access the page (vpc->Network ACL Lists), they are also able to remove the network ACL lists, which is not allowed on UI.
* pr/1211:
[UI] bug fix: Delete added ACL lists is not available for Domain Admin and normal users
Signed-off-by: Remi Bergsma <github@remi.nl>
[4.6] CLOUDSTACK-4787 - vmware diskcontrollersSame as #1131 (see this for screenshots etc)
* pr/1132:
CLOUDSTACK-4787: Allow users to select disk controller for VM/template
CLOUDSTACK-4787 Allow selection of scsi controller type in vSphere
Signed-off-by: Daan Hoogland <daan@onecht.net>
[4.6] CLOUDSTACK-9113: skip vm with inconsistent state when getVmStats/getVmDiskStatson KVM, if there is a vm has inconsistent state between hypervisor and db, the getVmStat will terminate and return null, all vm stats will not be updated.
we should skip the vm which has inconsistent state, and continue on others.
* pr/1182:
CLOUDSTACK-9113: skip vm with inconsistent state when getVmStats/getVmDiskStats
Signed-off-by: Remi Bergsma <github@remi.nl>
Show actual diff in commits after merge with git-pr / git-fwd-mergeThis shows the diff in commits after using `git-pr` and `git-fwd-merge` tools, like this:
```
44e8c92 Merge pull request #1226 from borisroman/CLOUDSTACK-9148
0554610 Removed .pydevproject from plugin kvm hypervisor.
```
That helps in quickly seeing what change is applied and whether it makes sense. It doesn't touch the actual code base. I'm using this patch for some time already.
* pr/1227:
Show actual diff in commits after merge
Signed-off-by: Remi Bergsma <github@remi.nl>
Adapted HypervisorUtilsTest to no longer give false positives
* pr/1187:
Adapted HypervisorUtilsTest to no longer give false positives
This closes#1185
Signed-off-by: Remi Bergsma <github@remi.nl>
when we restart vpc tiers, the old nics will be removed, and create a new nic.
however, the device_id was set to the nic count, which may be already used.
this commit get the first device_id not in use as the device_id of new nic.
This issue also happen when we add multiple networks to a vm and remove them.
CLOUDSTACK-9118 - As a Developer I want the checkrouter.sh script to report the right information about RVR routers stateThis PR fixes the RVR routers state information retrieved by the Management Server via the ```checkrouter.sh``` script.
In order to cover the changes, a new test has been added to the component/test_routers_network_ops.py test suite: test_03_RVR_Network_check_router_state
* pr/1189:
CLOUDSTACK-9118 - Adds integration test to cover routers state.
CLOUDSTACK-9118 - Improves the existing checkrouter.sh script
Signed-off-by: Remi Bergsma <github@remi.nl>
CLOUDSTACK-9106 - As a Developer I want the Redundant VPC private gateway feature fixedThis PR contains the same fixes from PR #1179, which was created against the master branch.
In addition, the points mentioned by @DaanHoogland were handled in this new PR:
* Made the code more consistent
- result = result && methodCall(), instead of throwing exceptions in some places or not checking 2 consecutive returns - in case of rVPC.
* Added an unit test to cover changes in the VpcRouterElementImpl.applyVpnUsers() method. The method returns an array of String, so I had to make sure it would contain the users from 2 consecutive calls. There are 2 tests to cover negative scenarios.
* pr/1184:
CLOUDSTACK-9106 - Makes Enum name compliant with Java code conventions.
CLOUDSTACK-9106 - Adds a test to cover the changes in the applyVpnUsers() method
CLOUDSTACK-9106 - Makes the router commands call more consistent.
CLOUDSTACK-9106 - Enables private gateway tests on Redundant VPCs
CLOUDSTACK-9106 - Refactor the createPrivateNicProfileForGateway() method
CLOUDSTACK-9106 - Reduces the amount of iterations through the routers of a VPC
Signed-off-by: Remi Bergsma <github@remi.nl>
Murali Reddy
Murali Reddy
Marc-Aurèle Brothier
root
Peter Farmer
Rohit Yadav
Remi Bergsma
Daan Hoogland
Wilder Rodrigues
Wei Zhou
Nick Livens