etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloudstack/test/integration/smoke
History
Rohit Yadav 8da2462469
CLOUDSTACK-10333: Secure Live VM Migration for KVM (#2505) 
This extends securing of KVM hosts to securing of libvirt on KVM
host as well for TLS enabled live VM migration. To simplify implementation
securing of host implies that both host and libvirtd processes are
secured with management server's CA plugin issued certificates.

Based on whether keystore and certificates files are available at
/etc/cloudstack/agent, the KVM agent determines whether to use TLS or
TCP based uris for live VM migration. It is also enforced that a secured
host will allow live VM migration to/from other secured host, and an
unsecured hosts will allow live VM migration to/from other unsecured
host only.

Post upgrade the KVM agent on startup will expose its security state
(secured detail is sent as true or false) to the managements server that
gets saved in host_details for the host. This host detail can be accesed
via the listHosts response, and in the UI unsecured KVM hosts will show
up with the host state of ‘unsecured’. Further, a button has been added
that allows admins to provision/renew certificates to KVM hosts and can
be used to secure any unsecured KVM host.

The `cloudstack-setup-agent` was modified to accept a new flag `-s`
which will reconfigure libvirtd with following settings:

    listen_tcp=0
    listen_tls=1
    tcp_port="16509"
    tls_port="16514"
    auth_tcp="none"
    auth_tls="none"
    key_file = "/etc/pki/libvirt/private/serverkey.pem"
    cert_file = "/etc/pki/libvirt/servercert.pem"
    ca_file = "/etc/pki/CA/cacert.pem"

For a connected KVM host agent, when the certificate are
renewed/provisioned a background task is scheduled that waits until all
of the agent tasks finish after which libvirt process is restarted and
finally the agent is restarted via AgentShell.

There are no API or DB changes.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 		2018-04-20 00:36:18 +05:30
..
misc Adding new test which would verify the fix for issue "The ISO/Template is automatically deleted after URL expires" 2014-10-17 18:04:35 +05:30
__init__.py apply chip childers licensing patches for the test directory 2012-06-26 11:19:58 -04:00
test_accounts.py CLOUDSTACK-10104: Optimize database transactions in ListDomain API to improve performance (#2282) 2018-01-05 21:51:46 +05:30
test_affinity_groups.py CLOUDSTACK-10193: Fix smoke tests failures with new systemvmtemplate 2017-12-23 09:22:44 +05:30
test_affinity_groups_projects.py CLOUDSTACK-10193: Fix smoke tests failures with new systemvmtemplate 2017-12-23 09:22:44 +05:30
test_certauthority_root.py CLOUDSTACK-9993: Securing Agents Communications (#2239) 2017-08-28 12:15:11 +02:00
test_deploy_vgpu_enabled_vm.py Merge branch '4.9' 2016-10-21 10:15:29 +05:30
test_deploy_virtio_scsi_vm.py CLOUDSTACK-10013: Fix VMware related issues and fix misc tests 2017-12-23 09:22:44 +05:30
test_deploy_vm_iso.py CLOUDSTACK-10013: Fixes based on code review and test failures 2017-12-23 17:51:42 +05:30
test_deploy_vm_root_resize.py CLOUDSTACK-4757: Support OVA files with multiple disks for templates (#2146) 2018-01-10 22:10:41 +05:30
test_deploy_vm_with_userdata.py CLOUDSTACK-10193: Fix smoke tests failures with new systemvmtemplate 2017-12-23 09:22:44 +05:30
test_deploy_vms_with_varied_deploymentplanners.py CLOUDSTACK-10193: Fix smoke tests failures with new systemvmtemplate 2017-12-23 09:22:44 +05:30
test_disk_offerings.py removed unnecessary pdb break point. 2015-02-09 11:56:33 +05:30
test_dynamicroles.py CLOUDSTACK-9663: updateRole cmd to return updated role as JSON (#2406) 2018-02-10 18:25:25 +01:00
test_global_settings.py CLOUDSTACK-6914: Fixed the mentioned issue 2014-06-17 14:26:44 +05:30
test_guest_vlan_range.py Re-enabling fixed test cases 2014-06-25 18:02:04 +05:30
test_host_annotations.py CLOUDSTACK-10154: fixing some smoketests failures (#2335) 2017-11-28 09:55:35 +05:30
test_host_maintenance.py CLOUDSTACK-10193: Fix smoke tests failures with new systemvmtemplate 2017-12-23 09:22:44 +05:30
test_hostha_kvm.py CLOUDSTACK-10013: Fixes based on code review and test failures 2017-12-23 17:51:42 +05:30
test_hostha_simulator.py CLOUDSTACK-10227: Stabilization fixes for 4.11.0.0 (#2403) 2018-01-15 00:08:36 +05:30
test_internal_lb.py CLOUDSTACK-10193: Fix smoke tests failures with new systemvmtemplate 2017-12-23 09:22:44 +05:30
test_iso.py CLOUDSTACK-10013: Fix VMware related issues and fix misc tests 2017-12-23 09:22:44 +05:30
test_list_ids_parameter.py CLOUDSTACK-10013: Fix VMware related issues and fix misc tests 2017-12-23 09:22:44 +05:30
test_loadbalance.py CLOUDSTACK-10193: Fix smoke tests failures with new systemvmtemplate 2017-12-23 09:22:44 +05:30
test_login.py CLOUDSTACK-9369: Restrict default login to ldap/native users 2016-05-27 15:00:05 -04:00
test_metrics_api.py CLOUDSTACK-10193: Fix smoke tests failures with new systemvmtemplate 2017-12-23 09:22:44 +05:30
test_migration.py CLOUDSTACK-10024: Network Migration (#2374) 2018-01-03 13:50:19 +05:30
test_multipleips_per_nic.py CLOUDSTACK-10193: Fix smoke tests failures with new systemvmtemplate 2017-12-23 09:22:44 +05:30
test_nested_virtualization.py CLOUDSTACK-10013: Fix VMware related issues and fix misc tests 2017-12-23 09:22:44 +05:30
test_network.py CLOUDSTACK-10013: Fixes based on code review and test failures 2017-12-23 17:51:42 +05:30
test_network_acl.py CLOUDSTACK-10193: Fix smoke tests failures with new systemvmtemplate 2017-12-23 09:22:44 +05:30
test_nic.py CLOUDSTACK-10107: For VMware VMs add devices without unit number (#2288) 2017-10-25 09:56:44 +05:30
test_nic_adapter_type.py CLOUDSTACK-10193: Fix smoke tests failures with new systemvmtemplate 2017-12-23 09:22:44 +05:30
test_non_contigiousvlan.py CLOUDSTACK-9522: Check for available attribute in marvin response 2016-10-05 15:11:00 +05:30
test_outofbandmanagement.py CLOUDSTACK-9782: New Background Polling Task Manager (#2218) 2017-08-03 11:53:45 +02:00
test_outofbandmanagement_nestedplugin.py CLOUDSTACK-9782: Nested-oobm CloudStack plugin 2017-08-30 18:06:48 +02:00
test_over_provisioning.py CLOUDSTACK-6914: Fixed the mentioned issue 2014-06-17 14:26:44 +05:30
test_password_server.py CLOUDSTACK-10013: Fixes based on code review and test failures 2017-12-23 17:51:42 +05:30
test_portable_publicip.py CLOUDSTACK-6914: Fixed the mentioned issue 2014-06-17 14:26:44 +05:30
test_portforwardingrules.py CLOUDSTACK-10193: Fix smoke tests failures with new systemvmtemplate 2017-12-23 09:22:44 +05:30
test_primary_storage.py CLOUDSTACK-8865: Adding SR doesn't create Storage_pool_host_ref entry for disabled host (#876) 2017-09-21 10:49:11 +05:30
test_privategw_acl.py CLOUDSTACK-10013: Fixes based on code review and test failures 2017-12-23 17:51:42 +05:30
test_projects.py CLOUDSTACK-10193: Fix smoke tests failures with new systemvmtemplate 2017-12-23 09:22:44 +05:30
test_public_ip_range.py CLOUDSTACK-10227: Stabilization fixes for 4.11.0.0 (#2403) 2018-01-15 00:08:36 +05:30
test_pvlan.py CLOUDSTACK-6914: Fixed the mentioned issue 2014-06-17 14:26:44 +05:30
test_regions.py CLOUDSTACK-9989: Extend smoketests suite (#2219) 2017-11-22 17:06:22 +05:30
test_reset_vm_on_reboot.py CLOUDSTACK-10193: Fix smoke tests failures with new systemvmtemplate 2017-12-23 09:22:44 +05:30
test_resource_detail.py CLOUDSTACK-6914: Fixed the mentioned issue 2014-06-17 14:26:44 +05:30
test_router_dhcphosts.py CLOUDSTACK-10193: Fix smoke tests failures with new systemvmtemplate 2017-12-23 09:22:44 +05:30
test_router_dns.py CLOUDSTACK-10193: Fix smoke tests failures with new systemvmtemplate 2017-12-23 09:22:44 +05:30
test_router_dnsservice.py CLOUDSTACK-10193: Fix smoke tests failures with new systemvmtemplate 2017-12-23 09:22:44 +05:30
test_routers.py CLOUDSTACK-10193: Fix smoke tests failures with new systemvmtemplate 2017-12-23 09:22:44 +05:30
test_routers_iptables_default_policy.py CLOUDSTACK-10193: Fix smoke tests failures with new systemvmtemplate 2017-12-23 09:22:44 +05:30
test_routers_network_ops.py CLOUDSTACK-10193: Fix smoke tests failures with new systemvmtemplate 2017-12-23 09:22:44 +05:30
test_scale_vm.py CLOUDSTACK-8924: Removed duplicate test from test_scale_vm.py 2015-09-30 15:23:30 +05:30
test_secondary_storage.py Extend wait before retry to states other than 'Starting' 2015-06-24 07:34:26 +02:00
test_service_offerings.py CLOUDSTACK-10321: CPU Cap for KVM (#2482) 2018-03-14 18:21:24 +00:00
test_snapshots.py CLOUDSTACK-10193: Fix smoke tests failures with new systemvmtemplate 2017-12-23 09:22:44 +05:30
test_ssvm.py CLOUDSTACK-10227: Stabilization fixes for 4.11.0.0 (#2403) 2018-01-15 00:08:36 +05:30
test_staticroles.py CLOUDSTACK-10012: Migrate to Embedded Jetty 2017-11-03 23:57:25 +05:30
test_templates.py CLOUDSTACK-10227: Stabilization fixes for 4.11.0.0 (#2403) 2018-01-15 00:08:36 +05:30
test_usage.py CLOUDSTACK-10193: Fix smoke tests failures with new systemvmtemplate 2017-12-23 09:22:44 +05:30
test_usage_events.py CLOUDSTACK-8314: Add test case to validate VM.DESTROY event is logged when VM deployment fails 2015-03-12 16:43:08 +05:30
test_vm_life_cycle.py CLOUDSTACK-10333: Secure Live VM Migration for KVM (#2505) 2018-04-20 00:36:18 +05:30
test_vm_snapshots.py CLOUDSTACK-10227: Add delay before reverting VM snapshot (#2407) 2018-01-15 15:57:48 +05:30
test_volumes.py CLOUDSTACK-10227: Stabilization fixes for 4.11.0.0 (#2403) 2018-01-15 00:08:36 +05:30
test_vpc_redundant.py CLOUDSTACK-10341: Reduce systemvmtemplate size, install nftables (#2506) 2018-03-28 13:11:51 +05:30
test_vpc_router_nics.py CLOUDSTACK-10193: Fix smoke tests failures with new systemvmtemplate 2017-12-23 09:22:44 +05:30
test_vpc_vpn.py CLOUDSTACK-10013: Fixes based on code review and test failures 2017-12-23 17:51:42 +05:30