I see a test was failing: LibvirtComputingResourceTest.testMigrateCommand.
I'm not sure if you can do an "or" with Mockito, but I changed a check to
the following and it passes now (it was failing because a 1 was being
passed in now instead of an 8 on my platform):
try {
verify(dm, times(1)).getXMLDesc(8);
} catch (final Throwable t) {
try {
verify(dm, times(1)).getXMLDesc(1);
}
catch (final LibvirtException e) {
fail(e.getMessage());
}
}
On Mon, Aug 31, 2015 at 12:38 PM, Mike Tutkowski <
mike.tutkow...@solidfire.com> wrote:
> This is probably more esthetically pleasing to most people (and simpler
> looking):
>
> CVE-2015-3252: Get XML with sensitive information suitable
> for migration by using
>
> VIR_DOMAIN_XML_MIGRATABLE flag (value = 8)
>
>
> https://libvirt.org/html/libvirt-libvirt-domain.html#virDomainXMLFlags
>
>
> Use VIR_DOMAIN_XML_SECURE (value = 1) prior
> to v1.0.0.
>
> */
>
> int xmlFlag = conn.getLibVirVersion() >= 1000000 ? 8 : 1;
>
>
> xmlDesc =
> dm.getXMLDesc(xmlFlag).replace(libvirtComputingResource.getPrivateIp(),
> command.getDestinationIp());
>
> On Mon, Aug 31, 2015 at 12:34 PM, Mike Tutkowski <
> mike.tutkow...@solidfire.com> wrote:
>
>> Sounds good
>>
>> Does this look reasonable (I haven't tested it yet):
>>
>> CVE-2015-3252: Get XML with sensitive information
>> suitable for migration by using
>>
>> VIR_DOMAIN_XML_MIGRATABLE flag (value = 8)
>>
>>
>> https://libvirt.org/html/libvirt-libvirt-domain.html#virDomainXMLFlags
>>
>>
>> Use VIR_DOMAIN_XML_SECURE (value = 1)
>> prior to v1.0.0.
>>
>> */
>>
>> if (conn.getLibVirVersion() >= 1000000) { // 1000000 equals
>> v1.0.0
>>
>> xmlDesc =
>> dm.getXMLDesc(8).replace(libvirtComputingResource.getPrivateIp(),
>> command.getDestinationIp());
>>
>> }
>>
>> else {
>>
>> xmlDesc =
>> dm.getXMLDesc(1).replace(libvirtComputingResource.getPrivateIp(),
>> command.getDestinationIp());
>>
>> }
>>
>> On Mon, Aug 31, 2015 at 12:06 PM, Marcus <shadow...@gmail.com> wrote:
>>
>>> Might as well put the check in, to ensure we don't try to use flags that
>>> aren't available.
>>>
>>> On Mon, Aug 31, 2015 at 10:21 AM, Mike Tutkowski <
>>> mike.tutkow...@solidfire.com> wrote:
>>>
>>> > Thanks, everyone
>>> >
>>> > Marcus - Do you think I should put in a version check or is that
>>> version of
>>> > Libvirt too old to bother supporting?
>>> >
>>> > On Monday, August 31, 2015, Marcus <shadow...@gmail.com> wrote:
>>> >
>>> > > Looks like the VIR_DOMAIN_XML_MIGRATABLE flag was introduced in
>>> v1.0.0
>>> > > (version 1000000 in how the Libvirt API reports), and
>>> > VIR_DOMAIN_XML_SECURE
>>> > > was all the way back in v0.8.0 (version 8000).
>>> > >
>>> > > On Mon, Aug 31, 2015 at 8:04 AM, Marcus <shadow...@gmail.com
>>> > > <javascript:_e(%7B%7D,'cvml','shadow...@gmail.com');>> wrote:
>>> > >
>>> > >> There are a bunch of things like this in the code already, and
>>> they're
>>> > >> wrapped in version checks. See
>>> > >>
>>> > >> _hypervisorLibvirtVersion in LibvirtComputingResource. We just need
>>> to
>>> > >> figure out which versions need to be left out.
>>> > >>
>>> > >>
>>> > >>
>>> > >>
>>> > >> On Mon, Aug 31, 2015 at 1:56 AM, Rohit Yadav <
>>> rohit.ya...@shapeblue.com
>>> > >> <javascript:_e(%7B%7D,'cvml','rohit.ya...@shapeblue.com');>> wrote:
>>> > >>
>>> > >>> Hi Mike,
>>> > >>>
>>> > >>> I think it is related to this, the libvirt version is really old
>>> that
>>> > >>> lacks the flags:
>>> > >>>
>>> > >>>
>>> >
>>> https://github.com/apache/cloudstack/commit/5d29b63cfa98a15d7734798c5b29a43658d7f112
>>> > >>>
>>> > >>> If VM migration flag (8) is not available, can you check
>>> > >>> if VIR_DOMAIN_XML_SECURE (flag=1) works for you, if so we can
>>> change
>>> > the
>>> > >>> above fix to use 0x1 (or 1) to support KVM/12.04 though I’m not
>>> sure
>>> > if for
>>> > >>> vm migration the xml dump method should be provided 0x1 and not 0x8
>>> > >>> (VIR_DOMAIN_XML_MIGRATABLE).
>>> > >>>
>>> > >>> On 31-Aug-2015, at 11:29 am, Mike Tutkowski
>>> <mike.tutkowski@solidfire
>>> > >>>
>>> > >>> .com> wrote:
>>> > >>>
>>> > >>> Hi,
>>> > >>>
>>> > >>> I'm having a problem migrating a VM from one 12.04 KVM host to
>>> another
>>> > >>> 12.04 KVM host in the same cluster in CS 4.6.
>>> > >>>
>>> > >>> Anyone know why I might be receiving this error message?
>>> > >>>
>>> > >>> invalid argument: virDomainDefFormat: unsupported flags (0x8)
>>> > >>>
>>> > >>> The root disk is stored on cluster-scoped NFS primary storage.
>>> > >>>
>>> > >>> Thanks!
>>> > >>>
>>> > >>> --
>>> > >>> *Mike Tutkowski*
>>> > >>> *Senior CloudStack Developer, SolidFire Inc.*
>>> > >>> e: mike.tutkow...@solidfire.com
>>> > >>> <javascript:_e(%7B%7D,'cvml','mike.tutkow...@solidfire.com');>
>>> > >>> o: 303.746.7302
>>> > >>> Advancing the way the world uses the cloud
>>> > >>> <http://solidfire.com/solution/overview/?video=play>*™*
>>> > >>>
>>> > >>>
>>> > >>> Regards,
>>> > >>> Rohit Yadav
>>> > >>> Software Architect, ShapeBlue
>>> > >>>
>>> > >>>
>>> > >>>
>>> > >>>
>>> > >>> M. +91 88 262 30892 | rohit.ya...@shapeblue.com
>>> > >>> <javascript:_e(%7B%7D,'cvml','rohit.ya...@shapeblue.com');>
>>> > >>> Blog: bhaisaab.org | Twitter: @_bhaisaab
>>> > >>>
>>> > >>>
>>> > >>>
>>> > >>>
>>> > >>> Find out more about ShapeBlue and our range of CloudStack related
>>> > >>> services
>>> > >>>
>>> > >>> IaaS Cloud Design & Build
>>> > >>> <http://shapeblue.com/iaas-cloud-design-and-build//>
>>> > >>> CSForge – rapid IaaS deployment framework
>>> > >>> <http://shapeblue.com/csforge/>
>>> > >>> CloudStack Consulting <
>>> http://shapeblue.com/cloudstack-consultancy/>
>>> > >>> CloudStack Software Engineering
>>> > >>> <http://shapeblue.com/cloudstack-software-engineering/>
>>> > >>> CloudStack Infrastructure Support
>>> > >>> <http://shapeblue.com/cloudstack-infrastructure-support/>
>>> > >>> CloudStack Bootcamp Training Courses
>>> > >>> <http://shapeblue.com/cloudstack-training/>
>>> > >>>
>>> > >>> This email and any attachments to it may be confidential and are
>>> > >>> intended solely for the use of the individual to whom it is
>>> addressed.
>>> > Any
>>> > >>> views or opinions expressed are solely those of the author and do
>>> not
>>> > >>> necessarily represent those of Shape Blue Ltd or related
>>> companies. If
>>> > you
>>> > >>> are not the intended recipient of this email, you must neither
>>> take any
>>> > >>> action based upon its contents, nor copy or show it to anyone.
>>> Please
>>> > >>> contact the sender if you believe you have received this email in
>>> > error.
>>> > >>> Shape Blue Ltd is a company incorporated in England & Wales.
>>> ShapeBlue
>>> > >>> Services India LLP is a company incorporated in India and is
>>> operated
>>> > under
>>> > >>> license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is
>>> a
>>> > >>> company incorporated in Brasil and is operated under license from
>>> Shape
>>> > >>> Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The
>>> Republic
>>> > of
>>> > >>> South Africa and is traded under license from Shape Blue Ltd.
>>> > ShapeBlue is
>>> > >>> a registered trademark.
>>> > >>>
>>> > >>
>>> > >>
>>> > >
>>> >
>>> > --
>>> > *Mike Tutkowski*
>>> > *Senior CloudStack Developer, SolidFire Inc.*
>>> > e: mike.tutkow...@solidfire.com
>>> > o: 303.746.7302
>>> > Advancing the way the world uses the cloud
>>> > <http://solidfire.com/solution/overview/?video=play>*™*
>>> >
>>>
>>
>>
>>
>> --
>> *Mike Tutkowski*
>> *Senior CloudStack Developer, SolidFire Inc.*
>> e: mike.tutkow...@solidfire.com
>> o: 303.746.7302
>> Advancing the way the world uses the cloud
>> <http://solidfire.com/solution/overview/?video=play>*™*
>>
>
>
>
> --
> *Mike Tutkowski*
> *Senior CloudStack Developer, SolidFire Inc.*
> e: mike.tutkow...@solidfire.com
> o: 303.746.7302
> Advancing the way the world uses the cloud
> <http://solidfire.com/solution/overview/?video=play>*™*
>
--
*Mike Tutkowski*
*Senior CloudStack Developer, SolidFire Inc.*
e: mike.tutkow...@solidfire.com
o: 303.746.7302
Advancing the way the world uses the cloud
<http://solidfire.com/solution/overview/?video=play>*™*
