Re: [Proposal]CloudStack IAM plugin feature (CLOUDSTACK-5920)

[Koushik Das]

Some questions:

- Is there a concept of generic permission (any action, any resource etc.)? 
There shouldn't be a need to define hundreds of explicit permissions for admin 
account.
- I think it would be good to have a notion of parent policy. This will avoid 
duplication of permissions.
- Can you explain the permission evaluation order? What if one permission is 
allow and another is deny for a given resource, which is given priority and 
where the evaluation ends? Also what is logic to select permissions from 
different policies for a given request (start VM for account id 11 (belonging 
to domain id 1))? For e.g. if the permissions are defined like

1|start|VirtualMachine|NULL|ALL|NULL|Allow|NULL|2013-10-10 14:13:34
2|any|VirtualMachine|domain id = 1|Domain|NULL|Deny|NULL|2013-10-10 14:13:34
3|start|VirtualMachine|account id = 11|Account|NULL|Deny|NULL|2013-10-10 
14:13:34
4|start,stop|VirtualMachine|account id = 12|Account|NULL|Allow|NULL|2013-10-10 
14:13:34
5|any|any|NULL|ALL|NULL|Allow|NULL|2013-10-10 14:13:34


Thanks,
Koushik

On 22-Jan-2014, at 3:27 AM, Prachi Damle 
mailto:prachi.da...@citrix.com>> wrote:

Min and myself would like to propose an identity and access management plugin 
for CloudStack for the ACS 4.4 release.

Here is the functional spec we have drafted for the first phase:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+Identity+and+Access+Management+%28IAM%29+Plugin

Currently CloudStack provides very limited IAM services and there are several 
drawbacks:

- Offers few roles out of the box (user and admin) with prebaked access 
control. There is no way to create customized policies and permissions.
- Some resources have access control baked into them. E.g., shared networks, 
projects etc.
- We have to create special dedicateXXX APIs to grant permissions to resources.
- Also it does not provide the flexibility to integrate with other RBAC 
implementations say using AD/LDAP

Goal for this feature would be to address these limitations and offer true IAM 
services in a phased manner.
As a first phase, we need to separate out the current access control into a 
separate component based on the standard IAM terminologies. Also we need to 
create an access check mechanism to be used by the API layer to avoid the 
checks scattered over the api/service layer. The read/listing APIs need to be 
refactored accordingly to consider the policy based access granting.

Please provide feedback/suggestions anyone has.

Thanks,
Prachi & Min

RE: Error Codes\ Export Import Config

[Santhosh Edukulla]

Team,

Regarding note1 below, if we can have status\fault\return codes returned for 
every API atleast for new additions going ahead as part of the response, that 
should be good i believe. 

Even for blocking\nonblocking calls, we can have some status codes provided, so 
that we user can take appropriate action, before proceeding with next action.  
EX: INVALID_INPUT,SUCCESS etc.

Some times, throwing exception may also could be because of an issue with code 
away from request handling.

Regards,
Santhosh

From: Santhosh Edukulla
Sent: Tuesday, October 15, 2013 1:38 PM
To: dev@cloudstack.apache.org
Subject: Error Codes\ Export Import Config

Hello Team,

1/ Is there a document with  information to know all the Error\Fault codes, 
their level ,subject and description info returned by different API's under 
cloudstack? EX: If we call a particular API, its returned code at various 
levels of API call, for failure\Info\success case in general?

2/ A way to export all the configuration related to a cloudstack deployment and 
re import on other deployment for use?

3/ Also, Is there  a way to get\export configuration for various entities viz., 
offerings ssvms,cpvms, templates ,guest vms information created under given 
zone, account etc, Export that configuration and use that configuration as 
template to reimport at other place to create a similar cloud information? Any 
API\s exposed to do this task,say export, import and create, import and 
recreate, list available configurations, delete configurations etc.?


Thanks!
Santhosh

Re: [Proposal]CloudStack IAM plugin feature (CLOUDSTACK-5920)

[sebgoa]

On Jan 21, 2014, at 10:57 PM, Prachi Damle  wrote:

> Min and myself would like to propose an identity and access management plugin 
> for CloudStack for the ACS 4.4 release.
> 
> Here is the functional spec we have drafted for the first phase:
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+Identity+and+Access+Management+%28IAM%29+Plugin
> 
> Currently CloudStack provides very limited IAM services and there are several 
> drawbacks:
> 
> - Offers few roles out of the box (user and admin) with prebaked access 
> control. There is no way to create customized policies and permissions.
> - Some resources have access control baked into them. E.g., shared networks, 
> projects etc.
> - We have to create special dedicateXXX APIs to grant permissions to 
> resources.
> - Also it does not provide the flexibility to integrate with other RBAC 
> implementations say using AD/LDAP
> 
> Goal for this feature would be to address these limitations and offer true 
> IAM services in a phased manner.
> As a first phase, we need to separate out the current access control into a 
> separate component based on the standard IAM terminologies. Also we need to 
> create an access check mechanism to be used by the API layer to avoid the 
> checks scattered over the api/service layer. The read/listing APIs need to be 
> refactored accordingly to consider the policy based access granting.
> 
> Please provide feedback/suggestions anyone has.
> 

Prachi, I think that's a good idea, it would be nice to look at the AWS IAM 
service and map the API one2one. It would ease pain down the road if we want to 
serve a AWS compatible IAM.

-sebastien

> Thanks,
> Prachi & Min

Re: Review Request 17116: Phase1 Marvin Changes.Fix-for-CLOUDSTACK-5674, 5498, 5500( Fixed Few issues in patch 17113 )

[Santhosh Edukulla]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/17116/
---

(Updated Jan. 22, 2014, 10:54 a.m.)


Review request for cloudstack and Girish Shilamkar.


Changes
---

Attaching the new patch file as discussed. Tested to apply locally and it 
worked.


Repository: cloudstack-git


Description
---

Fixed few issues including pep8 in previous submitted patch ( 17113 ). Tested 
Deploying a DC. 


Diffs
-

  setup/dev/advanced.cfg 23981f0 
  setup/dev/basic.cfg 3e39d6d 
  test/integration/component/test_add_remove_network.py 8ec2971 
  test/integration/component/test_affinity_groups.py 7e4fabe 
  test/integration/component/test_cpu_domain_limits.py c427e4f 
  test/integration/component/test_cpu_limits.py bdf2869 
  test/integration/component/test_cpu_max_limits.py 317df16 
  test/integration/component/test_cpu_project_limits.py a8a1b3c 
  test/integration/component/test_memory_limits.py 7921e4b 
  test/integration/component/test_mm_domain_limits.py 68660c1 
  test/integration/component/test_mm_max_limits.py e10c119 
  test/integration/component/test_mm_project_limits.py c314011 
  test/integration/component/test_portable_ip.py b09daf9 
  test/integration/component/test_vpc.py 1af8d81 
  test/integration/component/test_vpn_users.py 02dd026 
  test/integration/smoke/test_affinity_groups.py c96a580 
  test/integration/smoke/test_deploy_vm.py 425aeb7 
  test/integration/smoke/test_deploy_vm_with_userdata.py e3788cf 
  tools/marvin/marvin/asyncJobMgr.py ee0e891 
  tools/marvin/marvin/cloudstackConnection.py fb03e3b 
  tools/marvin/marvin/cloudstackException.py 623 
  tools/marvin/marvin/cloudstackTestClient.py 4ac510b 
  tools/marvin/marvin/codegenerator.py e0f056f 
  tools/marvin/marvin/codes.py 74fb05d 
  tools/marvin/marvin/config/test_data.cfg PRE-CREATION 
  tools/marvin/marvin/configGenerator.py 0d79e8e 
  tools/marvin/marvin/dbConnection.py 99014ab 
  tools/marvin/marvin/deployDataCenter.py c4f6e1e 
  tools/marvin/marvin/integration/lib/common.py 550de1a 
  tools/marvin/marvin/jsonHelper.py ae40b8d 
  tools/marvin/marvin/marvinInit.py f722058 
  tools/marvin/marvin/marvinLog.py 76de185 
  tools/marvin/marvin/marvinPlugin.py df7d7a3 
  tools/marvin/marvin/tcExecuteEngine.py f959e7e 

Diff: https://reviews.apache.org/r/17116/diff/


Testing
---


File Attachments (updated)


New Patch File
  
https://reviews.apache.org/media/uploaded/files/2014/01/22/1759bdd3-40f9-4462-81b5-e44df20774dc__new_diff.patch


Thanks,

Santhosh Edukulla

Re: [PROPOSAL] region level VPC and guest network spanning multiple zones

[Murali Reddy]

Please find the FS for this proposal at below link. I will be sending out
a different proposal covering the enhancements called out in the FS.

https://cwiki.apache.org/confluence/display/CLOUDSTACK/Region+level+VPC+and
+guest+network+spanning+multiple+zones

On 19/12/13 5:54 PM, "Murali Reddy"  wrote:

>I would like to propose two networking models enhancements for ACS 4.4
>release that will enable building highly available applications. Currently
>VPC in CloudStack is a zone level entity. So tiers with in the VPC are
>confined to the zone to which VPC belongs. For an application deployed in
>current model of VPC failure of the zone is a single point of failure. It
>is desirable to make VPC a region level entity, where tiers in the VPC can
>be created in different zones of the region. When tiers can be created in
>different zones, application hosted in VPC can be architected to be highly
>available masking zone failures by having redundant tiers in different
>zones. While it may be seen as natural extension, there are fundamental
>limitations with VLAN/traditional L2 based networking due to which
>realizing it would be non-trivial or require special solutions [1].
>Overlay networks [2] in the context of SDN & network virtualization
>provides a way to build networks that are abstracted from
>physical/underlay network. An overlay network is typically built with
>tunnels across edge(vSwitch's in hypervisor) and core is plain L3 network.
>With requirement that L3 connectivity across zones and tunnels can be
>established across the zones, an overlay network that spans multiple zones
>is easily realized.
>
>Given the range of SDN controllers that are integrated with CS, goal of
>this proposal is to leverage advances in SDN & network virtualization
>introduce below generic notions into CS.
>
>- an advanced zone isolated network that can span multiple zones
>- a region level VPC where tiers belong to different zones.
>
>I have opened bugs [3],[4] to track these two enhancements. As part of the
>effort I would like to extend the current OVS plug-in (that builds overlay
>network with GRE tunnels) to realise these two use-cases. I have opened
>bug [5] to track this enhancement.
>
>As long as we establish tunnels across the zones, we can have overlay
>networks that are functional, but would be inefficient in handling
>east-west traffic [6] and BUM traffic. While the problems exist in the
>overlay networks that are confined to a zone as well, they are compounded
>when the network spans multiple zones resulting in high cross-zone
>east-west traffic. I would be sending out a complementary proposal to
>introduce distributed routing and ACL's for east-west traffic and ARP
>localisation that will allow only legitimate cross zone east-west traffic.
>
>I will send out a functional specification with detailed requirements,
>assumptions, limitation etc once I make progress with these enhancements.
>Please share any feedback and comments.
>
>[1] 
>http://www.networkworld.com/news/tech/2010/090310-layer2-data-center-inter
>c
>onnect.html
>[2] 
>http://etherealmind.com/introduction-to-how-overlay-networking-and-tunnel-
>f
>abrics-work/
>[3] https://issues.apache.org/jira/browse/CLOUDSTACK-5567
>[4] https://issues.apache.org/jira/browse/CLOUDSTACK-5568
>[5] https://issues.apache.org/jira/browse/CLOUDSTACK-5569
>[6] 
>http://blog.ipspace.net/2011/02/traffic-trombone-what-it-is-and-how-you.ht
>m
>l
>
>

mycila maven-license-plugin?

[Hugo Trippaers]

Heya,

In the past there have been several occasions where people missed the required 
headers when committing a files (and a disproportionate amount of those commits 
were mine ;-) ). Look at how other projects solve that issue i ran into the 
mycila license plugin. This is a maven plugin that does the check and can 
easily be configured to run as part of a module build. One of the nice things 
is the format goal, which will actually fix all sources to comply with the 
header as defined in the configuration.

I’ve taken the liberty of implementing this check for both the nvp and the 
opendaylight plugin. Actually the open daylight plugin was developed with the 
goal set to format. Allowing me to never have to worry about the license 
headers at all. 

My proposal would be to add this plugin in check mode to the other modules as 
well. However due to small changes in the way the plugin parses the files we 
would need to update the headers of most files in the repo. the plugin expects 
the last line of the header to be // and currently we don’t have that. 
This can be fixed by using the format goal on the module. If we think this is a 
way forward,i’ll start doing the updates to the other modules.

For external plugin developers this should be easy as well. Just make sure the 
parent pom is set to cloudstack main pom and you’ll get both the license and 
the checkstyle configuration inherited.

Cheers,

Hugo

[ACS 4.3] Cherry pick request for CLOUDSTACK-5927

[Likitha Shetty]

Please cherry pick commit 94ea2736f4a1614e45f4bc56388aad7adeb22a08 from 
4.3-forward branch to 4.3 branch.

Thanks,
Likitha

Re: checkstyle problems...

[Hugo Trippaers]

Heya,

The disable profile is in the pom now. If you add the profile disablecheckstyle 
to your eclipse m2e configuration for cloudstack, all checkstyle configuration 
from maven will be ignored.

Cheers,

Hugo

On 16 jan. 2014, at 16:11, Mike Tutkowski  wrote:

> That sounds good, Hugo - thanks!
> 
> 
> On Thu, Jan 16, 2014 at 2:53 AM, Hugo Trippaers  wrote:
> 
>> Yeah,
>> 
>> swapping out branches is a tricky thing in eclipse. I generally use two
>> workspaces, one for master and one for current release branch.
>> 
>> I noticed that when you swap branches eclipse keeps the “old” checkstyle
>> config, but without any of the limitations place on it by the poms, because
>> those are gone.
>> 
>> I’ll fix the problem with the nvp plugin in 4.3 right away, the project
>> config didn’t get removed when the checkstyle project was removed.
>> 
>> Other than that, with the latest updates to the poms it’s running smoothly
>> for me. Even when reimporting the projects, but i removed my
>> .m2/repo../../cloudstack folder as well.
>> 
>> I could make a profile that turns off checkstyle in all the subprojects?
>> That could help to reduce the problems which switching between 4.3 and
>> master.  Once we start the 4.4 track it shouldn’t be that much of a problem
>> any more. Especially if i remove the snapshot tag from the checkstyle
>> project, there is actually no need to keep that versioned together with CS.
>> That way multiple branches can all use the same checkstyle config.
>> 
>> Is that workable for you guys?
>> 
>> Cheers,
>> 
>> Hugo
>> 
>> On 15 jan. 2014, at 18:05, Mike Tutkowski 
>> wrote:
>> 
>>> Yeah, and to clarify, the reason I sometimes do that is if I switch
>> between
>>> branches. I've noticed many problems in Eclipse when I swap out a branch
>>> underneath it, so I generally remove all the projects and re-import them
>> at
>>> these times.
>>> 
>>> 
>>> On Wed, Jan 15, 2014 at 10:02 AM, Alex Huang 
>> wrote:
>>> 
 Hugo,
 
 I didn't see any problems at first either.  Later, when I tried to
>> figure
 out why Mike was seeing problems, I remembered he said he often deletes
>> the
 whole workspace and started over.  So I did the same.  I removed my
>> eclipse
 workspace and removed all .project files and started over completely.
 After that, I started seeing the problems.
 
 --Alex
 
> -Original Message-
> From: Trippie [mailto:trip...@gmail.com] On Behalf Of Hugo Trippaers
> Sent: Tuesday, January 14, 2014 11:31 PM
> To: dev
> Subject: Re: checkstyle problems...
> 
> Hey guys,
> 
> 
> There are two ideas behind using checkstyle a i've currently
>> implemented
 it
> in the maven build. First of all it runs for every project, this means
 that
> triggering a compile on a single module will also run the checkstyle
 checks on
> it. So you don't have to recompile the entire project and use the slow
 global
> checkstyle check, but fast local audit. This also ties in with my plans
 to get
> incremental builds going, the idea is to get Jenkins feedback on a
>> commit
> within 5 minutes of doing the commit. For this we need incremental
>> builds
> which builds only the modules that were touched by a commit (and
>> possibly
> dependents). By having checkstyle local to the module, it would be
 included
> in such a build. Secondly by making it a maven module like this it
>> means
> external plugin developers can include the exact same maven
>> configuration
> for their project and download our checkstyle configuration using the
 maven
> framework. Not really a big deal, but it might help when we have more
> separate repositories for plugins.
> 
> The same reasoning goes for the maven license plugin, i'm testing that
 one in
> the opendaylight plugin and it could replace the rat checks with a
>> simple
> check that would run on every module individually. But more on that
>> later
> 
> So my preference would be to keep it as is obviously, but i'm in
 agreement
> that it shouldn't cause trouble when using an editor like eclipse. I'm
 not
> seeing those issues in my eclipse at the moment, so i'll try to
 reproduce them
> and see if they can be fixed.
> 
> Cheers,
> 
> Hugo
> 
> 
> 
> On 15 jan. 2014, at 05:02, Alex Huang  wrote:
> 
>> Yes.  I do believe it runs on every eclipse recompile because it's now
 part of
> the build for every project.  I've gotten so frustrated with it, I've
 reverted the
> commit locally but I don't know checkstyle very well so I'm hoping Hugo
 has a
> better solution.
>> 
>> --Alex
>> 
>>> -Original Message-
>>> From: Mike Tutkowski [mailto:mike.tutkow...@solidfire.com]
>>> Sent: Tuesday, January 14, 2014 12:01 PM
>>> To: dev@cloudstack.apache.org
>>> Cc: Hugo Trippaers (h

Re: Blacklists for passwords

[Daan Hoogland]

Demetrius,

>From a development point of view I would oppose to such a feature. Of
course we can en-/disable it by a build profile.
Further more it should imo be configurable as to what the format must
be that the password adheres to.

Hope this spikes some opposition,
Daan

On Tue, Jan 21, 2014 at 8:04 PM, Demetrius Tsitrelis
 wrote:
>
>
> CloudStack does not enforce complexity rules for user passwords even in its 
> built-in user database. For some accounts in particular, such as the root 
> domain admin, it would seem a good idea to have some minimum requirements.  
> Empty passwords, for example, should not be allowed. What do you think about 
> having a blacklist of
> unacceptable passwords (e.g., “password”, “admin”, etc.) for the rood domain 
> admin?
>
>

Re: Review Request 16249: CLOUDSTACK-5496 : Account included in ActionEvents is Project Account ID

[David Grizzanti]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/16249/
---

(Updated Jan. 22, 2014, 2:07 p.m.)


Review request for cloudstack and Murali Reddy.


Changes
---

Uploaded patch for master


Bugs: CLOUDSTACK-5496
https://issues.apache.org/jira/browse/CLOUDSTACK-5496


Repository: cloudstack-git


Description
---

CLOUDSTACK-5496 : Account included in ActionEvents is Project Account ID

When Action Events are generated and placed on the Event Bus, an "account" 
parameter is included with the event. When these events are generated for 
resources within projects, this "account" parameter is not useful as it's the 
UUID of the project account, instead of the project. 

To solve this, I updated ActionEventsUtil class to include a "project" 
parameter in the generated events when the resource is being 
changed/add/deleted in a project.


Diffs (updated)
-

  server/src/com/cloud/event/ActionEventUtils.java 0363a0d 
  server/test/org/apache/cloudstack/affinity/AffinityApiUnitTest.java 061fd42 

Diff: https://reviews.apache.org/r/16249/diff/


Testing
---

Testing done 4.2


Thanks,

David Grizzanti

Re: Review Request 15280: CLOUDSTACK-5062: Deleting Load Balancing Rule fails when generating usage events are enabled

[David Grizzanti]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/15280/
---

(Updated Jan. 22, 2014, 2:09 p.m.)


Review request for cloudstack and daan Hoogland.


Bugs: CLOUDSTACK-5062
https://issues.apache.org/jira/browse/CLOUDSTACK-5062


Repository: cloudstack-git


Description
---

CLOUDSTACK-5062: Deleting Load Balancing Rule fails when generating usage 
events are enabled

Added logic so that a correct zoneID is passed when generating usage events 
while deleting load balancing rules:
- Added logic to 
server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java to grab zone 
id and pass to publishUsageEvent


Diffs
-

  server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java be81a3e 

Diff: https://reviews.apache.org/r/15280/diff/


Testing
---

Testing only on 4.2


Thanks,

David Grizzanti

Re: Xapi version in pom.xml updated erroneously

[Daan Hoogland]

Are you using the revert process or the one that makes a branch for
the release? (is my commit the latest on the build_asf.sh script?)

On Wed, Jan 22, 2014 at 5:15 AM, Animesh Chaturvedi
 wrote:
> While building the ACS 4.3 RC  I ran into the same issue as seen by Abhi for 
> 4.2.1
>
> Build_asf.sh messes the XAPI version. I have reopened CLOUDSTACK-4827
>
>
>>(2) the xapi version in deps/XenServerJava/pom.xml should not be
>>changed when you bump the version from 4.2.1-SNAPSHOT to 4.2.1. (see
>>CLOUDSTACK-4827)
>
> Ok, I can see that the build script is trying to revert back the version to 
> 4.2.1-SNAPSHOT but in the final build the version is not reverted.
> Will be checking what is causing that.
>
> -abhi
>

Re: git commit: updated refs/heads/4.2 to 2b34dc5

[Daan Hoogland]

Please check again guys, it would seems that my code was used (does
not do a revert but commits on a new branch.

On Wed, Jan 22, 2014 at 6:28 AM, Abhinandan Prateek
 wrote:
> One solution was given by Dan where he suggested that for RC we create a
> branch. That I guess is still in review board.
>
> -abhi
>
> On 22/01/14 10:42 am, "Animesh Chaturvedi" 
> wrote:
>
>>That seems kludgy we need an elegant solution
>>
>>-Original Message-
>>From: Abhinandan Prateek
>>Sent: Tuesday, January 21, 2014 9:11 PM
>>To: dev@cloudstack.apache.org
>>Cc: Animesh Chaturvedi
>>Subject: Re: git commit: updated refs/heads/4.2 to 2b34dc5
>>
>>I looked at 4.3-forward and it seems the revert commit is missing. That
>>is why the “SNAPSHOT” extension is not restored.
>>
>>On 22/01/14 10:31 am, "Abhinandan Prateek" 
>>wrote:
>>
>>>Animesh,
>>>
>>>  When you run build_asf script it does the following:
>>>
>>>1. Removes the -SNAPSHOT extensions from all version numbers, including
>>>xapi.
>>>2. It creates a commit for this updated pom.xml without the extension.
>>>Generates a tag too.
>>>3. It does all the building stuff etc.
>>>4. Reverses the commit created in 2.
>>>
>>>Now if you push the commits, you should see 2 commits: one commit
>>>changing versions and second reverting it, the branch returns to the
>>>pre-build state where ³-SNAPSHOT² is restored.
>>>
>>>-abhi
>>>
>>>On 22/01/14 10:15 am, "Animesh Chaturvedi"
>>>
>>>wrote:
>>>
I ran into this issue again with tools/build/build_asf.sh while
building
4.3 RC. I have gotten around it locally with help from Sheng but do
not know what it the correct way to fix it. I have reopened
CLOUDSTACK-4827

Any help is appreciated

-Original Message-
From: Wei Zhou [mailto:w.z...@leaseweb.com]
Sent: Monday, December 16, 2013 2:25 AM
To: Abhinandan Prateek; dev@cloudstack.apache.org
Cc: aprat...@apache.org
Subject: RE: git commit: updated refs/heads/4.2 to 2b34dc5

Abhi, Chips

The issue CLOUDSTACK-4827 happened when one build 4.2 (with
xapi-5.6.100-1) if compiled 4.1 (with xapi-5.6.100-1-SNAPSHOT) before.

I just tested some times (built 4.1 at first, then 4.2 with
xapi-5.6.100-1), the issue did not appear. It is weird.
Now I vote +1 on removing -SNAPSHOT as I cannot reproduce it.
If anyone meet this issue later, they can fix it by removing the
org/apache/cloudstack/xapi/ folder in local maven repository.


Kind Regards,

Wei ZHOU
Innovation Engineer Cloud, LeaseWeb B.V.
w.z...@leaseweb.com

-Original Message-
From: Abhinandan Prateek [mailto:abhinandan.prat...@citrix.com]
Sent: zaterdag, 14 december, 2013 04:02
To: dev@cloudstack.apache.org
Cc: aprat...@apache.org; Wei Zhou
Subject: Re: git commit: updated refs/heads/4.2 to 2b34dc5



On 13/12/13 9:20 pm, "Chip Childers"  wrote:
>>
>> >  xapi
>> >  5.6.100-1-SNAPSHOT
>>
>> The specific project version ^^
>>
>> For all previous releases, we have been releasing this specific
>> pom.xml file with the appropriate *non SNAPSHOT* versions for both
>> the parent version number and the XenServerJava project's version
>> number (specifically setting the latter to 5.6.100-1).
>>
>> Since we are releasing the XenServerJava code as part of ACS, why
>> would we leave the SNAPSHOT in there?
>>
>> Did something change that requires it to be added back?
>>
>> -chip
>
>I'll also point out that the reason that this is doing a mv then the
>perl string changes is that there used to be a bug in the mvn
>versions plugin that changed the XenServerJava version to the ACS
>version.  This appears to have been fixed (just tested).  So
>actually, the mv can be removed or not, it doesn't really matter
>because it's basically a noop.
>
>However -1 still stands unless someone convinces me that we should
>release the XenServerJava project with -SNAPSHOT.  IIRC, that
>actually caused problems for us somehow (but I can't find a reference
>to that to back up my sometimes fuzzy memory).
>

I was pointed to this ticket CLOUDSTACK-4827. The info is not very
clear and it appears that this fixes probably a bad version for the
repo, and not for the build.

-abhi

>

>>>
>>
>

RE: [Proposal]CloudStack IAM plugin feature (CLOUDSTACK-5920)

[Rajani Karuturi]

some questions I have:
1. Do we need groups and policies? Cant we derive group information from policy 
applied? ie) any user can become domain admin if he is given the right policies.
2. Can we restrict the permission to Resource Type's CRUD? permissions at api 
level seems to be like too much of control and information to save. 

-
Thanks,
Rajani

From: Prachi Damle [prachi.da...@citrix.com]
Sent: Wednesday, January 22, 2014 3:27 AM
To: dev@cloudstack.apache.org
Subject: [Proposal]CloudStack IAM plugin feature (CLOUDSTACK-5920)

Min and myself would like to propose an identity and access management plugin 
for CloudStack for the ACS 4.4 release.

Here is the functional spec we have drafted for the first phase:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+Identity+and+Access+Management+%28IAM%29+Plugin

Currently CloudStack provides very limited IAM services and there are several 
drawbacks:

- Offers few roles out of the box (user and admin) with prebaked access 
control. There is no way to create customized policies and permissions.
- Some resources have access control baked into them. E.g., shared networks, 
projects etc.
- We have to create special dedicateXXX APIs to grant permissions to resources.
- Also it does not provide the flexibility to integrate with other RBAC 
implementations say using AD/LDAP

Goal for this feature would be to address these limitations and offer true IAM 
services in a phased manner.
As a first phase, we need to separate out the current access control into a 
separate component based on the standard IAM terminologies. Also we need to 
create an access check mechanism to be used by the API layer to avoid the 
checks scattered over the api/service layer. The read/listing APIs need to be 
refactored accordingly to consider the policy based access granting.

Please provide feedback/suggestions anyone has.

Thanks,
Prachi & Min

Re: Review Request 15280: CLOUDSTACK-5062: Deleting Load Balancing Rule fails when generating usage events are enabled

[David Grizzanti]

Hi Dan,

Sorry, I missed this email when you sent it.  I double checked 4.2 today
and doesn't look like this was applied.

Here is what I currently see on 4.2
in server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java:

if (generateUsageEvent) {
// Generate usage event right after all rules were marked for
revoke

UsageEventUtils.publishUsageEvent(EventTypes.EVENT_LOAD_BALANCER_DELETE,
lb.getAccountId(), 0, lb.getId(),
null, LoadBalancingRule.class.getName(), lb.getUuid());
}

Whereas the diff was to:

--- a/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
+++ b/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
@@ -1235,7 +1235,8 @@ public class LoadBalancingRulesManagerImpl
extends ManagerBase implements

 if (generateUsageEvent) {
 // Generate usage event right after all rules were marked
for revoke
-
UsageEventUtils.publishUsageEvent(EventTypes.EVENT_LOAD_BALANCER_DELETE,
lb.getAccountId(), 0, lb.getId(),
+Network network = _networkModel.getNetwork(lb.getNetworkId());
+
UsageEventUtils.publishUsageEvent(EventTypes.EVENT_LOAD_BALANCER_DELETE,
lb.getAccountId(), network.getDataCenterId(), lb.getId(),
 null, LoadBalancingRule.class.getName(), lb.getUuid());
 }

Thanks



On Thu, Nov 7, 2013 at 4:57 AM, Daan Hoogland wrote:

> H David,
>
> I think I already applied this on 4.2.
>
> On Wed, Nov 6, 2013 at 8:09 PM, David Grizzanti
>  wrote:
> >
> > ---
> > This is an automatically generated e-mail. To reply, visit:
> > https://reviews.apache.org/r/15280/
> > ---
> >
> > Review request for cloudstack.
> >
> >
> > Bugs: CLOUDSTACK-5062
> > https://issues.apache.org/jira/browse/CLOUDSTACK-5062
> >
> >
> > Repository: cloudstack-git
> >
> >
> > Description
> > ---
> >
> > CLOUDSTACK-5062: Deleting Load Balancing Rule fails when generating
> usage events are enabled
> >
> > Added logic so that a correct zoneID is passed when generating usage
> events while deleting load balancing rules:
> > - Added logic to
> server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java to grab
> zone id and pass to publishUsageEvent
> >
> >
> > Diffs
> > -
> >
> >   server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
> be81a3e
> >
> > Diff: https://reviews.apache.org/r/15280/diff/
> >
> >
> > Testing
> > ---
> >
> > Testing only on 4.2
> >
> >
> > Thanks,
> >
> > David Grizzanti
> >
>
>


-- 
David Grizzanti
Software Engineer
Sungard Availability Services

e: david.grizza...@sungard.com
w: 215.446.1431
c: 570.575.0315

RE: Blacklists for passwords

[Giles Sirett]

I would +1 Demetrius' initial suggestion, however its not just blacklists, its 
masking to make sure that the pwd's are of sufficient strength


I expect some form of password strength control  in every aspect of IT  these 
days and I shudder when I type Root and "password" into our labs builds !

I (as a guy in an enterprise evaluating ACS) would expect to see some form of 
validation.

+1 to Daan's idea: it needs to be configurable. Different environments will 
have different complexity requirements.

I would *guess* that there's some standard password masking code out there 
somewhere ?


Kind Regards
Giles

D: +44 20 3603 0541 | M: +44 796 111 2055
giles.sir...@shapeblue.com




-Original Message-
From: Daan Hoogland [mailto:daan.hoogl...@gmail.com]
Sent: 22 January 2014 14:05
To: dev
Subject: Re: Blacklists for passwords

Demetrius,

>From a development point of view I would oppose to such a feature. Of course 
>we can en-/disable it by a build profile.
Further more it should imo be configurable as to what the format must be that 
the password adheres to.

Hope this spikes some opposition,
Daan

On Tue, Jan 21, 2014 at 8:04 PM, Demetrius Tsitrelis  
wrote:
>
>
> CloudStack does not enforce complexity rules for user passwords even
> in its built-in user database. For some accounts in particular, such as the 
> root domain admin, it would seem a good idea to have some minimum 
> requirements.  Empty passwords, for example, should not be allowed. What do 
> you think about having a blacklist of unacceptable passwords (e.g., 
> "password", "admin", etc.) for the rood domain admin?
>
>
Need Enterprise Grade Support for Apache CloudStack?
Our CloudStack Infrastructure 
Support offers the 
best 24/7 SLA for CloudStack Environments.

Apache CloudStack Bootcamp training courses

**NEW!** CloudStack 4.2.1 training
18th-19th February 2014, Brazil. 
Classroom
17th-23rd March 2014, Region A. Instructor led, 
On-line
24th-28th March 2014, Region B. Instructor led, 
On-line
16th-20th June 2014, Region A. Instructor led, 
On-line
23rd-27th June 2014, Region B. Instructor led, 
On-line

This email and any attachments to it may be confidential and are intended 
solely for the use of the individual to whom it is addressed. Any views or 
opinions expressed are solely those of the author and do not necessarily 
represent those of Shape Blue Ltd or related companies. If you are not the 
intended recipient of this email, you must neither take any action based upon 
its contents, nor copy or show it to anyone. Please contact the sender if you 
believe you have received this email in error. Shape Blue Ltd is a company 
incorporated in England & Wales. ShapeBlue Services India LLP is a company 
incorporated in India and is operated under license from Shape Blue Ltd. Shape 
Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is 
operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.

RE: Blacklists for passwords

[Alex Hitchins]

Definitely needs to be something that users can turn off/on.

Maybe a visual tool on the interface showing the 'strength' of the password, 
like most user facing sites have these days.




Alex Hitchins
+44 7788 423 969

-Original Message-
From: Giles Sirett [mailto:giles.sir...@shapeblue.com]
Sent: 22 January 2014 15:56
To: dev@cloudstack.apache.org
Subject: RE: Blacklists for passwords

I would +1 Demetrius' initial suggestion, however its not just blacklists, its 
masking to make sure that the pwd's are of sufficient strength


I expect some form of password strength control  in every aspect of IT  these 
days and I shudder when I type Root and "password" into our labs builds !

I (as a guy in an enterprise evaluating ACS) would expect to see some form of 
validation.

+1 to Daan's idea: it needs to be configurable. Different environments will 
have different complexity requirements.

I would *guess* that there's some standard password masking code out there 
somewhere ?


Kind Regards
Giles

D: +44 20 3603 0541 | M: +44 796 111 2055 giles.sir...@shapeblue.com




-Original Message-
From: Daan Hoogland [mailto:daan.hoogl...@gmail.com]
Sent: 22 January 2014 14:05
To: dev
Subject: Re: Blacklists for passwords

Demetrius,

>From a development point of view I would oppose to such a feature. Of course 
>we can en-/disable it by a build profile.
Further more it should imo be configurable as to what the format must be that 
the password adheres to.

Hope this spikes some opposition,
Daan

On Tue, Jan 21, 2014 at 8:04 PM, Demetrius Tsitrelis  
wrote:
>
>
> CloudStack does not enforce complexity rules for user passwords even
> in its built-in user database. For some accounts in particular, such as the 
> root domain admin, it would seem a good idea to have some minimum 
> requirements.  Empty passwords, for example, should not be allowed. What do 
> you think about having a blacklist of unacceptable passwords (e.g., 
> "password", "admin", etc.) for the rood domain admin?
>
>
Need Enterprise Grade Support for Apache CloudStack?
Our CloudStack Infrastructure 
Support offers the 
best 24/7 SLA for CloudStack Environments.

Apache CloudStack Bootcamp training courses

**NEW!** CloudStack 4.2.1 training
18th-19th February 2014, Brazil. 
Classroom
17th-23rd March 2014, Region A. Instructor led, 
On-line
24th-28th March 2014, Region B. Instructor led, 
On-line
16th-20th June 2014, Region A. Instructor led, 
On-line
23rd-27th June 2014, Region B. Instructor led, 
On-line

This email and any attachments to it may be confidential and are intended 
solely for the use of the individual to whom it is addressed. Any views or 
opinions expressed are solely those of the author and do not necessarily 
represent those of Shape Blue Ltd or related companies. If you are not the 
intended recipient of this email, you must neither take any action based upon 
its contents, nor copy or show it to anyone. Please contact the sender if you 
believe you have received this email in error. Shape Blue Ltd is a company 
incorporated in England & Wales. ShapeBlue Services India LLP is a company 
incorporated in India and is operated under license from Shape Blue Ltd. Shape 
Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is 
operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
This email and any attachments to it may be confidential and are intended 
solely for the use of the individual to whom it is addressed. Any views or 
opinions expressed are solely those of the author and do not necessarily 
represent those of Shape Blue Ltd or related companies. If you are not the 
intended recipient of this email, you must neither take any action based upon 
its contents, nor copy or show it to anyone. Please contact the sender if you 
believe you have received this email in error. Shape Blue Ltd is a company 
incorporated in England & Wales. ShapeBlue Services India LLP is a company 
incorporated in India and is operated under license from Shape Blue Ltd. Shape 
Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is 
operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.

Re: Cloudstack 4.3 on Centos i686

[Nux!]

On 21.01.2014 22:56, Prabhakaran Ganesan wrote:

Hi Wido

Thanks a lot for your response. I happened to have a i686 Centos 
host,
hence the question. Let me upgrade the server to x86_64 and give it a 
try.


At best you will be able to use a 32bit machine as a management server, 
(RH)EL 6 does not support KVM hypervisor on 32 bit. If you want to run a 
CentOS hypervisor you need x86_64.


--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

Review Request 17188: CS-5438

[Alexander Hitchins]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/17188/
---

Review request for cloudstack.


Repository: cloudstack-git


Description
---

CS-5438 - Added required dependency to the cloud.spec file.


Diffs
-

  packaging/centos63/cloud.spec 7132d4f 

Diff: https://reviews.apache.org/r/17188/diff/


Testing
---

Checked dependency was correct.


Thanks,

Alexander Hitchins

Re: Cloudstack 4.3 on Centos i686

[Prabhakaran Ganesan]

Thanks, Nux. I have upgraded my host to x86_64.

BTW, I was able to get VirtualBox working on my 32-bit host. Devcloud VM
came up fine on the host and I was able to run the management server also
as a VM (on centos x86_64). But I had trouble getting the management
server working on the host. But I can move on now..

Thanks
Prabhakar

On 1/22/14 9:02 AM, "Nux!"  wrote:

>On 21.01.2014 22:56, Prabhakaran Ganesan wrote:
>> Hi Wido
>> 
>> Thanks a lot for your response. I happened to have a i686 Centos
>> host,
>> hence the question. Let me upgrade the server to x86_64 and give it a
>> try.
>
>At best you will be able to use a 32bit machine as a management server,
>(RH)EL 6 does not support KVM hypervisor on 32 bit. If you want to run a
>CentOS hypervisor you need x86_64.
>
>--
>Sent from the Delta quadrant using Borg technology!
>
>Nux!
>www.nux.ro
>
>

[DOCS][PROPOSAL] Move to .rst and new repos

[sebgoa]

Hi,

Prior to the break we had a discussion to move to a new doc format RST.

In investigating the process and the infra needed for this, David and I thought 
that having a repo for each guide/book would be good.
Otherwise the readthedocs build infra will create one massive pdf/epub, think 
~400 pages.

So David created couple repos:

cloudstack-docs-admin.git
cloudstack-docs-install.git

Now we need to decide on CNAMEs for each guide, meaning that to get to the 
admin guide (for instance) you will hit http://admin.foo …

We propose to use:

http://docs-admin.cloudstack.apache.org
http://docs-install.cloudstack.apache.org

thoughts ? better ideas ?

-Sebastien

Re: Review Request 17188: CS-5438

[David Nalley]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/17188/#review32499
---

Ship it!


Thanks for the patch Alex. applied to 4.3 forward 
(78f62c63479a81383ff8957a12c88ee4c181cfda) and master 
(a9c25dcfa363005beddf830267f54e85835c4af6) 

Please use the full ID of the bug in the future as that allows the automation 
to update both the bug and ReviewBoard (e.g. use CloudStack-5438 instead of 
CS-5438) 

- David Nalley


On Jan. 22, 2014, 5:03 p.m., Alexander Hitchins wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/17188/
> ---
> 
> (Updated Jan. 22, 2014, 5:03 p.m.)
> 
> 
> Review request for cloudstack.
> 
> 
> Repository: cloudstack-git
> 
> 
> Description
> ---
> 
> CS-5438 - Added required dependency to the cloud.spec file.
> 
> 
> Diffs
> -
> 
>   packaging/centos63/cloud.spec 7132d4f 
> 
> Diff: https://reviews.apache.org/r/17188/diff/
> 
> 
> Testing
> ---
> 
> Checked dependency was correct.
> 
> 
> Thanks,
> 
> Alexander Hitchins
> 
>

RE: [DOCS][PROPOSAL] Move to .rst and new repos

[Alex Hitchins]

Personally, I think if possible;

http://docs.cloudstack.apache.org could go to a page with both sets available, 
linking to

http://admin.docs.cloudstack.apache.org
http://install.docs.cloudstack.apache.org

My thinking is docs.cloudstack.apache.org is easier to remember.

I wonder if there is a SEO benefit to either option. Be good it the install and 
admin guides we well crawled.


Alex Hitchins
+44 7788 423 969

-Original Message-
From: sebgoa [mailto:run...@gmail.com]
Sent: 22 January 2014 17:18
To: dev@cloudstack.apache.org
Subject: [DOCS][PROPOSAL] Move to .rst and new repos

Hi,

Prior to the break we had a discussion to move to a new doc format RST.

In investigating the process and the infra needed for this, David and I thought 
that having a repo for each guide/book would be good.
Otherwise the readthedocs build infra will create one massive pdf/epub, think 
~400 pages.

So David created couple repos:

cloudstack-docs-admin.git
cloudstack-docs-install.git

Now we need to decide on CNAMEs for each guide, meaning that to get to the 
admin guide (for instance) you will hit http://admin.foo ...

We propose to use:

http://docs-admin.cloudstack.apache.org
http://docs-install.cloudstack.apache.org

thoughts ? better ideas ?

-Sebastien
Need Enterprise Grade Support for Apache CloudStack?
Our CloudStack Infrastructure 
Support offers the 
best 24/7 SLA for CloudStack Environments.

Apache CloudStack Bootcamp training courses

**NEW!** CloudStack 4.2.1 training
18th-19th February 2014, Brazil. 
Classroom
17th-23rd March 2014, Region A. Instructor led, 
On-line
24th-28th March 2014, Region B. Instructor led, 
On-line
16th-20th June 2014, Region A. Instructor led, 
On-line
23rd-27th June 2014, Region B. Instructor led, 
On-line

This email and any attachments to it may be confidential and are intended 
solely for the use of the individual to whom it is addressed. Any views or 
opinions expressed are solely those of the author and do not necessarily 
represent those of Shape Blue Ltd or related companies. If you are not the 
intended recipient of this email, you must neither take any action based upon 
its contents, nor copy or show it to anyone. Please contact the sender if you 
believe you have received this email in error. Shape Blue Ltd is a company 
incorporated in England & Wales. ShapeBlue Services India LLP is a company 
incorporated in India and is operated under license from Shape Blue Ltd. Shape 
Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is 
operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.

4.3.0 patch request (CLOUDSTACK-5438)

[David Nalley]

Animesh, et al:

Please consider cherry-picking
78f62c63479a81383ff8957a12c88ee4c181cfda from 4.3-forward if you
haven't cut the release yet.

--David

Adding Redundant Routers to VPCs

[Karl Harris]

Comments/Critiques/Additions to this list as well as implementation
suggestions are requested.


After looking at the differences between Public cloud routing and Virtual
Private Cloud Routing it appears the main differences are:


Public Cloud   VPC

One private network connection   Multiple (1…n) private
networks (tiers?)

Single router/1 NIC public/1 NIC private Single router/ 1 NIC public/
(1….n) NIC private (tiers?)



Additional/Needed functionality for redundant VPC routers:


Router pairs must be initialized (master/backup) with the same
functionality (NAT,DNS,etc).

Router pairs must be initialized with the same number of NIC both public
and private on each router.

Unique IP's must be available for each NIC on both master and backup
routers using CIDR(s) configured in VPC private network.

It appears most of the changes functional will be inside the Java class:
VpcVirtualNetworkApplianceManagerImpl


Have I missed any critical differences?





Karl Harris

Cloud Software Engineer

Sungard Availability Systems




Listed below, lifted from the CloudStack Documentation, are the
characteristics of a VPC as a reference:

*Major Components of a VPC:*

A VPC is comprised of the following network components:

   - *VPC*: A VPC acts as a container for multiple isolated networks that
   can communicate with each other via its virtual router.
   - *Network Tiers*: Each tier acts as an isolated network with its own
   VLANs and CIDR list, where you can place groups of resources, such as VMs.
   The tiers are segmented by means of VLANs. The NIC of each tier acts as its
   gateway.
   - *Virtual Router*: A virtual router is automatically created and
   started when you create a VPC. The virtual router connect the tiers and
   direct traffic among the public gateway, the VPN gateways, and the NAT
   instances. For each tier, a corresponding NIC and IP exist in the virtual
   router. The virtual router provides DNS and DHCP services through its IP.
   - *Public Gateway*: The traffic to and from the Internet routed to the
   VPC through the public gateway. In a VPC, the public gateway is not exposed
   to the end user; therefore, static routes are not support for the public
   gateway.
   - *Private Gateway*: All the traffic to and from a private network
   routed to the VPC through the private gateway. For more
information, see Section 11.19.5,
   “Adding a Private Gateway to a
VPC”
   .
   - *VPN Gateway*: The VPC side of a VPN connection.
   - *Site-to-Site VPN Connection*: A hardware-based VPN connection between
   your VPC and your datacenter, home network, or co-location facility. For
   more information, see Section 11.17.4, “Setting Up a Site-to-Site VPN
   
Connection”
   .
   - *Customer Gateway*: The customer side of a VPN Connection. For more
   information, seeSection 11.17.4.1, “Creating and Updating a VPN Customer
   
Gateway”
   .
   - *NAT Instance*: An instance that provides Port Address Translation for
   instances to access the Internet via the public gateway. For more
   information, see Section 11.19.9, “Enabling or Disabling Static NAT on a
   
VPC”
   .

*Network Architecture in a VPC*

In a VPC, the following four basic options of network architectures are
present:

   - VPC with a public gateway only
   - VPC with public and private gateways
   - VPC with public and private gateways and site-to-site VPN access
   - VPC with a private gateway only and site-to-site VPN access

*Connectivity Options for a VPC*

You can connect your VPC to:

   - The Internet through the public gateway.
   - The corporate datacenter by using a site-to-site VPN connection
   through the VPN gateway.
   - Both the Internet and your corporate datacenter by using both the
   public gateway and a VPN gateway.

*VPC Network Considerations*

Consider the following before you create a VPC:

   - A VPC, by default, is created in the enabled state.
   - A VPC can be created in Advance zone only, and can't belong to more
   than one zone at a time.
   - The default number of VPCs an account can create is 20. However, you
   can change it by using the max.account.vpcs global parameter, which
   controls the maximum number of VPCs an account is allowed to create.
   - The default number of tiers an account can create within a VPC is 3.
   You can configure this number by using the vpc.max.networks parameter.
   - Each tier should have an unique CIDR in the V

Re: [Proposal]CloudStack IAM plugin feature (CLOUDSTACK-5920)

[Min Chen]

Hi Koushik,

See my answers in line.

Thanks.
-min

On 1/22/14 12:30 AM, "Koushik Das"  wrote:

>Some questions:
>
>- Is there a concept of generic permission (any action, any resource
>etc.)? There shouldn't be a need to define hundreds of explicit
>permissions for admin account.
[Min] Out of box we will automatically create default policies for
existing cloud admin, domain admin and normal user, to map to current
account type. Root admin policy has defined generic permission you
mentioned here.

>- I think it would be good to have a notion of parent policy. This will
>avoid duplication of permissions.
[Min] CreateAclPolicyCmd api has parent policy id in the parameter, when
you create a policy, you can specify a parent policy id. Internally we
will copy parent policy permissions to the new policy. We don't want to
create link to parent policy, since this will couple them together to
avoid user from editing permission in only one policy not the other.

>- Can you explain the permission evaluation order? What if one permission
>is allow and another is deny for a given resource, which is given
>priority and where the evaluation ends? Also what is logic to select
>permissions from different policies for a given request (start VM for
>account id 11 (belonging to domain id 1))? For e.g. if the permissions
>are defined like
>
>1|start|VirtualMachine|NULL|ALL|NULL|Allow|NULL|2013-10-10 14:13:34
>2|any|VirtualMachine|domain id = 1|Domain|NULL|Deny|NULL|2013-10-10
>14:13:34
>3|start|VirtualMachine|account id = 11|Account|NULL|Deny|NULL|2013-10-10
>14:13:34
>4|start,stop|VirtualMachine|account id =
>12|Account|NULL|Allow|NULL|2013-10-10 14:13:34
>5|any|any|NULL|ALL|NULL|Allow|NULL|2013-10-10 14:13:34

[Min] For phase 1, our scope is to support only explicit allow permission,
explicit deny will be added in next phase. The evaluation logic will be
the same as AWS IAM evaluation engine. See
http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPolicyLanguage_Evalua
tionLogic.html for details.

>
>
>Thanks,
>Koushik
>
>On 22-Jan-2014, at 3:27 AM, Prachi Damle
>mailto:prachi.da...@citrix.com>> wrote:
>
>Min and myself would like to propose an identity and access management
>plugin for CloudStack for the ACS 4.4 release.
>
>Here is the functional spec we have drafted for the first phase:
>https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+Identity
>+and+Access+Management+%28IAM%29+Plugin
>
>Currently CloudStack provides very limited IAM services and there are
>several drawbacks:
>
>- Offers few roles out of the box (user and admin) with prebaked access
>control. There is no way to create customized policies and permissions.
>- Some resources have access control baked into them. E.g., shared
>networks, projects etc.
>- We have to create special dedicateXXX APIs to grant permissions to
>resources.
>- Also it does not provide the flexibility to integrate with other RBAC
>implementations say using AD/LDAP
>
>Goal for this feature would be to address these limitations and offer
>true IAM services in a phased manner.
>As a first phase, we need to separate out the current access control into
>a separate component based on the standard IAM terminologies. Also we
>need to create an access check mechanism to be used by the API layer to
>avoid the checks scattered over the api/service layer. The read/listing
>APIs need to be refactored accordingly to consider the policy based
>access granting.
>
>Please provide feedback/suggestions anyone has.
>
>Thanks,
>Prachi & Min
>

Re: Review Request 17188: CS-5438

[Alexander Hitchins]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/17188/#review32508
---

Ship it!


Ship It!

- Alexander Hitchins


On Jan. 22, 2014, 5:03 p.m., Alexander Hitchins wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/17188/
> ---
> 
> (Updated Jan. 22, 2014, 5:03 p.m.)
> 
> 
> Review request for cloudstack.
> 
> 
> Repository: cloudstack-git
> 
> 
> Description
> ---
> 
> CS-5438 - Added required dependency to the cloud.spec file.
> 
> 
> Diffs
> -
> 
>   packaging/centos63/cloud.spec 7132d4f 
> 
> Diff: https://reviews.apache.org/r/17188/diff/
> 
> 
> Testing
> ---
> 
> Checked dependency was correct.
> 
> 
> Thanks,
> 
> Alexander Hitchins
> 
>

RE: Review Request 17188: CS-5438

[Alex Hitchins]

Sorry for this email all - Please ignore.



Alex Hitchins
+44 7788 423 969

-Original Message-
From: Alexander Hitchins [mailto:nore...@reviews.apache.org] On Behalf Of 
Alexander Hitchins
Sent: 22 January 2014 18:10
To: Alex Hitchins; cloudstack
Subject: Re: Review Request 17188: CS-5438


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/17188/#review32508
---

Ship it!


Ship It!

- Alexander Hitchins


On Jan. 22, 2014, 5:03 p.m., Alexander Hitchins wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/17188/
> ---
>
> (Updated Jan. 22, 2014, 5:03 p.m.)
>
>
> Review request for cloudstack.
>
>
> Repository: cloudstack-git
>
>
> Description
> ---
>
> CS-5438 - Added required dependency to the cloud.spec file.
>
>
> Diffs
> -
>
>   packaging/centos63/cloud.spec 7132d4f
>
> Diff: https://reviews.apache.org/r/17188/diff/
>
>
> Testing
> ---
>
> Checked dependency was correct.
>
>
> Thanks,
>
> Alexander Hitchins
>
>

Need Enterprise Grade Support for Apache CloudStack?
Our CloudStack Infrastructure 
Support offers the 
best 24/7 SLA for CloudStack Environments.

Apache CloudStack Bootcamp training courses

**NEW!** CloudStack 4.2.1 training
18th-19th February 2014, Brazil. 
Classroom
17th-23rd March 2014, Region A. Instructor led, 
On-line
24th-28th March 2014, Region B. Instructor led, 
On-line
16th-20th June 2014, Region A. Instructor led, 
On-line
23rd-27th June 2014, Region B. Instructor led, 
On-line

This email and any attachments to it may be confidential and are intended 
solely for the use of the individual to whom it is addressed. Any views or 
opinions expressed are solely those of the author and do not necessarily 
represent those of Shape Blue Ltd or related companies. If you are not the 
intended recipient of this email, you must neither take any action based upon 
its contents, nor copy or show it to anyone. Please contact the sender if you 
believe you have received this email in error. Shape Blue Ltd is a company 
incorporated in England & Wales. ShapeBlue Services India LLP is a company 
incorporated in India and is operated under license from Shape Blue Ltd. Shape 
Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is 
operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.

Developer Resources for Apache CloudStack - Wording

[Alex Hitchins]

All,

I've just been looking at the Developer Resources for Apache CloudStack guide : 
http://cloudstack.apache.org/developers.html

At the bottom it states that once the review has been approved you need to go 
in to the review dashboard, select outgoing requests then mark as closed 
selecting 'Submitted' . When I went in to close my recent one off, it was 
already marked as submitted. Also, it wasn't in the outgoing request it was in 
my history.

If someone can confirm for me the actual behaviour, I'll happily get this 
changed.

Regards,

Alex Hitchins

Need Enterprise Grade Support for Apache CloudStack?
Our CloudStack Infrastructure 
Support offers the 
best 24/7 SLA for CloudStack Environments.

Apache CloudStack Bootcamp training courses

**NEW!** CloudStack 4.2.1 training
18th-19th February 2014, Brazil. 
Classroom
17th-23rd March 2014, Region A. Instructor led, 
On-line
24th-28th March 2014, Region B. Instructor led, 
On-line
16th-20th June 2014, Region A. Instructor led, 
On-line
23rd-27th June 2014, Region B. Instructor led, 
On-line

This email and any attachments to it may be confidential and are intended 
solely for the use of the individual to whom it is addressed. Any views or 
opinions expressed are solely those of the author and do not necessarily 
represent those of Shape Blue Ltd or related companies. If you are not the 
intended recipient of this email, you must neither take any action based upon 
its contents, nor copy or show it to anyone. Please contact the sender if you 
believe you have received this email in error. Shape Blue Ltd is a company 
incorporated in England & Wales. ShapeBlue Services India LLP is a company 
incorporated in India and is operated under license from Shape Blue Ltd. Shape 
Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is 
operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.

4.3.0 Patch Request (CLOUDSTACK-5873)

[Mike Tutkowski]

Please consider cherry picking the following from 4.3-forward:

0679af343453bf888f0ddefdd36937713aacbc28

Thanks!

-- 
*Mike Tutkowski*
*Senior CloudStack Developer, SolidFire Inc.*
e: mike.tutkow...@solidfire.com
o: 303.746.7302
Advancing the way the world uses the
cloud
*™*

Re: [Proposal]CloudStack IAM plugin feature (CLOUDSTACK-5920)

[Min Chen]

Hi Rajani,
See my answers in line.
Thanks

On 1/22/14 6:29 AM, "Rajani Karuturi"  wrote:

>some questions I have:
>1. Do we need groups and policies? Cant we derive group information from
>policy applied? ie) any user can become domain admin if he is given the
>right policies.

[Min] Yes, Group and Policy are standard IAM concepts used to perform
access control which community all understand, it is better for us to
follow the common standard avoid confusion for adoption. With group and
policy, administrator can easily manipulate access controls in his/her
organization. If there is no group, to assign permissions to a bunch of
principals (in our case, accounts), admin has to assign group of policies
to each principal one by one, which is tedious and error-prone.

>2. Can we restrict the permission to Resource Type's CRUD? permissions at
>api level seems to be like too much of control and information to save.

[Min] We thought of this before. But this involves a big effort for us to
category each of our 300 API to classify which CRUD operation is involved
in the api and on which resource type. That is not an easy refactor
effort. In phase 2, we may consider figuring out a way to categorize APIs
to that level.

> 
>
>-
>Thanks,
>Rajani
>
>From: Prachi Damle [prachi.da...@citrix.com]
>Sent: Wednesday, January 22, 2014 3:27 AM
>To: dev@cloudstack.apache.org
>Subject: [Proposal]CloudStack IAM plugin feature (CLOUDSTACK-5920)
>
>Min and myself would like to propose an identity and access management
>plugin for CloudStack for the ACS 4.4 release.
>
>Here is the functional spec we have drafted for the first phase:
>https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+Identity
>+and+Access+Management+%28IAM%29+Plugin
>
>Currently CloudStack provides very limited IAM services and there are
>several drawbacks:
>
>- Offers few roles out of the box (user and admin) with prebaked access
>control. There is no way to create customized policies and permissions.
>- Some resources have access control baked into them. E.g., shared
>networks, projects etc.
>- We have to create special dedicateXXX APIs to grant permissions to
>resources.
>- Also it does not provide the flexibility to integrate with other RBAC
>implementations say using AD/LDAP
>
>Goal for this feature would be to address these limitations and offer
>true IAM services in a phased manner.
>As a first phase, we need to separate out the current access control into
>a separate component based on the standard IAM terminologies. Also we
>need to create an access check mechanism to be used by the API layer to
>avoid the checks scattered over the api/service layer. The read/listing
>APIs need to be refactored accordingly to consider the policy based
>access granting.
>
>Please provide feedback/suggestions anyone has.
>
>Thanks,
>Prachi & Min

RE: [Proposal]CloudStack IAM plugin feature (CLOUDSTACK-5920)

[Prachi Damle]

-Original Message-
From: Min Chen [mailto:min.c...@citrix.com] 
Sent: Wednesday, January 22, 2014 10:16 AM
To: dev@cloudstack.apache.org
Subject: Re: [Proposal]CloudStack IAM plugin feature (CLOUDSTACK-5920)

Hi Rajani,
See my answers in line.
Thanks

On 1/22/14 6:29 AM, "Rajani Karuturi"  wrote:

>some questions I have:
>1. Do we need groups and policies? Cant we derive group information 
>from policy applied? ie) any user can become domain admin if he is 
>given the right policies.

[Min] Yes, Group and Policy are standard IAM concepts used to perform access 
control which community all understand, it is better for us to follow the 
common standard avoid confusion for adoption. With group and policy, 
administrator can easily manipulate access controls in his/her organization. If 
there is no group, to assign permissions to a bunch of principals (in our case, 
accounts), admin has to assign group of policies to each principal one by one, 
which is tedious and error-prone.

>2. Can we restrict the permission to Resource Type's CRUD? permissions 
>at api level seems to be like too much of control and information to save.

[Min] We thought of this before. But this involves a big effort for us to 
category each of our 300 API to classify which CRUD operation is involved in 
the api and on which resource type. That is not an easy refactor effort. In 
phase 2, we may consider figuring out a way to categorize APIs to that level.

[Prachi] Also two more reasons to go with API names than a broader category:
-  It is better to follow AWS IAM design  as much as possible for AWS fidelity, 
just as Sebastien has already pointed out. AWS IAM works with API names instead 
of categorization
- We need to store permissions per API per group/policy anyway analogous to 
current commands.properties. 
And maintaining it in two different sets (api permissions + permissions for 
entity access per broader category) can make it tricky when we need to create 
custom policies.

> 
>
>-
>Thanks,
>Rajani
>
>From: Prachi Damle [prachi.da...@citrix.com]
>Sent: Wednesday, January 22, 2014 3:27 AM
>To: dev@cloudstack.apache.org
>Subject: [Proposal]CloudStack IAM plugin feature (CLOUDSTACK-5920)
>
>Min and myself would like to propose an identity and access management 
>plugin for CloudStack for the ACS 4.4 release.
>
>Here is the functional spec we have drafted for the first phase:
>https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+Ident
>ity
>+and+Access+Management+%28IAM%29+Plugin
>
>Currently CloudStack provides very limited IAM services and there are 
>several drawbacks:
>
>- Offers few roles out of the box (user and admin) with prebaked access 
>control. There is no way to create customized policies and permissions.
>- Some resources have access control baked into them. E.g., shared 
>networks, projects etc.
>- We have to create special dedicateXXX APIs to grant permissions to 
>resources.
>- Also it does not provide the flexibility to integrate with other RBAC 
>implementations say using AD/LDAP
>
>Goal for this feature would be to address these limitations and offer 
>true IAM services in a phased manner.
>As a first phase, we need to separate out the current access control 
>into a separate component based on the standard IAM terminologies. Also 
>we need to create an access check mechanism to be used by the API layer 
>to avoid the checks scattered over the api/service layer. The 
>read/listing APIs need to be refactored accordingly to consider the 
>policy based access granting.
>
>Please provide feedback/suggestions anyone has.
>
>Thanks,
>Prachi & Min

RE: [Proposal]CloudStack IAM plugin feature (CLOUDSTACK-5920)

[Prachi Damle]

-Original Message-
From: sebgoa [mailto:run...@gmail.com] 
Sent: Wednesday, January 22, 2014 12:41 AM
To: dev@cloudstack.apache.org
Subject: Re: [Proposal]CloudStack IAM plugin feature (CLOUDSTACK-5920)


On Jan 21, 2014, at 10:57 PM, Prachi Damle  wrote:

> Min and myself would like to propose an identity and access management plugin 
> for CloudStack for the ACS 4.4 release.
> 
> Here is the functional spec we have drafted for the first phase:
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+Identity+and+Access+Management+%28IAM%29+Plugin
> 
> Currently CloudStack provides very limited IAM services and there are several 
> drawbacks:
> 
> - Offers few roles out of the box (user and admin) with prebaked access 
> control. There is no way to create customized policies and permissions.
> - Some resources have access control baked into them. E.g., shared networks, 
> projects etc.
> - We have to create special dedicateXXX APIs to grant permissions to 
> resources.
> - Also it does not provide the flexibility to integrate with other RBAC 
> implementations say using AD/LDAP
> 
> Goal for this feature would be to address these limitations and offer true 
> IAM services in a phased manner.
> As a first phase, we need to separate out the current access control into a 
> separate component based on the standard IAM terminologies. Also we need to 
> create an access check mechanism to be used by the API layer to avoid the 
> checks scattered over the api/service layer. The read/listing APIs need to be 
> refactored accordingly to consider the policy based access granting.
> 
> Please provide feedback/suggestions anyone has.
> 

Prachi, I think that's a good idea, it would be nice to look at the AWS IAM 
service and map the API one2one. It would ease pain down the road if we want to 
serve a AWS compatible IAM.

-sebastien

>> Thanks Sebastien, yes true, we are trying to model this as close as possible 
>> to AWS IAM (Using the API name based access granting, 
>> group-policy-permission model)
Although we need to accommodate differences to be backwards compatible with the 
current CloudStack access control.  
E.g  all access is linked with the account and not per user basis or the domain 
tree hierarchy 

> Thanks,
> Prachi & Min

Re: Anyone else having trouble starting up a VM in 4.3?

[Prabhakaran Ganesan]

I am trying to bring up DevCloud with 4.3 and ran into this issue. Can I
use the cloud-install-sys-tmplt script to upgrade the system vm template
inside DevCloud VM (/opt/storage/secondary)?

Thanks
Prabhakar

On 1/20/14 12:07 AM, "Kishan Kavala"  wrote:

>After commit f562579e282fc1a37e7c81a0f090ca82ed22eda6, 64bit 4.3 systemVm
>templates are used instead of 4.2 templates.
>While fixing CLOUDSTACK-5690, I changed the minimum version required for
>router to 4.3. Seeding the new 64bit system template will fix the issue.
>Global config "router.version.check" can be set to false to skip the
>router version check and use older template.
>
>> -Original Message-
>> From: Mike Tutkowski [mailto:mike.tutkow...@solidfire.com]
>> Sent: Monday, 20 January 2014 10:53 AM
>> To: dev@cloudstack.apache.org
>> Subject: Re: Anyone else having trouble starting up a VM in 4.3?
>> 
>> I have updated the ticket with a couple exceptions from my log.
>> 
>> 
>> On Sun, Jan 19, 2014 at 10:08 PM, Mike Tutkowski <
>> mike.tutkow...@solidfire.com> wrote:
>> 
>> > Thanks!
>> >
>> > I updated the ticket to note that I have observed this in a basic zone
>> > (the ticket mentioned this has not been observed in a basic zone).
>> >
>> >
>> > On Sun, Jan 19, 2014 at 8:04 PM, Rayees Namathponnan <
>> > rayees.namathpon...@citrix.com> wrote:
>> >
>> >> This issue is reported with automation run
>> >>
>> >> https://issues.apache.org/jira/browse/CLOUDSTACK-5901
>> >>
>> >>
>> >>
>> >>
>> >> On 1/19/14 5:43 PM, "Mike Tutkowski" 
>> >> wrote:
>> >>
>> >> >Just as an FYI, it claims an upgrade is in progress in part of the
>>log.
>> >> >Not
>> >> >sure why that would be.
>> >> >
>> >> >
>> >> >On Sun, Jan 19, 2014 at 6:42 PM, Mike Tutkowski <
>> >> >mike.tutkow...@solidfire.com> wrote:
>> >> >
>> >> >> Hi,
>> >> >>
>> >> >> Yeah, I just wanted to see first if anyone else had observed this
>> >> issue.
>> >> >>
>> >> >> I have re-created my environment from scratch. The SSVM and CPVM
>> >> >> start; however, I cannot start up a user VM.
>> >> >>
>> >> >> I have to head out for a bit, but can attach my logs when I
>>return.
>> >> >>
>> >> >> Thanks
>> >> >>
>> >> >>
>> >> >> On Sun, Jan 19, 2014 at 6:30 PM, Yitao Jiang
>> >> >>
>> >> >>wrote:
>> >> >>
>> >> >>> Putting your logs here will be more helpful.
>> >> >>>
>> >> >>> Thanks,
>> >> >>>
>> >> >>> Yitao
>> >> >>>
>> >> >>>
>> >> >>> 2014/1/20 Mike Tutkowski 
>> >> >>>
>> >> >>> > Hi,
>> >> >>> >
>> >> >>> > I rebased on top of 4.3 yesterday (previous rebase on top of
>> >> >>> > 4.3 was
>> >> >>> just a
>> >> >>> > few days earlier) and now I get an "Insufficient Space"
>> >> >>> > exception
>> >> >>>when
>> >> >>> > trying to start up a VM.
>> >> >>> >
>> >> >>> > Anyone else having this trouble?
>> >> >>> >
>> >> >>> > I didn't dig into this too deeply, though...perhaps there was a
>> >> >>>schema
>> >> >>> > change and I'll need to re-create my environment for this to
>> >> >>> > work. I
>> >> >>> just
>> >> >>> > sort of doubted a schema change happened this late in the 4.3
>> >> >>>release,
>> >> >>> so
>> >> >>> > thought it might be something else.
>> >> >>> >
>> >> >>> > Thanks
>> >> >>> >
>> >> >>> > --
>> >> >>> > *Mike Tutkowski*
>> >> >>> > *Senior CloudStack Developer, SolidFire Inc.*
>> >> >>> > e: mike.tutkow...@solidfire.com
>> >> >>> > o: 303.746.7302
>> >> >>> > Advancing the way the world uses the
>> >> >>> > cloud
>> >> >>> > * *
>> >> >>> >
>> >> >>>
>> >> >>
>> >> >>
>> >> >>
>> >> >> --
>> >> >> *Mike Tutkowski*
>> >> >> *Senior CloudStack Developer, SolidFire Inc.*
>> >> >> e: mike.tutkow...@solidfire.com
>> >> >> o: 303.746.7302
>> >> >> Advancing the way the world uses the
>> >> >>cloud
>> >> >> * *
>> >> >>
>> >> >
>> >> >
>> >> >
>> >> >--
>> >> >*Mike Tutkowski*
>> >> >*Senior CloudStack Developer, SolidFire Inc.*
>> >> >e: mike.tutkow...@solidfire.com
>> >> >o: 303.746.7302
>> >> >Advancing the way the world uses the
>> >> >cloud
>> >> >* *
>> >>
>> >>
>> >
>> >
>> > --
>> > *Mike Tutkowski*
>> > *Senior CloudStack Developer, SolidFire Inc.*
>> > e: mike.tutkow...@solidfire.com
>> > o: 303.746.7302
>> > Advancing the way the world uses the
>> > cloud
>> > *(tm)*
>> >
>> 
>> 
>> 
>> --
>> *Mike Tutkowski*
>> *Senior CloudStack Developer, SolidFire Inc.*
>> e: mike.tutkow...@solidfire.com
>> o: 303.746.7302
>> Advancing the way the world uses the
>> cloud
>> *(tm)*
>
>

Re: Anyone else having trouble starting up a VM in 4.3?

[Prabhakaran Ganesan]

I was able to bring up the tinylinux VM on DevCloud by setting
router.version.check to false.

Thanks
Prabhakar

On 1/22/14 10:45 AM, "Prabhakaran Ganesan"  wrote:

>I am trying to bring up DevCloud with 4.3 and ran into this issue. Can I
>use the cloud-install-sys-tmplt script to upgrade the system vm template
>inside DevCloud VM (/opt/storage/secondary)?
>
>Thanks
>Prabhakar
>
>On 1/20/14 12:07 AM, "Kishan Kavala"  wrote:
>
>>After commit f562579e282fc1a37e7c81a0f090ca82ed22eda6, 64bit 4.3 systemVm
>>templates are used instead of 4.2 templates.
>>While fixing CLOUDSTACK-5690, I changed the minimum version required for
>>router to 4.3. Seeding the new 64bit system template will fix the issue.
>>Global config "router.version.check" can be set to false to skip the
>>router version check and use older template.
>>
>>> -Original Message-
>>> From: Mike Tutkowski [mailto:mike.tutkow...@solidfire.com]
>>> Sent: Monday, 20 January 2014 10:53 AM
>>> To: dev@cloudstack.apache.org
>>> Subject: Re: Anyone else having trouble starting up a VM in 4.3?
>>> 
>>> I have updated the ticket with a couple exceptions from my log.
>>> 
>>> 
>>> On Sun, Jan 19, 2014 at 10:08 PM, Mike Tutkowski <
>>> mike.tutkow...@solidfire.com> wrote:
>>> 
>>> > Thanks!
>>> >
>>> > I updated the ticket to note that I have observed this in a basic
>>>zone
>>> > (the ticket mentioned this has not been observed in a basic zone).
>>> >
>>> >
>>> > On Sun, Jan 19, 2014 at 8:04 PM, Rayees Namathponnan <
>>> > rayees.namathpon...@citrix.com> wrote:
>>> >
>>> >> This issue is reported with automation run
>>> >>
>>> >> https://issues.apache.org/jira/browse/CLOUDSTACK-5901
>>> >>
>>> >>
>>> >>
>>> >>
>>> >> On 1/19/14 5:43 PM, "Mike Tutkowski" 
>>> >> wrote:
>>> >>
>>> >> >Just as an FYI, it claims an upgrade is in progress in part of the
>>>log.
>>> >> >Not
>>> >> >sure why that would be.
>>> >> >
>>> >> >
>>> >> >On Sun, Jan 19, 2014 at 6:42 PM, Mike Tutkowski <
>>> >> >mike.tutkow...@solidfire.com> wrote:
>>> >> >
>>> >> >> Hi,
>>> >> >>
>>> >> >> Yeah, I just wanted to see first if anyone else had observed this
>>> >> issue.
>>> >> >>
>>> >> >> I have re-created my environment from scratch. The SSVM and CPVM
>>> >> >> start; however, I cannot start up a user VM.
>>> >> >>
>>> >> >> I have to head out for a bit, but can attach my logs when I
>>>return.
>>> >> >>
>>> >> >> Thanks
>>> >> >>
>>> >> >>
>>> >> >> On Sun, Jan 19, 2014 at 6:30 PM, Yitao Jiang
>>> >> >>
>>> >> >>wrote:
>>> >> >>
>>> >> >>> Putting your logs here will be more helpful.
>>> >> >>>
>>> >> >>> Thanks,
>>> >> >>>
>>> >> >>> Yitao
>>> >> >>>
>>> >> >>>
>>> >> >>> 2014/1/20 Mike Tutkowski 
>>> >> >>>
>>> >> >>> > Hi,
>>> >> >>> >
>>> >> >>> > I rebased on top of 4.3 yesterday (previous rebase on top of
>>> >> >>> > 4.3 was
>>> >> >>> just a
>>> >> >>> > few days earlier) and now I get an "Insufficient Space"
>>> >> >>> > exception
>>> >> >>>when
>>> >> >>> > trying to start up a VM.
>>> >> >>> >
>>> >> >>> > Anyone else having this trouble?
>>> >> >>> >
>>> >> >>> > I didn't dig into this too deeply, though...perhaps there was
>>>a
>>> >> >>>schema
>>> >> >>> > change and I'll need to re-create my environment for this to
>>> >> >>> > work. I
>>> >> >>> just
>>> >> >>> > sort of doubted a schema change happened this late in the 4.3
>>> >> >>>release,
>>> >> >>> so
>>> >> >>> > thought it might be something else.
>>> >> >>> >
>>> >> >>> > Thanks
>>> >> >>> >
>>> >> >>> > --
>>> >> >>> > *Mike Tutkowski*
>>> >> >>> > *Senior CloudStack Developer, SolidFire Inc.*
>>> >> >>> > e: mike.tutkow...@solidfire.com
>>> >> >>> > o: 303.746.7302
>>> >> >>> > Advancing the way the world uses the
>>> >> >>> > cloud
>>> >> >>> > * *
>>> >> >>> >
>>> >> >>>
>>> >> >>
>>> >> >>
>>> >> >>
>>> >> >> --
>>> >> >> *Mike Tutkowski*
>>> >> >> *Senior CloudStack Developer, SolidFire Inc.*
>>> >> >> e: mike.tutkow...@solidfire.com
>>> >> >> o: 303.746.7302
>>> >> >> Advancing the way the world uses the
>>> >> >>cloud
>>> >> >> * *
>>> >> >>
>>> >> >
>>> >> >
>>> >> >
>>> >> >--
>>> >> >*Mike Tutkowski*
>>> >> >*Senior CloudStack Developer, SolidFire Inc.*
>>> >> >e: mike.tutkow...@solidfire.com
>>> >> >o: 303.746.7302
>>> >> >Advancing the way the world uses the
>>> >> >cloud
>>> >> >* *
>>> >>
>>> >>
>>> >
>>> >
>>> > --
>>> > *Mike Tutkowski*
>>> > *Senior CloudStack Developer, SolidFire Inc.*
>>> > e: mike.tutkow...@solidfire.com
>>> > o: 303.746.7302
>>> > Advancing the way the world uses the
>>> > cloud
>>> > *(tm)*
>>> >
>>> 
>>> 
>>> 
>>> --
>>> *Mike Tutkowski*
>>> *Senior CloudStack Developer, SolidFire Inc.*
>>> e: mike.tutkow...@solidfire.com
>>> o: 303.746.7302
>>> Advancing the way the world uses the
>>> cloud
>>> *(tm)*
>>
>>
>
>
>

Re: Developer Resources for Apache CloudStack - Wording

[David Nalley]

On Wed, Jan 22, 2014 at 1:16 PM, Alex Hitchins
 wrote:
> All,
>
> I've just been looking at the Developer Resources for Apache CloudStack guide 
> : http://cloudstack.apache.org/developers.html
>
> At the bottom it states that once the review has been approved you need to go 
> in to the review dashboard, select outgoing requests then mark as closed 
> selecting 'Submitted' . When I went in to close my recent one off, it was 
> already marked as submitted. Also, it wasn't in the outgoing request it was 
> in my history.
>
> If someone can confirm for me the actual behaviour, I'll happily get this 
> changed.
>

Alex:

That workflow is the norm.
I have enough karma to close open reviews and figured I might as well
do so since I was committing it.

--David

RE: Developer Resources for Apache CloudStack - Wording

[Alex Hitchins]

Thanks David for letting me know and thanks for doing all the necessary to the 
review! Much appreciated.

Cheers,

Alex



Alex Hitchins
+44 7788 423 969

-Original Message-
From: David Nalley [mailto:da...@gnsa.us]
Sent: 22 January 2014 19:49
To: dev@cloudstack.apache.org
Subject: Re: Developer Resources for Apache CloudStack - Wording

On Wed, Jan 22, 2014 at 1:16 PM, Alex Hitchins  
wrote:
> All,
>
> I've just been looking at the Developer Resources for Apache
> CloudStack guide : http://cloudstack.apache.org/developers.html
>
> At the bottom it states that once the review has been approved you need to go 
> in to the review dashboard, select outgoing requests then mark as closed 
> selecting 'Submitted' . When I went in to close my recent one off, it was 
> already marked as submitted. Also, it wasn't in the outgoing request it was 
> in my history.
>
> If someone can confirm for me the actual behaviour, I'll happily get this 
> changed.
>

Alex:

That workflow is the norm.
I have enough karma to close open reviews and figured I might as well do so 
since I was committing it.

--David
Need Enterprise Grade Support for Apache CloudStack?
Our CloudStack Infrastructure 
Support offers the 
best 24/7 SLA for CloudStack Environments.

Apache CloudStack Bootcamp training courses

**NEW!** CloudStack 4.2.1 training
18th-19th February 2014, Brazil. 
Classroom
17th-23rd March 2014, Region A. Instructor led, 
On-line
24th-28th March 2014, Region B. Instructor led, 
On-line
16th-20th June 2014, Region A. Instructor led, 
On-line
23rd-27th June 2014, Region B. Instructor led, 
On-line

This email and any attachments to it may be confidential and are intended 
solely for the use of the individual to whom it is addressed. Any views or 
opinions expressed are solely those of the author and do not necessarily 
represent those of Shape Blue Ltd or related companies. If you are not the 
intended recipient of this email, you must neither take any action based upon 
its contents, nor copy or show it to anyone. Please contact the sender if you 
believe you have received this email in error. Shape Blue Ltd is a company 
incorporated in England & Wales. ShapeBlue Services India LLP is a company 
incorporated in India and is operated under license from Shape Blue Ltd. Shape 
Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is 
operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.

Re: Adding Redundant Routers to VPCs

[Sheng Yang]

Again, Karl, please keep the relevant things in ONE mail thread.

Please don't start one thread every time you posted in the community.

You can simply reply the thread you posted before, address people's
comment, and also would keep the people involved know what's going on.

On Wed, Jan 22, 2014 at 10:02 AM, Karl Harris wrote:

> Comments/Critiques/Additions to this list as well as implementation
> suggestions are requested.
>
>
> After looking at the differences between Public cloud routing and Virtual
> Private Cloud Routing it appears the main differences are:
>
>
> Public Cloud   VPC
>
> One private network connection   Multiple (1…n) private
> networks (tiers?)
>
> Single router/1 NIC public/1 NIC private Single router/ 1 NIC public/
> (1….n) NIC private (tiers?)
>
>
>
> Additional/Needed functionality for redundant VPC routers:
>
>
> Router pairs must be initialized (master/backup) with the same
> functionality (NAT,DNS,etc).
>

Yes. And the backup's service would be disabled temporarily.

>
> Router pairs must be initialized with the same number of NIC both public
> and private on each router.
>

Yes.


>
> Unique IP's must be available for each NIC on both master and backup
> routers using CIDR(s) configured in VPC private network.
>

You meant, same IP? Except the control(link local) ip.


>
> It appears most of the changes functional will be inside the Java class:
> VpcVirtualNetworkApplianceManagerImpl
>

Lots of work would be in the VR script as well, since eth2 is no longer
assumed public nic.

--Sheng


>
> Have I missed any critical differences?
>
>
>
>
>
> Karl Harris
>
> Cloud Software Engineer
>
> Sungard Availability Systems
>
>
>
>
> Listed below, lifted from the CloudStack Documentation, are the
> characteristics of a VPC as a reference:
>
> *Major Components of a VPC:*
>
> A VPC is comprised of the following network components:
>
>- *VPC*: A VPC acts as a container for multiple isolated networks that
>can communicate with each other via its virtual router.
>- *Network Tiers*: Each tier acts as an isolated network with its own
>VLANs and CIDR list, where you can place groups of resources, such as
> VMs.
>The tiers are segmented by means of VLANs. The NIC of each tier acts as
> its
>gateway.
>- *Virtual Router*: A virtual router is automatically created and
>started when you create a VPC. The virtual router connect the tiers and
>direct traffic among the public gateway, the VPN gateways, and the NAT
>instances. For each tier, a corresponding NIC and IP exist in the
> virtual
>router. The virtual router provides DNS and DHCP services through its
> IP.
>- *Public Gateway*: The traffic to and from the Internet routed to the
>VPC through the public gateway. In a VPC, the public gateway is not
> exposed
>to the end user; therefore, static routes are not support for the public
>gateway.
>- *Private Gateway*: All the traffic to and from a private network
>routed to the VPC through the private gateway. For more
> information, see Section 11.19.5,
>“Adding a Private Gateway to a
> VPC”<
> http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Installation_Guide/configure-vpc.html#add-gateway-vpc
> >
>.
>- *VPN Gateway*: The VPC side of a VPN connection.
>- *Site-to-Site VPN Connection*: A hardware-based VPN connection between
>your VPC and your datacenter, home network, or co-location facility. For
>more information, see Section 11.17.4, “Setting Up a Site-to-Site VPN
>Connection”<
> http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Installation_Guide/vpn.html#site-to-site-vpn
> >
>.
>- *Customer Gateway*: The customer side of a VPN Connection. For more
>information, seeSection 11.17.4.1, “Creating and Updating a VPN Customer
>Gateway”<
> http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Installation_Guide/vpn.html#create-vpn-customer-gateway
> >
>.
>- *NAT Instance*: An instance that provides Port Address Translation for
>instances to access the Internet via the public gateway. For more
>information, see Section 11.19.9, “Enabling or Disabling Static NAT on a
>VPC”<
> http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Installation_Guide/configure-vpc.html#enable-disable-static-nat-vpc
> >
>.
>
> *Network Architecture in a VPC*
>
> In a VPC, the following four basic options of network architectures are
> present:
>
>- VPC with a public gateway only
>- VPC with public and private gateways
>- VPC with public and private gateways and site-to-site VPN access
>- VPC with a private gateway only and site-to-site VPN access
>
> *Connectivity Options for a VPC*
>
> You can connect your VPC to:
>
>- The Internet through the public gateway.
>- The corporate datacenter by using a site-to-site VPN connection
>t

Re: Adding Redundant Routers to VPCs

[Karl Harris]

Hope I get this thread correct.

On Wed, Jan 22, 2014 at 2:55 PM, Sheng Yang  wrote:

> Again, Karl, please keep the relevant things in ONE mail thread.
>
> Please don't start one thread every time you posted in the community.
>
> You can simply reply the thread you posted before, address people's
> comment, and also would keep the people involved know what's going on.
>
> On Wed, Jan 22, 2014 at 10:02 AM, Karl Harris  >wrote:
>
> > Comments/Critiques/Additions to this list as well as implementation
> > suggestions are requested.
> >
> >
> > After looking at the differences between Public cloud routing and Virtual
> > Private Cloud Routing it appears the main differences are:
> >
> >
> > Public Cloud   VPC
> >
> > One private network connection   Multiple (1…n) private
> > networks (tiers?)
> >
> > Single router/1 NIC public/1 NIC private Single router/ 1 NIC public/
> > (1….n) NIC private (tiers?)
> >
> >
> >
> > Additional/Needed functionality for redundant VPC routers:
> >
> >
> > Router pairs must be initialized (master/backup) with the same
> > functionality (NAT,DNS,etc).
> >
>
> Yes. And the backup's service would be disabled temporarily.


> >
> > Router pairs must be initialized with the same number of NIC both public
> > and private on each router.
> >
>
> Yes.
>
>
> >
> > Unique IP's must be available for each NIC on both master and backup
> > routers using CIDR(s) configured in VPC private network.
> >
>
> You meant, same IP? Except the control(link local) ip.
>

Yes unique IP for the control ip on both master and backup.

Am I correct to assume an ARP flush, after the backup router is enabled,
remaps the public, private(may be multiple) and site-site VPN
IP's to the appropriate MAC addresses on the backup router (the IP's would
be the same as the master) to the appropriate virtual routers NICs? If this
is true then yes same IP's, using the appropriate CIDR, for each of the
non-control IP addresses.


>
> >
> > It appears most of the changes functional will be inside the Java class:
> > VpcVirtualNetworkApplianceManagerImpl
> >
>
> Lots of work would be in the VR script as well, since eth2 is no longer
> assumed public nic.
>
Thanks I need to look at the VR script.

>
> --Sheng
>
>
> >
> > Have I missed any critical differences?
> >
> >
> >
> >
> >
> > Karl Harris
> >
> > Cloud Software Engineer
> >
> > Sungard Availability Systems
> >
> >
> >
> >
> > Listed below, lifted from the CloudStack Documentation, are the
> > characteristics of a VPC as a reference:
> >
> > *Major Components of a VPC:*
> >
> > A VPC is comprised of the following network components:
> >
> >- *VPC*: A VPC acts as a container for multiple isolated networks that
> >can communicate with each other via its virtual router.
> >- *Network Tiers*: Each tier acts as an isolated network with its own
> >VLANs and CIDR list, where you can place groups of resources, such as
> > VMs.
> >The tiers are segmented by means of VLANs. The NIC of each tier acts
> as
> > its
> >gateway.
> >- *Virtual Router*: A virtual router is automatically created and
> >started when you create a VPC. The virtual router connect the tiers
> and
> >direct traffic among the public gateway, the VPN gateways, and the NAT
> >instances. For each tier, a corresponding NIC and IP exist in the
> > virtual
> >router. The virtual router provides DNS and DHCP services through its
> > IP.
> >- *Public Gateway*: The traffic to and from the Internet routed to the
> >VPC through the public gateway. In a VPC, the public gateway is not
> > exposed
> >to the end user; therefore, static routes are not support for the
> public
> >gateway.
> >- *Private Gateway*: All the traffic to and from a private network
> >routed to the VPC through the private gateway. For more
> > information, see Section 11.19.5,
> >“Adding a Private Gateway to a
> > VPC”<
> >
> http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Installation_Guide/configure-vpc.html#add-gateway-vpc
> > >
> >.
> >- *VPN Gateway*: The VPC side of a VPN connection.
> >- *Site-to-Site VPN Connection*: A hardware-based VPN connection
> between
> >your VPC and your datacenter, home network, or co-location facility.
> For
> >more information, see Section 11.17.4, “Setting Up a Site-to-Site VPN
> >Connection”<
> >
> http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Installation_Guide/vpn.html#site-to-site-vpn
> > >
> >.
> >- *Customer Gateway*: The customer side of a VPN Connection. For more
> >information, seeSection 11.17.4.1, “Creating and Updating a VPN
> Customer
> >Gateway”<
> >
> http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Installation_Guide/vpn.html#create-vpn-customer-gateway
> > >
> >.
> >- *NAT Instance*: An instance that provides Port Address Translation
> for
> >insta

Re: Review Request 16867: Test Suite for Testing Remote Access VPN on VPC

[Chandan Purushothama]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/16867/#review32543
---



test/integration/component/test_remotevpn_vpc.py


I enabled EPEL repository on the CentOS/RHEL Server using this command. 
More information about it is present at 
http://www.cyberciti.biz/faq/rhel-fedora-centos-linux-enable-epel-repo/
EPEL mirror is needed to install vpn client related packages on the VM.

The purpose of using this approach is to enable the VM deployed from 
default template to work as a VPN Client. As you are aware that we have 
different versions of CentOS Templates made available for different 
hypervisors. Packaging and installing them might result in dependency issues. 
Installation of all the rpms mentioned in the code happens within a minute. 

Dropping the issue based on the above mentioned reason. Kindly reopen it in 
case if more explanation is required.




test/integration/component/test_remotevpn_vpc.py


As you might have already noticed that the files constructed using the 
static methods are required for vpn client configuration on the VM. I did think 
about providing this scripts external to the script. But I noticed that it has 
a drawback. The configuration files are static. If the Test script writer wants 
to fine tune VPN Client installation in future in order to use the client to 
behave in a certain fashion, he/she needs to have the ability to modify the 
script to test the behavior of the feature(Ex: nat_traversal can be set to "no" 
in ipsec.conf script etc..).

Using "w+" overwrites an existing file - 
http://stackoverflow.com/questions/10349781/how-to-open-read-write-or-create-a-file-with-truncation-possible

Dropping the issue based on the above mentioned reason. Kindly reopen it in 
case if more explanation is required.
 



test/integration/component/test_remotevpn_vpc.py


That's the syntax to run a function from a script in a command line.


http://stackoverflow.com/questions/8818119/linux-how-can-i-run-a-function-from-a-script-in-command-line

Dropping the issue based on the above mentioned reason. Kindly reopen it in 
case if more explanation is required.




- Chandan Purushothama


On Jan. 16, 2014, 7:12 p.m., Chandan Purushothama wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/16867/
> ---
> 
> (Updated Jan. 16, 2014, 7:12 p.m.)
> 
> 
> Review request for cloudstack, Girish Shilamkar, SrikanteswaraRao Talluri, 
> and Sheng Yang.
> 
> 
> Repository: cloudstack-git
> 
> 
> Description
> ---
> 
> Test Suite for Testing Remote Access VPN on VPC. 
> 
> I successfully automated the following components:
> 
> 1.VPN Client Installation on Linux
> 2.Component that efficiently verifies Remote VPN Access between client and 
> the Server.
> 3.Developed a component that automates VPN Client Configuration and services.
> 4.Test Cases of the Feature
> 5.Tested the Code multiple times on XenServer and fixed the bugs.
> 6.Requirement on VMWare: Default Template should be CentOS 5.5 or higher for 
> the test suite to work. VPN Client cannot be installed on CentOS 5.3 Default 
> Template on VMWare.
> 
> 
> Diffs
> -
> 
>   test/integration/component/test_remotevpn_vpc.py PRE-CREATION 
> 
> Diff: https://reviews.apache.org/r/16867/diff/
> 
> 
> Testing
> ---
> 
> Test case no : Enable VPN for Public IP Address on the VPC ... ok
> Test case no : Remote a VPN User ... ok
> Test case no : Add a Different VPN User and Test Access with already existing 
> VPN User ... ok
> Test case no : Add a Previously Removed VPN User from the VPC and Test the 
> VPN Connectivity ... ok
> Test case no : Disable the VPN Service on the VPC ... ok
> Test case no : Enabled Previously Dsiabled VPN Access to VPC. ... ok
> Test case no : Create Nine VPN Users to test the remote.vpn.user.limit=8 
> Configuration parameter ... ok
> 
> --
> Ran 7 tests in 645.787s
> 
> OK
> 
> 
> File Attachments
> 
> 
> 0001-Test-Suite-for-Remote-Access-VPN-on-VPC.patch
>   
> https://reviews.apache.org/media/uploaded/files/2014/01/14/c6d3f593-d0eb-407c-aad2-574ebf9ca0f8__0001-Test-Suite-for-Remote-Access-VPN-on-VPC.patch
> 
> 
> Thanks,
> 
> Chandan Purushothama
> 
>

[DISCUSS] Potential removal of OpenJDK and Tomcat from Ubuntu main

[Wido den Hollander]

Hi,

James Page from Canonical just pointed me to a thread [0] on the Ubuntu 
Cloud list where the discussion started to remove OpenJDK7/Tomcat from 
Ubuntu main.


He asked me what the impact would be regarding to CloudStack if users 
would have to fetch OpenJDK and Tomcat from a 3rd party repo, so I 
quickly responded that it would hurt the Ubuntu users running CloudStack.


For now it looks like OpenJDK and Tomcat will stay in Ubuntu's main 
repository, but for me it sparked the discussion again around Java 7.


We can be pretty sure that distributions will be dropping Java 6 pretty 
soon, so want to change the Maven settings to force Java 7 in the master 
repository.


We should also start testing with Tomcat 7 since we can expect Ubuntu 
14.04 (the next LTS) to only have that tomcat version.


We've been over the Java 7 switch over and over, so I recommend we 
simply switch master.


I'll start a different thread about that later with a ANNOUNCE in it.

Wido

[0]: https://lists.ubuntu.com/archives/ubuntu-devel/2014-January/037991.html

Re: [DISCUSS] Potential removal of OpenJDK and Tomcat from Ubuntu main

[David Nalley]

On Wed, Jan 22, 2014 at 4:53 PM, Wido den Hollander  wrote:
> Hi,
>
> James Page from Canonical just pointed me to a thread [0] on the Ubuntu
> Cloud list where the discussion started to remove OpenJDK7/Tomcat from
> Ubuntu main.
>
> He asked me what the impact would be regarding to CloudStack if users would
> have to fetch OpenJDK and Tomcat from a 3rd party repo, so I quickly
> responded that it would hurt the Ubuntu users running CloudStack.
>
> For now it looks like OpenJDK and Tomcat will stay in Ubuntu's main
> repository, but for me it sparked the discussion again around Java 7.
>
> We can be pretty sure that distributions will be dropping Java 6 pretty
> soon, so want to change the Maven settings to force Java 7 in the master
> repository.
>
> We should also start testing with Tomcat 7 since we can expect Ubuntu 14.04
> (the next LTS) to only have that tomcat version.
>
> We've been over the Java 7 switch over and over, so I recommend we simply
> switch master.
>
> I'll start a different thread about that later with a ANNOUNCE in it.
>
> Wido
>
> [0]: https://lists.ubuntu.com/archives/ubuntu-devel/2014-January/037991.html


No disagreement re Tomcat7/JDK7

So forgive my ignorance. But isn't universe available by default? (I
am not an Ubuntu-ite - so I understand main to be what Canonical
supports and maintains very actively, and universe is what the
community and non-Canonical supported packages land. Is that
understanding correct? )

If my understanding is correct; users might be using a JDK with
security issues (which is its own set of problems) but they'd still
have a JDK accessible?

--David

Re: Adding Redundant Routers to VPCs

[Sheng Yang]

On Wed, Jan 22, 2014 at 12:25 PM, Karl Harris wrote:

> Hope I get this thread correct.
>
> On Wed, Jan 22, 2014 at 2:55 PM, Sheng Yang  wrote:
>
> > Again, Karl, please keep the relevant things in ONE mail thread.
> >
> > Please don't start one thread every time you posted in the community.
> >
> > You can simply reply the thread you posted before, address people's
> > comment, and also would keep the people involved know what's going on.
> >
> > On Wed, Jan 22, 2014 at 10:02 AM, Karl Harris  > >wrote:
> >
> > > Comments/Critiques/Additions to this list as well as implementation
> > > suggestions are requested.
> > >
> > >
> > > After looking at the differences between Public cloud routing and
> Virtual
> > > Private Cloud Routing it appears the main differences are:
> > >
> > >
> > > Public Cloud   VPC
> > >
> > > One private network connection   Multiple (1…n) private
> > > networks (tiers?)
> > >
> > > Single router/1 NIC public/1 NIC private Single router/ 1 NIC
> public/
> > > (1….n) NIC private (tiers?)
> > >
> > >
> > >
> > > Additional/Needed functionality for redundant VPC routers:
> > >
> > >
> > > Router pairs must be initialized (master/backup) with the same
> > > functionality (NAT,DNS,etc).
> > >
> >
> > Yes. And the backup's service would be disabled temporarily.
>
>
> > >
> > > Router pairs must be initialized with the same number of NIC both
> public
> > > and private on each router.
> > >
> >
> > Yes.
> >
> >
> > >
> > > Unique IP's must be available for each NIC on both master and backup
> > > routers using CIDR(s) configured in VPC private network.
> > >
> >
> > You meant, same IP? Except the control(link local) ip.
> >
>
> Yes unique IP for the control ip on both master and backup.
>
> Am I correct to assume an ARP flush, after the backup router is enabled,
> remaps the public, private(may be multiple) and site-site VPN
> IP's to the appropriate MAC addresses on the backup router (the IP's would
> be the same as the master) to the appropriate virtual routers NICs? If this
> is true then yes same IP's, using the appropriate CIDR, for each of the
> non-control IP addresses.
>

The public nic's MAC would be the same as the MASTER(even we would do
gratuitous ARP), but the mac of private nics won't be the same.

The remain the same MAC for public nic would make it much easier for
upstream router/switch, also would help on some corner case e.g. MASTER
only lost connection temporarily, the BACKUP router would still able to
yield to original MASTER even after ARP of BACKUP router has been sent.

Private NIC won't be the same, because two routers are communicating
through the private nics. They own different IPs e.g. 10.1.1.3 and
10.1.1.4, but only the MASTER would own 10.1.1.1 and acting as gateway. The
failover process is basically the other router would gain 10.1.1.1 as well.

One issue for VPC is we need to find a way for two routers to communicate.
We originally run VRRP on private network, but in VPC case, it's possible
no private network available when VPC created. So I think that would be big
issue for implementation.

--Sheng

>
>
> >
> > >
> > > It appears most of the changes functional will be inside the Java
> class:
> > > VpcVirtualNetworkApplianceManagerImpl
> > >
> >
> > Lots of work would be in the VR script as well, since eth2 is no longer
> > assumed public nic.
> >
> Thanks I need to look at the VR script.
>
> >
> > --Sheng
> >
> >
> > >
> > > Have I missed any critical differences?
> > >
> > >
> > >
> > >
> > >
> > > Karl Harris
> > >
> > > Cloud Software Engineer
> > >
> > > Sungard Availability Systems
> > >
> > >
> > >
> > >
> > > Listed below, lifted from the CloudStack Documentation, are the
> > > characteristics of a VPC as a reference:
> > >
> > > *Major Components of a VPC:*
> > >
> > > A VPC is comprised of the following network components:
> > >
> > >- *VPC*: A VPC acts as a container for multiple isolated networks
> that
> > >can communicate with each other via its virtual router.
> > >- *Network Tiers*: Each tier acts as an isolated network with its
> own
> > >VLANs and CIDR list, where you can place groups of resources, such
> as
> > > VMs.
> > >The tiers are segmented by means of VLANs. The NIC of each tier acts
> > as
> > > its
> > >gateway.
> > >- *Virtual Router*: A virtual router is automatically created and
> > >started when you create a VPC. The virtual router connect the tiers
> > and
> > >direct traffic among the public gateway, the VPN gateways, and the
> NAT
> > >instances. For each tier, a corresponding NIC and IP exist in the
> > > virtual
> > >router. The virtual router provides DNS and DHCP services through
> its
> > > IP.
> > >- *Public Gateway*: The traffic to and from the Internet routed to
> the
> > >VPC through the public gateway. In a VPC, the public gateway is not
> > > exposed
> > >to the end user; therefore, static 

Re: Adding Redundant Routers to VPCs

[Daan Hoogland]

On Wed, Jan 22, 2014 at 11:10 PM, Sheng Yang  wrote:
>> > > Public Cloud   VPC
>> > >
>> > > One private network connection   Multiple (1…n) private
>> > > networks (tiers?)
>> > >
>> > > Single router/1 NIC public/1 NIC private Single router/ 1 NIC
>> public/
>> > > (1….n) NIC private (tiers?)
>> > >


I am not sure if you missed it Karl but there is the additional
private gateway nic on the vpc router. I suggested it would be a
reservation in the future. Right now it is allocated as it is used,
meaning that it might become eth4 or eth6 depending on how many
networks where instantiated before.

regards,
Daan

Re: VmWare SDK to vijava

[Chiradeep Vittal]

Reached out to @strikesme and @danwendlandt

On 1/21/14 10:14 PM, "Hugo Trippaers" 
wrote:

>We are now again at the exact same point as where Darren was.
>
>This is the legal ticket relevant to the license discussion:
>https://issues.apache.org/jira/plugins/servlet/mobile#issue/LEGAL-180
>
>Either we get an ok from legal or we need to find an alternative. Kelven,
>Chiradeep, are you guys going to chase this ticket?
>
>Hugo
>
>Sent from my iPhone
>
>> On 22 jan. 2014, at 07:04, "Hugo Trippaers"  wrote:
>> 
>> Kelven, Chiradeep,
>> 
>> What license governs the redistribution, what do we include in our
>>notice file and is that license compatible with the ASF license policy?
>> 
>> Hugo
>> 
>> Sent from my iPhone
>> 
>>> On 22 jan. 2014, at 00:44, Kelven Yang  wrote:
>>> 
>>> Q. Can I redistribute the VI SDK libraries and sample code?
>>> A. You can redistribute only those parts of the SDK package that have
>>>been
>>> designated as ³distributable code².
>>> In VI SDK 2.5, the following components can be redistributed: vim.jar,
>>> vim25.jar. To note developers typically generate web service stubs from
>>> the WSDL file that is included in the VI SDK using a SOAP toolkit.
>>> 
> The stubs source and the compiled stubs can also be distributed.
>>> 
>>> 
>>> Could this solve our license problem, we discussed before that
>>>generating
>>> our own java stub can give us flexibility to support co-existence of
>>> different versions of VMware web service API inside CloudStack.
>>> 
>>> If we see this as urgency, we need to have someone work on to put WSDL
>>> generation process to maven build
>>> 
>>> For latest names of VI SDK libraries that can be redistributed visit
>>> http://vmware.com/go/sdk-redistribution-info
>>> 
>>> 
>>> 
>>> On 1/21/14, 3:18 PM, "Chiradeep Vittal" 
>>> wrote:
>>> 
 Apparently we can
 https://communities.vmware.com/docs/DOC-7983
 http://markmail.org/thread/ttamcfb4d6azzbw7
 
 
> On 1/21/14 2:46 PM, "Hugo Trippaers"  wrote:
> 
> Chiradeep,
> 
> Even on the generated sources nobody seems willing to state that it
>is ok
> to include them at the moment. Otherwise I would have put them in
> already.
> 
> Hugo
> 
> Sent from my iPhone
> 
>> On 21 jan. 2014, at 19:32, Chiradeep Vittal
>>  wrote:
>> 
>> Suboptimal for?
>> Wouldn't the ACS user want the best / supported client libraries?
>> Alternatively, can't we just compile the WSDL and check in the
>> generated
>> sources? Not check-in the WSDL, but the client sources.
>> 
>>> On 1/21/14 7:18 AM, "David Nalley"  wrote:
>>> 
>>> On Tue, Jan 21, 2014 at 9:46 AM, Chip Childers
>>> 
>>> wrote:
 I bet we never got an answer. Frankly, I'd like to see us use
 something where the licensing is clear.  That, or we don't include
 the
 WSDL in our repo / distro.
>>> 
>>> Additionally, we are an open source project that is in the
>>>business of
>>> producing open source software. Depending on non-free and
>>> non-opensource libraries is suboptimal, but its worse when there
>>>is a
>>> open source alternative.
>>> 
>>> --David
>>> 

RE: 4.3.0 patch request (CLOUDSTACK-5438)

[Animesh Chaturvedi]

Done, should see an RC build soon

-Original Message-
From: David Nalley [mailto:da...@gnsa.us] 
Sent: Wednesday, January 22, 2014 9:43 AM
To: dev@cloudstack.apache.org
Subject: 4.3.0 patch request (CLOUDSTACK-5438)

Animesh, et al:

Please consider cherry-picking
78f62c63479a81383ff8957a12c88ee4c181cfda from 4.3-forward if you haven't cut 
the release yet.

--David

RE: Xapi version in pom.xml updated erroneously

[Animesh Chaturvedi]

-Original Message-
From: Daan Hoogland [mailto:daan.hoogl...@gmail.com] 
Sent: Wednesday, January 22, 2014 6:27 AM
To: dev
Subject: Re: Xapi version in pom.xml updated erroneously

Are you using the revert process or the one that makes a branch for the 
release? (is my commit the latest on the build_asf.sh script?)


[Animesh] Your changes are not in 4.3 and only in master so I guess it is the 
revert process. This was not an issue for 4.2 RC builds that I had created 
though. 


On Wed, Jan 22, 2014 at 5:15 AM, Animesh Chaturvedi 
 wrote:
> While building the ACS 4.3 RC  I ran into the same issue as seen by 
> Abhi for 4.2.1
>
> Build_asf.sh messes the XAPI version. I have reopened CLOUDSTACK-4827
>
>
>>(2) the xapi version in deps/XenServerJava/pom.xml should not be 
>>changed when you bump the version from 4.2.1-SNAPSHOT to 4.2.1. (see
>>CLOUDSTACK-4827)
>
> Ok, I can see that the build script is trying to revert back the version to 
> 4.2.1-SNAPSHOT but in the final build the version is not reverted.
> Will be checking what is causing that.
>
> -abhi
>

RE: 4.3.0 Patch Request (CLOUDSTACK-5873)

[Animesh Chaturvedi]

Done

-Original Message-
From: Mike Tutkowski [mailto:mike.tutkow...@solidfire.com] 
Sent: Wednesday, January 22, 2014 10:15 AM
To: dev@cloudstack.apache.org
Subject: 4.3.0 Patch Request (CLOUDSTACK-5873)

Please consider cherry picking the following from 4.3-forward:

0679af343453bf888f0ddefdd36937713aacbc28

Thanks!

-- 
*Mike Tutkowski*
*Senior CloudStack Developer, SolidFire Inc.*
e: mike.tutkow...@solidfire.com
o: 303.746.7302
Advancing the way the world uses the
cloud
*(tm)*

Presentation (GUI) Question

[Mike Tutkowski]

Hi,

I was wondering if we had any plans in the near future to order information
in our tables, combo boxes, etc. in some expected way by default?

For example, I recently created five VMs: VM-1, VM-2, VM-3, VM-4, and VM-5
(created in that order).

When I go to attach a disk to VM-2, for example, the combo box shows the
VMs from top to bottom in this order: VM-3, VM-2, VM-1, VM-5, and VM-4.

Volumes in the volumes table under the Storage tab also have an un-expected
way of being listed.

This appears to be a general-purpose issue throughout the GUI (not just
related to VMs and storage).

If this is already an issue someone has written a ticket for, great;
otherwise, I could write up a ticket.

Thanks

-- 
*Mike Tutkowski*
*Senior CloudStack Developer, SolidFire Inc.*
e: mike.tutkow...@solidfire.com
o: 303.746.7302
Advancing the way the world uses the
cloud
*™*

Master build failing with LICENSE error

[Rayees Namathponnan]

Master build failing with below error, any one faced this?


[ERROR] Failed to execute goal com.mycila:license-maven-plugin:2.5:check 
(cloudstack-checklicence) on project cloud-plugin-network-nvp: Resource 
LICENSE.header   not found in file system, classpath or URL: no protocol: 
LICENSE.header -> [Help   1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e 
switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please 
read the following articles:
[ERROR] [Help 1] 
http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR]   mvn  -rf :cloud-plugin-network-nvp



Regards,
Rayees

Re: Master build failing with LICENSE error

[Alena Prokharchyk]

I am seeing it too.

On 1/22/14, 3:23 PM, "Rayees Namathponnan"
 wrote:

>Master build failing with below error, any one faced this?
>
>
>[ERROR] Failed to execute goal com.mycila:license-maven-plugin:2.5:check
>(cloudstack-checklicence) on project cloud-plugin-network-nvp: Resource
>LICENSE.header   not found in file system, classpath or URL: no protocol:
>LICENSE.header -> [Help   1]
>[ERROR]
>[ERROR] To see the full stack trace of the errors, re-run Maven with the
>-e switch.
>[ERROR] Re-run Maven using the -X switch to enable full debug logging.
>[ERROR]
>[ERROR] For more information about the errors and possible solutions,
>please read the following articles:
>[ERROR] [Help 1] 
>http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
>[ERROR]
>[ERROR] After correcting the problems, you can resume the build with the
>command
>[ERROR]   mvn  -rf :cloud-plugin-network-nvp
>
>
>
>Regards,
>Rayees

[ISSUES] Master VMware is broken

[Kelven Yang]

Master VMware was broken by this commit

author  Hugo 
Trippaers
 

Wed, 22 Jan 2014 08:34:46 + (09:34 +0100)
committer   Hugo 
Trippaers
 

Wed, 22 Jan 2014 08:37:34 + (09:37 +0100)
commit  b20add810e5751f53946f695b6223a8016f104a5
tree
89e7e66704b09959bc5d77e4e20562e6dcc05306

tree
 | 
snapshot
parent  
86124138a1a9129dedaf0f73fcd570156bfe53f6
  
commit
 | 
diff
Get rid of compiler warnings in vmware-base

Min and I spent two hours on this to trace down the cause,  Hugo, please do 
test before check-in even if it seems like to remove compiler warning, but 
because of the tricky business with Java generics, it does cause problem at 
runtime

One of the problem comes from following code, please checkout my comments below.

-Kelven


import org.apache.log4j.Logger;

@@ 
-144,6
 
+144,7
 @@ public class VmwareClient {
 ServiceContent serviceContent = 
vimPort.retrieveServiceContent(svcInstRef);

 // Extract a cookie. See vmware sample program 
com.vmware.httpfileaccess.GetVMFiles
+@SuppressWarnings("unchecked")
 Map> headers = (Map>)((BindingProvider)vimPort).getResponseContext().get(MessageContext.HTTP_RESPONSE_HEADERS);
 List cookies = headers.get("Set-cookie");
 String cookieValue = cookies.get(0);
@@ 
-256,17
 
+257,18
 @@ public class VmwareClient {
  * @throws Exception
  * in case of error.
  */
-public Object getDynamicProperty(ManagedObjectReference mor, String 
propertyName) throws Exception {
+@SuppressWarnings("unchecked")
+public  T getDynamicProperty(ManagedObjectReference mor, String 
propertyName) throws Exception {
 List props = new ArrayList();
 props.add(propertyName);
 List objContent = retrieveMoRefProperties(mor, props);



-Object propertyValue = null;
+T propertyValue = null;

[Kelven] This is a wrong change, since propertyValue is intermediate variable 
that could have type that is different than the returning type. It will 
eventually cause getDeclaredMethod() call to fail at runtime


 if (objContent != null && objContent.size() > 0) {
 List dynamicProperty = 
objContent.get(0).getPropSet();
 if (dynamicProperty != null && dynamicProperty.size() > 0) {
 DynamicProperty dp = dynamicProperty.get(0);
-propertyValue = dp.getVal();
+propertyValue = (T)dp.getVal();
 /*
  * If object is ArrayOfXXX object, then get the XXX[] by
  * invoking getXXX() on the object.
@@ 
-274,13

Re: [ISSUES] Master VMware is broken

[Min Chen]

FYI, I checked in a fix 206c35c620a8e7a707f371e5a9e5dfd795912f5b for this
to unblock my testing.

Thanks
-min

On 1/22/14 5:43 PM, "Kelven Yang"  wrote:

>Master VMware was broken by this commit
>
>author  Hugo 
>Trippaersh;h=b20add810e5751f53946f695b6223a8016f104a5;s=Hugo+Trippaers;st=author>
>cloudstack.git;a=search;h=b20add810e5751f53946f695b6223a8016f104a5;s=htrip
>pa...@schubergphilis.com;st=author>
>Wed, 22 Jan 2014 08:34:46 + (09:34 +0100)
>committer   Hugo
>Trippaersh;h=b20add810e5751f53946f695b6223a8016f104a5;s=Hugo+Trippaers;st=committer
>> 
>>>=cloudstack.git;a=search;h=b20add810e5751f53946f695b6223a8016f104a5;s=htr
>>ippa...@schubergphilis.com;st=committer>
>Wed, 22 Jan 2014 08:37:34 + (09:37 +0100)
>commit  b20add810e5751f53946f695b6223a8016f104a5
>tree
>89e7e66704b09959bc5d77e4e20562e6dcc05306os/asf?p=cloudstack.git;a=tree;h=89e7e66704b09959bc5d77e4e20562e6dcc05306;
>hb=b20add810e5751f53946f695b6223a8016f104a5>
>tree7e66704b09959bc5d77e4e20562e6dcc05306;hb=b20add810e5751f53946f695b6223a801
>6f104a5> | 
>snapshotot;h=b20add810e5751f53946f695b6223a8016f104a5;sf=tgz>
>parent  
>86124138a1a9129dedaf0f73fcd570156bfe53f6os/asf?p=cloudstack.git;a=commit;h=86124138a1a9129dedaf0f73fcd570156bfe53f
>6>  
>commit=86124138a1a9129dedaf0f73fcd570156bfe53f6> |
>diff;h=b20add810e5751f53946f695b6223a8016f104a5;hp=86124138a1a9129dedaf0f73fcd
>570156bfe53f6>
>Get rid of compiler warnings in vmware-base
>
>Min and I spent two hours on this to trace down the cause,  Hugo, please
>do test before check-in even if it seems like to remove compiler warning,
>but because of the tricky business with Java generics, it does cause
>problem at runtime
>
>One of the problem comes from following code, please checkout my comments
>below.
>
>-Kelven
>
>
>import org.apache.log4j.Logger;
>
>@@ 
>-144,6mware-base/src/com/cloud/hypervisor/vmware/util/VmwareClient.java;h=3c2c81
>d8a5ea3e242a6407ab5a0d2710fa1d0b73;hb=3c2c81d8a5ea3e242a6407ab5a0d2710fa1d
>0b73#l144> 
>+144,7mware-base/src/com/cloud/hypervisor/vmware/util/VmwareClient.java;h=e81665
>f71b76a3772b13dae5cc0733d26220c64a;hb=e81665f71b76a3772b13dae5cc0733d26220
>c64a#l144> @@ public class VmwareClient {
> ServiceContent serviceContent =
>vimPort.retrieveServiceContent(svcInstRef);
>
> // Extract a cookie. See vmware sample program
>com.vmware.httpfileaccess.GetVMFiles
>+@SuppressWarnings("unchecked")
> Map> headers = (MapList>)((BindingProvider)vimPort).getResponseContext().get(MessageC
>ontext.HTTP_RESPONSE_HEADERS);
> List cookies = headers.get("Set-cookie");
> String cookieValue = cookies.get(0);
>@@ 
>-256,17vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareClient.java;h=3c2c8
>1d8a5ea3e242a6407ab5a0d2710fa1d0b73;hb=3c2c81d8a5ea3e242a6407ab5a0d2710fa1
>d0b73#l256> 
>+257,18vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareClient.java;h=e8166
>5f71b76a3772b13dae5cc0733d26220c64a;hb=e81665f71b76a3772b13dae5cc0733d2622
>0c64a#l257> @@ public class VmwareClient {
>  * @throws Exception
>  * in case of error.
>  */
>-public Object getDynamicProperty(ManagedObjectReference mor, String
>propertyName) throws Exception {
>+@SuppressWarnings("unchecked")
>+public  T getDynamicProperty(ManagedObjectReference mor, String
>propertyName) throws Exception {
> List props = new ArrayList();
> props.add(propertyName);
> List objContent = retrieveMoRefProperties(mor,
>props);
>
>
>
>-Object propertyValue = null;
>+T propertyValue = null;
>
>[Kelven] This is a wrong change, since propertyValue is intermediate
>variable that could have type that is different than the returning type.
>It will eventually cause getDeclaredMethod() call to fail at runtime
>
>
> if (objContent != null && objContent.size() > 0) {
> List dynamicProperty =
>objContent.get(0).getPropSet();
> if (dynamicProperty != null && dynamicProperty.size() > 0) {
> DynamicProperty dp = dynamicProperty.get(0);
>-propertyValue = dp.getVal();
>+propert

Re: Master build failing with LICENSE error

[Nitin Mehta]

I am seeing this as well.

On 22/01/14 4:43 PM, "Alena Prokharchyk" 
wrote:

>I am seeing it too.
>
>On 1/22/14, 3:23 PM, "Rayees Namathponnan"
> wrote:
>
>>Master build failing with below error, any one faced this?
>>
>>
>>[ERROR] Failed to execute goal com.mycila:license-maven-plugin:2.5:check
>>(cloudstack-checklicence) on project cloud-plugin-network-nvp: Resource
>>LICENSE.header   not found in file system, classpath or URL: no protocol:
>>LICENSE.header -> [Help   1]
>>[ERROR]
>>[ERROR] To see the full stack trace of the errors, re-run Maven with the
>>-e switch.
>>[ERROR] Re-run Maven using the -X switch to enable full debug logging.
>>[ERROR]
>>[ERROR] For more information about the errors and possible solutions,
>>please read the following articles:
>>[ERROR] [Help 1] 
>>http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
>>[ERROR]
>>[ERROR] After correcting the problems, you can resume the build with the
>>command
>>[ERROR]   mvn  -rf :cloud-plugin-network-nvp
>>
>>
>>
>>Regards,
>>Rayees
>

https://issues.apache.org is down ?

[Rayees Namathponnan]

I am able to access the URL https://issues.apache.org, but issues filter is not 
working.

Regards,
Rayees

Weird IP address allocation in 4.3

[Mike Tutkowski]

Hi,

I was wondering if someone who deals with networking in CloudStack might
know something about this.

I have a development setup with one zone, one pod, and three clusters (one
VMware, one XenServer, and one KVM).

The IP addresses I've given to CloudStack span from 192.168.128.20 to
192.168.128.30 (just 11 addresses).

http://i.imgur.com/3SAn98W.png

http://i.imgur.com/cZ1pLun.png
Somehow one of my VMs was assigned the IP address 192.168.128.118 (outside
of the range above).

http://imgur.com/TeRMEf9
The zone is using basic networking.

The issue is in my VMware cluster (two hosts in this cluster).

Thanks!

-- 
*Mike Tutkowski*
*Senior CloudStack Developer, SolidFire Inc.*
e: mike.tutkow...@solidfire.com
o: 303.746.7302
Advancing the way the world uses the
cloud
*™*

Re: Weird IP address allocation in 4.3

[Mike Tutkowski]

The IP address that CloudStack says is assigned to VM i-2-11-VM
(192.168.128.28) does not appear to be assigned to any VM in the system
(user or system VM).


On Wed, Jan 22, 2014 at 9:59 PM, Mike Tutkowski <
mike.tutkow...@solidfire.com> wrote:

> Hi,
>
> I was wondering if someone who deals with networking in CloudStack might
> know something about this.
>
> I have a development setup with one zone, one pod, and three clusters (one
> VMware, one XenServer, and one KVM).
>
> The IP addresses I've given to CloudStack span from 192.168.128.20 to
> 192.168.128.30 (just 11 addresses).
>
> http://i.imgur.com/3SAn98W.png
>
> http://i.imgur.com/cZ1pLun.png
> Somehow one of my VMs was assigned the IP address 192.168.128.118 (outside
> of the range above).
>
> http://imgur.com/TeRMEf9
> The zone is using basic networking.
>
> The issue is in my VMware cluster (two hosts in this cluster).
>
> Thanks!
>
> --
> *Mike Tutkowski*
> *Senior CloudStack Developer, SolidFire Inc.*
> e: mike.tutkow...@solidfire.com
> o: 303.746.7302
> Advancing the way the world uses the 
> cloud
> *™*
>



-- 
*Mike Tutkowski*
*Senior CloudStack Developer, SolidFire Inc.*
e: mike.tutkow...@solidfire.com
o: 303.746.7302
Advancing the way the world uses the
cloud
*™*

Re: Weird IP address allocation in 4.3

[Mike Tutkowski]

Slight correction (this may have been obvious from one of my screen shots):
The VM with the address outside of the range I gave to CloudStack is in a
XenServer cluster.


On Wed, Jan 22, 2014 at 10:03 PM, Mike Tutkowski <
mike.tutkow...@solidfire.com> wrote:

> The IP address that CloudStack says is assigned to VM i-2-11-VM
> (192.168.128.28) does not appear to be assigned to any VM in the system
> (user or system VM).
>
>
> On Wed, Jan 22, 2014 at 9:59 PM, Mike Tutkowski <
> mike.tutkow...@solidfire.com> wrote:
>
>> Hi,
>>
>> I was wondering if someone who deals with networking in CloudStack might
>> know something about this.
>>
>> I have a development setup with one zone, one pod, and three clusters
>> (one VMware, one XenServer, and one KVM).
>>
>> The IP addresses I've given to CloudStack span from 192.168.128.20 to
>> 192.168.128.30 (just 11 addresses).
>>
>> http://i.imgur.com/3SAn98W.png
>>
>> http://i.imgur.com/cZ1pLun.png
>> Somehow one of my VMs was assigned the IP address 192.168.128.118
>> (outside of the range above).
>>
>> http://imgur.com/TeRMEf9
>> The zone is using basic networking.
>>
>> The issue is in my VMware cluster (two hosts in this cluster).
>>
>> Thanks!
>>
>> --
>> *Mike Tutkowski*
>>  *Senior CloudStack Developer, SolidFire Inc.*
>> e: mike.tutkow...@solidfire.com
>> o: 303.746.7302
>> Advancing the way the world uses the 
>> cloud
>> *™*
>>
>
>
>
> --
> *Mike Tutkowski*
> *Senior CloudStack Developer, SolidFire Inc.*
> e: mike.tutkow...@solidfire.com
> o: 303.746.7302
> Advancing the way the world uses the 
> cloud
> *™*
>



-- 
*Mike Tutkowski*
*Senior CloudStack Developer, SolidFire Inc.*
e: mike.tutkow...@solidfire.com
o: 303.746.7302
Advancing the way the world uses the
cloud
*™*

Location of the 4.3 System VM Templates

[Radhika Puthiyetath]

Hi,

Could someone please help me with the location of the System VM Templates for 
4.3 release ?

I am unable to access http://download.cloud.com. I assume that they are posted 
to templates directory.

Thanks
-Radhika

Re: Weird IP address allocation in 4.3

[Jayapal Reddy Uradi]

Hi Mike,

Can you please check the db table user_ip_address to see what are the ips 
addresses are there.
IP will be picked from this table.

Thanks,
Jayapal

On 23-Jan-2014, at 10:35 AM, Mike Tutkowski  
wrote:

> Slight correction (this may have been obvious from one of my screen shots):
> The VM with the address outside of the range I gave to CloudStack is in a
> XenServer cluster.
> 
> 
> On Wed, Jan 22, 2014 at 10:03 PM, Mike Tutkowski <
> mike.tutkow...@solidfire.com> wrote:
> 
>> The IP address that CloudStack says is assigned to VM i-2-11-VM
>> (192.168.128.28) does not appear to be assigned to any VM in the system
>> (user or system VM).
>> 
>> 
>> On Wed, Jan 22, 2014 at 9:59 PM, Mike Tutkowski <
>> mike.tutkow...@solidfire.com> wrote:
>> 
>>> Hi,
>>> 
>>> I was wondering if someone who deals with networking in CloudStack might
>>> know something about this.
>>> 
>>> I have a development setup with one zone, one pod, and three clusters
>>> (one VMware, one XenServer, and one KVM).
>>> 
>>> The IP addresses I've given to CloudStack span from 192.168.128.20 to
>>> 192.168.128.30 (just 11 addresses).
>>> 
>>> http://i.imgur.com/3SAn98W.png
>>> 
>>> http://i.imgur.com/cZ1pLun.png
>>> Somehow one of my VMs was assigned the IP address 192.168.128.118
>>> (outside of the range above).
>>> 
>>> http://imgur.com/TeRMEf9
>>> The zone is using basic networking.
>>> 
>>> The issue is in my VMware cluster (two hosts in this cluster).
>>> 
>>> Thanks!
>>> 
>>> --
>>> *Mike Tutkowski*
>>> *Senior CloudStack Developer, SolidFire Inc.*
>>> e: mike.tutkow...@solidfire.com
>>> o: 303.746.7302
>>> Advancing the way the world uses the 
>>> cloud
>>> *™*
>>> 
>> 
>> 
>> 
>> --
>> *Mike Tutkowski*
>> *Senior CloudStack Developer, SolidFire Inc.*
>> e: mike.tutkow...@solidfire.com
>> o: 303.746.7302
>> Advancing the way the world uses the 
>> cloud
>> *™*
>> 
> 
> 
> 
> -- 
> *Mike Tutkowski*
> *Senior CloudStack Developer, SolidFire Inc.*
> e: mike.tutkow...@solidfire.com
> o: 303.746.7302
> Advancing the way the world uses the
> cloud
> *™*

Re: Weird IP address allocation in 4.3

[Mike Tutkowski]

Hi Jayapal,

That table has 8 rows and includes IP addresses from 192.168.128.23 to
192.168.128.30 (which should be correct).

Thanks


On Wed, Jan 22, 2014 at 10:49 PM, Jayapal Reddy Uradi <
jayapalreddy.ur...@citrix.com> wrote:

> Hi Mike,
>
> Can you please check the db table user_ip_address to see what are the ips
> addresses are there.
> IP will be picked from this table.
>
> Thanks,
> Jayapal
>
> On 23-Jan-2014, at 10:35 AM, Mike Tutkowski 
> wrote:
>
> > Slight correction (this may have been obvious from one of my screen
> shots):
> > The VM with the address outside of the range I gave to CloudStack is in a
> > XenServer cluster.
> >
> >
> > On Wed, Jan 22, 2014 at 10:03 PM, Mike Tutkowski <
> > mike.tutkow...@solidfire.com> wrote:
> >
> >> The IP address that CloudStack says is assigned to VM i-2-11-VM
> >> (192.168.128.28) does not appear to be assigned to any VM in the system
> >> (user or system VM).
> >>
> >>
> >> On Wed, Jan 22, 2014 at 9:59 PM, Mike Tutkowski <
> >> mike.tutkow...@solidfire.com> wrote:
> >>
> >>> Hi,
> >>>
> >>> I was wondering if someone who deals with networking in CloudStack
> might
> >>> know something about this.
> >>>
> >>> I have a development setup with one zone, one pod, and three clusters
> >>> (one VMware, one XenServer, and one KVM).
> >>>
> >>> The IP addresses I've given to CloudStack span from 192.168.128.20 to
> >>> 192.168.128.30 (just 11 addresses).
> >>>
> >>> http://i.imgur.com/3SAn98W.png
> >>>
> >>> http://i.imgur.com/cZ1pLun.png
> >>> Somehow one of my VMs was assigned the IP address 192.168.128.118
> >>> (outside of the range above).
> >>>
> >>> http://imgur.com/TeRMEf9
> >>> The zone is using basic networking.
> >>>
> >>> The issue is in my VMware cluster (two hosts in this cluster).
> >>>
> >>> Thanks!
> >>>
> >>> --
> >>> *Mike Tutkowski*
> >>> *Senior CloudStack Developer, SolidFire Inc.*
> >>> e: mike.tutkow...@solidfire.com
> >>> o: 303.746.7302
> >>> Advancing the way the world uses the cloud<
> http://solidfire.com/solution/overview/?video=play>
> >>> *™*
> >>>
> >>
> >>
> >>
> >> --
> >> *Mike Tutkowski*
> >> *Senior CloudStack Developer, SolidFire Inc.*
> >> e: mike.tutkow...@solidfire.com
> >> o: 303.746.7302
> >> Advancing the way the world uses the cloud<
> http://solidfire.com/solution/overview/?video=play>
> >> *™*
> >>
> >
> >
> >
> > --
> > *Mike Tutkowski*
> > *Senior CloudStack Developer, SolidFire Inc.*
> > e: mike.tutkow...@solidfire.com
> > o: 303.746.7302
> > Advancing the way the world uses the
> > cloud
> > *™*
>
>


-- 
*Mike Tutkowski*
*Senior CloudStack Developer, SolidFire Inc.*
e: mike.tutkow...@solidfire.com
o: 303.746.7302
Advancing the way the world uses the
cloud
*™*

[VOTE] Apache CloudStack 4.3.0 (first round)

[Animesh Chaturvedi]

Hi All,



I've created a 4.3.0 release, with the following artifacts up for a

vote:



Git Branch and Commit SH:

https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=shortlog;h=refs/heads/4.3
Commit: 43d485c92d5919085cacb1cd0c7e78503ab9788a



List of changes:

https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob_plain;f=CHANGES;hb=4.3



Source release (checksums and signatures are available at the same

location):

https://dist.apache.org/repos/dist/dev/cloudstack/4.3.0/



PGP release keys (signed using 94BE0D7C):

https://dist.apache.org/repos/dist/release/cloudstack/KEYS



Testing instructions are here:

https://cwiki.apache.org/confluence/display/CLOUDSTACK/Release+test+procedure



Vote will be open for 72 hours.



For sanity in tallying the vote, can PMC members please be sure to indicate 
"(binding)" with their vote?



[ ] +1  approve

[ ] +0  no opinion

[ ] -1  disapprove (and reason why)

Re: Weird IP address allocation in 4.3

[Ahmad Emneina]

Mike, you might have another machine serving up DHCP on that network. If
thats the case get it to ignore cloudstack assigned mac addresses (06
prefix).


On Wed, Jan 22, 2014 at 9:53 PM, Mike Tutkowski <
mike.tutkow...@solidfire.com> wrote:

> Hi Jayapal,
>
> That table has 8 rows and includes IP addresses from 192.168.128.23 to
> 192.168.128.30 (which should be correct).
>
> Thanks
>
>
> On Wed, Jan 22, 2014 at 10:49 PM, Jayapal Reddy Uradi <
> jayapalreddy.ur...@citrix.com> wrote:
>
> > Hi Mike,
> >
> > Can you please check the db table user_ip_address to see what are the ips
> > addresses are there.
> > IP will be picked from this table.
> >
> > Thanks,
> > Jayapal
> >
> > On 23-Jan-2014, at 10:35 AM, Mike Tutkowski <
> mike.tutkow...@solidfire.com>
> > wrote:
> >
> > > Slight correction (this may have been obvious from one of my screen
> > shots):
> > > The VM with the address outside of the range I gave to CloudStack is
> in a
> > > XenServer cluster.
> > >
> > >
> > > On Wed, Jan 22, 2014 at 10:03 PM, Mike Tutkowski <
> > > mike.tutkow...@solidfire.com> wrote:
> > >
> > >> The IP address that CloudStack says is assigned to VM i-2-11-VM
> > >> (192.168.128.28) does not appear to be assigned to any VM in the
> system
> > >> (user or system VM).
> > >>
> > >>
> > >> On Wed, Jan 22, 2014 at 9:59 PM, Mike Tutkowski <
> > >> mike.tutkow...@solidfire.com> wrote:
> > >>
> > >>> Hi,
> > >>>
> > >>> I was wondering if someone who deals with networking in CloudStack
> > might
> > >>> know something about this.
> > >>>
> > >>> I have a development setup with one zone, one pod, and three clusters
> > >>> (one VMware, one XenServer, and one KVM).
> > >>>
> > >>> The IP addresses I've given to CloudStack span from 192.168.128.20 to
> > >>> 192.168.128.30 (just 11 addresses).
> > >>>
> > >>> http://i.imgur.com/3SAn98W.png
> > >>>
> > >>> http://i.imgur.com/cZ1pLun.png
> > >>> Somehow one of my VMs was assigned the IP address 192.168.128.118
> > >>> (outside of the range above).
> > >>>
> > >>> http://imgur.com/TeRMEf9
> > >>> The zone is using basic networking.
> > >>>
> > >>> The issue is in my VMware cluster (two hosts in this cluster).
> > >>>
> > >>> Thanks!
> > >>>
> > >>> --
> > >>> *Mike Tutkowski*
> > >>> *Senior CloudStack Developer, SolidFire Inc.*
> > >>> e: mike.tutkow...@solidfire.com
> > >>> o: 303.746.7302
> > >>> Advancing the way the world uses the cloud<
> > http://solidfire.com/solution/overview/?video=play>
> > >>> *™*
> > >>>
> > >>
> > >>
> > >>
> > >> --
> > >> *Mike Tutkowski*
> > >> *Senior CloudStack Developer, SolidFire Inc.*
> > >> e: mike.tutkow...@solidfire.com
> > >> o: 303.746.7302
> > >> Advancing the way the world uses the cloud<
> > http://solidfire.com/solution/overview/?video=play>
> > >> *™*
> > >>
> > >
> > >
> > >
> > > --
> > > *Mike Tutkowski*
> > > *Senior CloudStack Developer, SolidFire Inc.*
> > > e: mike.tutkow...@solidfire.com
> > > o: 303.746.7302
> > > Advancing the way the world uses the
> > > cloud
> > > *™*
> >
> >
>
>
> --
> *Mike Tutkowski*
> *Senior CloudStack Developer, SolidFire Inc.*
> e: mike.tutkow...@solidfire.com
> o: 303.746.7302
> Advancing the way the world uses the
> cloud
> *™*
>

Re: Review Request 16867: Test Suite for Testing Remote Access VPN on VPC

[Santhosh Edukulla]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/16867/#review32596
---



test/integration/component/test_remotevpn_vpc.py


This is still not unconvincing as test script connecting over wire to 
download few packages to get it working. We are not sure of network 
connectivity issues, package mirrors not working, has an issue etc. After few 
months of this script, issues could arise and we dont have checks to see what 
to do in case of this download failed. We are assuming that the installation 
went fine. You can assume one standard template for regression now and use 
those default packages. Time factor is one of those issues, other issues may 
still  arise. Also wrap this under try\except block.



test/integration/component/test_remotevpn_vpc.py


I still believe providing them external to test suite enhances readability, 
maintainability, less overhead in suite. Even now as well, the test script 
owner still has to alter the code here to get his desired configuration as such 
the script is hard coded here? If the intention is to alter the script content 
for fine tuning the vpn client, he can still  do it by reading through the file 
and altering the contents and storing back. Currently, there is no provision 
provided for editing the configuration through args\config, instead he has to 
alter the suite code directly. We can move to external files for now. 



test/integration/component/test_remotevpn_vpc.py


Also, many methods are provided to write the content to file, as mentioned 
in one of the comment move these content external to test code, if we still 
wanted to provide an option of writing to a file. 1 ) Provide one interface for 
writing content to a file by providing test file name, content to write and 
mode, rather multiple methods. 2) Move this as a library method under utils etc.



test/integration/component/test_remotevpn_vpc.py


ok, it mentions to add the below, look for line "and simply place at the 
end the special parameter $@". Also, will it work for all shells, dont we need 
to source anything before execution for this behavior to work? I believe its 
better to call based upon cmd line arguments for safer side. 


- Santhosh Edukulla


On Jan. 16, 2014, 7:12 p.m., Chandan Purushothama wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/16867/
> ---
> 
> (Updated Jan. 16, 2014, 7:12 p.m.)
> 
> 
> Review request for cloudstack, Girish Shilamkar, SrikanteswaraRao Talluri, 
> and Sheng Yang.
> 
> 
> Repository: cloudstack-git
> 
> 
> Description
> ---
> 
> Test Suite for Testing Remote Access VPN on VPC. 
> 
> I successfully automated the following components:
> 
> 1.VPN Client Installation on Linux
> 2.Component that efficiently verifies Remote VPN Access between client and 
> the Server.
> 3.Developed a component that automates VPN Client Configuration and services.
> 4.Test Cases of the Feature
> 5.Tested the Code multiple times on XenServer and fixed the bugs.
> 6.Requirement on VMWare: Default Template should be CentOS 5.5 or higher for 
> the test suite to work. VPN Client cannot be installed on CentOS 5.3 Default 
> Template on VMWare.
> 
> 
> Diffs
> -
> 
>   test/integration/component/test_remotevpn_vpc.py PRE-CREATION 
> 
> Diff: https://reviews.apache.org/r/16867/diff/
> 
> 
> Testing
> ---
> 
> Test case no : Enable VPN for Public IP Address on the VPC ... ok
> Test case no : Remote a VPN User ... ok
> Test case no : Add a Different VPN User and Test Access with already existing 
> VPN User ... ok
> Test case no : Add a Previously Removed VPN User from the VPC and Test the 
> VPN Connectivity ... ok
> Test case no : Disable the VPN Service on the VPC ... ok
> Test case no : Enabled Previously Dsiabled VPN Access to VPC. ... ok
> Test case no : Create Nine VPN Users to test the remote.vpn.user.limit=8 
> Configuration parameter ... ok
> 
> --
> Ran 7 tests in 645.787s
> 
> OK
> 
> 
> File Attachments
> 
> 
> 0001-Test-Suite-for-Remote-Access-VPN-on-VPC.patch
>   
> https://reviews.apache.org/media/uploaded/files/2014/01/14/c6d3f593-d0eb-407c-aad2-574ebf9ca0f8__0001-Test-Suite-for-Remote-Access-VPN-on-VPC.patch
> 
> 
> Thanks,
> 
> Chandan Purushothama
> 
>

Re: Weird IP address allocation in 4.3

[Mike Tutkowski]

That is an interesting possibility. Thanks, guys


On Wed, Jan 22, 2014 at 10:59 PM, Ahmad Emneina  wrote:

> Mike, you might have another machine serving up DHCP on that network. If
> thats the case get it to ignore cloudstack assigned mac addresses (06
> prefix).
>
>
> On Wed, Jan 22, 2014 at 9:53 PM, Mike Tutkowski <
> mike.tutkow...@solidfire.com> wrote:
>
> > Hi Jayapal,
> >
> > That table has 8 rows and includes IP addresses from 192.168.128.23 to
> > 192.168.128.30 (which should be correct).
> >
> > Thanks
> >
> >
> > On Wed, Jan 22, 2014 at 10:49 PM, Jayapal Reddy Uradi <
> > jayapalreddy.ur...@citrix.com> wrote:
> >
> > > Hi Mike,
> > >
> > > Can you please check the db table user_ip_address to see what are the
> ips
> > > addresses are there.
> > > IP will be picked from this table.
> > >
> > > Thanks,
> > > Jayapal
> > >
> > > On 23-Jan-2014, at 10:35 AM, Mike Tutkowski <
> > mike.tutkow...@solidfire.com>
> > > wrote:
> > >
> > > > Slight correction (this may have been obvious from one of my screen
> > > shots):
> > > > The VM with the address outside of the range I gave to CloudStack is
> > in a
> > > > XenServer cluster.
> > > >
> > > >
> > > > On Wed, Jan 22, 2014 at 10:03 PM, Mike Tutkowski <
> > > > mike.tutkow...@solidfire.com> wrote:
> > > >
> > > >> The IP address that CloudStack says is assigned to VM i-2-11-VM
> > > >> (192.168.128.28) does not appear to be assigned to any VM in the
> > system
> > > >> (user or system VM).
> > > >>
> > > >>
> > > >> On Wed, Jan 22, 2014 at 9:59 PM, Mike Tutkowski <
> > > >> mike.tutkow...@solidfire.com> wrote:
> > > >>
> > > >>> Hi,
> > > >>>
> > > >>> I was wondering if someone who deals with networking in CloudStack
> > > might
> > > >>> know something about this.
> > > >>>
> > > >>> I have a development setup with one zone, one pod, and three
> clusters
> > > >>> (one VMware, one XenServer, and one KVM).
> > > >>>
> > > >>> The IP addresses I've given to CloudStack span from 192.168.128.20
> to
> > > >>> 192.168.128.30 (just 11 addresses).
> > > >>>
> > > >>> http://i.imgur.com/3SAn98W.png
> > > >>>
> > > >>> http://i.imgur.com/cZ1pLun.png
> > > >>> Somehow one of my VMs was assigned the IP address 192.168.128.118
> > > >>> (outside of the range above).
> > > >>>
> > > >>> http://imgur.com/TeRMEf9
> > > >>> The zone is using basic networking.
> > > >>>
> > > >>> The issue is in my VMware cluster (two hosts in this cluster).
> > > >>>
> > > >>> Thanks!
> > > >>>
> > > >>> --
> > > >>> *Mike Tutkowski*
> > > >>> *Senior CloudStack Developer, SolidFire Inc.*
> > > >>> e: mike.tutkow...@solidfire.com
> > > >>> o: 303.746.7302
> > > >>> Advancing the way the world uses the cloud<
> > > http://solidfire.com/solution/overview/?video=play>
> > > >>> *™*
> > > >>>
> > > >>
> > > >>
> > > >>
> > > >> --
> > > >> *Mike Tutkowski*
> > > >> *Senior CloudStack Developer, SolidFire Inc.*
> > > >> e: mike.tutkow...@solidfire.com
> > > >> o: 303.746.7302
> > > >> Advancing the way the world uses the cloud<
> > > http://solidfire.com/solution/overview/?video=play>
> > > >> *™*
> > > >>
> > > >
> > > >
> > > >
> > > > --
> > > > *Mike Tutkowski*
> > > > *Senior CloudStack Developer, SolidFire Inc.*
> > > > e: mike.tutkow...@solidfire.com
> > > > o: 303.746.7302
> > > > Advancing the way the world uses the
> > > > cloud
> > > > *™*
> > >
> > >
> >
> >
> > --
> > *Mike Tutkowski*
> > *Senior CloudStack Developer, SolidFire Inc.*
> > e: mike.tutkow...@solidfire.com
> > o: 303.746.7302
> > Advancing the way the world uses the
> > cloud
> > *™*
> >
>



-- 
*Mike Tutkowski*
*Senior CloudStack Developer, SolidFire Inc.*
e: mike.tutkow...@solidfire.com
o: 303.746.7302
Advancing the way the world uses the
cloud
*™*

Re: Review Request 16178: CLOUDSTACK-2237: Automation - Adding new test cases for security group in advanced zone feature

[Santhosh Edukulla]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/16178/#review32598
---

Ship it!


Ship It!

- Santhosh Edukulla


On Jan. 14, 2014, 8:51 a.m., Ashutosh Kelkar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/16178/
> ---
> 
> (Updated Jan. 14, 2014, 8:51 a.m.)
> 
> 
> Review request for cloudstack, Girish Shilamkar, Santhosh Edukulla, and 
> SrikanteswaraRao Talluri.
> 
> 
> Bugs: CLOUDSTACK-2237
> https://issues.apache.org/jira/browse/CLOUDSTACK-2237
> 
> 
> Repository: cloudstack-git
> 
> 
> Description
> ---
> 
> Adding Automation tests for feature "Security Group Isolation in advanced 
> zone".
> 
> @Santhosh: Please check the change in configGenerator file. Made changes to 
> take relative path.
> 
> 
> Diffs
> -
> 
>   test/integration/component/test_advancedsg_networks.py 7f3a390 
>   tools/marvin/marvin/config/config.cfg 5849fe8 
> 
> Diff: https://reviews.apache.org/r/16178/diff/
> 
> 
> Testing
> ---
> 
> Tested locally on Advanced zone setup with security group enabled.
> 
> 
> Thanks,
> 
> Ashutosh Kelkar
> 
>

Re: Review Request 16780: Added new Configuration parameter to configuration table and checked for max value reached or not before acquiring an IP in a nic

[Damodar Reddy Talakanti]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/16780/
---

(Updated Jan. 23, 2014, 6:17 a.m.)


Review request for cloudstack, Abhinandan Prateek, Chiradeep Vittal, and 
Jayapal Reddy.


Changes
---

Enhanced the log message while max limit reached


Bugs: https://issues.apache.org/jira/browse/CLOUDSTACK-2031

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/CLOUDSTACK-2031


Repository: cloudstack-git


Description
---

support for number of ips per nic limit needs to be added for the multiple ip 
address per nic


Diffs (updated)
-

  api/src/org/apache/cloudstack/api/command/user/vm/AddIpToVmNicCmd.java 
b5e2239 
  engine/schema/src/com/cloud/vm/dao/NicSecondaryIpDao.java da96df4 
  engine/schema/src/com/cloud/vm/dao/NicSecondaryIpDaoImpl.java 3befaf7 
  server/src/com/cloud/configuration/Config.java d2713c0 
  server/src/com/cloud/network/NetworkServiceImpl.java d4310d4 
  setup/db/db/schema-421to430.sql 8bfec37 

Diff: https://reviews.apache.org/r/16780/diff/


Testing
---

Tested the same by changing default value from 256 to 2.
Also tested the new acquire of ip if number if IPs are less than in that nic 
than the max limit


Thanks,

Damodar Reddy Talakanti

Re: Location of the 4.3 System VM Templates

[Abhisek Basu]

I was able to get them from path like: 
http://download.cloud.com/templates/4.3/systemvm64template-2013-12-23-hyperv.vhd.bz2


Regards,

Abhisek

-Original Message- 
From: Radhika Puthiyetath

Sent: Thursday, January 23, 2014 11:15 AM
To: dev@cloudstack.apache.org
Subject: Location of the 4.3 System VM Templates

Hi,

Could someone please help me with the location of the System VM Templates 
for 4.3 release ?


I am unable to access http://download.cloud.com. I assume that they are 
posted to templates directory.


Thanks
-Radhika

Re: [ISSUES] Master VMware is broken

[Hugo Trippaers]

Sorry about that :-(  Thanks for finding and fixing it.

Where did you encounter the error? I wonder why i didn’t catch it with my tests 
against vmware.

Cheers,

Hugo

On 23 jan. 2014, at 03:01, Min Chen  wrote:

> FYI, I checked in a fix 206c35c620a8e7a707f371e5a9e5dfd795912f5b for this
> to unblock my testing.
> 
> Thanks
> -min
> 
> On 1/22/14 5:43 PM, "Kelven Yang"  wrote:
> 
>> Master VMware was broken by this commit
>> 
>> author  Hugo 
>> Trippaers> h;h=b20add810e5751f53946f695b6223a8016f104a5;s=Hugo+Trippaers;st=author>
>> > cloudstack.git;a=search;h=b20add810e5751f53946f695b6223a8016f104a5;s=htrip
>> pa...@schubergphilis.com;st=author>
>>   Wed, 22 Jan 2014 08:34:46 + (09:34 +0100)
>> committer   Hugo
>> Trippaers> h;h=b20add810e5751f53946f695b6223a8016f104a5;s=Hugo+Trippaers;st=committer
>>> 
>>> >> =cloudstack.git;a=search;h=b20add810e5751f53946f695b6223a8016f104a5;s=htr
>>> ippa...@schubergphilis.com;st=committer>
>>   Wed, 22 Jan 2014 08:37:34 + (09:37 +0100)
>> commit  b20add810e5751f53946f695b6223a8016f104a5
>> tree
>> 89e7e66704b09959bc5d77e4e20562e6dcc05306> os/asf?p=cloudstack.git;a=tree;h=89e7e66704b09959bc5d77e4e20562e6dcc05306;
>> hb=b20add810e5751f53946f695b6223a8016f104a5>
>> tree> 7e66704b09959bc5d77e4e20562e6dcc05306;hb=b20add810e5751f53946f695b6223a801
>> 6f104a5> | 
>> snapshot> ot;h=b20add810e5751f53946f695b6223a8016f104a5;sf=tgz>
>> parent  
>> 86124138a1a9129dedaf0f73fcd570156bfe53f6> os/asf?p=cloudstack.git;a=commit;h=86124138a1a9129dedaf0f73fcd570156bfe53f
>> 6>  
>> commit> =86124138a1a9129dedaf0f73fcd570156bfe53f6> |
>> diff> ;h=b20add810e5751f53946f695b6223a8016f104a5;hp=86124138a1a9129dedaf0f73fcd
>> 570156bfe53f6>
>> Get rid of compiler warnings in vmware-base
>> 
>> Min and I spent two hours on this to trace down the cause,  Hugo, please
>> do test before check-in even if it seems like to remove compiler warning,
>> but because of the tricky business with Java generics, it does cause
>> problem at runtime
>> 
>> One of the problem comes from following code, please checkout my comments
>> below.
>> 
>> -Kelven
>> 
>> 
>> import org.apache.log4j.Logger;
>> 
>> @@ 
>> -144,6> mware-base/src/com/cloud/hypervisor/vmware/util/VmwareClient.java;h=3c2c81
>> d8a5ea3e242a6407ab5a0d2710fa1d0b73;hb=3c2c81d8a5ea3e242a6407ab5a0d2710fa1d
>> 0b73#l144> 
>> +144,7> mware-base/src/com/cloud/hypervisor/vmware/util/VmwareClient.java;h=e81665
>> f71b76a3772b13dae5cc0733d26220c64a;hb=e81665f71b76a3772b13dae5cc0733d26220
>> c64a#l144> @@ public class VmwareClient {
>>ServiceContent serviceContent =
>> vimPort.retrieveServiceContent(svcInstRef);
>> 
>>// Extract a cookie. See vmware sample program
>> com.vmware.httpfileaccess.GetVMFiles
>> +@SuppressWarnings("unchecked")
>>Map> headers = (Map> List>)((BindingProvider)vimPort).getResponseContext().get(MessageC
>> ontext.HTTP_RESPONSE_HEADERS);
>>List cookies = headers.get("Set-cookie");
>>String cookieValue = cookies.get(0);
>> @@ 
>> -256,17> vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareClient.java;h=3c2c8
>> 1d8a5ea3e242a6407ab5a0d2710fa1d0b73;hb=3c2c81d8a5ea3e242a6407ab5a0d2710fa1
>> d0b73#l256> 
>> +257,18> vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareClient.java;h=e8166
>> 5f71b76a3772b13dae5cc0733d26220c64a;hb=e81665f71b76a3772b13dae5cc0733d2622
>> 0c64a#l257> @@ public class VmwareClient {
>> * @throws Exception
>> * in case of error.
>> */
>> -public Object getDynamicProperty(ManagedObjectReference mor, String
>> propertyName) throws Exception {
>> +@SuppressWarnings("unchecked")
>> +public  T getDynamicProperty(ManagedObjectReference mor, String
>> propertyName) throws Exception {
>>List props = new ArrayList();
>>props.add(propertyName);
>>List objContent = retrieveMoRefProperties(mor,
>> props);
>> 
>> 
>> 
>> -Object propertyValue = null;
>> +T propertyValue = null;
>> 
>> [Kelven] This is a wrong change, since propertyValue is intermediate
>> variable that could have type that is different than the returning type.
>> It will 

Re: Location of the 4.3 System VM Templates

[Hugo Trippaers]

The best location for the system vm images is 
http://jenkins.buildacloud.org/view/4.3/job/cloudstack-4.3-systemvm/. There we 
have the systemvm images that belong to the latest build agains the 4.3 tree. 
Look for the 'Last Successful Artifacts’ on that page.

Cheers,

Hugo


On 23 jan. 2014, at 07:30, Abhisek Basu  wrote:

> I was able to get them from path like: 
> http://download.cloud.com/templates/4.3/systemvm64template-2013-12-23-hyperv.vhd.bz2
> 
> Regards,
> 
> Abhisek
> 
> -Original Message- From: Radhika Puthiyetath
> Sent: Thursday, January 23, 2014 11:15 AM
> To: dev@cloudstack.apache.org
> Subject: Location of the 4.3 System VM Templates
> 
> Hi,
> 
> Could someone please help me with the location of the System VM Templates for 
> 4.3 release ?
> 
> I am unable to access http://download.cloud.com. I assume that they are 
> posted to templates directory.
> 
> Thanks
> -Radhika
> 

Re: Review Request 16780: Added new Configuration parameter to configuration table and checked for max value reached or not before acquiring an IP in a nic

[Damodar Reddy Talakanti]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/16780/
---

(Updated Jan. 23, 2014, 7:13 a.m.)


Review request for cloudstack, Abhinandan Prateek, Chiradeep Vittal, and 
Jayapal Reddy.


Changes
---

Added error log message


Bugs: https://issues.apache.org/jira/browse/CLOUDSTACK-2031

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/CLOUDSTACK-2031


Repository: cloudstack-git


Description
---

support for number of ips per nic limit needs to be added for the multiple ip 
address per nic


Diffs (updated)
-

  api/src/org/apache/cloudstack/api/command/user/vm/AddIpToVmNicCmd.java 
b5e2239 
  engine/schema/src/com/cloud/vm/dao/NicSecondaryIpDao.java da96df4 
  engine/schema/src/com/cloud/vm/dao/NicSecondaryIpDaoImpl.java 3befaf7 
  server/src/com/cloud/configuration/Config.java d2713c0 
  server/src/com/cloud/network/NetworkServiceImpl.java d4310d4 
  setup/db/db/schema-421to430.sql 8bfec37 

Diff: https://reviews.apache.org/r/16780/diff/


Testing
---

Tested the same by changing default value from 256 to 2.
Also tested the new acquire of ip if number if IPs are less than in that nic 
than the max limit


Thanks,

Damodar Reddy Talakanti

Review Request 17231: review request for master of defect CLOUDSTACJ-2031

[Damodar Reddy Talakanti]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/17231/
---

Review request for cloudstack and Jayapal Reddy.


Bugs: https://issues.apache.org/jira/browse/CLOUDSTACK-2031

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/CLOUDSTACK-2031


Repository: cloudstack-git


Description
---

This is for master branch of the review request 
https://reviews.apache.org/r/16780/


Diffs
-

  api/src/org/apache/cloudstack/api/command/user/vm/AddIpToVmNicCmd.java 
c0e8d3e 
  engine/schema/src/com/cloud/vm/dao/NicSecondaryIpDao.java 9fbfa27 
  engine/schema/src/com/cloud/vm/dao/NicSecondaryIpDaoImpl.java 2f3cc29 
  server/src/com/cloud/configuration/Config.java 9117bc4 
  server/src/com/cloud/network/NetworkServiceImpl.java 056190f 
  setup/db/db/schema-421to430.sql ccff7c1 

Diff: https://reviews.apache.org/r/17231/diff/


Testing
---


Thanks,

Damodar Reddy Talakanti

How to specify default network through API

[Gaurav Aradhye]

Hi all,

How can I specify the default network of the VM while deploying the VM in
multiple networks? The API "deployVirtualMachine" has "networkids"
parameter which takes list of network ids, but how does it decide the
default network?

Regards,
Gaurav

Re: How to specify default network through API

[Sheng Yang]

The first one in the list would be used as the default network, as design.

--Sheng


On Wed, Jan 22, 2014 at 11:27 PM, Gaurav Aradhye  wrote:

> Hi all,
>
> How can I specify the default network of the VM while deploying the VM in
> multiple networks? The API "deployVirtualMachine" has "networkids"
> parameter which takes list of network ids, but how does it decide the
> default network?
>
> Regards,
> Gaurav
>

Re: How to specify default network through API

[Gaurav Aradhye]

Thanks Sheng!

Regards,
Gaurav


On Thu, Jan 23, 2014 at 1:06 PM, Sheng Yang  wrote:

> The first one in the list would be used as the default network, as design.
>
> --Sheng
>
>
> On Wed, Jan 22, 2014 at 11:27 PM, Gaurav Aradhye <
> gaurav.arad...@clogeny.com
> > wrote:
>
> > Hi all,
> >
> > How can I specify the default network of the VM while deploying the VM in
> > multiple networks? The API "deployVirtualMachine" has "networkids"
> > parameter which takes list of network ids, but how does it decide the
> > default network?
> >
> > Regards,
> > Gaurav
> >
>

Build on 4.3-forward Fails: Shows Failure for Framework-Clustering

[Santhosh Edukulla]

Team,

1. We are seeing a build failure for latest 4.3-forward branch code. Below is 
the error message:

 Apache CloudStack Cloud Engine API  SUCCESS [2.351s]
[INFO] Apache CloudStack Core  SUCCESS [4.720s]
[INFO] Apache CloudStack Agents .. SUCCESS [4.663s]
[INFO] Apache CloudStack Framework - Clustering .. FAILURE [0.031s]
[INFO] Apache CloudStack Framework


INFO] 
[INFO] BUILD FAILURE
[INFO] 
[INFO] Total time: 41.245s
[INFO] Finished at: Thu Jan 23 18:16:58 IST 2014
[INFO] Final Memory: 44M/256M
[INFO] 
[ERROR] Failed to execute goal on project cloud-framework-cluster: Could not 
resolve dependencies for project 
org.apache.cloudstack:cloud-framework-cluster:jar:4.3.0: Failure to find 
org.apache.cloudstack:cloud-api:jar:tests:4.3.0 in 
http://repo.maven.apache.org/maven2 was cached in the local repository, 
resolution will not be reattempted until the update interval of central has 
elapsed or updates are forced -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e 
switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please 
read the following articles:
[ERROR] [Help 1] 
http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException

2. The above behavior was observed on few linux variants viz., 
rhel,centos,fedora. Tried on 3 different setups and the issue seems to be there 
on these 3 setups. On mac, it seems to work.

Tried few steps:
1. providing -U to mvn step
2. Deleted the mentioned package from the home directory m2../ , still the 
issue persists.

Regards,
Santhosh

RE: Build on 4.3-forward Fails: Shows Failure for Framework-Clustering

[Sanjeev Neelarapu]

I am also facing this issue.

-Sanjeev

-Original Message-
From: Santhosh Edukulla [mailto:santhosh.eduku...@citrix.com] 
Sent: Thursday, January 23, 2014 1:20 PM
To: dev@cloudstack.apache.org
Subject: Build on 4.3-forward Fails: Shows Failure for Framework-Clustering

Team,

1. We are seeing a build failure for latest 4.3-forward branch code. Below is 
the error message:

 Apache CloudStack Cloud Engine API  SUCCESS [2.351s] [INFO] 
Apache CloudStack Core  SUCCESS [4.720s] [INFO] 
Apache CloudStack Agents .. SUCCESS [4.663s] [INFO] 
Apache CloudStack Framework - Clustering .. FAILURE [0.031s] [INFO] 
Apache CloudStack Framework


INFO] 
[INFO] BUILD FAILURE
[INFO] 
[INFO] Total time: 41.245s
[INFO] Finished at: Thu Jan 23 18:16:58 IST 2014 [INFO] Final Memory: 44M/256M 
[INFO] 
[ERROR] Failed to execute goal on project cloud-framework-cluster: Could not 
resolve dependencies for project 
org.apache.cloudstack:cloud-framework-cluster:jar:4.3.0: Failure to find 
org.apache.cloudstack:cloud-api:jar:tests:4.3.0 in 
http://repo.maven.apache.org/maven2 was cached in the local repository, 
resolution will not be reattempted until the update interval of central has 
elapsed or updates are forced -> [Help 1] [ERROR] [ERROR] To see the full stack 
trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please 
read the following articles:
[ERROR] [Help 1] 
http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException

2. The above behavior was observed on few linux variants viz., 
rhel,centos,fedora. Tried on 3 different setups and the issue seems to be there 
on these 3 setups. On mac, it seems to work.

Tried few steps:
1. providing -U to mvn step
2. Deleted the mentioned package from the home directory m2../ , still the 
issue persists.

Regards,
Santhosh