date:20140827

See

Re: Review Request 22805: CLOUDSTACK-1466:Adding automation tests for Secondary Storage Limits



> On July 22, 2014, 12:19 p.m., sanjeev n wrote:
> > test/integration/component/test_ss_domain_limits.py, line 244
> > 
> >
> > Step6 is missing. Please add test for step6

Done.


- Ashutosh


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22805/#review48358
---


On July 22, 2014, 8:39 a.m., Ashutosh Kelkar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/22805/
> ---
> 
> (Updated July 22, 2014, 8:39 a.m.)
> 
> 
> Review request for cloudstack, sanjeev n and SrikanteswaraRao Talluri.
> 
> 
> Bugs: CLOUDSTACK-1466
> https://issues.apache.org/jira/browse/CLOUDSTACK-1466
> 
> 
> Repository: cloudstack-git
> 
> 
> Description
> ---
> 
> Automation tests for Secondary Storage Limits. This patch contains 2 test 
> suites. 2 more test suites to follow.
> 
> 
> Diffs
> -
> 
>   test/integration/component/test_ss_domain_limits.py PRE-CREATION 
>   test/integration/component/test_ss_limits.py PRE-CREATION 
>   test/integration/component/test_ss_max_limits.py PRE-CREATION 
>   test/integration/component/test_ss_project_limits.py PRE-CREATION 
>   tools/marvin/marvin/config/test_data.py d870c98 
>   tools/marvin/marvin/lib/base.py 1ea4fa7 
> 
> Diff: https://reviews.apache.org/r/22805/diff/
> 
> 
> Testing
> ---
> 
> Yes.
> 
> 
> Thanks,
> 
> Ashutosh Kelkar
> 
>

Re: Review Request 22805: CLOUDSTACK-1466:Adding automation tests for Secondary Storage Limits


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22805/
---

(Updated Aug. 27, 2014, 8:31 a.m.)


Review request for cloudstack, sanjeev n and SrikanteswaraRao Talluri.


Changes
---

Review Changes


Bugs: CLOUDSTACK-1466
https://issues.apache.org/jira/browse/CLOUDSTACK-1466


Repository: cloudstack-git


Description
---

Automation tests for Secondary Storage Limits. This patch contains 2 test 
suites. 2 more test suites to follow.


Diffs (updated)
-

  test/integration/component/test_ss_domain_limits.py PRE-CREATION 
  test/integration/component/test_ss_limits.py PRE-CREATION 
  test/integration/component/test_ss_max_limits.py PRE-CREATION 
  test/integration/component/test_ss_project_limits.py PRE-CREATION 
  tools/marvin/marvin/config/test_data.py ade8657 
  tools/marvin/marvin/lib/base.py 99a541a 

Diff: https://reviews.apache.org/r/22805/diff/


Testing
---

Yes.


Thanks,

Ashutosh Kelkar

Jenkins build is still unstable: simulator-singlerun #218

See

Review Request 25094: CLOUDSTACK-2251: Automation tests for dedicated public IP addreses per tenant feature


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/25094/
---

Review request for cloudstack and sanjeev n.


Bugs: CLOUDSTACK-2251
https://issues.apache.org/jira/browse/CLOUDSTACK-2251


Repository: cloudstack-git


Description
---

Review Changes done as suggested in https://reviews.apache.org/r/23819/

CLOUDSTACK-2251: Automation tests for dedicated public IP addreses per tenant 
feature


Diffs
-

  test/integration/component/test_dedicate_public_ip_range.py PRE-CREATION 
  tools/marvin/marvin/config/test_data.py ade8657 
  tools/marvin/marvin/lib/base.py 99a541a 

Diff: https://reviews.apache.org/r/25094/diff/


Testing
---

Yes.


Thanks,

Ashutosh Kelkar

Re: Review Request 23819: CLOUDSTACK-2251: Automation tests for dedicated public IP addreses per tenant feature


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/23819/#review51646
---


Review Changes included in patch at: https://reviews.apache.org/r/25094/

- Ashutosh Kelkar


On July 22, 2014, 5:52 p.m., Girish Shilamkar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/23819/
> ---
> 
> (Updated July 22, 2014, 5:52 p.m.)
> 
> 
> Review request for cloudstack, sanjeev n and SrikanteswaraRao Talluri.
> 
> 
> Bugs: CLOUDSTACK-2251
> https://issues.apache.org/jira/browse/CLOUDSTACK-2251
> 
> 
> Repository: cloudstack-git
> 
> 
> Description
> ---
> 
> CLOUDSTACK-2251: Automation tests for dedicated public IP addreses per tenant 
> feature
> 
> 
> Diffs
> -
> 
>   test/integration/component/test_dedicate_public_ip_range.py PRE-CREATION 
>   tools/marvin/marvin/config/test_data.py 3cd4b6c 
>   tools/marvin/marvin/lib/base.py 1a32275 
> 
> Diff: https://reviews.apache.org/r/23819/diff/
> 
> 
> Testing
> ---
> 
> Yes
> 
> 
> Thanks,
> 
> Girish Shilamkar
> 
>

Re: [MERGE] Merge saml2 branch to master

2014-08-27 Thread Silvano Nogueira Buback

I'm trying use your implementation to implement OAuth2. It's almost
working, but I think is necessary a little change:

Class APIAuthenticationManagerImpl is calling command without correct
spring context. I'm working in 4.3 branch, so, I will show what I changed:


   - org.apache.cloudstack.api.auth.PluggableAPIAuthenticator needs to
   implements PluggableService and have no more method getAuthCommands.
   - Little patch in APIAuthenticationManagerImpl

+++ b/server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java
@@ -55,24 +55,31 @@ public class APIAuthenticationManagerImpl extends
ManagerBase implements APIAuth
 @Override
 public boolean start() {
 s_authenticators = new HashMap>();
-for (Class authenticator: getCommands()) {
-APICommand command =
authenticator.getAnnotation(APICommand.class);
-if (command != null && !command.name().isEmpty()
-&&
APIAuthenticator.class.isAssignableFrom(authenticator)) {
-s_authenticators.put(command.name(), authenticator);
+for (Class authenticatorCommand: getCommands()) {
+registerCommandsInAPIAuthenticator(authenticatorCommand);
+}
+// Register all external APIAuthenticator(s)
+for (PluggableAPIAuthenticator apiAuthenticator:
_apiAuthenticators) {
+for (Class authenticatorCommand:
apiAuthenticator.getCommands()) {
+registerCommandsInAPIAuthenticator(authenticatorCommand);
 }
 }
 return true;
 }

+private void registerCommandsInAPIAuthenticator(Class
authenticator) {
+APICommand command = authenticator.getAnnotation(APICommand.class);
+if (command != null && !command.name().isEmpty()
+&& APIAuthenticator.class.isAssignableFrom(authenticator))
{
+s_authenticators.put(command.name(), authenticator);
+}
+}
+
 @Override
 public List> getCommands() {
 List> cmdList = new ArrayList>();
 cmdList.add(DefaultLoginAPIAuthenticatorCmd.class);
 cmdList.add(DefaultLogoutAPIAuthenticatorCmd.class);
-for (PluggableAPIAuthenticator apiAuthenticator:
_apiAuthenticators) {
-cmdList.addAll(apiAuthenticator.getAuthCommands());
-}
 return cmdList;
 }


Now, authentication commands work inside plugin context.
PluggableAPIAuthenticator needs to implement tradicional getCommands to
work.

Best regards,

Silvano Buback




On Tue, Aug 26, 2014 at 6:59 AM, Rohit Yadav 
wrote:

>
> On 26-Aug-2014, at 11:47 am, Sebastien Goasguen  wrote:
> > we do have some selenium tests in /test/selenium but I don't think they
> are being run.
> >
> > +1 from me (satisfied with your answers)
>
> Thanks! Few more classes;
>
> Class, %Method, %Line, %
> GetServiceProviderMetaDataCmd100% (1/ 1)62.5% (5/ 8)77.9% (53/ 68)
> SAMLMetaDataResponse100% (1/ 1)66.7% (2/ 3)80% (4/ 5)
>
> From IntelliJ: http://people.apache.org/~bhaisaab/samlcoverage.png
>
> Regards,
> Rohit Yadav
> Software Architect, ShapeBlue
> M. +41 779015219 | rohit.ya...@shapeblue.com
> Blog: bhaisaab.org | Twitter: @_bhaisaab
>
>
>
> Find out more about ShapeBlue and our range of CloudStack related services
>
> IaaS Cloud Design & Build<
> http://shapeblue.com/iaas-cloud-design-and-build//>
> CSForge – rapid IaaS deployment framework
> CloudStack Consulting
> CloudStack Infrastructure Support<
> http://shapeblue.com/cloudstack-infrastructure-support/>
> CloudStack Bootcamp Training Courses<
> http://shapeblue.com/cloudstack-training/>
>
> This email and any attachments to it may be confidential and are intended
> solely for the use of the individual to whom it is addressed. Any views or
> opinions expressed are solely those of the author and do not necessarily
> represent those of Shape Blue Ltd or related companies. If you are not the
> intended recipient of this email, you must neither take any action based
> upon its contents, nor copy or show it to anyone. Please contact the sender
> if you believe you have received this email in error. Shape Blue Ltd is a
> company incorporated in England & Wales. ShapeBlue Services India LLP is a
> company incorporated in India and is operated under license from Shape Blue
> Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil
> and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is
> a company registered by The Republic of South Africa and is traded under
> license from Shape Blue Ltd. ShapeBlue is a registered trademark.
>

Jenkins build is still unstable: simulator-singlerun #219

See

jsonObj is not defined. UI development problem.

2014-08-27 Thread Ilia Shakitko

I am working on some ui changes in cloudstack. And I am adding some lines (to 
display tags for SecurityGroupRules) in network.js: line #4670 (before actions: 
{ destroy: { …  on line #4814):

tags: cloudStack.api.tags({
resourceType: 'SecurityGroupRule',
contextId: 'multiRule'
}),

I made it 1 to 1 with FirewallRule. But it doesn’t work. I spend quite a lot of 
time on trying to figure out why. It renders the window, but without anything: 
http://clip2net.com/s/iO0mAh (http://clip2net.com/s/iO0mWk)
So as I understood debugging the code, it runs in issues in sharedFunctions.js 
file when it tries to read “jsonObj” but it’s empty 
(http://clip2net.com/s/iO0lwy). I couldn’t figure out why is it empty and where 
do I fill it with data from “context”…

Could you help me with correct direction? What am I missing? ☺


Kind regards,

Ilia Shakitko
Innovation Engineer
LeaseWeb Technologies B.V.

T: +31 20 316 0235

E: i.shaki...@tech.leaseweb.com
W: www.leaseweb.com

Luttenbergweg 8, 1101 EC Amsterdam, The Netherlands

Re: How to re-use CloudStack's keystore?

Hi Chiradeep,

On 27-Aug-2014, at 2:31 am, Chiradeep Vittal  
wrote:

> I think the keystoreManager provides a generic interface. I’d think that 
> certificate re-use is probably not a good idea, might be worth using a 
> different cert for different purposes. One compromise will affect only one 
> part of the system?

Thanks for replying, I don’t intend to re-use any certificate but find if there 
is any code that can generate new certificate and store them either in keystore 
table or JKS file.

Regards.

>
> From: Rohit Yadav 
> mailto:rohit.ya...@shapeblue.com>>
> Reply-To: "dev@cloudstack.apache.org" 
> mailto:dev@cloudstack.apache.org>>
> Date: Friday, August 22, 2014 at 2:35 PM
> To: "dev@cloudstack.apache.org" 
> mailto:dev@cloudstack.apache.org>>
> Subject: Re: How to re-use CloudStack's keystore?
>
> Hello!
>
> On 18-Aug-2014, at 11:48 am, Rohit Yadav 
> mailto:rohit.ya...@shapeblue.com>> wrote:
>
> Is there any documentation on how one can reuse CloudStack’s default java 
> keystore keys (private and public) and any recommendation on security 
> consideration? If not, can anyone share something on this, how it is 
> created/updated, who uses it currently and how one can (re)use the keys for 
> x509 based authentication, encryption and decryption.
>
> Ping?
>
> Anyone has any idea how to re-use as I don’t want to duplicate x509 crypto 
> usage within the codebase?
>
> Regards,
> Rohit Yadav
> Software Architect, ShapeBlue
> M. +41 779015219 | rohit.ya...@shapeblue.com
> Blog: bhaisaab.org | Twitter: @_bhaisaab
>
>
>
> Find out more about ShapeBlue and our range of CloudStack related services
>
> IaaS Cloud Design & Build
> CSForge – rapid IaaS deployment framework
> CloudStack Consulting
> CloudStack Infrastructure 
> Support
> CloudStack Bootcamp Training 
> Courses
>
> This email and any attachments to it may be confidential and are intended 
> solely for the use of the individual to whom it is addressed. Any views or 
> opinions expressed are solely those of the author and do not necessarily 
> represent those of Shape Blue Ltd or related companies. If you are not the 
> intended recipient of this email, you must neither take any action based upon 
> its contents, nor copy or show it to anyone. Please contact the sender if you 
> believe you have received this email in error. Shape Blue Ltd is a company 
> incorporated in England & Wales. ShapeBlue Services India LLP is a company 
> incorporated in India and is operated under license from Shape Blue Ltd. 
> Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is 
> operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company 
> registered by The Republic of South Africa and is traded under license from 
> Shape Blue Ltd. ShapeBlue is a registered trademark.
>

Regards,
Rohit Yadav
Software Architect, ShapeBlue
M. +41 779015219 | rohit.ya...@shapeblue.com
Blog: bhaisaab.org | Twitter: @_bhaisaab



Find out more about ShapeBlue and our range of CloudStack related services

IaaS Cloud Design & Build
CSForge – rapid IaaS deployment framework
CloudStack Consulting
CloudStack Infrastructure 
Support
CloudStack Bootcamp Training Courses

This email and any attachments to it may be confidential and are intended 
solely for the use of the individual to whom it is addressed. Any views or 
opinions expressed are solely those of the author and do not necessarily 
represent those of Shape Blue Ltd or related companies. If you are not the 
intended recipient of this email, you must neither take any action based upon 
its contents, nor copy or show it to anyone. Please contact the sender if you 
believe you have received this email in error. Shape Blue Ltd is a company 
incorporated in England & Wales. ShapeBlue Services India LLP is a company 
incorporated in India and is operated under license from Shape Blue Ltd. Shape 
Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is 
operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company 
registered by The Republic of South Africa and is traded under license from 
Shape Blue Ltd. ShapeBlue is a registered trademark.

Re: [MERGE] Merge saml2 branch to master


On 27-Aug-2014, at 1:56 am, Ian Duffy  wrote:

> Rohit,
>
> Not necessary but if your interested in looking into it I'd imagine there's
> an embedded idp maven plugin.
>
> I know for the LDAP stuff we have an embedded Apache DS come up with some
> bootstrap data.
>
> Got any documentation? For setup purposes
>
> Other than that +1

Thanks, I opened a ticket regarding this [1] and waiting for some advise as I 
see we don’t have a lot of plugin documentation on our standard 
release/admin/install docs.

I’ll add some documentation on the wiki and share soon. I’ll go ahead with the 
merging this evening.

[1] https://issues.apache.org/jira/browse/CLOUDSTACK-7419

> Hi Sebastien,
>
> On 26-Aug-2014, at 10:38 am, Sebastien Goasguen  wrote:
>> What's the unit test coverage ?
>
> Class, %Method, %Line, %
> SAMLUtils100% (1/ 1)80% (8/ 10)75% (66/ 88)
> SAML2UserAuthenticator100% (1/ 1)100% (4/ 4)84.6% (11/ 13)
> SAML2LoginAPIAuthenticatorCmd100% (1/ 1)45.5% (5/ 11)50.8% (63/ 124)
> SAML2LoginAPIAuthenticatorCmdTest100% (1/ 1)100% (4/ 4)98.6% (72/ 73)
> SAML2LogoutAPIAuthenticatorCmd100% (1/ 1)62.5% (5/ 8)35.3% (18/ 51)
> SAML2LogoutAPIAuthenticatorCmdTest100% (1/ 1)100% (3/ 3)100% (26/ 26)
> SAML2AuthManagerImpl0% (0/ 1)0% (0/ 12)0% (0/ 60)
>
> (The last one, auth manager is an adapter which is injected by Spring to an
> api auth manager, the start() method of which depends on fetching metadata
> from external IdP so may not be unit tested).
>
> Existing contract of ApiServlet and other classes and their external
> interfaces have not changed. ApiServlet’s test cases were fixed.
>
>> Can you add some Marvin/integration tests ?
>
> Depends on external entity, IdP, will be difficult to write and I don’t
> know how.
> The saml plugin’s external operation consists of redirecting user to IdP
> for authentication when samlsso or samlslo apis are called. Selenium tests
> could be written but we don’t have any such infra or existing tests yet.
>
> Regards,
> Rohit Yadav
> Software Architect, ShapeBlue
> M. +41 779015219 | rohit.ya...@shapeblue.com
> Blog: bhaisaab.org | Twitter: @_bhaisaab
>
>
>
> Find out more about ShapeBlue and our range of CloudStack related services
>
> IaaS Cloud Design & Build>
> CSForge – rapid IaaS deployment framework
> CloudStack Consulting
> CloudStack Infrastructure Support<
> http://shapeblue.com/cloudstack-infrastructure-support/>
> CloudStack Bootcamp Training Courses<
> http://shapeblue.com/cloudstack-training/>
>
> This email and any attachments to it may be confidential and are intended
> solely for the use of the individual to whom it is addressed. Any views or
> opinions expressed are solely those of the author and do not necessarily
> represent those of Shape Blue Ltd or related companies. If you are not the
> intended recipient of this email, you must neither take any action based
> upon its contents, nor copy or show it to anyone. Please contact the sender
> if you believe you have received this email in error. Shape Blue Ltd is a
> company incorporated in England & Wales. ShapeBlue Services India LLP is a
> company incorporated in India and is operated under license from Shape Blue
> Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil
> and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is
> a company registered by The Republic of South Africa and is traded under
> license from Shape Blue Ltd. ShapeBlue is a registered trademark.

Regards,
Rohit Yadav
Software Architect, ShapeBlue
M. +41 779015219 | rohit.ya...@shapeblue.com
Blog: bhaisaab.org | Twitter: @_bhaisaab



Find out more about ShapeBlue and our range of CloudStack related services

IaaS Cloud Design & Build
CSForge – rapid IaaS deployment framework
CloudStack Consulting
CloudStack Infrastructure 
Support
CloudStack Bootcamp Training Courses

This email and any attachments to it may be confidential and are intended 
solely for the use of the individual to whom it is addressed. Any views or 
opinions expressed are solely those of the author and do not necessarily 
represent those of Shape Blue Ltd or related companies. If you are not the 
intended recipient of this email, you must neither take any action based upon 
its contents, nor copy or show it to anyone. Please contact the sender if you 
believe you have received this email in error. Shape Blue Ltd is a company 
incorporated in England & Wales. ShapeBlue Services India LLP is a company 
incorporated in India and is operated under license from Shape Blue Ltd. Shape 
Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is 
operated under license from Shap

Re: [MERGE] Merge saml2 branch to master

Hi Silvano,

Great, thanks for sharing. Sure, we can change this to suit your plugin as 
well. I suggest that you fork ACS on github and share your branch/url with us 
so those of us interested can help you out.

Regards.

On 27-Aug-2014, at 11:29 am, Silvano Nogueira Buback  
wrote:

> I'm trying use your implementation to implement OAuth2. It's almost
> working, but I think is necessary a little change:
>
> Class APIAuthenticationManagerImpl is calling command without correct
> spring context. I'm working in 4.3 branch, so, I will show what I changed:
>
>
>   - org.apache.cloudstack.api.auth.PluggableAPIAuthenticator needs to
>   implements PluggableService and have no more method getAuthCommands.
>   - Little patch in APIAuthenticationManagerImpl
>
> +++ b/server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java
> @@ -55,24 +55,31 @@ public class APIAuthenticationManagerImpl extends
> ManagerBase implements APIAuth
> @Override
> public boolean start() {
> s_authenticators = new HashMap>();
> -for (Class authenticator: getCommands()) {
> -APICommand command =
> authenticator.getAnnotation(APICommand.class);
> -if (command != null && !command.name().isEmpty()
> -&&
> APIAuthenticator.class.isAssignableFrom(authenticator)) {
> -s_authenticators.put(command.name(), authenticator);
> +for (Class authenticatorCommand: getCommands()) {
> +registerCommandsInAPIAuthenticator(authenticatorCommand);
> +}
> +// Register all external APIAuthenticator(s)
> +for (PluggableAPIAuthenticator apiAuthenticator:
> _apiAuthenticators) {
> +for (Class authenticatorCommand:
> apiAuthenticator.getCommands()) {
> +registerCommandsInAPIAuthenticator(authenticatorCommand);
> }
> }
> return true;
> }
>
> +private void registerCommandsInAPIAuthenticator(Class
> authenticator) {
> +APICommand command = authenticator.getAnnotation(APICommand.class);
> +if (command != null && !command.name().isEmpty()
> +&& APIAuthenticator.class.isAssignableFrom(authenticator))
> {
> +s_authenticators.put(command.name(), authenticator);
> +}
> +}
> +
> @Override
> public List> getCommands() {
> List> cmdList = new ArrayList>();
> cmdList.add(DefaultLoginAPIAuthenticatorCmd.class);
> cmdList.add(DefaultLogoutAPIAuthenticatorCmd.class);
> -for (PluggableAPIAuthenticator apiAuthenticator:
> _apiAuthenticators) {
> -cmdList.addAll(apiAuthenticator.getAuthCommands());
> -}
> return cmdList;
> }
>
>
> Now, authentication commands work inside plugin context.
> PluggableAPIAuthenticator needs to implement tradicional getCommands to
> work.
>
> Best regards,
>
> Silvano Buback
>
>
>
>
> On Tue, Aug 26, 2014 at 6:59 AM, Rohit Yadav 
> wrote:
>
>>
>> On 26-Aug-2014, at 11:47 am, Sebastien Goasguen  wrote:
>>> we do have some selenium tests in /test/selenium but I don't think they
>> are being run.
>>>
>>> +1 from me (satisfied with your answers)
>>
>> Thanks! Few more classes;
>>
>> Class, %Method, %Line, %
>> GetServiceProviderMetaDataCmd100% (1/ 1)62.5% (5/ 8)77.9% (53/ 68)
>> SAMLMetaDataResponse100% (1/ 1)66.7% (2/ 3)80% (4/ 5)
>>
>> From IntelliJ: http://people.apache.org/~bhaisaab/samlcoverage.png
>>
>> Regards,
>> Rohit Yadav
>> Software Architect, ShapeBlue
>> M. +41 779015219 | rohit.ya...@shapeblue.com
>> Blog: bhaisaab.org | Twitter: @_bhaisaab
>>
>>
>>
>> Find out more about ShapeBlue and our range of CloudStack related services
>>
>> IaaS Cloud Design & Build<
>> http://shapeblue.com/iaas-cloud-design-and-build//>
>> CSForge – rapid IaaS deployment framework
>> CloudStack Consulting
>> CloudStack Infrastructure Support<
>> http://shapeblue.com/cloudstack-infrastructure-support/>
>> CloudStack Bootcamp Training Courses<
>> http://shapeblue.com/cloudstack-training/>
>>
>> This email and any attachments to it may be confidential and are intended
>> solely for the use of the individual to whom it is addressed. Any views or
>> opinions expressed are solely those of the author and do not necessarily
>> represent those of Shape Blue Ltd or related companies. If you are not the
>> intended recipient of this email, you must neither take any action based
>> upon its contents, nor copy or show it to anyone. Please contact the sender
>> if you believe you have received this email in error. Shape Blue Ltd is a
>> company incorporated in England & Wales. ShapeBlue Services India LLP is a
>> company incorporated in India and is operated under license from Shape Blue
>> Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil
>> and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is
>> a company registered by The Republic of South

Re: [MERGE] Merge saml2 branch to master

2014-08-27 Thread sebgoa


On Aug 27, 2014, at 12:15 PM, Rohit Yadav  wrote:

> 
> On 27-Aug-2014, at 1:56 am, Ian Duffy  wrote:
> 
>> Rohit,
>> 
>> Not necessary but if your interested in looking into it I'd imagine there's
>> an embedded idp maven plugin.
>> 
>> I know for the LDAP stuff we have an embedded Apache DS come up with some
>> bootstrap data.
>> 
>> Got any documentation? For setup purposes
>> 
>> Other than that +1
> 
> Thanks, I opened a ticket regarding this [1] and waiting for some advise as I 
> see we don’t have a lot of plugin documentation on our standard 
> release/admin/install docs.
> 
> I’ll add some documentation on the wiki and share soon. I’ll go ahead with 
> the merging this evening.

How about giving it another 24/48 hours …I suspect some folks are still on 
vacation hence no many comments.

> 
> [1] https://issues.apache.org/jira/browse/CLOUDSTACK-7419
> 
>> Hi Sebastien,
>> 
>> On 26-Aug-2014, at 10:38 am, Sebastien Goasguen  wrote:
>>> What's the unit test coverage ?
>> 
>> Class, %Method, %Line, %
>> SAMLUtils100% (1/ 1)80% (8/ 10)75% (66/ 88)
>> SAML2UserAuthenticator100% (1/ 1)100% (4/ 4)84.6% (11/ 13)
>> SAML2LoginAPIAuthenticatorCmd100% (1/ 1)45.5% (5/ 11)50.8% (63/ 124)
>> SAML2LoginAPIAuthenticatorCmdTest100% (1/ 1)100% (4/ 4)98.6% (72/ 73)
>> SAML2LogoutAPIAuthenticatorCmd100% (1/ 1)62.5% (5/ 8)35.3% (18/ 51)
>> SAML2LogoutAPIAuthenticatorCmdTest100% (1/ 1)100% (3/ 3)100% (26/ 26)
>> SAML2AuthManagerImpl0% (0/ 1)0% (0/ 12)0% (0/ 60)
>> 
>> (The last one, auth manager is an adapter which is injected by Spring to an
>> api auth manager, the start() method of which depends on fetching metadata
>> from external IdP so may not be unit tested).
>> 
>> Existing contract of ApiServlet and other classes and their external
>> interfaces have not changed. ApiServlet’s test cases were fixed.
>> 
>>> Can you add some Marvin/integration tests ?
>> 
>> Depends on external entity, IdP, will be difficult to write and I don’t
>> know how.
>> The saml plugin’s external operation consists of redirecting user to IdP
>> for authentication when samlsso or samlslo apis are called. Selenium tests
>> could be written but we don’t have any such infra or existing tests yet.
>> 
>> Regards,
>> Rohit Yadav
>> Software Architect, ShapeBlue
>> M. +41 779015219 | rohit.ya...@shapeblue.com
>> Blog: bhaisaab.org | Twitter: @_bhaisaab
>> 
>> 
>> 
>> Find out more about ShapeBlue and our range of CloudStack related services
>> 
>> IaaS Cloud Design & Build>> 
>> CSForge – rapid IaaS deployment framework
>> CloudStack Consulting
>> CloudStack Infrastructure Support<
>> http://shapeblue.com/cloudstack-infrastructure-support/>
>> CloudStack Bootcamp Training Courses<
>> http://shapeblue.com/cloudstack-training/>
>> 
>> This email and any attachments to it may be confidential and are intended
>> solely for the use of the individual to whom it is addressed. Any views or
>> opinions expressed are solely those of the author and do not necessarily
>> represent those of Shape Blue Ltd or related companies. If you are not the
>> intended recipient of this email, you must neither take any action based
>> upon its contents, nor copy or show it to anyone. Please contact the sender
>> if you believe you have received this email in error. Shape Blue Ltd is a
>> company incorporated in England & Wales. ShapeBlue Services India LLP is a
>> company incorporated in India and is operated under license from Shape Blue
>> Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil
>> and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is
>> a company registered by The Republic of South Africa and is traded under
>> license from Shape Blue Ltd. ShapeBlue is a registered trademark.
> 
> Regards,
> Rohit Yadav
> Software Architect, ShapeBlue
> M. +41 779015219 | rohit.ya...@shapeblue.com
> Blog: bhaisaab.org | Twitter: @_bhaisaab
> 
> 
> 
> Find out more about ShapeBlue and our range of CloudStack related services
> 
> IaaS Cloud Design & Build
> CSForge – rapid IaaS deployment framework
> CloudStack Consulting
> CloudStack Infrastructure 
> Support
> CloudStack Bootcamp Training 
> Courses
> 
> This email and any attachments to it may be confidential and are intended 
> solely for the use of the individual to whom it is addressed. Any views or 
> opinions expressed are solely those of the author and do not necessarily 
> represent those of Shape Blue Ltd or related companies. If you are not the 
> intended recipient of this email, you must neither take any action based upon 
> its contents, nor copy or show it to anyone. Please contact the sender if you 
> believ

Re: [MERGE] Merge saml2 branch to master

On 27-Aug-2014, at 12:23 pm, sebgoa  wrote:
> How about giving it another 24/48 hours …I suspect some folks are still on 
> vacation hence no many comments.

Alright.

Regards,
Rohit Yadav
Software Architect, ShapeBlue
M. +41 779015219 | rohit.ya...@shapeblue.com
Blog: bhaisaab.org | Twitter: @_bhaisaab

Find out more about ShapeBlue and our range of CloudStack related services

IaaS Cloud Design & Build
CSForge – rapid IaaS deployment framework
CloudStack Consulting
CloudStack Infrastructure 
Support
CloudStack Bootcamp Training Courses

This email and any attachments to it may be confidential and are intended 
solely for the use of the individual to whom it is addressed. Any views or 
opinions expressed are solely those of the author and do not necessarily 
represent those of Shape Blue Ltd or related companies. If you are not the 
intended recipient of this email, you must neither take any action based upon 
its contents, nor copy or show it to anyone. Please contact the sender if you 
believe you have received this email in error. Shape Blue Ltd is a company 
incorporated in England & Wales. ShapeBlue Services India LLP is a company 
incorporated in India and is operated under license from Shape Blue Ltd. Shape 
Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is 
operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company 
registered by The Republic of South Africa and is traded under license from 
Shape Blue Ltd. ShapeBlue is a registered trademark.

Re: Review Request 25065: pre-add all RewriteRule entries to metadata htaccess file for system vm routers

2014-08-27 Thread Sebastien Goasguen


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/25065/#review51648
---


Hi Fred, thanks for looking into this. I already applied Erik's review from 
https://reviews.apache.org/r/25023/
I am happy to apply yours if you think it makes sense.

We just need to make sure it indeed fixes the problem and applies on 4.3, 4.4 
and master.

- Sebastien Goasguen


On Aug. 26, 2014, 5:07 p.m., Fred Clift wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/25065/
> ---
> 
> (Updated Aug. 26, 2014, 5:07 p.m.)
> 
> 
> Review request for cloudstack.
> 
> 
> Repository: cloudstack-git
> 
> 
> Description
> ---
> 
> pre-add all RewriteRule entries to metadata htaccess file  for system vm 
> routers- makes automated router maintanince easier...  The set is static and 
> doesn't ever change after the initial provision - it is identical for every 
> router... While it is probably good to have code that can dynamically add new 
> lines (opt/cloud/bin/vmdata.py currently does this, starting from the stub in 
> git now) there is no reason not to have the full static set of rules in the 
> initial file.  We (betterservers.com) have some in-house router-fixing 
> scripts that would like to re-unpack the tarball and not loose the full 
> .htaccess file...
> 
> 
> Diffs
> -
> 
>   systemvm/patches/debian/config/var/www/html/latest/.htaccess 038a4c9 
> 
> Diff: https://reviews.apache.org/r/25065/diff/
> 
> 
> Testing
> ---
> 
> installed cloudstack, set up networks and provisioned a vm - made sure the 
> router got the same .htaccess file that it would normally get after the first 
> vm is added to the network
> 
> 
> Thanks,
> 
> Fred Clift
> 
>

Jenkins build is still unstable: simulator-singlerun #220

See

Review Request 25096: CLOUDSTACK-7407: Skip tests if physical network does not have OVS provider support

2014-08-27 Thread Gaurav Aradhye


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/25096/
---

Review request for cloudstack and Santhosh Edukulla.


Bugs: CLOUDSTACK-7407
https://issues.apache.org/jira/browse/CLOUDSTACK-7407


Repository: cloudstack-git


Description
---

The test cases need ovs plugin to be enabled in the physical network.
Skip the tests if the plugin is not enabled.

Also, corrected the imports and removed unused variables.


Diffs
-

  test/integration/component/test_vpc_distributed_routing_offering.py a52855e 

Diff: https://reviews.apache.org/r/25096/diff/


Testing
---

Yes.

Log:
Test create VPC offering ... === TestName: 
test_01_create_vpc_offering_with_distributedrouter_service_capability | Status 
: SUCCESS ===
ok
Test create VPC offering ... SKIP: OVS plugin should be enabled to run this 
test case
Test deploy virtual machines in VPC networks ... SKIP: OVS plugin should be 
enabled to run this test case

--
Ran 3 tests in 20.818s

OK (SKIP=2)


Thanks,

Gaurav Aradhye

Filesystem XFS

2014-08-27 Thread mo

Hello Dev Folks,

Is there any particular filesystem that Cloudstack does not appreciate. I was 
considering doing a new install utilizing XFS. 

Anyone have this, or run into issues utilizing this FS type?

- Mo

Jenkins build is still unstable: simulator-singlerun #221

See

Review Request 25097: Test script to verify vm deployment with two networks in SG enabled advanced zone

2014-08-27 Thread sanjeev n


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/25097/
---

Review request for cloudstack, suresh sadhu, Santhosh Edukulla, and 
SrikanteswaraRao Talluri.


Repository: cloudstack-git


Description
---

Test script to verify vm deployment with two networks in SG enabled advanced 
zone. 
Involves following steps:
1.Deploy SG enabled advanced zone with only 4 ip addresses in guest ip range 
using simulator
2.Deploy one guest vm in the default shared guest network so that all the IP 
addresses will be consumed
3.Add another guest network in the zone created at step1
4.Deploy vm without passing the network id. It should pick the network with 
sufficient resources


Diffs
-

  test/integration/component/test_advancedsg_networks.py 85ab697 
  tools/marvin/marvin/config/test_data.cfg 5a3d8aa 

Diff: https://reviews.apache.org/r/25097/diff/


Testing
---

@Desc: VM Cannot deploy to second network in advanced SG network ... === 
TestName: test_34_DeployVM_in_SecondSGNetwork | Status : SUCCESS ===
ok

--
Ran 1 test in 357.750s

OK


Thanks,

sanjeev n

Re: Developing for Project Support

2014-08-27 Thread Will Stevens

Thanks for the response Chiradeep.  I am currently using the networking
code as my example since I know that code better than most other areas of
the project.  I have been able to find most of the different pieces I will
need to do what I need to do.

I am extending the NetScaler SSL termination code we wrote to support
projects.

Thanks,

Will


*Will STEVENS*
Lead Developer

*CloudOps* *| *Cloud Solutions Experts
420 rue Guy *|* Montreal *|* Quebec *|* H3J 1S6
w cloudops.com *|* tw @CloudOps_


On Tue, Aug 26, 2014 at 8:46 PM, Chiradeep Vittal <
chiradeep.vit...@citrix.com> wrote:

> IMO, the existing project implementation isn’t a good example (looks like
> the requirements were incomplete).
>
> From: Will Stevens mailto:wstev...@cloudops.com>>
> Reply-To: "dev@cloudstack.apache.org" <
> dev@cloudstack.apache.org>
> Date: Monday, August 25, 2014 at 11:20 AM
> To: "dev@cloudstack.apache.org" <
> dev@cloudstack.apache.org>
> Subject: Developing for Project Support
>
> Hey All,
> I have had a quick look around at some of the different implementations and
> I am seeing that projects in CS seem to be handled as 'special' accounts.
> The API calls have fields like 'projectid' and such, but those details are
> not saved into the DB, the only thing that happens in the DB is a new
> project account ID is added to the db for that element (think, networks,
> instances, etc...)
>
> If I want to extend the functionality of an existing piece of code which
> does not support projects to also support projects, do you know of any
> specific examples in the code that are good implementations which I should
> be using as a good example to follow for adding project support?
>
> Thanks,
>
> *Will STEVENS*
> Lead Developer
>
> *CloudOps* *| *Cloud Solutions Experts
> 420 rue Guy *|* Montreal *|* Quebec *|* H3J 1S6
> w cloudops.com *|* tw @CloudOps_
>
>

Re: S3/Swift Problem around Virtual Size

2014-08-27 Thread Punith S

hi

think i had a timeout problem!
on the second try the template has been downloaded to the S3 bucket and the
management server shows the status as download complete with template size
as 1.6G instead of its virtual size 20G.

and i see the template's status as Download Complete but it seems it is not
getting installed ! refer the attachment

can anyone explain the "installing template" after the download completes ?

On Wed, Aug 27, 2014 at 9:18 AM, Marcus  wrote:

> Per Edisons comments about not knowing the image size, can't we just set
> some headers and store metadata with the template in S3 to save the virtual
> size when the template is registered? I'm assuming here that the SSVM does
> the work of pulling the template in and uploading to S3. Or it could be
> stored in the template table?
> On Aug 26, 2014 9:11 PM, "Francois Gaudreault" 
> wrote:
>
> > Looks like your SSVM cannot reach Internet properly?
> >
> > FG
> >
> > On 2014-08-26, 11:14 AM, Punith S wrote:
> >
> >> hi francois,
> >>
> >> since i'm not having a swift setup, i'm using the s3 bucket.
> >>
> >> and as you recommended i got the SSVM up with seeded nfs storage,
> >>
> >> post that i removed the nfs secondary storage and added the S3 with
> >> staging nfs store as the new sec storage, since you cannot have any nfs
> >> secondary storage while using the S3.
> >>
> >> on registering the a new template, i'm getting template status as*Unable
> >> to execute HTTP request: No route to host*
> >> in managementserver.log
> >>
> >> 2014-08-26 20:41:07,502 DEBUG [o.a.c.s.RemoteHostEndPoint]
> >> (Timer-24:ctx-b68380cd) Sending command org.apache.cloudstack.storage.
> >> command.DownloadProgressCommand to host: 10
> >> 2014-08-26 20:41:07,507 DEBUG [c.c.a.t.Request] (Timer-24:ctx-b68380cd)
> >> Seq 10-5684105679694996125: Sending  { Cmd , MgmtId: 52242179434, via:
> >> 10(s-142-VM), Ver: v1, Flags: 100011, [{"org.apache.cloudstack.
> >> storage.command.DownloadProgressCommand":{"jobId":"d43a17c9-3b03-4ff9-
> >> 8906-e1d155981e86","request":"GET_STATUS","hvm":true,"
> >> description":"centext","maxDownloadSizeInBytes":53687091200,"id":209,"
> >> resourceType":"TEMPLATE","installPath":"template/tmpl/2/
> >> 209/209-2-b624436c-5f37-30d4-8eaf-81582eb0d39d","_store":{"
> >> com.cloud.agent.api.to.S3TO":{"id":14,"uuid":"e4afd7bb-39ea-
> >> 4128-ab93-f8a09b1d5e03","bucketName":"test-cloudstack",
> >> "httpsFlag":false,"created":"Aug 26, 2014 8:16:24
> PM","enableRRS":false,"
> >> maxSingleUploadSizeInBytes":5368709120}},"url":"http://
> >> download.cloud.com/templates/builtin/centos56-x86_64.vhd.bz2
> >>
> ","format":"VHD","accountId":2,"name":"209-2-b624436c-5f37-30d4-8eaf-81582eb0d39d","wait":0}}]
> >> }
> >> 2014-08-26 20:41:07,556 DEBUG [c.c.a.t.Request]
> >> (AgentManager-Handler-10:null) Seq 10-5684105679694996125: Processing:
> {
> >> Ans: , MgmtId: 52242179434, via: 10, Ver: v1, Flags: 10,
> >> [{"com.cloud.agent.api.storage.DownloadAnswer":{"
> >> jobId":"d43a17c9-3b03-4ff9-8906-e1d155981e86","
> >> downloadPct":0,"errorString":"No route to host","downloadStatus":"
> >> DOWNLOAD_ERROR","installPath":"template/tmpl/2/209/209-2-
> >> b624436c-5f37-30d4-8eaf-81582eb0d39d","templateSize":
> >> 0,"templatePhySicalSize":0,"result":true,"details":"No route to
> >> host","wait":0}}] }
> >>
> >> but i don't see any logging happening in secondary storage vm's
> cloud.log
> >>
> >> not sure this error is happening due to S3!
> >>
> >>
> >> thanks!
> >>
> >
> >
> > --
> > Francois Gaudreault
> > Gestionnaire de Produit | Product Manager - Cloud Platform & Services
> > t:514-629-6775
> >
> > CloudOps Votre partenaire infonuagique | Cloud Solutions Experts
> > 420 rue Guy | Montreal | Quebec | H3J 1S6
> > w: cloudops.com | tw: @CloudOps_
> >
> >
>



-- 
regards,

punith s
cloudbyte.com

Re: Review Request 25065: pre-add all RewriteRule entries to metadata htaccess file for system vm routers

2014-08-27 Thread Fred Clift



> On Aug. 27, 2014, 4:50 a.m., Sebastien Goasguen wrote:
> > Hi Fred, thanks for looking into this. I already applied Erik's review from 
> > https://reviews.apache.org/r/25023/
> > I am happy to apply yours if you think it makes sense.
> > 
> > We just need to make sure it indeed fixes the problem and applies on 4.3, 
> > 4.4 and master.

I think my patch, as it stands, will mostly invalidate/break Eric's patch - 
I'll do a pull, and remake my patch.  To be honest, I'm not sure why we 
dynamically generate /var/www/htdocs/latest/.htaccess dynamically anyway.  It 
may be a holdover from some past refactoring.  Anyway, I'll have somthing today.


- Fred


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/25065/#review51648
---


On Aug. 26, 2014, 11:07 a.m., Fred Clift wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/25065/
> ---
> 
> (Updated Aug. 26, 2014, 11:07 a.m.)
> 
> 
> Review request for cloudstack.
> 
> 
> Repository: cloudstack-git
> 
> 
> Description
> ---
> 
> pre-add all RewriteRule entries to metadata htaccess file  for system vm 
> routers- makes automated router maintanince easier...  The set is static and 
> doesn't ever change after the initial provision - it is identical for every 
> router... While it is probably good to have code that can dynamically add new 
> lines (opt/cloud/bin/vmdata.py currently does this, starting from the stub in 
> git now) there is no reason not to have the full static set of rules in the 
> initial file.  We (betterservers.com) have some in-house router-fixing 
> scripts that would like to re-unpack the tarball and not loose the full 
> .htaccess file...
> 
> 
> Diffs
> -
> 
>   systemvm/patches/debian/config/var/www/html/latest/.htaccess 038a4c9 
> 
> Diff: https://reviews.apache.org/r/25065/diff/
> 
> 
> Testing
> ---
> 
> installed cloudstack, set up networks and provisioned a vm - made sure the 
> router got the same .htaccess file that it would normally get after the first 
> vm is added to the network
> 
> 
> Thanks,
> 
> Fred Clift
> 
>

Automatic Updates

2014-08-27 Thread mo

Hello

Can you tell me a list of programs that I should add to the hold list in Ubuntu 
for Cloudstack. One I know for certain is TomCat 6. 

Anything else?

- Mo

Re: Review Request 24779: [CLOUDSTACK-6254] Template disappears when download cleanup

2014-08-27 Thread David Bierce

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/24779/
---

(Updated Aug. 27, 2014, 3:46 p.m.)

Review request for cloudstack.

Changes
---

Fixes the cleanup process to only remove the Template symlink, instead of
delete the template from Secondary Storage. Changed to use the method Nintin
suggested. This patch it tested on 4.2 using the same method as previously
described. Will be testing on 4.3 today.

Bugs: CLOUDSTACK-6254
https://issues.apache.org/jira/browse/CLOUDSTACK-6254

Repository: cloudstack-git

Description
---

PATCH] This is a quick stab at fixing a dataloss bug. The ultimate
solution is to refactor UploadManager to not use any deprecated code. It
appears there is still code left over that uses the UploadVO/Dao which no
long contains data about URL transfers. This method was hardcoded to always
pass Upload.Type.VOLUME as part of cleanup which was causing templates to be
removed entirely from secondary storage not just the symlink on secondary
storage.

Rather than try to refactor all of it out, this puts
logic for determining if the cleanup task is for a volume or a template
by doing a lookup on the URL. It is a duplication of the same logic
from the calling method but is a very minimal code change until the
large problem is fixed.

Diffs (updated)
-

engine/api/src/org/apache/cloudstack/storage/image/datastore/ImageStoreEntity.java
7ebfd0d

engine/storage/image/src/org/apache/cloudstack/storage/image/store/ImageStoreImpl.java
7bbe324

engine/storage/src/org/apache/cloudstack/storage/image/BaseImageStoreDriverImpl.java
2905f08
engine/storage/src/org/apache/cloudstack/storage/image/ImageStoreDriver.java
444a6c7

plugins/storage/image/default/src/org/apache/cloudstack/storage/datastore/driver/CloudStackImageStoreDriverImpl.java
4796653
server/src/com/cloud/storage/StorageManagerImpl.java 2a79b0c

Diff: https://reviews.apache.org/r/24779/diff/

Testing
---

On Cloudstack 4.2 4.3
Set cleanupurl to 30 seconds. Downloaded a template, cleanup remvoed it from
database, didn't remove the template.
Downloaded Volume, volume was cleaned up from secondary stoage and database.

Thanks,

David Bierce

Re: Filesystem XFS

2014-08-27 Thread John Kinsella

Besides network filesystems, CloudStack should be filesystem-agnostic. It’s an 
application that sits on top of whatever FS you pick.

On Aug 27, 2014, at 5:11 AM, mo  wrote:

> Hello Dev Folks,
> 
> Is there any particular filesystem that Cloudstack does not appreciate. I was 
> considering doing a new install utilizing XFS. 
> 
> Anyone have this, or run into issues utilizing this FS type?
> 
> - Mo
>

Re: [DISCUSS] Changing the way password reset works, or allowing the cloud-init way

2014-08-27 Thread John Kinsella

SSL - maybe we could use the same SSL cert used for the CP and secure download? 
Feels a little sketchy at first thought but might be an improvement...

John

On Aug 26, 2014, at 5:51 PM, Chiradeep Vittal  
wrote:

> The current design is “OK”, not great. Looking for suggestions to make it 
> more secure. E.g.,:
> 
>  *   HTTPS
>  *   Client authentication
> 
> Another idea might be to attach a volume to the VM with the password, but hot 
> plug detection varies widely from OS/Hypervisor combinations.
> HTTP(s) is the lowest common denominator, but it has some trade-offs.
> 
> From: John Kinsella mailto:j...@stratosec.co>>
> Reply-To: "dev@cloudstack.apache.org" 
> mailto:dev@cloudstack.apache.org>>
> Date: Tuesday, August 26, 2014 at 4:04 PM
> To: "dev@cloudstack.apache.org" 
> mailto:dev@cloudstack.apache.org>>
> Subject: Re: [DISCUSS] Changing the way password reset works, or allowing the 
> cloud-init way
> 
> 
> On Aug 26, 2014, at 1:34 PM, Erik Weber 
> mailto:terbol...@gmail.com>> wrote:
> If I understand correctly, we currently deploy a web server on port 8080 on
> 
> Slight correction: A processes on the VR listens on port 8080, and hands any 
> connections to a UNIX script. Calling it a "web server" is way too kind.
> 
> Also, you’re just looking at the unix use-case. The Windows agent is close 
> sourced the last I checked.
> 
> Cloud-init doesn’t feel like the best solution, as the one good thing the 
> current setup does is remove the password from the VR after it’s fetched.
> 
> Thought there was a bug filed on this, but I don’t see it?
> 
>

Re: [DISCUSS] Changing the way password reset works, or allowing the cloud-init way

2014-08-27 Thread John Kinsella

Is that open source? I’ve been eyeing doing something with that virtio serial 
path for a long time…seems like it’d be a great improvement.

On Aug 26, 2014, at 7:47 PM, Marcus 
mailto:shadow...@gmail.com>> wrote:

We had set up an agent in the VM that listens on the virtio serial port,
similar to how the virtual router gets its configurations now in KVM. Host
to guest communication is an option, and is fairly standardized (qemu guest
agent, VMware tools, xen tools). It takes a little more work to write a
daemon, but you could do a lot more with it.

 I'm not entirely convinced the current design is broken enough to warrant
a redesign (or at least I wouldn't want to see compatibility go away).
On Aug 26, 2014 6:51 PM, "Chiradeep Vittal" 
mailto:chiradeep.vit...@citrix.com>>
wrote:

The current design is “OK”, not great. Looking for suggestions to make it
more secure. E.g.,:

 *   HTTPS
 *   Client authentication

Another idea might be to attach a volume to the VM with the password, but
hot plug detection varies widely from OS/Hypervisor combinations.
HTTP(s) is the lowest common denominator, but it has some trade-offs.

From: John Kinsella 
mailto:j...@stratosec.co>>
Reply-To: 
"dev@cloudstack.apache.org"
 <
dev@cloudstack.apache.org>
Date: Tuesday, August 26, 2014 at 4:04 PM
To: 
"dev@cloudstack.apache.org"
 <
dev@cloudstack.apache.org>
Subject: Re: [DISCUSS] Changing the way password reset works, or allowing
the cloud-init way


On Aug 26, 2014, at 1:34 PM, Erik Weber 
mailto:terbol...@gmail.com>mailto:terbol...@gmail.com>>> wrote:
If I understand correctly, we currently deploy a web server on port 8080 on

Slight correction: A processes on the VR listens on port 8080, and hands
any connections to a UNIX script. Calling it a "web server" is way too kind.

Also, you’re just looking at the unix use-case. The Windows agent is close
sourced the last I checked.

Cloud-init doesn’t feel like the best solution, as the one good thing the
current setup does is remove the password from the VR after it’s fetched.

Thought there was a bug filed on this, but I don’t see it?




Stratosec - Secure Finance and Heathcare Clouds
http://stratosec.co
o: 415.315.9385
@johnlkinsella

Review Request 25102: CLOUDSTACK-7444: Allowing user account to submit async jobs in addition to admin

2014-08-27 Thread Gaurav Aradhye


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/25102/
---

Review request for cloudstack and Santhosh Edukulla.


Bugs: CLOUDSTACK-7444
https://issues.apache.org/jira/browse/CLOUDSTACK-7444


Repository: cloudstack-git


Description
---

The async jobs were executed through admin API originally. Added apiclient 
parameter to let user pass the api client of the user account too.


Diffs
-

  test/integration/component/test_snapshots_improvement.py 1646b69 
  tools/marvin/marvin/cloudstackTestClient.py 521d043 

Diff: https://reviews.apache.org/r/25102/diff/


Testing
---

Yes.

Log:
Test while parent concurrent snapshot job in progress,create ... === TestName: 
test_03_concurrent_snapshots_create_template | Status : SUCCESS ===
ok

--
Ran 1 test in 489.219s

OK


Thanks,

Gaurav Aradhye

RE: Should CloudStack support forced password reset?

2014-08-27 Thread Demetrius Tsitrelis

I probably should have specifically said that this is for the built-in users; 
it could only be them since they are the only ones which would use the MD5 or 
plaintext authentication plugins.

I don't think updateUser will help here.  The case is for users to change their 
passwords and not admins; so while an admin could change everyone's passwords 
and then send out e-mails with those new passwords that probably isn't an 
option that would scale.  It's also not particularly security friendly.

-Original Message-
From: Chiradeep Vittal [mailto:chiradeep.vit...@citrix.com] 
Sent: Tuesday, August 26, 2014 5:29 PM
To: dev@cloudstack.apache.org
Subject: Re: Should CloudStack support forced password reset?

The cloud operator can call the updateUser API themselves? Then they can send 
an email to their users telling them their new password. There is no 'password 
change' protocol at the moment. It is assumed that user provisioning and user 
lifecycle is best left to a different system.

From: Demetrius Tsitrelis 
mailto:demetrius.tsitre...@citrix.com>>
Reply-To: "dev@cloudstack.apache.org" 
mailto:dev@cloudstack.apache.org>>
Date: Thursday, August 21, 2014 at 11:28 AM
To: "dev@cloudstack.apache.org" 
mailto:dev@cloudstack.apache.org>>
Subject: Should CloudStack support forced password reset?

For legacy reasons the MD5 and plaintext plugins are included in the list of 
authenticators.  If a company has been using CloudStack for awhile they may 
want to move all their users to a stronger plugin such as SHA256SALTED (which 
is now the default).

Is there a mechanism to do that?  It doesn't appear that there is so I propose 
modify the API as follows:


1)  Include a result in the response to the login API which indicates 
whether a user must change his password.

2)  If a user is in this state have him call a new API called 
changeMyPassword.  That API would require his old password and a new password.  
If the calls succeeds then the user can retry the login API with his new 
password.

3)  Add a new parameter named forceUserToChangePassword to the UpdateUser 
API.  An admin would set that parameter value to indicate that a user is 
required to change his password.

Thoughts?

Re: [MERGE] Merge saml2 branch to master

2014-08-27 Thread Silvano Nogueira Buback

I'm working in cloudstack 4.3 and there some tokens and migrations in
Globo.com internal version that I'm not able to share now. Next week I will
clean and publish this integration in external repository.


On Wed, Aug 27, 2014 at 7:16 AM, Rohit Yadav 
wrote:

> Hi Silvano,
>
> Great, thanks for sharing. Sure, we can change this to suit your plugin as
> well. I suggest that you fork ACS on github and share your branch/url with
> us so those of us interested can help you out.
>
> Regards.
>
> On 27-Aug-2014, at 11:29 am, Silvano Nogueira Buback <
> silv...@corp.globo.com> wrote:
>
> > I'm trying use your implementation to implement OAuth2. It's almost
> > working, but I think is necessary a little change:
> >
> > Class APIAuthenticationManagerImpl is calling command without correct
> > spring context. I'm working in 4.3 branch, so, I will show what I
> changed:
> >
> >
> >   - org.apache.cloudstack.api.auth.PluggableAPIAuthenticator needs to
> >   implements PluggableService and have no more method getAuthCommands.
> >   - Little patch in APIAuthenticationManagerImpl
> >
> > +++ b/server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java
> > @@ -55,24 +55,31 @@ public class APIAuthenticationManagerImpl extends
> > ManagerBase implements APIAuth
> > @Override
> > public boolean start() {
> > s_authenticators = new HashMap>();
> > -for (Class authenticator: getCommands()) {
> > -APICommand command =
> > authenticator.getAnnotation(APICommand.class);
> > -if (command != null && !command.name().isEmpty()
> > -&&
> > APIAuthenticator.class.isAssignableFrom(authenticator)) {
> > -s_authenticators.put(command.name(), authenticator);
> > +for (Class authenticatorCommand: getCommands()) {
> > +registerCommandsInAPIAuthenticator(authenticatorCommand);
> > +}
> > +// Register all external APIAuthenticator(s)
> > +for (PluggableAPIAuthenticator apiAuthenticator:
> > _apiAuthenticators) {
> > +for (Class authenticatorCommand:
> > apiAuthenticator.getCommands()) {
> > +
> registerCommandsInAPIAuthenticator(authenticatorCommand);
> > }
> > }
> > return true;
> > }
> >
> > +private void registerCommandsInAPIAuthenticator(Class
> > authenticator) {
> > +APICommand command =
> authenticator.getAnnotation(APICommand.class);
> > +if (command != null && !command.name().isEmpty()
> > +&&
> APIAuthenticator.class.isAssignableFrom(authenticator))
> > {
> > +s_authenticators.put(command.name(), authenticator);
> > +}
> > +}
> > +
> > @Override
> > public List> getCommands() {
> > List> cmdList = new ArrayList>();
> > cmdList.add(DefaultLoginAPIAuthenticatorCmd.class);
> > cmdList.add(DefaultLogoutAPIAuthenticatorCmd.class);
> > -for (PluggableAPIAuthenticator apiAuthenticator:
> > _apiAuthenticators) {
> > -cmdList.addAll(apiAuthenticator.getAuthCommands());
> > -}
> > return cmdList;
> > }
> >
> >
> > Now, authentication commands work inside plugin context.
> > PluggableAPIAuthenticator needs to implement tradicional getCommands to
> > work.
> >
> > Best regards,
> >
> > Silvano Buback
> >
> >
> >
> >
> > On Tue, Aug 26, 2014 at 6:59 AM, Rohit Yadav 
> > wrote:
> >
> >>
> >> On 26-Aug-2014, at 11:47 am, Sebastien Goasguen 
> wrote:
> >>> we do have some selenium tests in /test/selenium but I don't think they
> >> are being run.
> >>>
> >>> +1 from me (satisfied with your answers)
> >>
> >> Thanks! Few more classes;
> >>
> >> Class, %Method, %Line, %
> >> GetServiceProviderMetaDataCmd100% (1/ 1)62.5% (5/ 8)77.9% (53/ 68)
> >> SAMLMetaDataResponse100% (1/ 1)66.7% (2/ 3)80% (4/ 5)
> >>
> >> From IntelliJ: http://people.apache.org/~bhaisaab/samlcoverage.png
> >>
> >> Regards,
> >> Rohit Yadav
> >> Software Architect, ShapeBlue
> >> M. +41 779015219 | rohit.ya...@shapeblue.com
> >> Blog: bhaisaab.org | Twitter: @_bhaisaab
> >>
> >>
> >>
> >> Find out more about ShapeBlue and our range of CloudStack related
> services
> >>
> >> IaaS Cloud Design & Build<
> >> http://shapeblue.com/iaas-cloud-design-and-build//>
> >> CSForge – rapid IaaS deployment framework >
> >> CloudStack Consulting
> >> CloudStack Infrastructure Support<
> >> http://shapeblue.com/cloudstack-infrastructure-support/>
> >> CloudStack Bootcamp Training Courses<
> >> http://shapeblue.com/cloudstack-training/>
> >>
> >> This email and any attachments to it may be confidential and are
> intended
> >> solely for the use of the individual to whom it is addressed. Any views
> or
> >> opinions expressed are solely those of the author and do not necessarily
> >> represent those of Shape Blue Ltd or related companies. If you are not
> the
> >> intended recipient of this email, you must neither take

remove dynamic generation of routers modrewrite htaccess files?

2014-08-27 Thread Fred Clift

So I've been digging through the code that generates the meta-data
available to vms (e.g.  http:///latest/meta-data/local-ipv4
 etc).  The systems design
is discussed here: https://code.launchpad.net/~lcosmin/cloud-init/cloudstack
 though the implementation has evolved somewhat since then and the git
history is uh, muddled.

We recently discovered that we have been accidentally messing up the
.htaccessfile that provides the functionality for this data - inside the
router it is /var/www/html/latest/.htaccess) with a repair/live-upgrade
script that would among other things, unpack the original (current)
tarball.  What is currently in the tarball is a stub version of this file
with only one of the normally-many mod-rewrite rules...

I made a patch (https://reviews.apache.org/r/25065/) to just add all the
rules to the default one in the image, but then discovered that around the
same time someone was updating the regex in the rewrite rules to fix
another bug...  conflicts between my patch and his got me digging more.

Which mod-rewrite rules are needed are entirely dependent on the hard-coded
list of metadata files as seen in these three places:

server/src/com/cloud/network/element/CloudZonesNetworkElement.java
server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
plugins/hypervisors/baremetal/src/com/cloud/baremetal/networkservice/BaremetalPxeManagerImpl.java


I'm wondering if anyone knows why we currently dynamically generate
/var/www/html/latest/.htaccess or can see any compelling reasons to not
just remove the code that updates that file in vmdata.py.  There are other
htaccess files also modified by that script that probably need to be
dynamic.

What would you all think of me changing vmdata.py to just leave that file
alone, combined with my previous patch and the recent regex change as seen
in https://reviews.apache.org/r/25023/?

The only downside I see is that from a code-maintainability standpoint, if
you add new kinds of metadata in any of those three files then you must
also remember to update the .htaccess file.  Would a comment in those
locations be sufficient?


Fred Clift

Re: remove dynamic generation of routers modrewrite htaccess files?

2014-08-27 Thread Wido den Hollander

On 27-08-14 19:50, Fred Clift wrote:

So I've been digging through the code that generates the meta-data
available to vms (e.g. http:///latest/meta-data/local-ipv4
etc). The systems design
is discussed here: https://code.launchpad.net/~lcosmin/cloud-init/cloudstack
though the implementation has evolved somewhat since then and the git
history is uh, muddled.

We recently discovered that we have been accidentally messing up the
.htaccessfile that provides the functionality for this data - inside the
router it is /var/www/html/latest/.htaccess) with a repair/live-upgrade
script that would among other things, unpack the original (current)
tarball. What is currently in the tarball is a stub version of this file
with only one of the normally-many mod-rewrite rules...

I made a patch (https://reviews.apache.org/r/25065/) to just add all the
rules to the default one in the image, but then discovered that around the
same time someone was updating the regex in the rewrite rules to fix
another bug... conflicts between my patch and his got me digging more.

Which mod-rewrite rules are needed are entirely dependent on the hard-coded
list of metadata files as seen in these three places:

server/src/com/cloud/network/element/CloudZonesNetworkElement.java
server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
plugins/hypervisors/baremetal/src/com/cloud/baremetal/networkservice/BaremetalPxeManagerImpl.java

I'm wondering if anyone knows why we currently dynamically generate
/var/www/html/latest/.htaccess or can see any compelling reasons to not
just remove the code that updates that file in vmdata.py. There are other
htaccess files also modified by that script that probably need to be
dynamic.

What would you all think of me changing vmdata.py to just leave that file
alone, combined with my previous patch and the recent regex change as seen
in https://reviews.apache.org/r/25023/?

The only downside I see is that from a code-maintainability standpoint, if
you add new kinds of metadata in any of those three files then you must
also remember to update the .htaccess file. Would a comment in those
locations be sufficient?

I think so. The current system is pretty prone to errors I think. It
probably just grew this way, but it's not the best route.

A static entry would be just fine I think.

Wido

Fred Clift

Jenkins build is still unstable: simulator-singlerun #222

See

Jenkins build is still unstable: simulator-singlerun #223

See

Jenkins build is still unstable: simulator-singlerun #224