[GitHub] cloudstack pull request: CLOUDSTACK-8506 - Make ACS compliant with...

2015-05-23 Thread wilderrodrigues 
GitHub user wilderrodrigues opened a pull request:

https://github.com/apache/cloudstack/pull/292

CLOUDSTACK-8506 - Make ACS compliant with the RFC 3021

Hi @bhaisaab and @DaanHoogland

Could you please have a look at this PR and also at the RFC 3021?

It allows us to have something like this:

// RFC 3021 - 31-Bit Prefixes on IPv4 Point-to-Point Links
// GW  Netmask Stat IPEnd IP
// 192.168.24.0 - 255.255.255.254 - 192.168.24.0 - 192.168.24.1
// https://tools.ietf.org/html/rfc3021

Email thread: 
https://www.mail-archive.com/dev@cloudstack.apache.org/msg45035.html

Manual tests:

I created the following public networks successfully:

GW - Netmask - Start IP  - End IP
192.168.24.0 - 255.255.255.254 - 192.168.24.0 - 192.168.24.1
192.168.10.0 - 255.255.255.254 - 192.168.10.0 - 192.168.10.1


![image](https://cloud.githubusercontent.com/assets/5129209/7782894/6510f674-012d-11e5-9476-7fb61cc427a7.png)

Automated tests:

Environments:

Centos7 + KVM + Qemu
MySQL/MariaDB 5.5.41
Management Server running CentOS 7
Component/Smoke tests: https://github.com/apache/cloudstack 
(test/integration/component and smoke)
Storage type: NFS shared
Isolation method: VLAN
Agent: 4.6.0

XenServer 62
MySQL/MariaDB 5.5.41
Management Server running CentOS 7
Component/Smoke tests: https://github.com/apache/cloudstack 
(test/integration/component and smoke)
Storage type: NFS shared
Isolation method: VLAN

== KVM tests ==

Test advanced zone virtual router ... === TestName: 
test_advZoneVirtualRouter | Status : SUCCESS ===
ok
Test Deploy Virtual Machine ... === TestName: test_deploy_vm | Status : 
SUCCESS ===
ok
Test Multiple Deploy Virtual Machine ... === TestName: 
test_deploy_vm_multiple | Status : SUCCESS ===
ok
Test Stop Virtual Machine ... === TestName: test_01_stop_vm | Status : 
SUCCESS ===
ok
Test Start Virtual Machine ... === TestName: test_02_start_vm | Status : 
SUCCESS ===
ok
Test Reboot Virtual Machine ... === TestName: test_03_reboot_vm | Status : 
SUCCESS ===
ok
Test destroy Virtual Machine ... === TestName: test_06_destroy_vm | Status 
: SUCCESS ===
ok
Test recover Virtual Machine ... === TestName: test_07_restore_vm | Status 
: SUCCESS ===
ok
Test migrate VM ... SKIP: At least two hosts should be present in the zone 
for migration
Test destroy(expunge) Virtual Machine ... === TestName: test_09_expunge_vm 
| Status : SUCCESS ===
ok

--
Ran 10 tests in 2672.003s

OK (SKIP=1)
/tmp//MarvinLogs/test_vm_life_cycle_CBBMBX/results.txt (END)


Test router internal advanced zone ... === TestName: 
test_02_router_internal_adv | Status : SUCCESS ===
ok
Test restart network ... === TestName: test_03_restart_network_cleanup | 
Status : SUCCESS ===
ok
Test router basic setup ... === TestName: test_05_router_basic | Status : 
SUCCESS ===
ok
Test router advanced setup ... === TestName: test_06_router_advanced | 
Status : SUCCESS ===
ok
Test stop router ... === TestName: test_07_stop_router | Status : SUCCESS 
===
ok
Test start router ... === TestName: test_08_start_router | Status : SUCCESS 
===
ok
Test reboot router ... === TestName: test_09_reboot_router | Status : 
SUCCESS ===
ok

--
Ran 7 tests in 1738.326s


OK
/tmp//MarvinLogs/test_routers_E9IXI8/results.txt (END)


Test to create service offering ... === TestName: 
test_01_create_service_offering | Status : SUCCESS ===
ok
Test to update existing service offering ... === TestName: 
test_02_edit_service_offering | Status : SUCCESS ===
ok
Test to delete service offering ... === TestName: 
test_03_delete_service_offering | Status : SUCCESS ===
ok

--
Ran 3 tests in 716.298s

OK
/tmp//MarvinLogs/test_service_offerings_TGBROS/results.txt (END)


Test reset virtual machine on reboot ... === TestName: 
test_01_reset_vm_on_reboot | Status : SUCCESS ===
ok

--
Ran 1 test in 842.055s

OK
/tmp//MarvinLogs/test_reset_vm_on_reboot_P8SXD8/results.txt (END)


== XenServer 6.2 tests ==


Test advanced zone router services ... === TestName: 
test_01_AdvancedZoneRouterServices | Status : SUCCESS ===
ok
Test network garbage collection ... === TestName: 
test_02_NetworkGarb

[GitHub] cloudstack pull request: CLOUDSTACK-8506 - Make ACS compliant with...

2015-05-23 Thread DaanHoogland 
Github user DaanHoogland commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/292#discussion_r30943135
  
--- Diff: utils/src/com/cloud/utils/net/NetUtils.java ---
@@ -329,35 +329,46 @@ public static String getMacAddress(InetAddress 
address) {
 return sb.toString();
 }
 
-public static long getMacAddressAsLong(InetAddress address) {
+public static long getMacAddressAsLong(final InetAddress address) {
 long macAddressAsLong = 0;
 try {
-NetworkInterface ni = 
NetworkInterface.getByInetAddress(address);
-byte[] mac = ni.getHardwareAddress();
+final NetworkInterface ni = 
NetworkInterface.getByInetAddress(address);
+final byte[] mac = ni.getHardwareAddress();
 
 for (int i = 0; i < mac.length; i++) {
-macAddressAsLong |= ((long)(mac[i] & 0xff) << (mac.length 
- i - 1) * 8);
+macAddressAsLong |= (long)(mac[i] & 0xff) << (mac.length - 
i - 1) * 8;
 }
 
-} catch (SocketException e) {
+} catch (final SocketException e) {
 s_logger.error("SocketException when trying to retrieve MAC 
address", e);
 }
 
 return macAddressAsLong;
 }
 
-public static boolean ipRangesOverlap(String startIp1, String endIp1, 
String startIp2, String endIp2) {
-long startIp1Long = ip2Long(startIp1);
+public static boolean ipRangesOverlap(final String startIp1, final 
String endIp1, final String startIp2, final String endIp2) {
+final long startIp1Long = ip2Long(startIp1);
 long endIp1Long = startIp1Long;
 if (endIp1 != null) {
 endIp1Long = ip2Long(endIp1);
 }
-long startIp2Long = ip2Long(startIp2);
+final long startIp2Long = ip2Long(startIp2);
 long endIp2Long = startIp2Long;
 if (endIp2 != null) {
 endIp2Long = ip2Long(endIp2);
 }
 
+// check if the gatewayip is the part of the ip range being added.
+// RFC 3021 - 31-Bit Prefixes on IPv4 Point-to-Point Links
+// GW  Netmask Stat IPEnd IP
+// 192.168.24.0 - 255.255.255.254 - 192.168.24.0 - 192.168.24.1
+// https://tools.ietf.org/html/rfc3021
+// Added by Wilder Rodrigues
+final int ip31bitPrefixOffSet = 1;
+if (startIp2Long - startIp1Long == startIp2Long - (endIp1Long - 
ip31bitPrefixOffSet)) {
--- End diff --

isn't this condition true for all range2 with any /31 range1?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-8506 - Make ACS compliant with...

2015-05-23 Thread DaanHoogland 
Github user DaanHoogland commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/292#discussion_r30943140
  
--- Diff: server/src/com/cloud/configuration/ConfigurationManagerImpl.java 
---
@@ -3556,6 +3556,11 @@ private void checkPublicIpRangeErrors(long zoneId, 
String vlanId, String vlanGat
 throw new InvalidParameterValueException("Please ensure that 
your end IP is in the same subnet as your IP range's gateway, as per the IP 
range's netmask.");
 }
 // check if the gatewayip is the part of the ip range being added.
+// RFC 3021 - 31-Bit Prefixes on IPv4 Point-to-Point Links
--- End diff --

why is this comment added here?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-8506 - Make ACS compliant with...

2015-05-23 Thread DaanHoogland 
Github user DaanHoogland commented on the pull request:

https://github.com/apache/cloudstack/pull/292#issuecomment-104865612
  
hard to review this, @wilderrodrigues I made one comment on the logic.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: ui: add custom error handling page

2015-05-23 Thread DaanHoogland 
Github user DaanHoogland commented on the pull request:

https://github.com/apache/cloudstack/pull/256#issuecomment-104867025
  
thanks @bhaisaab nice alias albeit of the write once read never kind, it 
works ;)


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-8506 - Make ACS compliant with...

2015-05-23 Thread wilderrodrigues 
Github user wilderrodrigues commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/292#discussion_r30943291
  
--- Diff: server/src/com/cloud/configuration/ConfigurationManagerImpl.java 
---
@@ -3556,6 +3556,11 @@ private void checkPublicIpRangeErrors(long zoneId, 
String vlanId, String vlanGat
 throw new InvalidParameterValueException("Please ensure that 
your end IP is in the same subnet as your IP range's gateway, as per the IP 
range's netmask.");
 }
 // check if the gatewayip is the part of the ip range being added.
+// RFC 3021 - 31-Bit Prefixes on IPv4 Point-to-Point Links
--- End diff --

I talked to Remi yesterday and we agreed that would be nice to comment on 
the code so people don't remove the functionality by mistake or at least will 
make sure it still works if changes are made.

By fixing the bug CLOUDSTACK-4811 on October 2013, it made the /31 not work 
anymore.

The comment causes no harm.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-8506 - Make ACS compliant with...

2015-05-23 Thread wilderrodrigues 
Github user wilderrodrigues commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/292#discussion_r30943304
  
--- Diff: utils/src/com/cloud/utils/net/NetUtils.java ---
@@ -329,35 +329,46 @@ public static String getMacAddress(InetAddress 
address) {
 return sb.toString();
 }
 
-public static long getMacAddressAsLong(InetAddress address) {
+public static long getMacAddressAsLong(final InetAddress address) {
 long macAddressAsLong = 0;
 try {
-NetworkInterface ni = 
NetworkInterface.getByInetAddress(address);
-byte[] mac = ni.getHardwareAddress();
+final NetworkInterface ni = 
NetworkInterface.getByInetAddress(address);
+final byte[] mac = ni.getHardwareAddress();
 
 for (int i = 0; i < mac.length; i++) {
-macAddressAsLong |= ((long)(mac[i] & 0xff) << (mac.length 
- i - 1) * 8);
+macAddressAsLong |= (long)(mac[i] & 0xff) << (mac.length - 
i - 1) * 8;
 }
 
-} catch (SocketException e) {
+} catch (final SocketException e) {
 s_logger.error("SocketException when trying to retrieve MAC 
address", e);
 }
 
 return macAddressAsLong;
 }
 
-public static boolean ipRangesOverlap(String startIp1, String endIp1, 
String startIp2, String endIp2) {
-long startIp1Long = ip2Long(startIp1);
+public static boolean ipRangesOverlap(final String startIp1, final 
String endIp1, final String startIp2, final String endIp2) {
+final long startIp1Long = ip2Long(startIp1);
 long endIp1Long = startIp1Long;
 if (endIp1 != null) {
 endIp1Long = ip2Long(endIp1);
 }
-long startIp2Long = ip2Long(startIp2);
+final long startIp2Long = ip2Long(startIp2);
 long endIp2Long = startIp2Long;
 if (endIp2 != null) {
 endIp2Long = ip2Long(endIp2);
 }
 
+// check if the gatewayip is the part of the ip range being added.
+// RFC 3021 - 31-Bit Prefixes on IPv4 Point-to-Point Links
+// GW  Netmask Stat IPEnd IP
+// 192.168.24.0 - 255.255.255.254 - 192.168.24.0 - 192.168.24.1
+// https://tools.ietf.org/html/rfc3021
+// Added by Wilder Rodrigues
+final int ip31bitPrefixOffSet = 1;
+if (startIp2Long - startIp1Long == startIp2Long - (endIp1Long - 
ip31bitPrefixOffSet)) {
--- End diff --

No. It doesn't because the isIpWithtInCidrRange() is checked before, in the 
ConfigurationManagerImpl.

As you can see, the method you commented on doesn't check the CIDR.




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-8506 - Make ACS compliant with...

2015-05-23 Thread wilderrodrigues 
Github user wilderrodrigues commented on the pull request:

https://github.com/apache/cloudstack/pull/292#issuecomment-104871245
  
@DaanHoogland , I also commented on your comments.

Which bit is hard to review? Put a lot of test results and also did the 
manual tests for the public networks, followed by new unit tests.

Can we merge it? If so, I would also suggest to get it on 4.4.4 and 4.5.

Cheers,
Wilder


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-8506 - Make ACS compliant with...

2015-05-23 Thread DaanHoogland 
Github user DaanHoogland commented on the pull request:

https://github.com/apache/cloudstack/pull/292#issuecomment-104871936
  
the pr contains a lot of added final keywords, more then actual code.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-8506 - Make ACS compliant with...

2015-05-23 Thread wilderrodrigues 
Github user wilderrodrigues commented on the pull request:

https://github.com/apache/cloudstack/pull/292#issuecomment-104872293
  
Ah, indeed.

There is the logic you mentioned in the previous comment and 1 added call 
to NetUtils.isIpWithtInCidrRange() line 1509 which is:

subnetUtils.setInclusiveHostCount(true);

I discussed with Remi yesterday on Slack.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-8506 - Make ACS compliant with...

2015-05-23 Thread asfgit 
Github user asfgit closed the pull request at:

https://github.com/apache/cloudstack/pull/292


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-8506 - Make ACS compliant with...

2015-05-23 Thread DaanHoogland 
Github user DaanHoogland commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/292#discussion_r30943403
  
--- Diff: utils/src/com/cloud/utils/net/NetUtils.java ---
@@ -329,35 +329,46 @@ public static String getMacAddress(InetAddress 
address) {
 return sb.toString();
 }
 
-public static long getMacAddressAsLong(InetAddress address) {
+public static long getMacAddressAsLong(final InetAddress address) {
 long macAddressAsLong = 0;
 try {
-NetworkInterface ni = 
NetworkInterface.getByInetAddress(address);
-byte[] mac = ni.getHardwareAddress();
+final NetworkInterface ni = 
NetworkInterface.getByInetAddress(address);
+final byte[] mac = ni.getHardwareAddress();
 
 for (int i = 0; i < mac.length; i++) {
-macAddressAsLong |= ((long)(mac[i] & 0xff) << (mac.length 
- i - 1) * 8);
+macAddressAsLong |= (long)(mac[i] & 0xff) << (mac.length - 
i - 1) * 8;
 }
 
-} catch (SocketException e) {
+} catch (final SocketException e) {
 s_logger.error("SocketException when trying to retrieve MAC 
address", e);
 }
 
 return macAddressAsLong;
 }
 
-public static boolean ipRangesOverlap(String startIp1, String endIp1, 
String startIp2, String endIp2) {
-long startIp1Long = ip2Long(startIp1);
+public static boolean ipRangesOverlap(final String startIp1, final 
String endIp1, final String startIp2, final String endIp2) {
+final long startIp1Long = ip2Long(startIp1);
 long endIp1Long = startIp1Long;
 if (endIp1 != null) {
 endIp1Long = ip2Long(endIp1);
 }
-long startIp2Long = ip2Long(startIp2);
+final long startIp2Long = ip2Long(startIp2);
 long endIp2Long = startIp2Long;
 if (endIp2 != null) {
 endIp2Long = ip2Long(endIp2);
 }
 
+// check if the gatewayip is the part of the ip range being added.
+// RFC 3021 - 31-Bit Prefixes on IPv4 Point-to-Point Links
+// GW  Netmask Stat IPEnd IP
+// 192.168.24.0 - 255.255.255.254 - 192.168.24.0 - 192.168.24.1
+// https://tools.ietf.org/html/rfc3021
+// Added by Wilder Rodrigues
+final int ip31bitPrefixOffSet = 1;
+if (startIp2Long - startIp1Long == startIp2Long - (endIp1Long - 
ip31bitPrefixOffSet)) {
--- End diff --

for any endIp1Long == startIp1Long +1 this condition is true, no matter 
what startIp2Long is let alone endIp2Long. So is it the intention to check 
(startIp1Long == endIp1Long - ip31bitPrefixOffSet) and return false if it is? 
This comes down to a check if this is indeed a /31 range and makes no sense to 
me.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-8506 - Make ACS compliant with...

2015-05-23 Thread wilderrodrigues 
Github user wilderrodrigues commented on a diff in the pull request:

https://github.com/apache/cloudstack/pull/292#discussion_r30943691
  
--- Diff: utils/src/com/cloud/utils/net/NetUtils.java ---
@@ -329,35 +329,46 @@ public static String getMacAddress(InetAddress 
address) {
 return sb.toString();
 }
 
-public static long getMacAddressAsLong(InetAddress address) {
+public static long getMacAddressAsLong(final InetAddress address) {
 long macAddressAsLong = 0;
 try {
-NetworkInterface ni = 
NetworkInterface.getByInetAddress(address);
-byte[] mac = ni.getHardwareAddress();
+final NetworkInterface ni = 
NetworkInterface.getByInetAddress(address);
+final byte[] mac = ni.getHardwareAddress();
 
 for (int i = 0; i < mac.length; i++) {
-macAddressAsLong |= ((long)(mac[i] & 0xff) << (mac.length 
- i - 1) * 8);
+macAddressAsLong |= (long)(mac[i] & 0xff) << (mac.length - 
i - 1) * 8;
 }
 
-} catch (SocketException e) {
+} catch (final SocketException e) {
 s_logger.error("SocketException when trying to retrieve MAC 
address", e);
 }
 
 return macAddressAsLong;
 }
 
-public static boolean ipRangesOverlap(String startIp1, String endIp1, 
String startIp2, String endIp2) {
-long startIp1Long = ip2Long(startIp1);
+public static boolean ipRangesOverlap(final String startIp1, final 
String endIp1, final String startIp2, final String endIp2) {
+final long startIp1Long = ip2Long(startIp1);
 long endIp1Long = startIp1Long;
 if (endIp1 != null) {
 endIp1Long = ip2Long(endIp1);
 }
-long startIp2Long = ip2Long(startIp2);
+final long startIp2Long = ip2Long(startIp2);
 long endIp2Long = startIp2Long;
 if (endIp2 != null) {
 endIp2Long = ip2Long(endIp2);
 }
 
+// check if the gatewayip is the part of the ip range being added.
+// RFC 3021 - 31-Bit Prefixes on IPv4 Point-to-Point Links
+// GW  Netmask Stat IPEnd IP
+// 192.168.24.0 - 255.255.255.254 - 192.168.24.0 - 192.168.24.1
+// https://tools.ietf.org/html/rfc3021
+// Added by Wilder Rodrigues
+final int ip31bitPrefixOffSet = 1;
+if (startIp2Long - startIp1Long == startIp2Long - (endIp1Long - 
ip31bitPrefixOffSet)) {
--- End diff --

Nope, it's not. You should check the configurationImpl and see how the 
checks are done separately

Or then look at the chat last night. The iPOverlaps method doens't check 
cidr, as I said before. It checks that there are only 2 ips in the range

Why that? Because the conditions and all the ConfigurationImpl are doing 
the job in many steps

We can discuss it further on Tuesday.

Sent from my iPhone

On 23 May 2015, at 11:09, Daan Hoogland 
mailto:notificati...@github.com>> wrote:


In 
utils/src/com/cloud/utils/net/NetUtils.java:

>  long endIp2Long = startIp2Long;
>  if (endIp2 != null) {
>  endIp2Long = ip2Long(endIp2);
>  }
>
> +// check if the gatewayip is the part of the ip range being 
added.
> +// RFC 3021 - 31-Bit Prefixes on IPv4 Point-to-Point Links
> +// GW  Netmask Stat IPEnd IP
> +// 192.168.24.0 - 255.255.255.254 - 192.168.24.0 - 192.168.24.1
> +// https://tools.ietf.org/html/rfc3021
> +// Added by Wilder Rodrigues
> +final int ip31bitPrefixOffSet = 1;
> +if (startIp2Long - startIp1Long == startIp2Long - (endIp1Long - 
ip31bitPrefixOffSet)) {


for any endIp1Long == startIp1Long +1 this condition is true, no matter 
what startIp2Long is let alone endIp2Long. So is it the intention to check 
(startIp1Long == endIp1Long - ip31bitPrefixOffSet) and return false if it is? 
This comes down to a check if this is indeed a /31 range and makes no sense to 
me.

—
Reply to this email directly or view it on 
GitHub.



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Build failed in Jenkins: build-master-jdk18 #73

2015-05-23 Thread jenkins 
See 

Changes:

[wrodrigues] CLOUDSTACK-8506

[wrodrigues] CLOUDSTACK-8506

--
[...truncated 2607 lines...]
[INFO] 
[INFO] --- maven-compiler-plugin:3.2:compile (default-compile) @ 
cloud-plugin-hypervisor-ovm ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 18 source files to 

[INFO] 
[INFO] --- maven-resources-plugin:2.5:testResources (default-testResources) @ 
cloud-plugin-hypervisor-ovm ---
[debug] execute contextualize
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory 

[INFO] Copying 3 resources
[INFO] 
[INFO] --- maven-compiler-plugin:3.2:testCompile (default-testCompile) @ 
cloud-plugin-hypervisor-ovm ---
[INFO] No sources to compile
[INFO] 
[INFO] --- maven-surefire-plugin:2.18.1:test (default-test) @ 
cloud-plugin-hypervisor-ovm ---
[INFO] 
[INFO] 
[INFO] Building Apache CloudStack Plugin - Open vSwitch 4.6.0-SNAPSHOT
[INFO] 
[INFO] 
[INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ 
cloud-plugin-network-ovs ---
[INFO] Deleting 

 (includes = [**/*], excludes = [])
[INFO] Deleting 

 (includes = [target, dist], excludes = [])
[INFO] 
[INFO] --- maven-checkstyle-plugin:2.11:check (cloudstack-checkstyle) @ 
cloud-plugin-network-ovs ---
[INFO] Starting audit...
Audit done.

[INFO] 
[INFO] --- maven-remote-resources-plugin:1.3:process (default) @ 
cloud-plugin-network-ovs ---
[INFO] 
[INFO] --- maven-resources-plugin:2.5:resources (default-resources) @ 
cloud-plugin-network-ovs ---
[debug] execute contextualize
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 2 resources
[INFO] Copying 3 resources
[INFO] 
[INFO] --- maven-compiler-plugin:3.2:compile (default-compile) @ 
cloud-plugin-network-ovs ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 33 source files to 

[INFO] 
[INFO] --- maven-resources-plugin:2.5:testResources (default-testResources) @ 
cloud-plugin-network-ovs ---
[debug] execute contextualize
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory 

[INFO] Copying 3 resources
[INFO] 
[INFO] --- maven-compiler-plugin:3.2:testCompile (default-testCompile) @ 
cloud-plugin-network-ovs ---
[INFO] No sources to compile
[INFO] 
[INFO] --- maven-surefire-plugin:2.18.1:test (default-test) @ 
cloud-plugin-network-ovs ---
[INFO] 
[INFO] 
[INFO] Building Apache CloudStack Plugin - Hypervisor XenServer 4.6.0-SNAPSHOT
[INFO] 
[INFO] 
[INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ 
cloud-plugin-hypervisor-xenserver ---
[INFO] Deleting 

 (includes = [**/*], excludes = [])
[INFO] Deleting 

 (includes = [target, dist], excludes = [])
[INFO] 
[INFO] --- maven-checkstyle-plugin:2.11:check (cloudstack-checkstyle) @ 
cloud-plugin-hypervisor-xenserver ---
[INFO] Starting audit...
Audit done.

[INFO] 
[INFO] --- maven-remote-resources-plugin:1.3:process (default) @ 
cloud-plugin-hypervisor-xenserver ---
[INFO] 
[INFO] --- maven-resources-plugin:2.5:resources (default-resources) @ 
cloud-plugin-hypervisor-xenserver ---
[debug] execute contextualize
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO] 
[INFO] --- maven-compiler-plugin:3.2:compile (default-compile) @ 
cloud-plugin-hypervisor-xenserver ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 96 source files to 

[INFO] 
[INFO] --- maven-resources-plugin:2.5:testResources (default-testResources) @ 
cloud-plugin-hypervisor-xenserver ---
[debug] execute contextualize
[INFO] Using 'UTF-8' encoding to copy filtered

[GitHub] cloudstack pull request:

2015-05-23 Thread rsafonseca 
Github user rsafonseca commented on the pull request:


https://github.com/apache/cloudstack/commit/1c408dec37a278c97c1b40da0bdbca437d7a564c#commitcomment-11339020
  
In packaging/centos63/cloud.spec:
In packaging/centos63/cloud.spec on line 273:
Hi again @DaanHoogland :)
This one breaks packaging for centos6
The _cloudstackmanagementconf and _cloudstackmanagementconfattr lines throw 
and error in rpmpackaging because their not set in 4.6.0 packaging
Please remove t


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Re: [GitHub] cloudstack pull request: CLOUDSTACK-8502 Improvement/annotations k...

2015-05-23 Thread Wilder Rodrigues 
Hoi Rafael,

Perhaps that's an intermittent test error based on the random order that 
packages are loaded.

Anyway, if you got it working without problems, feel free to fix and send a PR! 
I really appreciate you looking after those things. :)

Once your PR is through I will have a look and merge it.

Thanks again and keep the good  work. ;)

Cheers,
Wilder

Sent from my iPhone

> On 22 May 2015, at 23:11, rsafonseca  wrote:
> 
> Github user rsafonseca commented on the pull request:
> 
>https://github.com/apache/cloudstack/pull/280#issuecomment-104771495
> 
>@wilderrodrigues the Xenserver tests are failing in master with a 
> ClassCast Exception :(
> 
>
> */plugins/hypervisors/xenserver/src/com/cloud/hypervisor/xenserver/resource/wrapper/citrix/CitrixRequestWrapper.java*
>`Reflections baseWrappers = new 
> Reflections("com.cloud.hypervisor.xenserver.resource.wrapper");
>@SuppressWarnings("rawtypes")
>Set> baseSet = 
> baseWrappers.getSubTypesOf(CommandWrapper.class);` 
> 
>The baseSet ends up becoming the sum of all tests, because the scanner is 
> recursive, so wrapper.xen56, wrapper.xcp, etc will all get included in the 
> set.
> 
>I've tested fixing it by changing the package for the Citrix* classes to a 
> package that in not parent to the other wrapper's classes and it's working 
> fine.
>Do you want to fix this your way, or should I send a PR? :)
> 
> 
> 
> 
> 
> 
> 
> ---
> If your project is set up for it, you can reply to this email and have your
> reply appear on GitHub as well. If your project does not have this feature
> enabled and wishes so, or if the feature is enabled but not working, please
> contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
> with INFRA.
> ---

[GitHub] cloudstack pull request: Fix xenserver tests for travis

2015-05-23 Thread rsafonseca 
GitHub user rsafonseca opened a pull request:

https://github.com/apache/cloudstack/pull/293

Fix xenserver tests for travis

Fix ClassCast exception being thrown due to recursive scan in 
com.cloud.hypervisor.xenserver.resource.wrapper picking up subpackage modules 
for running the citrix tests

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/rsafonseca/cloudstack xentestfix

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cloudstack/pull/293.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #293


commit 79d24ae218889b36674f2c064701638b3f2c5e29
Author: Rafael da Fonseca 
Date:   2015-05-23T14:14:09Z

Fix xenserver tests for travis




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-8502 Improvement/annotations k...

2015-05-23 Thread rsafonseca 
Github user rsafonseca commented on the pull request:

https://github.com/apache/cloudstack/pull/280#issuecomment-104901705
  
Hoi @wilderrodrigues  :)
I've created a pull request for it, have a look

https://github.com/apache/cloudstack/pull/293

glad to help :)



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-8502 Improvement/annotations k...

2015-05-23 Thread wilderrodrigues 
Github user wilderrodrigues commented on the pull request:

https://github.com/apache/cloudstack/pull/280#issuecomment-104903208
  
Awesome.

Will look/merge it once behind the computer.

Thanks again.

Cheers,
Wilder

Sent from my iPhone

On 23 May 2015, at 16:21, Rafael da Fonseca 
mailto:notificati...@github.com>> wrote:


Hoi @wilderrodrigues :)
I've created a pull request for it, have a look

#293

glad to help :)

—
Reply to this email directly or view it on 
GitHub.



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Re: [GitHub] cloudstack pull request: Fix xenserver tests for travis

2015-05-23 Thread Wilder Rodrigues 
Testing it.

Thanks, Rafael!

Cheers,
Wilder

Sent from my iPhone

> On 23 May 2015, at 16:19, rsafonseca  wrote:
> 
> GitHub user rsafonseca opened a pull request:
> 
>https://github.com/apache/cloudstack/pull/293
> 
>Fix xenserver tests for travis
> 
>Fix ClassCast exception being thrown due to recursive scan in 
> com.cloud.hypervisor.xenserver.resource.wrapper picking up subpackage modules 
> for running the citrix tests
> 
> You can merge this pull request into a Git repository by running:
> 
>$ git pull https://github.com/rsafonseca/cloudstack xentestfix
> 
> Alternatively you can review and apply these changes as the patch at:
> 
>https://github.com/apache/cloudstack/pull/293.patch
> 
> To close this pull request, make a commit to your master/trunk branch
> with (at least) the following in the commit message:
> 
>This closes #293
> 
> 
> commit 79d24ae218889b36674f2c064701638b3f2c5e29
> Author: Rafael da Fonseca 
> Date:   2015-05-23T14:14:09Z
> 
>Fix xenserver tests for travis
> 
> 
> 
> 
> ---
> If your project is set up for it, you can reply to this email and have your
> reply appear on GitHub as well. If your project does not have this feature
> enabled and wishes so, or if the feature is enabled but not working, please
> contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
> with INFRA.
> ---

Re: IPv6 ideas for Basic Networking

2015-05-23 Thread Wido den Hollander 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1



On 05/22/2015 11:05 PM, server24 Cloudstack wrote:
> Hi Wido,
> 
> was nice talking to you about this.
> 
> On 5/21/2015 8:59 PM, Wido den Hollander wrote:
> 
>> (IPv6) routers should send out RAs (Router Advertisements) with
>> the managed-other-flag [0][1], telling Instances to ONLY use that
>> routers as their default gateways and NOT to use SLAAC to
>> autoconfigure their IP-Address.
> 
> OK, so no autonomous flag
> 

No, the "managed other flag" as described in RFC 4862. Meaning that
the Routers should only be used as a default gateway and DHCPv6 should
be used for obtaining a address.

>> The (ip6tables) Security Groups should allow ICMPv6 by default.
>> IPv6 traffic breaks really hard without ICMPv6 traffic, for
>> example PMTU doesn't work properly and breaks IPv6 connections.
> yes, and default ip(6)tables should be in place to block
> VNC-related traffic except to the Virtual Console (as currently VNC
> ports on IPv6 are world-wide-open in BASIC network)!
> 

Yes, but in that case you are talking about the Console Proxy which
should be firewalled properly.

>> In CloudStack we might configure a /48, but tell it to hand out 
>> addresses for each instance from a /64 out of that /48. That
>> means we can have 65k Instances in that pod. Some firewall
>> policies block a complete /64 when they see malicious traffic
>> coming from that subnet, so if the subnet is big enough we should
>> try to keep all the IPv6 addresses from one Instance in the same
>> /64 subnet. This could also simplify the iptable rules.
> so one /48 per pod? RIRs provide either /48 or /32 (the latter to
> the providers) IPv6 blocks. So this should then be configurable,
> both per instance and per pod. One /48 per pod still looks large to
> me..
> 

A /48 should be a possibility. If you only have a /64 available that
should be no problem either.

> On the other hand any prefix more specific than /64 could break
> IPv6 features, so that there are at least some practical values to
> rely on.
>> Security grouping has to be extended to also support IPv6, but
>> should allow ICMPv6 by default.
> yes, ICMPv6 should be on by default (maybe it should be forced to
> be always on for IPv6?).
> 
>> At the end of June 2015 we want to keep a one-day meetup in
>> Amsterdam with various developers to discuss some more details.
> 
> great work and very good meeting, was a pleasure to be there.
> 
> Thomas Moroder
> 
> -- Incubatec GmbH - Srl Via Scurcia'str. 36, 39046 Ortisei(BZ),
> ITALY Registered with the chamber of commerce of Bolzano the 8th of
> November 2001 with REA-No. 168204 (s.c. of EUR 10.000 f.p.u.) 
> President: Thomas Moroder, VAT-No. IT 02283140214 Tel:
> +39.0471796829 - Fax: +39.0471797949
> 
> IMPRINT: http://www.incubatec.com/imprint.html PRIVACY: 
> http://www.server24.it/informativa_completa.html
> 
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBAgAGBQJVYJwhAAoJEAGbWC3bPspCWXEQAISPV1PdGWa6KOck9IsTVXBt
jUTpyFyg+qnmlG+QQ3LWOFjXRVUvQroryBbxkBnEbNm5d5qOsKptwwOaXMOut4A2
Nv4WCcFlAjnj78c9C/mpJvqu+Bh/WLKy4mBaMEqLiSAzqoz+CPlaiubJ/TDXR+jp
XSY3XNk/jhdI02QTPNHvYc1ZbWNjuZrb+YVqEzFLra25I0bfXuq2tcBVDEMr1zmA
qQVfCabkAx/a8wW2wGnz2GSg1UFDJUHOb7c6bae9nE5wo1MYpXyjpO53IBpRQuPt
+VMzkjyf75yS1LFel9zS/BzV97mgEBxux9Nb3M9f/ZJW0QvS9onZdIhYgCeDyxJe
M/XTD6M0O+ha4mFaYTeSudWoQnv/ZZ1P5RuPTQyQRD4P7nSkorz6QOR/SVb+OhXG
7tqd0GaUS/OFTC69wBTN/t9m98mYRZ5s4XtuocE5DadHqIv5JslrKLzC2YJEWonm
RqL2Gow0/h+k99esJatmCZq+6jXwsy9pIVsLspfDt+GKBOVw8sHNTDUPTvdVzffv
Qa+gVl5gg9RvSonJ8xS7sHI/p/gDFJrN1lWzxl9YWyurjDKFz2zI0OWfOKGZdhrE
Ywgzb+2ExzGSgLSE6AL8awLbl1N57TOlQI4SlfN7Ph4kaS2T9eCleAXP3BxPSXqK
Hji1OI5/luKcQVyYqwaT
=acrP
-END PGP SIGNATURE-

[GitHub] cloudstack pull request: Fix xenserver tests for travis

2015-05-23 Thread asfgit 
Github user asfgit closed the pull request at:

https://github.com/apache/cloudstack/pull/293


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: Fix xenserver tests for travis

2015-05-23 Thread wilderrodrigues 
Github user wilderrodrigues commented on the pull request:

https://github.com/apache/cloudstack/pull/293#issuecomment-104913335
  
Thanks, @rsafonseca !

Cheers,
Wilder


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-6181 Specify GB for the value ...

2015-05-23 Thread milamberspace 
GitHub user milamberspace opened a pull request:

https://github.com/apache/cloudstack/pull/294

CLOUDSTACK-6181 Specify GB for the value of rootdisksize parameter. Add 
some Bytes/GB for log or exception messages. Fix Gb->GB.

The new behavior (since 4.4) rootdisksize for KVM hyperviser when you 
deploy a new VM use GB value. Update Docs Api to indicate the value type.

Cherry-pick to 4.5 and 4.4 should be done

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/milamberspace/cloudstack RootDiskSizeMaster

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cloudstack/pull/294.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #294


commit 87d4086a64a6ebf387bda03509e0c03dac685cae
Author: Milamber 
Date:   2015-05-23T15:58:05Z

CLOUDSTACK-6181 Specify GB for the value of rootdisksize parameter. Add 
some Bytes/GB for log or exception messages. Fix Gb->GB.




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-6181 Specify GB for the value ...

2015-05-23 Thread asfgit 
Github user asfgit closed the pull request at:

https://github.com/apache/cloudstack/pull/294


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack-docs-rn pull request: add note on XenServer: we depend ...

2015-05-23 Thread remibergsma 
GitHub user remibergsma opened a pull request:

https://github.com/apache/cloudstack-docs-rn/pull/21

add note on XenServer: we depend on pool HA these days

Add note that we need HA on the pool in XenServer in order to recover from 
a pool-master crash.

We may want to add this to 4.4 and 4.5 release notes as well. Agree?

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/remibergsma/cloudstack-docs-rn master

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cloudstack-docs-rn/pull/21.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #21


commit b6ca4687d3e15a56712d103f116f029c3e52ff71
Author: Remi Bergsma 
Date:   2015-05-23T20:15:57Z

add note on XenServer: we depend on pool HA these days

commit 7ccf5f3bff32ec4272e947ccd2c2ad2e1b4429e4
Author: Remi Bergsma 
Date:   2015-05-23T20:19:56Z

remove cached python classes and add ignore file for it




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack-docs-rn pull request: add note on XenServer: we depend ...

2015-05-23 Thread xenserverarmy 
Github user xenserverarmy commented on the pull request:

https://github.com/apache/cloudstack-docs-rn/pull/21#issuecomment-104945193
  
I agree that we should add this to the 4.4 and 4.5 notes, but would suggest 
an addition relating to the config-timeout.  The default has changed with 
XenServer version, and I don't recall it ever being 180.  Text similar to the 
following would alert admins to the issue of aggressive fencing with redundant 
controllers.



Occasionally XenServer will determine that a storage heartbeat failure has 
occurred and fence a host, or worse an entire pool.  This typically occurs when 
a redundant storage solution or a storage solution with redundant controllers 
is used, and the failover timer used by the storage solution is longer than the 
default XenServer HA timeout of 30 seconds.  The value for this timeout can be 
changed, but it’s important to know that simply enabling HA from within 
XenCenter, or using the default form of the pool-enable-ha command will reset 
the timeout to the default value.  In the following example, the timeout has 
been increased from the default to two minutes.

# xe pool-enable-ha heartbeat-sr-uuids={SR-UUID} ha-config:timeout=120



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Re: IPv6 ideas for Basic Networking

2015-05-23 Thread Marcus 
Did you guys review the functional spec that has been floating around on
cwiki?
On May 23, 2015 8:27 AM, "Wido den Hollander"  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
>
>
> On 05/22/2015 11:05 PM, server24 Cloudstack wrote:
> > Hi Wido,
> >
> > was nice talking to you about this.
> >
> > On 5/21/2015 8:59 PM, Wido den Hollander wrote:
> >
> >> (IPv6) routers should send out RAs (Router Advertisements) with
> >> the managed-other-flag [0][1], telling Instances to ONLY use that
> >> routers as their default gateways and NOT to use SLAAC to
> >> autoconfigure their IP-Address.
> >
> > OK, so no autonomous flag
> >
>
> No, the "managed other flag" as described in RFC 4862. Meaning that
> the Routers should only be used as a default gateway and DHCPv6 should
> be used for obtaining a address.
>
> >> The (ip6tables) Security Groups should allow ICMPv6 by default.
> >> IPv6 traffic breaks really hard without ICMPv6 traffic, for
> >> example PMTU doesn't work properly and breaks IPv6 connections.
> > yes, and default ip(6)tables should be in place to block
> > VNC-related traffic except to the Virtual Console (as currently VNC
> > ports on IPv6 are world-wide-open in BASIC network)!
> >
>
> Yes, but in that case you are talking about the Console Proxy which
> should be firewalled properly.
>
> >> In CloudStack we might configure a /48, but tell it to hand out
> >> addresses for each instance from a /64 out of that /48. That
> >> means we can have 65k Instances in that pod. Some firewall
> >> policies block a complete /64 when they see malicious traffic
> >> coming from that subnet, so if the subnet is big enough we should
> >> try to keep all the IPv6 addresses from one Instance in the same
> >> /64 subnet. This could also simplify the iptable rules.
> > so one /48 per pod? RIRs provide either /48 or /32 (the latter to
> > the providers) IPv6 blocks. So this should then be configurable,
> > both per instance and per pod. One /48 per pod still looks large to
> > me..
> >
>
> A /48 should be a possibility. If you only have a /64 available that
> should be no problem either.
>
> > On the other hand any prefix more specific than /64 could break
> > IPv6 features, so that there are at least some practical values to
> > rely on.
> >> Security grouping has to be extended to also support IPv6, but
> >> should allow ICMPv6 by default.
> > yes, ICMPv6 should be on by default (maybe it should be forced to
> > be always on for IPv6?).
> >
> >> At the end of June 2015 we want to keep a one-day meetup in
> >> Amsterdam with various developers to discuss some more details.
> >
> > great work and very good meeting, was a pleasure to be there.
> >
> > Thomas Moroder
> >
> > -- Incubatec GmbH - Srl Via Scurcia'str. 36, 39046 Ortisei(BZ),
> > ITALY Registered with the chamber of commerce of Bolzano the 8th of
> > November 2001 with REA-No. 168204 (s.c. of EUR 10.000 f.p.u.)
> > President: Thomas Moroder, VAT-No. IT 02283140214 Tel:
> > +39.0471796829 - Fax: +39.0471797949
> >
> > IMPRINT: http://www.incubatec.com/imprint.html PRIVACY:
> > http://www.server24.it/informativa_completa.html
> >
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1
>
> iQIcBAEBAgAGBQJVYJwhAAoJEAGbWC3bPspCWXEQAISPV1PdGWa6KOck9IsTVXBt
> jUTpyFyg+qnmlG+QQ3LWOFjXRVUvQroryBbxkBnEbNm5d5qOsKptwwOaXMOut4A2
> Nv4WCcFlAjnj78c9C/mpJvqu+Bh/WLKy4mBaMEqLiSAzqoz+CPlaiubJ/TDXR+jp
> XSY3XNk/jhdI02QTPNHvYc1ZbWNjuZrb+YVqEzFLra25I0bfXuq2tcBVDEMr1zmA
> qQVfCabkAx/a8wW2wGnz2GSg1UFDJUHOb7c6bae9nE5wo1MYpXyjpO53IBpRQuPt
> +VMzkjyf75yS1LFel9zS/BzV97mgEBxux9Nb3M9f/ZJW0QvS9onZdIhYgCeDyxJe
> M/XTD6M0O+ha4mFaYTeSudWoQnv/ZZ1P5RuPTQyQRD4P7nSkorz6QOR/SVb+OhXG
> 7tqd0GaUS/OFTC69wBTN/t9m98mYRZ5s4XtuocE5DadHqIv5JslrKLzC2YJEWonm
> RqL2Gow0/h+k99esJatmCZq+6jXwsy9pIVsLspfDt+GKBOVw8sHNTDUPTvdVzffv
> Qa+gVl5gg9RvSonJ8xS7sHI/p/gDFJrN1lWzxl9YWyurjDKFz2zI0OWfOKGZdhrE
> Ywgzb+2ExzGSgLSE6AL8awLbl1N57TOlQI4SlfN7Ph4kaS2T9eCleAXP3BxPSXqK
> Hji1OI5/luKcQVyYqwaT
> =acrP
> -END PGP SIGNATURE-
>

Re: IPv6 ideas for Basic Networking

2015-05-23 Thread Remi Bergsma 
At Schuberg Philis we’ve been working on a design voor IPv6 in VPC networks (so 
this is Advanced Networking) and I indeed had a look at your functional spec. 
I’ll finalise what we’ve come up with and publish it early next week so we can 
align and discuss and work from there. Nice to see there is a design for Basic 
Networking as well!

Regards,
Remi

> On 24 May 2015, at 02:47, Marcus  wrote:
> 
> Did you guys review the functional spec that has been floating around on
> cwiki?
> On May 23, 2015 8:27 AM, "Wido den Hollander"  wrote:
> 
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>> 
>> 
>> 
>> On 05/22/2015 11:05 PM, server24 Cloudstack wrote:
>>> Hi Wido,
>>> 
>>> was nice talking to you about this.
>>> 
>>> On 5/21/2015 8:59 PM, Wido den Hollander wrote:
>>> 
 (IPv6) routers should send out RAs (Router Advertisements) with
 the managed-other-flag [0][1], telling Instances to ONLY use that
 routers as their default gateways and NOT to use SLAAC to
 autoconfigure their IP-Address.
>>> 
>>> OK, so no autonomous flag
>>> 
>> 
>> No, the "managed other flag" as described in RFC 4862. Meaning that
>> the Routers should only be used as a default gateway and DHCPv6 should
>> be used for obtaining a address.
>> 
 The (ip6tables) Security Groups should allow ICMPv6 by default.
 IPv6 traffic breaks really hard without ICMPv6 traffic, for
 example PMTU doesn't work properly and breaks IPv6 connections.
>>> yes, and default ip(6)tables should be in place to block
>>> VNC-related traffic except to the Virtual Console (as currently VNC
>>> ports on IPv6 are world-wide-open in BASIC network)!
>>> 
>> 
>> Yes, but in that case you are talking about the Console Proxy which
>> should be firewalled properly.
>> 
 In CloudStack we might configure a /48, but tell it to hand out
 addresses for each instance from a /64 out of that /48. That
 means we can have 65k Instances in that pod. Some firewall
 policies block a complete /64 when they see malicious traffic
 coming from that subnet, so if the subnet is big enough we should
 try to keep all the IPv6 addresses from one Instance in the same
 /64 subnet. This could also simplify the iptable rules.
>>> so one /48 per pod? RIRs provide either /48 or /32 (the latter to
>>> the providers) IPv6 blocks. So this should then be configurable,
>>> both per instance and per pod. One /48 per pod still looks large to
>>> me..
>>> 
>> 
>> A /48 should be a possibility. If you only have a /64 available that
>> should be no problem either.
>> 
>>> On the other hand any prefix more specific than /64 could break
>>> IPv6 features, so that there are at least some practical values to
>>> rely on.
 Security grouping has to be extended to also support IPv6, but
 should allow ICMPv6 by default.
>>> yes, ICMPv6 should be on by default (maybe it should be forced to
>>> be always on for IPv6?).
>>> 
 At the end of June 2015 we want to keep a one-day meetup in
 Amsterdam with various developers to discuss some more details.
>>> 
>>> great work and very good meeting, was a pleasure to be there.
>>> 
>>> Thomas Moroder
>>> 
>>> -- Incubatec GmbH - Srl Via Scurcia'str. 36, 39046 Ortisei(BZ),
>>> ITALY Registered with the chamber of commerce of Bolzano the 8th of
>>> November 2001 with REA-No. 168204 (s.c. of EUR 10.000 f.p.u.)
>>> President: Thomas Moroder, VAT-No. IT 02283140214 Tel:
>>> +39.0471796829 - Fax: +39.0471797949
>>> 
>>> IMPRINT: http://www.incubatec.com/imprint.html PRIVACY:
>>> http://www.server24.it/informativa_completa.html
>>> 
>> -BEGIN PGP SIGNATURE-
>> Version: GnuPG v1
>> 
>> iQIcBAEBAgAGBQJVYJwhAAoJEAGbWC3bPspCWXEQAISPV1PdGWa6KOck9IsTVXBt
>> jUTpyFyg+qnmlG+QQ3LWOFjXRVUvQroryBbxkBnEbNm5d5qOsKptwwOaXMOut4A2
>> Nv4WCcFlAjnj78c9C/mpJvqu+Bh/WLKy4mBaMEqLiSAzqoz+CPlaiubJ/TDXR+jp
>> XSY3XNk/jhdI02QTPNHvYc1ZbWNjuZrb+YVqEzFLra25I0bfXuq2tcBVDEMr1zmA
>> qQVfCabkAx/a8wW2wGnz2GSg1UFDJUHOb7c6bae9nE5wo1MYpXyjpO53IBpRQuPt
>> +VMzkjyf75yS1LFel9zS/BzV97mgEBxux9Nb3M9f/ZJW0QvS9onZdIhYgCeDyxJe
>> M/XTD6M0O+ha4mFaYTeSudWoQnv/ZZ1P5RuPTQyQRD4P7nSkorz6QOR/SVb+OhXG
>> 7tqd0GaUS/OFTC69wBTN/t9m98mYRZ5s4XtuocE5DadHqIv5JslrKLzC2YJEWonm
>> RqL2Gow0/h+k99esJatmCZq+6jXwsy9pIVsLspfDt+GKBOVw8sHNTDUPTvdVzffv
>> Qa+gVl5gg9RvSonJ8xS7sHI/p/gDFJrN1lWzxl9YWyurjDKFz2zI0OWfOKGZdhrE
>> Ywgzb+2ExzGSgLSE6AL8awLbl1N57TOlQI4SlfN7Ph4kaS2T9eCleAXP3BxPSXqK
>> Hji1OI5/luKcQVyYqwaT
>> =acrP
>> -END PGP SIGNATURE-
>>

[GitHub] cloudstack-docs-rn pull request: add note on XenServer: we depend ...

2015-05-23 Thread remibergsma 
Github user remibergsma commented on the pull request:

https://github.com/apache/cloudstack-docs-rn/pull/21#issuecomment-104984303
  
@xenserverarmy thanks, I wanted to keep it simple and not rewrite the 
XenServer docs inside the CloudStack ones. BUT you're right, the timeout is not 
documented in the XenServer docs. So, I went ahead and put an example command 
and a note of the timeout. This way it's still to-the-point so people won't 
skip it (I hope).


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---