[GitHub] cloudstack pull request: CLOUDSTACK-9210: Pass secondary IPs to de...

2016-01-06 Thread ustcweizhou 
Github user ustcweizhou commented on the pull request:

https://github.com/apache/cloudstack/pull/1309#issuecomment-169267155
  
LGTM, just code review. simple but really make sense.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Build failed in Jenkins: build-master-slowbuild #2918

2016-01-06 Thread jenkins 
See 

--
[...truncated 28723 lines...]
[INFO] 
[INFO] --- findbugs-maven-plugin:3.0.1:findbugs (findbugs) @ cloud-quickcloud 
---
[INFO] 
[INFO] <<< findbugs-maven-plugin:3.0.1:check (cloudstack-findbugs) @ 
cloud-quickcloud <<<
[INFO] 
[INFO] --- findbugs-maven-plugin:3.0.1:check (cloudstack-findbugs) @ 
cloud-quickcloud ---
[INFO] 
[INFO] --- cobertura-maven-plugin:2.6:instrument (default-cli) @ 
cloud-quickcloud ---
[WARNING] No files to instrument.
[INFO] NOT adding cobertura ser file to attached artifacts list.
[INFO] 
[INFO] --- maven-resources-plugin:2.5:testResources (default-testResources) @ 
cloud-quickcloud ---
[debug] execute contextualize
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory 

[INFO] Copying 3 resources
[INFO] Copying 3 resources
[INFO] 
[INFO] --- maven-compiler-plugin:3.2:testCompile (default-testCompile) @ 
cloud-quickcloud ---
[INFO] No sources to compile
[INFO] 
[INFO] --- maven-surefire-plugin:2.18.1:test (default-test) @ cloud-quickcloud 
---
[INFO] 
[INFO] <<< cobertura-maven-plugin:2.6:cobertura (default-cli) @ 
cloud-quickcloud <<<
[INFO] 
[INFO] --- cobertura-maven-plugin:2.6:cobertura (default-cli) @ 
cloud-quickcloud ---
[INFO] 
[INFO] Reactor Summary:
[INFO] 
[INFO] Apache CloudStack Developer Tools - Checkstyle Configuration  SUCCESS 
[1.709s]
[INFO] Apache CloudStack . SUCCESS [2.125s]
[INFO] Apache CloudStack Maven Conventions Parent  SUCCESS [0.790s]
[INFO] Apache CloudStack Framework - Managed Context . SUCCESS [19.517s]
[INFO] Apache CloudStack Utils ... SUCCESS [1:31.477s]
[INFO] Apache CloudStack Framework ... SUCCESS [0.106s]
[INFO] Apache CloudStack Framework - Event Notification .. SUCCESS [53.755s]
[INFO] Apache CloudStack Framework - Configuration ... SUCCESS [27.551s]
[INFO] Apache CloudStack API . SUCCESS [1:51.842s]
[INFO] Apache CloudStack Framework - REST  SUCCESS [16.661s]
[INFO] Apache CloudStack Framework - IPC . SUCCESS [29.896s]
[INFO] Apache CloudStack Cloud Engine  SUCCESS [0.088s]
[INFO] Apache CloudStack Cloud Engine API  SUCCESS [27.366s]
[INFO] Apache CloudStack Framework - Security  SUCCESS [24.438s]
[INFO] Apache CloudStack Core  SUCCESS [1:21.717s]
[INFO] Apache CloudStack Agents .. SUCCESS [36.265s]
[INFO] Apache CloudStack Framework - Clustering .. SUCCESS [37.302s]
[INFO] Apache CloudStack Framework - Event Notification .. SUCCESS [14.263s]
[INFO] Apache CloudStack Cloud Engine Schema Component ... SUCCESS [2:06.563s]
[INFO] Apache CloudStack Framework - Jobs  SUCCESS [40.652s]
[INFO] Apache CloudStack Cloud Engine Internal Components API  SUCCESS [25.751s]
[INFO] Apache CloudStack Server .. SUCCESS [4:12.603s]
[INFO] Apache CloudStack Framework - Quota ... SUCCESS [38.347s]
[INFO] Apache CloudStack Usage Server  SUCCESS [44.093s]
[INFO] Apache CloudStack Cloud Engine Orchestration Component  SUCCESS 
[1:20.964s]
[INFO] Apache CloudStack Cloud Services .. SUCCESS [0.069s]
[INFO] Apache CloudStack Secondary Storage ... SUCCESS [0.470s]
[INFO] Apache CloudStack Secondary Storage Service ... SUCCESS [54.038s]
[INFO] Apache CloudStack Engine Storage Component  SUCCESS [49.341s]
[INFO] Apache CloudStack Engine Storage Volume Component . SUCCESS [30.685s]
[INFO] Apache CloudStack Engine Storage Image Component .. SUCCESS [25.574s]
[INFO] Apache CloudStack Engine Storage Data Motion Component  SUCCESS [30.689s]
[INFO] Apache CloudStack Engine Storage Cache Component .. SUCCESS [20.754s]
[INFO] Apache CloudStack Engine Storage Snapshot Component  SUCCESS [36.333s]
[INFO] Apache CloudStack Cloud Engine API  SUCCESS [12.767s]
[INFO] Apache CloudStack Cloud Engine Service  SUCCESS [7.923s]
[INFO] Apache CloudStack Plugin POM .. SUCCESS [1.010s]
[INFO] Apache CloudStack Plugin - API Rate Limit . SUCCESS [27.559s]
[INFO] Apache CloudStack Plugin - Storage Volume default provider  SUCCESS 
[23.697s]
[INFO] Apache CloudStack Plugin - Storage Volume SolidFire Provider  SUCCESS 
[37.127s]
[INFO] Apache CloudStack Plugin - API SolidFire .. SUCCESS [17.398s]
[INFO] Apache CloudStack Plugin - API Discovery .. SUCCESS [23.401s]
[INFO] Apache CloudStack Plugin - ACL Static Role Based .. SUCCESS [14.984s]
[INFO] Apache CloudStack Plugin - Host Anti-Affinity Processor  SUCCESS 
[17.242s]
[INFO] Apache Cloud

Build failed in Jenkins: build-systemvm64-master #709

2016-01-06 Thread jenkins 
See 

Changes:

[Rohit Yadav] QuotaStatementTest: fix the method invocation verification

--
[...truncated 1373 lines...]
Executing command: chmod +x "apt_upgrade.sh"
Waiting for ssh login on 127.0.0.1 with user root to sshd on port => 7222 to 
work, timeout=1200 sec
.
Transferring 

 to configure_grub.sh 
..
Waiting for ssh login on 127.0.0.1 with user root to sshd on port => 7222 to 
work, timeout=1200 sec
.
Executing command: chmod +x "configure_grub.sh"
Waiting for ssh login on 127.0.0.1 with user root to sshd on port => 7222 to 
work, timeout=1200 sec
.
Transferring 

 to configure_locale.sh 
..
Waiting for ssh login on 127.0.0.1 with user root to sshd on port => 7222 to 
work, timeout=1200 sec
.
Executing command: chmod +x "configure_locale.sh"
Waiting for ssh login on 127.0.0.1 with user root to sshd on port => 7222 to 
work, timeout=1200 sec
.
Transferring 

 to configure_login.sh 
..
Waiting for ssh login on 127.0.0.1 with user root to sshd on port => 7222 to 
work, timeout=1200 sec
.
Executing command: chmod +x "configure_login.sh"
Waiting for ssh login on 127.0.0.1 with user root to sshd on port => 7222 to 
work, timeout=1200 sec
.
Transferring 

 to configure_networking.sh 
..
Waiting for ssh login on 127.0.0.1 with user root to sshd on port => 7222 to 
work, timeout=1200 sec
.
Executing command: chmod +x "configure_networking.sh"
Waiting for ssh login on 127.0.0.1 with user root to sshd on port => 7222 to 
work, timeout=1200 sec
.
Transferring 

 to configure_acpid.sh 
..
Waiting for ssh login on 127.0.0.1 with user root to sshd on port => 7222 to 
work, timeout=1200 sec
.
Executing command: chmod +x "configure_acpid.sh"
Waiting for ssh login on 127.0.0.1 with user root to sshd on port => 7222 to 
work, timeout=1200 sec
.
Transferring 

 to install_systemvm_packages.sh 
..
Waiting for ssh login on 127.0.0.1 with user root to sshd on port => 7222 to 
work, timeout=1200 sec
.
Executing command: chmod +x "install_systemvm_packages.sh"
Waiting for ssh login on 127.0.0.1 with user root to sshd on port => 7222 to 
work, timeout=1200 sec
.
Transferring 

 to configure_conntrack.sh 
..
Waiting for ssh login on 127.0.0.1 with user root to sshd on port => 7222 to 
work, timeout=1200 sec
.
Executing command: chmod +x "configure_conntrack.sh"
Waiting for ssh login on 127.0.0.1 with user root to sshd on port => 7222 to 
work, timeout=1200 sec
.
Transferring 

 to cloud_scripts_shar_archive.sh 
...
Waiting for ssh login on 127.0.0.1 with user root to sshd on port => 7222 to 
work, timeout=1200 sec
.
Executing command: chmod +x "cloud_scripts_shar_archive.sh"
Waiting for ssh login on 127.0.0.1 with user root to sshd on port => 7222 to 
work, timeout=1200 sec
.
Transferring 

 to configure_systemvm_services.sh 
..
Waiting for ssh login on 127.0.0.1 with user root to sshd on port => 7222 to 
work, timeout=1200 sec
.
Executing command: chmod +x "configure_systemvm_services.sh"
Waiting

[GitHub] cloudstack pull request: README: happy holidays!

2016-01-06 Thread remibergsma 
Github user remibergsma commented on the pull request:

https://github.com/apache/cloudstack/pull/1281#issuecomment-169275052
  
@bhaisaab Can you please send the PR to revert this, now that the holidays 
are over?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

KVM: Security grouping through libvirt instead of Python

2016-01-06 Thread Wido den Hollander 
Hi,

A while back I opened CLOUDSTACK-1164 [0] since I think that we should
use as much features of libvirt as possible.

libvirt supports network filtering [1] which basically controls
ebtables, iptables and ip6tables (IPv6 support!).

Using a XML definition you can create a filter and than use this filter
for a interface.

I created a simple setup to test:
- Can I prevent MAC spoofing?
- Can I prevent IP spoofing?
- Can I reload a filter without stopping my VM

All the questions were answered by "Yes", so I figured it was useful to
share this information.

On my laptop running Ubuntu 14.04 and libvirt 1.2.2 I created two VMs:
- One NIC with NAT for Internet access (no filter)
- One NIC on a isolated bridge

On the second NIC I assigned 192.168.100.1 and .2.

VM network_filter_1 got a filter assigned:


  
  
  
  


I created a filter called 'network_filter_1'


  64b80046-9a9d-40c2-8782-ed5878146262

  

  

  

  

  

  

  

  

  

  

  

  


libvirt can auto-detect the MAC and IP, but since we already know that
information I didn't think I needed to test that.

$ virsh nwfilter-define filter.xml
$ virsh define network_filter_1.xml
$ virsh start network_filter_1

The result was simple. Using any different IP then 192.168.100.1 failed
and connections to ports not being 22, 80 or 443 failed.

Changes to filters were simple as well. Edit filter.xml and run:

$ virsh nwfilter-define filter.xml

Those changes were applied without stopping the VM. Done within 1 second.

I think it is worth the effort to use this instead of using
'security_group.py'.

On KVM we can always perform MAC address filtering and when security
grouping in shared or basic networking is used we can use libvirt to
filter all the traffic.

Less code we have to maintain and I prefer using libvirt over our custom
Python code.

This is not a functional spec yet, but I just wanted to get this
information out there and share what I found.

Looking at the libvirt docs I can't find anything which it can't do
which our security groups currently can. It already fully supports IPv6
which we don't.

CloudStack would only need to generate the proper XML documents and
that's all.

Wido

[0]: https://issues.apache.org/jira/browse/CLOUDSTACK-1164
[1]: http://libvirt.org/formatnwfilter.html

Re: [DISCUSS] Move to Github

2016-01-06 Thread ilya 
+1 to moving to github.

On 1/3/16 3:25 AM, Sebastien Goasguen wrote:
> Bringing this one discuss thread to the top of the ML to get stronger 
> consensus.
> 
> We need it if we want to request a move to GitHub.
> 
> Note that this is not about leaving the ASF, it is about using GitHub to its 
> full potential.
> 
> The ASF board is investigating ways for a project to use Github and still 
> maintain strong provenance of commits to keep the high quality and provenance 
> standards of ASF code.
> 
> If we get consensus we can request to the board to be part of the “trial” and 
> move to Github.
> 
>> On Dec 21, 2015, at 11:37 AM, Sebastien Goasguen  wrote:
>>
>>
>>> On Dec 21, 2015, at 11:34 AM, Daan Hoogland  wrote:
>>>
>>> Sebastien, This will create a github repo under the apache organisation
>>> right? one that we can not merge to.
>>>
>>
>> Yes , that’s how I created all the docs repo and the repos for ec2stack and 
>> gstack.
>>
>>
>>
>>> On Mon, Dec 21, 2015 at 10:51 AM, Sebastien Goasguen 
>>> wrote:
>>>
 BTW

 Anyone can ask for a new git repo which will be mirrored on github at:

 https://issues.apache.org/jira/servicedesk/customer/portal/1/create/8

 Not sure if the link will work, but it’s available through issues.

> On Dec 19, 2015, at 7:03 PM, Sebastien Goasguen 
 wrote:
>
>
>
>> On 19 Dec 2015, at 16:28, Rene Moser  wrote:
>>
>> Hi Seb
>>
>>> On 12/19/2015 10:12 AM, sebgoa wrote:
>>>
>>> Late October I started thread [1] about moving our repo to GitHub, I
 would like to re-open this discussion.
>>>
>>> Now that we have stabilized master and release 4.6.0, 4.6.1, 4.6.2 and
 4.7.0 we need to think about the next steps.
>>>
>>> To me Git and GitHub has become an essential tool to any software
 development, not using it to its full potential is hurting us.
>>>
>>> Just as an example I would like to point you to [2], this a PR I made
 to Kubernetes (a container orchestrator), it literally added 14 characters
 in a json file.
>>> This was really a very minor change.
>>>
>>> The PR automatically triggered 3 bots which created 7 labels, it ran
 end to end testss, Jenkins jobs and triggered third part builds.
>>> It was automatically merged.
>>
>> I am fine moving to github.
>>
>> But IMHO the git hosting is not the problem, the problem is how far do
>> we trust the current tests and how we can them improve.
>>
>> Moving to github doesn't improve testing. Doing manual tests is okay and
>> hard work, it does not speed up things.
>>
>> We need fully automated unit _and_ integration tests that we trust. I do
>> not trust in mocking and simulating infrastructure.
>>
>> We discovered most of the major problems running cloudstack on real
>> hardware in real world scenarios. Race conditions, unexpected VR
>> reboots, VMs not getting IPs from DHCP, etc.
>>
>> Rating complexity of changes: easy_fix, minor_change, major_change
>>
>> Running tests according complexity:
>>
>> - easy_fix: just merge it.
>> - minor_change: unit and simulator test passed
>> - major_change: the full blown integration testing
>>
>> IMHO we should work on solid testing and development is fun, merging a
>> click and releasing a breath.
>>
>> Just my 2 cents.
>
> Fully agree
>
> I do think moving to github would allow us to run tests on real systems
 more easily.
>
>
>>
>> Regards
>> René
>>
>>
>>
>>
>>


>>>
>>>
>>> -- 
>>> Daan
>>
>

[GitHub] cloudstack pull request: CLOUDSTACK-8302: Removing snapshots on RB...

2016-01-06 Thread remibergsma 
Github user remibergsma commented on the pull request:

https://github.com/apache/cloudstack/pull/1230#issuecomment-169295971
  
Really wondering why you need to alter XenserverSnapshotStrategy.java for 
something to work on KVM, like @wido asked. Please give an answer on that one, 
thanks!

Also, could someone run the integration tests and post the results?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9213 - As a user I want to be ...

2016-01-06 Thread wilderrodrigues 
GitHub user wilderrodrigues opened a pull request:

https://github.com/apache/cloudstack/pull/1311

CLOUDSTACK-9213 - As a user I want to be able to use multiple ip's/cidrs in 
an ACL

This PR fixes a problem with iptables when creating ACL items using a comma 
separated value list of CIDRs. Please refer to the details in the Jira issue.

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/ekholabs/cloudstack 
fix/4.7-acl-cidrs-CLOUDSTACK-9213

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cloudstack/pull/1311.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #1311


commit 61f3706255b5a658e77014fe7f20acab2707219a
Author: Wilder Rodrigues 
Date:   2016-01-06T08:08:21Z

CLOUDSTACK-9213 - Formatting the code

commit 94c0dc5dfec1d8b20afcbc1e652eb7c9350b4946
Author: Wilder Rodrigues 
Date:   2016-01-06T08:08:56Z

CLOUDSTACK-9213 - Split the ACL rules using comma instead of dash.

   - The router code no longer deals with parsing the ALC list again. It's 
not necessary if it's sent in the proper way.




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9213 - As a user I want to be ...

2016-01-06 Thread wilderrodrigues 
Github user wilderrodrigues commented on the pull request:

https://github.com/apache/cloudstack/pull/1311#issuecomment-169303235
  
Ping @remibergsma @miguelaferreira @michaelandersen

* Environment
  - Management Server on CentOS 7.1
  - 1 KVM Host on CentOS 7.1
  - Agent + Common built from 4.7 source

* Manual tests


![image](https://cloud.githubusercontent.com/assets/5129209/12141592/0b236cb2-b471-11e5-9ab8-3a6edf8bac19.png)

* Network ACL JSON file

```
root@r-3-VM:~# 
root@r-3-VM:~# less /etc/cloudstack/networkacl.json 
{
"eth2": {
"device": "eth2", 
"egress_rules": [], 
"ingress_rules": [
{
"allowed": true, 
"cidr": "10.0.0.0/8,0.0.0.0/0", 
"first_port": 22, 
"last_port": 22, 
"type": "tcp"
}
], 
"mac_address": "02:00:7e:56:00:02", 
"nic_ip": "10.0.1.1", 
"nic_netmask": "26", 
"private_gateway_acl": false, 
"type": "networkacl"
}, 
"id": "networkacl"
}
/etc/cloudstack/networkacl.json (END)
```

* SSH into VM

```
 sbpltk1zffh04:sbp_dev wrodrigues$ ssh root@192.168.23.5
The authenticity of host '192.168.23.5 (192.168.23.5)' can't be established.
RSA key fingerprint is 11:d8:17:ce:62:cf:f9:23:78:fe:ec:34:c3:90:6a:fc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.23.5' (RSA) to the list of known hosts.
root@192.168.23.5's password: 
# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=48 time=9.879 ms
64 bytes from 8.8.8.8: seq=1 ttl=48 time=9.777 ms
^C
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 9.777/9.828/9.879 ms
# ip addr
1: lo:  mtu 65536 qdisc noqueue 
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
   valid_lft forever preferred_lft forever
inet6 ::1/128 scope host 
   valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc pfifo_fast qlen 
1000
link/ether 02:00:76:53:00:01 brd ff:ff:ff:ff:ff:ff
inet 10.0.1.28/26 brd 10.0.1.63 scope global eth0
   valid_lft forever preferred_lft forever
inet6 fe80::76ff:fe53:1/64 scope link 
   valid_lft forever preferred_lft forever
# 
```

* ACL inbound (iptables)

```
Chain ACL_INBOUND_eth2 (1 references)
 pkts bytes target prot opt in out source   
destination 
0 0 ACCEPT all  --  anyany anywhere 
225.0.0.50  
0 0 ACCEPT all  --  anyany anywhere 
vrrp.mcast.net  
2   128 ACCEPT tcp  --  anyany anywhere 
anywhere tcp dpt:ssh
0 0 ACCEPT tcp  --  anyany 10.0.0.0/8   
anywhere tcp dpt:ssh
0 0 DROP   all  --  anyany anywhere 
anywhere 
```

I will run the integration tests now.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: [4.7] Critical VPCVR issues fixed: CLOUDS...

2016-01-06 Thread wilderrodrigues 
Github user wilderrodrigues commented on the pull request:

https://github.com/apache/cloudstack/pull/1277#issuecomment-169304485
  
Ping @remibergsma @DaanHoogland @koushik-das @bhaisaab 

Is there anyone caring about getting those fixes in? If not, I will close 
the PR.

@koushik-das: I don't have any problems seeing the changes on github. I 
haven't got any problem with github showing the diff.

Cheers,
Wilder


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: README: happy holidays!

2016-01-06 Thread bhaisaab 
Github user bhaisaab commented on the pull request:

https://github.com/apache/cloudstack/pull/1281#issuecomment-169306872
  
@remibergsma okay


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: README: revert back to the normal cloudst...

2016-01-06 Thread bhaisaab 
GitHub user bhaisaab opened a pull request:

https://github.com/apache/cloudstack/pull/1312

README: revert back to the normal cloudstack logo

cc @remibergsma 
Based on 
https://github.com/apache/cloudstack/pull/1281#issuecomment-169275052

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/shapeblue/cloudstack revert-holiday-monkey

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cloudstack/pull/1312.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #1312


commit 293eb36f4dc73bf889d27eeacb55e416bf257e19
Author: Rohit Yadav 
Date:   2016-01-06T11:50:45Z

README: revert back to the normal cloudstack logo

Holidays are over :(

Signed-off-by: Rohit Yadav 




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Re: KVM: Security grouping through libvirt instead of Python

2016-01-06 Thread Nux! 
Hi Wido,

+1 for using more libvirt and less custom stuff, but what do we do about 
XenServer? SG is supported with it as well and there is no libvirt there.
Would this be a different implementation just for KVM?

In addition, I have the following in production and it's not clear if it would 
continue to work with libvirt filters - my hunch is that it will not since it 
involves multiple, different src IPs.

1 - additional IPs on instance
2 - subnets routed via instance IPs (I usually assign them on loopback on the 
VM)

Lucian

--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

- Original Message -
> From: "Wido den Hollander" 
> To: dev@cloudstack.apache.org
> Sent: Wednesday, 6 January, 2016 10:02:31
> Subject: KVM: Security grouping through libvirt instead of Python

> Hi,
> 
> A while back I opened CLOUDSTACK-1164 [0] since I think that we should
> use as much features of libvirt as possible.
> 
> libvirt supports network filtering [1] which basically controls
> ebtables, iptables and ip6tables (IPv6 support!).
> 
> Using a XML definition you can create a filter and than use this filter
> for a interface.
> 
> I created a simple setup to test:
> - Can I prevent MAC spoofing?
> - Can I prevent IP spoofing?
> - Can I reload a filter without stopping my VM
> 
> All the questions were answered by "Yes", so I figured it was useful to
> share this information.
> 
> On my laptop running Ubuntu 14.04 and libvirt 1.2.2 I created two VMs:
> - One NIC with NAT for Internet access (no filter)
> - One NIC on a isolated bridge
> 
> On the second NIC I assigned 192.168.100.1 and .2.
> 
> VM network_filter_1 got a filter assigned:
> 
>
>  
>  
>  
>  
>
> 
> I created a filter called 'network_filter_1'
> 
> 
>  64b80046-9a9d-40c2-8782-ed5878146262
> 
>  
>
>  
> 
>  
>
>  
> 
>  
>
>  
> 
>  
>
>  
> 
>  
>
>  
> 
>  
>
>  
> 
> 
> libvirt can auto-detect the MAC and IP, but since we already know that
> information I didn't think I needed to test that.
> 
> $ virsh nwfilter-define filter.xml
> $ virsh define network_filter_1.xml
> $ virsh start network_filter_1
> 
> The result was simple. Using any different IP then 192.168.100.1 failed
> and connections to ports not being 22, 80 or 443 failed.
> 
> Changes to filters were simple as well. Edit filter.xml and run:
> 
> $ virsh nwfilter-define filter.xml
> 
> Those changes were applied without stopping the VM. Done within 1 second.
> 
> I think it is worth the effort to use this instead of using
> 'security_group.py'.
> 
> On KVM we can always perform MAC address filtering and when security
> grouping in shared or basic networking is used we can use libvirt to
> filter all the traffic.
> 
> Less code we have to maintain and I prefer using libvirt over our custom
> Python code.
> 
> This is not a functional spec yet, but I just wanted to get this
> information out there and share what I found.
> 
> Looking at the libvirt docs I can't find anything which it can't do
> which our security groups currently can. It already fully supports IPv6
> which we don't.
> 
> CloudStack would only need to generate the proper XML documents and
> that's all.
> 
> Wido
> 
> [0]: https://issues.apache.org/jira/browse/CLOUDSTACK-1164
> [1]: http://libvirt.org/formatnwfilter.html

Build failed in Jenkins: build-master-slowbuild #2919

2016-01-06 Thread jenkins 
See 

--
[...truncated 28723 lines...]
[INFO] 
[INFO] --- findbugs-maven-plugin:3.0.1:findbugs (findbugs) @ cloud-quickcloud 
---
[INFO] 
[INFO] <<< findbugs-maven-plugin:3.0.1:check (cloudstack-findbugs) @ 
cloud-quickcloud <<<
[INFO] 
[INFO] --- findbugs-maven-plugin:3.0.1:check (cloudstack-findbugs) @ 
cloud-quickcloud ---
[INFO] 
[INFO] --- cobertura-maven-plugin:2.6:instrument (default-cli) @ 
cloud-quickcloud ---
[WARNING] No files to instrument.
[INFO] NOT adding cobertura ser file to attached artifacts list.
[INFO] 
[INFO] --- maven-resources-plugin:2.5:testResources (default-testResources) @ 
cloud-quickcloud ---
[debug] execute contextualize
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory 

[INFO] Copying 3 resources
[INFO] Copying 3 resources
[INFO] 
[INFO] --- maven-compiler-plugin:3.2:testCompile (default-testCompile) @ 
cloud-quickcloud ---
[INFO] No sources to compile
[INFO] 
[INFO] --- maven-surefire-plugin:2.18.1:test (default-test) @ cloud-quickcloud 
---
[INFO] 
[INFO] <<< cobertura-maven-plugin:2.6:cobertura (default-cli) @ 
cloud-quickcloud <<<
[INFO] 
[INFO] --- cobertura-maven-plugin:2.6:cobertura (default-cli) @ 
cloud-quickcloud ---
[INFO] 
[INFO] Reactor Summary:
[INFO] 
[INFO] Apache CloudStack Developer Tools - Checkstyle Configuration  SUCCESS 
[2.012s]
[INFO] Apache CloudStack . SUCCESS [2.597s]
[INFO] Apache CloudStack Maven Conventions Parent  SUCCESS [0.826s]
[INFO] Apache CloudStack Framework - Managed Context . SUCCESS [18.928s]
[INFO] Apache CloudStack Utils ... SUCCESS [1:31.388s]
[INFO] Apache CloudStack Framework ... SUCCESS [0.099s]
[INFO] Apache CloudStack Framework - Event Notification .. SUCCESS [53.715s]
[INFO] Apache CloudStack Framework - Configuration ... SUCCESS [27.727s]
[INFO] Apache CloudStack API . SUCCESS [1:52.959s]
[INFO] Apache CloudStack Framework - REST  SUCCESS [16.264s]
[INFO] Apache CloudStack Framework - IPC . SUCCESS [30.184s]
[INFO] Apache CloudStack Cloud Engine  SUCCESS [0.100s]
[INFO] Apache CloudStack Cloud Engine API  SUCCESS [28.180s]
[INFO] Apache CloudStack Framework - Security  SUCCESS [24.711s]
[INFO] Apache CloudStack Core  SUCCESS [1:22.728s]
[INFO] Apache CloudStack Agents .. SUCCESS [35.902s]
[INFO] Apache CloudStack Framework - Clustering .. SUCCESS [37.824s]
[INFO] Apache CloudStack Framework - Event Notification .. SUCCESS [14.220s]
[INFO] Apache CloudStack Cloud Engine Schema Component ... SUCCESS [2:06.903s]
[INFO] Apache CloudStack Framework - Jobs  SUCCESS [40.947s]
[INFO] Apache CloudStack Cloud Engine Internal Components API  SUCCESS [25.802s]
[INFO] Apache CloudStack Server .. SUCCESS [4:11.598s]
[INFO] Apache CloudStack Framework - Quota ... SUCCESS [37.541s]
[INFO] Apache CloudStack Usage Server  SUCCESS [44.233s]
[INFO] Apache CloudStack Cloud Engine Orchestration Component  SUCCESS 
[1:22.705s]
[INFO] Apache CloudStack Cloud Services .. SUCCESS [0.075s]
[INFO] Apache CloudStack Secondary Storage ... SUCCESS [0.452s]
[INFO] Apache CloudStack Secondary Storage Service ... SUCCESS [53.984s]
[INFO] Apache CloudStack Engine Storage Component  SUCCESS [48.563s]
[INFO] Apache CloudStack Engine Storage Volume Component . SUCCESS [29.857s]
[INFO] Apache CloudStack Engine Storage Image Component .. SUCCESS [26.650s]
[INFO] Apache CloudStack Engine Storage Data Motion Component  SUCCESS [30.813s]
[INFO] Apache CloudStack Engine Storage Cache Component .. SUCCESS [20.651s]
[INFO] Apache CloudStack Engine Storage Snapshot Component  SUCCESS [35.285s]
[INFO] Apache CloudStack Cloud Engine API  SUCCESS [12.491s]
[INFO] Apache CloudStack Cloud Engine Service  SUCCESS [8.871s]
[INFO] Apache CloudStack Plugin POM .. SUCCESS [1.040s]
[INFO] Apache CloudStack Plugin - API Rate Limit . SUCCESS [26.930s]
[INFO] Apache CloudStack Plugin - Storage Volume default provider  SUCCESS 
[23.755s]
[INFO] Apache CloudStack Plugin - Storage Volume SolidFire Provider  SUCCESS 
[35.684s]
[INFO] Apache CloudStack Plugin - API SolidFire .. SUCCESS [17.899s]
[INFO] Apache CloudStack Plugin - API Discovery .. SUCCESS [23.363s]
[INFO] Apache CloudStack Plugin - ACL Static Role Based .. SUCCESS [15.030s]
[INFO] Apache CloudStack Plugin - Host Anti-Affinity Processor  SUCCESS 
[17.110s]
[INFO] Apache Cloud

[GitHub] cloudstack pull request: README: revert back to the normal cloudst...

2016-01-06 Thread DaanHoogland 
Github user DaanHoogland commented on the pull request:

https://github.com/apache/cloudstack/pull/1312#issuecomment-169316462
  
LGTM, all clear now.

regards,
Grinch


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: README: revert back to the normal cloudst...

2016-01-06 Thread wido 
Github user wido commented on the pull request:

https://github.com/apache/cloudstack/pull/1312#issuecomment-169319828
  
LGTM


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: CLOUDSTACK-9210: Pass secondary IPs to de...

2016-01-06 Thread wido 
Github user wido commented on the pull request:

https://github.com/apache/cloudstack/pull/1309#issuecomment-169320044
  
@remibergsma Can we merge this one? It fixes a bug.

To clarify, this is how the method has been defined:

def default_network_rules(vm_name, vm_id, vm_ip, vm_mac, vif, brname, 
sec_ips):


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Re: [PROPOSE] Dynamic inter VPC routing

2016-01-06 Thread Simon Weller 
I think this is a cool idea, but I'd submit that we may want to make some 
additional considerations if we're talking about adding routing protocol 
support to the VRs.


One thing we're doing here at ENA right now (outside of Cloudstack VRs) is 
running BGP on VMs in order to manage floating ips (anycast BGP). If the effort 
is going to go in to run OSPF up to a P/PE router, it makes sense to also 
support BGP on the public interfaces. This opens up a lot of exciting 
possibilities in terms of being able to provide native support for intelligent 
geographic based services (i.e. GSLB without DNS).


Just my 2 cents.


- Si



From: Abhinandan Prateek 
Sent: Tuesday, January 5, 2016 9:20 PM
To: dev@cloudstack.apache.org
Subject: Re: [PROPOSE] Dynamic inter VPC routing


[ShapeBlue]
Abhinandan Prateek
Software Architect  ,   ShapeBlue


d:   | s: +44 203 603 0540  |  
m:  +91 970 11 99011

e:  abhinandan.prat...@shapeblue.com | t: 
 |  w:  
www.shapeblue.com

a:  53 Chandos Place, Covent Garden London WC2N 4HS UK


[cid:image556e34.png@8ef18889.4f85c6ff]


Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services 
India LLP is a company incorporated in India and is operated under license from 
Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in 
Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd 
is a company registered by The Republic of South Africa and is traded under 
license from Shape Blue Ltd. ShapeBlue is a registered trademark.
This email and any attachments to it may be confidential and are intended 
solely for the use of the individual to whom it is addressed. Any views or 
opinions expressed are solely those of the author and do not necessarily 
represent those of Shape Blue Ltd or related companies. If you are not the 
intended recipient of this email, you must neither take any action based upon 
its contents, nor copy or show it to anyone. Please contact the sender if you 
believe you have received this email in error.




On 05/01/16, 9:17 PM, "Erik Weber"  wrote:


>On Mon, Jan 4, 2016 at 3:10 PM, Abhinandan Prateek <
>abhinandan.prat...@shapeblue.com> wrote:
>
>> Hi All,
>>
>> Currently the inter VPC traffic has to go thru the public gateway.
>> This means the traffic has to be nat-ed across public internet via
>> core-routers, which is inefficient in itself. A more efficient approach
>> will be to route the traffic locally.
>>
>> The proposal is to enable quagga- ospf on VPC routers so that the
>> traffic between VPC's is routed efficiently.
>>
>> The design doc is here:
>> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dynamically+routed+VPC
>>
>>
>
>Regarding Super-CIDRs it states that a Super-CIDR will be divided into /24
>and /27s, but it is unclear to me if this is hard coded or just an example.
>
>What if a user wants to use /26 as their Tier-network within a /16
>Super-CIDR?

There are several options here:

1. Hardcoded, user does not worry about CIDR selection.
2. Have him pick up the mask, cloudstack allocates the CIDRs.

Yes, the document initially assumed a rigid system of allocation of CIDRs, but 
after internal discussion it was decided that we allow user to pick up the 
masks. It seems you are also pointing in that direction. Will update the doc 
soon.


-abhi
>
Find out more about ShapeBlue and our range of CloudStack related services:
IaaS Cloud Design & Build | 
CSForge - rapid IaaS deployment framework
CloudStack Consulting | 
CloudStack Software 
Engineering
CloudStack Infrastructure 
Support | CloudStack 
Bootcamp Training Courses

Build failed in Jenkins: build-master-slowbuild #2920

2016-01-06 Thread jenkins 
See 

--
[...truncated 824 lines...]
at 
org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:155)
at 
org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:103)
2016-01-06 14:12:43,059 DEBUG [utils.script.Script] (main:) Executing: 
/bin/bash -c /not/existing/scripts/1452089563059 
2016-01-06 14:12:43,062 DEBUG [utils.script.Script] (main:) Exit value is 127
2016-01-06 14:12:43,062 DEBUG [utils.script.Script] (main:) /bin/bash: 
/not/existing/scripts/1452089563059: No such file or directory
2016-01-06 14:12:43,063 DEBUG [utils.script.Script] (main:) Executing: 
/bin/bash -c echo 'hello world!' 
2016-01-06 14:12:43,065 DEBUG [utils.script.Script] (main:) Execution is 
successful.
2016-01-06 14:12:43,067 DEBUG [utils.script.Script] (main:) Executing: 
/bin/bash -c echo 'hello world!' 
2016-01-06 14:12:43,069 DEBUG [utils.script.Script] (main:) Execution is 
successful.
Tests run: 10, Failures: 0, Errors: 0, Skipped: 1, Time elapsed: 0.046 sec - in 
com.cloud.utils.ScriptTest
Running com.cloud.utils.TestProfiler
Configure log4j with default properties
2016-01-06 14:12:43,097 INFO  [cloud.utils.TestProfiler] (main:) testProfiler() 
started
2016-01-06 14:12:44,097 INFO  [cloud.utils.TestProfiler] (main:) Duration in 
Millis: 1000
2016-01-06 14:12:44,098 INFO  [cloud.utils.TestProfiler] (main:) testProfiler() 
stopped
Configure log4j with default properties
Configure log4j with default properties
2016-01-06 14:12:45,120 INFO  [cloud.utils.TestProfiler] (main:) Duration in 
Nano: 1000152041
Configure log4j with default properties
Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 2.047 sec - in 
com.cloud.utils.TestProfiler
Running com.cloud.utils.net.NetUtilsTest
2016-01-06 14:12:45,163 INFO  [utils.net.NetUtils] (main:) Invalid value of 
cidr 10.3.6.5/50
2016-01-06 14:12:45,175 INFO  [utils.net.NetUtilsTest] (main:) IP is 
1234:5678::1
2016-01-06 14:12:45,177 INFO  [utils.net.NetUtilsTest] (main:) IP is 
1234:5678::2
2016-01-06 14:12:45,178 INFO  [utils.net.NetUtilsTest] (main:) IP is 
1234:5678::1
2016-01-06 14:12:45,179 INFO  [utils.net.NetUtilsTest] (main:) IP is 
1234:5678::2
2016-01-06 14:12:45,180 INFO  [utils.net.NetUtilsTest] (main:) IP is 
1234:5678::1
2016-01-06 14:12:45,183 INFO  [utils.net.NetUtilsTest] (main:) IP is 
1234:5678::37f7:70b3:18af:d121
2016-01-06 14:12:45,186 INFO  [utils.net.NetUtilsTest] (main:) IP is 
1234:5678::5b40:ea26:d17b:991a
2016-01-06 14:12:45,188 INFO  [utils.net.NetUtilsTest] (main:) IP is 
1234:5678::e461:100:e665:9e7
2016-01-06 14:12:45,191 INFO  [utils.net.NetUtilsTest] (main:) IP is 
1234:5678::ea3e:6be3:8d1a:d338
2016-01-06 14:12:45,193 INFO  [utils.net.NetUtilsTest] (main:) IP is 
1234:5678::3b03:8b57:cb25:265e
2016-01-06 14:12:45,195 INFO  [utils.net.NetUtilsTest] (main:) IP is 
1234:5678::df7c:c27b:a62a:8c62
2016-01-06 14:12:45,197 INFO  [utils.net.NetUtilsTest] (main:) IP is 
1234:5678::d29e:917c:b1ab:a994
2016-01-06 14:12:45,198 INFO  [utils.net.NetUtilsTest] (main:) IP is 
1234:5678::15a3:2a8e:5ed5:c1b3
2016-01-06 14:12:45,200 INFO  [utils.net.NetUtilsTest] (main:) IP is 
1234:5678::4e85:f47b:cddd:a789
2016-01-06 14:12:45,201 INFO  [utils.net.NetUtilsTest] (main:) IP is 
1234:5678::86a4:2599:e719:d9c3
2016-01-06 14:12:45,219 ERROR [utils.net.NetUtils] (main:) empty cidr can not 
be converted to longs
com.cloud.utils.exception.CloudRuntimeException: empty cidr can not be 
converted to longs
at com.cloud.utils.net.NetUtils.cidrToLong(NetUtils.java:887)
at com.cloud.utils.net.NetUtils.isNetworksOverlap(NetUtils.java:1174)
at 
com.cloud.utils.net.NetUtilsTest.testIsNetworksOverlapWithEmptyValues(NetUtilsTest.java:509)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at 
org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47)
at 
org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at 
org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44)
at 
org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:271)
at 
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:70)
at 
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:50)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)
at org.junit.runners.ParentRunner.runChildren(ParentRun

Re: KVM: Security grouping through libvirt instead of Python

2016-01-06 Thread Wido den Hollander 


On 06-01-16 13:12, Nux! wrote:
> Hi Wido,
> 
> +1 for using more libvirt and less custom stuff, but what do we do about 
> XenServer? SG is supported with it as well and there is no libvirt there.
> Would this be a different implementation just for KVM?
> 

Yes. For KVM we control almost everything through libvirt. Moving
Security Grouping there would be a good thing.

I never do anything with Xen, so I have no clue there.

> In addition, I have the following in production and it's not clear if it 
> would continue to work with libvirt filters - my hunch is that it will not 
> since it involves multiple, different src IPs.
> 
> 1 - additional IPs on instance
> 2 - subnets routed via instance IPs (I usually assign them on loopback on the 
> VM)
> 

No problem at all. Just tested this:

  

  
  

  
  

  

  

So this VM had this config:

auto ens7
iface ens7 inet static
address 192.168.100.101
netmask 255.255.255.0

auto ens7:0
iface ens7:0 inet static
address 192.168.100.201
netmask 255.255.255.0

auto dummy0
iface dummy0 inet static
address 10.0.0.1
netmask 255.255.255.0

>From my other host I could reach all IPs just fine:

$ ip route add 10.0.0.0/24 via 192.168.100.101

Trying to use any other IP than listed in the filter would be dropped.

So it can support multiple IPs and routed subnets as well. The latter
would be required for IPv6 with DHCPv6+Prefix Delegation.

Wido

> Lucian
> 
> --
> Sent from the Delta quadrant using Borg technology!
> 
> Nux!
> www.nux.ro
> 
> - Original Message -
>> From: "Wido den Hollander" 
>> To: dev@cloudstack.apache.org
>> Sent: Wednesday, 6 January, 2016 10:02:31
>> Subject: KVM: Security grouping through libvirt instead of Python
> 
>> Hi,
>>
>> A while back I opened CLOUDSTACK-1164 [0] since I think that we should
>> use as much features of libvirt as possible.
>>
>> libvirt supports network filtering [1] which basically controls
>> ebtables, iptables and ip6tables (IPv6 support!).
>>
>> Using a XML definition you can create a filter and than use this filter
>> for a interface.
>>
>> I created a simple setup to test:
>> - Can I prevent MAC spoofing?
>> - Can I prevent IP spoofing?
>> - Can I reload a filter without stopping my VM
>>
>> All the questions were answered by "Yes", so I figured it was useful to
>> share this information.
>>
>> On my laptop running Ubuntu 14.04 and libvirt 1.2.2 I created two VMs:
>> - One NIC with NAT for Internet access (no filter)
>> - One NIC on a isolated bridge
>>
>> On the second NIC I assigned 192.168.100.1 and .2.
>>
>> VM network_filter_1 got a filter assigned:
>>
>>
>>  
>>  
>>  
>>  
>>
>>
>> I created a filter called 'network_filter_1'
>>
>> 
>>  64b80046-9a9d-40c2-8782-ed5878146262
>>
>>  
>>
>>  
>>
>>  
>>
>>  
>>
>>  
>>
>>  
>>
>>  
>>
>>  
>>
>>  
>>
>>  
>>
>>  
>>
>>  
>> 
>>
>> libvirt can auto-detect the MAC and IP, but since we already know that
>> information I didn't think I needed to test that.
>>
>> $ virsh nwfilter-define filter.xml
>> $ virsh define network_filter_1.xml
>> $ virsh start network_filter_1
>>
>> The result was simple. Using any different IP then 192.168.100.1 failed
>> and connections to ports not being 22, 80 or 443 failed.
>>
>> Changes to filters were simple as well. Edit filter.xml and run:
>>
>> $ virsh nwfilter-define filter.xml
>>
>> Those changes were applied without stopping the VM. Done within 1 second.
>>
>> I think it is worth the effort to use this instead of using
>> 'security_group.py'.
>>
>> On KVM we can always perform MAC address filtering and when security
>> grouping in shared or basic networking is used we can use libvirt to
>> filter all the traffic.
>>
>> Less code we have to maintain and I prefer using libvirt over our custom
>> Python code.
>>
>> This is not a functional spec yet, but I just wanted to get this
>> information out there and share what I found.
>>
>> Looking at the libvirt docs I can't find anything which it can't do
>> which our security groups currently can. It already fully supports IPv6
>> which we don't.
>>
>> CloudStack would only need to generate the proper XML documents and
>> that's all.
>>
>> Wido
>>
>> [0]: https://issues.apache.org/jira/browse/CLOUDSTACK-1164
>> [1]: http://libvirt.org/formatnwfilter.html

Re: KVM: Security grouping through libvirt instead of Python

2016-01-06 Thread Nux! 
That's great! Fine by me then, but we need to be careful and not mess up the SG 
bits for XenServer.

I think they are sharing the same python scripts right now.

--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

- Original Message -
> From: "Wido den Hollander" 
> To: dev@cloudstack.apache.org
> Sent: Wednesday, 6 January, 2016 14:38:17
> Subject: Re: KVM: Security grouping through libvirt instead of Python

> On 06-01-16 13:12, Nux! wrote:
>> Hi Wido,
>> 
>> +1 for using more libvirt and less custom stuff, but what do we do about
>> XenServer? SG is supported with it as well and there is no libvirt there.
>> Would this be a different implementation just for KVM?
>> 
> 
> Yes. For KVM we control almost everything through libvirt. Moving
> Security Grouping there would be a good thing.
> 
> I never do anything with Xen, so I have no clue there.
> 
>> In addition, I have the following in production and it's not clear if it 
>> would
>> continue to work with libvirt filters - my hunch is that it will not since it
>> involves multiple, different src IPs.
>> 
>> 1 - additional IPs on instance
>> 2 - subnets routed via instance IPs (I usually assign them on loopback on the
>> VM)
>> 
> 
> No problem at all. Just tested this:
> 
>  
>
>  
>  
>
>  
>  
>
>  
> 
>  
> 
> So this VM had this config:
> 
> auto ens7
> iface ens7 inet static
>address 192.168.100.101
>netmask 255.255.255.0
> 
> auto ens7:0
> iface ens7:0 inet static
>address 192.168.100.201
>netmask 255.255.255.0
> 
> auto dummy0
> iface dummy0 inet static
>address 10.0.0.1
>netmask 255.255.255.0
> 
> From my other host I could reach all IPs just fine:
> 
> $ ip route add 10.0.0.0/24 via 192.168.100.101
> 
> Trying to use any other IP than listed in the filter would be dropped.
> 
> So it can support multiple IPs and routed subnets as well. The latter
> would be required for IPv6 with DHCPv6+Prefix Delegation.
> 
> Wido
> 
>> Lucian
>> 
>> --
>> Sent from the Delta quadrant using Borg technology!
>> 
>> Nux!
>> www.nux.ro
>> 
>> - Original Message -
>>> From: "Wido den Hollander" 
>>> To: dev@cloudstack.apache.org
>>> Sent: Wednesday, 6 January, 2016 10:02:31
>>> Subject: KVM: Security grouping through libvirt instead of Python
>> 
>>> Hi,
>>>
>>> A while back I opened CLOUDSTACK-1164 [0] since I think that we should
>>> use as much features of libvirt as possible.
>>>
>>> libvirt supports network filtering [1] which basically controls
>>> ebtables, iptables and ip6tables (IPv6 support!).
>>>
>>> Using a XML definition you can create a filter and than use this filter
>>> for a interface.
>>>
>>> I created a simple setup to test:
>>> - Can I prevent MAC spoofing?
>>> - Can I prevent IP spoofing?
>>> - Can I reload a filter without stopping my VM
>>>
>>> All the questions were answered by "Yes", so I figured it was useful to
>>> share this information.
>>>
>>> On my laptop running Ubuntu 14.04 and libvirt 1.2.2 I created two VMs:
>>> - One NIC with NAT for Internet access (no filter)
>>> - One NIC on a isolated bridge
>>>
>>> On the second NIC I assigned 192.168.100.1 and .2.
>>>
>>> VM network_filter_1 got a filter assigned:
>>>
>>>
>>>  
>>>  
>>>  
>>>  
>>>
>>>
>>> I created a filter called 'network_filter_1'
>>>
>>> 
>>>  64b80046-9a9d-40c2-8782-ed5878146262
>>>
>>>  
>>>
>>>  
>>>
>>>  
>>>
>>>  
>>>
>>>  
>>>
>>>  
>>>
>>>  
>>>
>>>  
>>>
>>>  
>>>
>>>  
>>>
>>>  
>>>
>>>  
>>> 
>>>
>>> libvirt can auto-detect the MAC and IP, but since we already know that
>>> information I didn't think I needed to test that.
>>>
>>> $ virsh nwfilter-define filter.xml
>>> $ virsh define network_filter_1.xml
>>> $ virsh start network_filter_1
>>>
>>> The result was simple. Using any different IP then 192.168.100.1 failed
>>> and connections to ports not being 22, 80 or 443 failed.
>>>
>>> Changes to filters were simple as well. Edit filter.xml and run:
>>>
>>> $ virsh nwfilter-define filter.xml
>>>
>>> Those changes were applied without stopping the VM. Done within 1 second.
>>>
>>> I think it is worth the effort to use this instead of using
>>> 'security_group.py'.
>>>
>>> On KVM we can always perform MAC address filtering and when security
>>> grouping in shared or basic networking is used we can use libvirt to
>>> filter all the traffic.
>>>
>>> Less code we have to maintain and I prefer using libvirt over our custom
>>> Python code.
>>>
>>> This is not a functional spec yet, but I just wanted to get this
>>> information out there and share what I found.
>>>
>>> Looking at the libvirt docs I can't find anything which it can't do
>>> which our security groups currently can. It already fully supports IPv6
>>> which we don't.
>>>
>>> CloudStack would only need to generate the proper XML documents and
>>> that's all.
>>>
>>> Wido
>>>
>>> [0]: https://issues.apache.org/jira/browse/CLOUDSTACK-1164
> >> [1]: http://libvirt.org/formatnwfilter.html

Re: KVM: Security grouping through libvirt instead of Python

2016-01-06 Thread Wido den Hollander 


On 06-01-16 16:20, Nux! wrote:
> That's great! Fine by me then, but we need to be careful and not mess up the 
> SG bits for XenServer.
> 
> I think they are sharing the same python scripts right now.
> 

No reason to delete the Python script from the Git repo. For KVM we can
however switch to using libvirt and just generate XMLs and call the API
functions.

Wido

> --
> Sent from the Delta quadrant using Borg technology!
> 
> Nux!
> www.nux.ro
> 
> - Original Message -
>> From: "Wido den Hollander" 
>> To: dev@cloudstack.apache.org
>> Sent: Wednesday, 6 January, 2016 14:38:17
>> Subject: Re: KVM: Security grouping through libvirt instead of Python
> 
>> On 06-01-16 13:12, Nux! wrote:
>>> Hi Wido,
>>>
>>> +1 for using more libvirt and less custom stuff, but what do we do about
>>> XenServer? SG is supported with it as well and there is no libvirt there.
>>> Would this be a different implementation just for KVM?
>>>
>>
>> Yes. For KVM we control almost everything through libvirt. Moving
>> Security Grouping there would be a good thing.
>>
>> I never do anything with Xen, so I have no clue there.
>>
>>> In addition, I have the following in production and it's not clear if it 
>>> would
>>> continue to work with libvirt filters - my hunch is that it will not since 
>>> it
>>> involves multiple, different src IPs.
>>>
>>> 1 - additional IPs on instance
>>> 2 - subnets routed via instance IPs (I usually assign them on loopback on 
>>> the
>>> VM)
>>>
>>
>> No problem at all. Just tested this:
>>
>>  
>>
>>  
>>  
>>
>>  
>>  
>>
>>  
>>
>>  
>>
>> So this VM had this config:
>>
>> auto ens7
>> iface ens7 inet static
>>address 192.168.100.101
>>netmask 255.255.255.0
>>
>> auto ens7:0
>> iface ens7:0 inet static
>>address 192.168.100.201
>>netmask 255.255.255.0
>>
>> auto dummy0
>> iface dummy0 inet static
>>address 10.0.0.1
>>netmask 255.255.255.0
>>
>> From my other host I could reach all IPs just fine:
>>
>> $ ip route add 10.0.0.0/24 via 192.168.100.101
>>
>> Trying to use any other IP than listed in the filter would be dropped.
>>
>> So it can support multiple IPs and routed subnets as well. The latter
>> would be required for IPv6 with DHCPv6+Prefix Delegation.
>>
>> Wido
>>
>>> Lucian
>>>
>>> --
>>> Sent from the Delta quadrant using Borg technology!
>>>
>>> Nux!
>>> www.nux.ro
>>>
>>> - Original Message -
 From: "Wido den Hollander" 
 To: dev@cloudstack.apache.org
 Sent: Wednesday, 6 January, 2016 10:02:31
 Subject: KVM: Security grouping through libvirt instead of Python
>>>
 Hi,

 A while back I opened CLOUDSTACK-1164 [0] since I think that we should
 use as much features of libvirt as possible.

 libvirt supports network filtering [1] which basically controls
 ebtables, iptables and ip6tables (IPv6 support!).

 Using a XML definition you can create a filter and than use this filter
 for a interface.

 I created a simple setup to test:
 - Can I prevent MAC spoofing?
 - Can I prevent IP spoofing?
 - Can I reload a filter without stopping my VM

 All the questions were answered by "Yes", so I figured it was useful to
 share this information.

 On my laptop running Ubuntu 14.04 and libvirt 1.2.2 I created two VMs:
 - One NIC with NAT for Internet access (no filter)
 - One NIC on a isolated bridge

 On the second NIC I assigned 192.168.100.1 and .2.

 VM network_filter_1 got a filter assigned:


  
  
  
  


 I created a filter called 'network_filter_1'

 
  64b80046-9a9d-40c2-8782-ed5878146262

  

  

  

  

  

  

  

  

  

  

  

  
 

 libvirt can auto-detect the MAC and IP, but since we already know that
 information I didn't think I needed to test that.

 $ virsh nwfilter-define filter.xml
 $ virsh define network_filter_1.xml
 $ virsh start network_filter_1

 The result was simple. Using any different IP then 192.168.100.1 failed
 and connections to ports not being 22, 80 or 443 failed.

 Changes to filters were simple as well. Edit filter.xml and run:

 $ virsh nwfilter-define filter.xml

 Those changes were applied without stopping the VM. Done within 1 second.

 I think it is worth the effort to use this instead of using
 'security_group.py'.

 On KVM we can always perform MAC address filtering and when security
 grouping in shared or basic networking is used we can use libvirt to
 filter all the traffic.

 Less code we have to maintain and I prefer using libvirt over our custom
 Python code.

 This is not a functional spec yet, but I just wanted to get this
 information out there and share what I found.

Re: KVM: Security grouping through libvirt instead of Python

2016-01-06 Thread Nux! 
Ok, as long as compatibility is maintained, then awesome!

BTW, I might be going too far, but would this allow us to "live" change the SGs 
of an instance?
Until very recently this was not possible at all, but last week the folks from 
Exoscale added a patch[1] that allows one to change the SGs of an instance, 
however the instance must be stopped/started.


[1] https://github.com/apache/cloudstack/pull/1297

--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

- Original Message -
> From: "Wido den Hollander" 
> To: dev@cloudstack.apache.org
> Sent: Wednesday, 6 January, 2016 15:37:39
> Subject: Re: KVM: Security grouping through libvirt instead of Python

> On 06-01-16 16:20, Nux! wrote:
>> That's great! Fine by me then, but we need to be careful and not mess up the 
>> SG
>> bits for XenServer.
>> 
>> I think they are sharing the same python scripts right now.
>> 
> 
> No reason to delete the Python script from the Git repo. For KVM we can
> however switch to using libvirt and just generate XMLs and call the API
> functions.
> 
> Wido
> 
>> --
>> Sent from the Delta quadrant using Borg technology!
>> 
>> Nux!
>> www.nux.ro
>> 
>> - Original Message -
>>> From: "Wido den Hollander" 
>>> To: dev@cloudstack.apache.org
>>> Sent: Wednesday, 6 January, 2016 14:38:17
>>> Subject: Re: KVM: Security grouping through libvirt instead of Python
>> 
>>> On 06-01-16 13:12, Nux! wrote:
 Hi Wido,

 +1 for using more libvirt and less custom stuff, but what do we do about
 XenServer? SG is supported with it as well and there is no libvirt there.
 Would this be a different implementation just for KVM?

>>>
>>> Yes. For KVM we control almost everything through libvirt. Moving
>>> Security Grouping there would be a good thing.
>>>
>>> I never do anything with Xen, so I have no clue there.
>>>
 In addition, I have the following in production and it's not clear if it 
 would
 continue to work with libvirt filters - my hunch is that it will not since 
 it
 involves multiple, different src IPs.

 1 - additional IPs on instance
 2 - subnets routed via instance IPs (I usually assign them on loopback on 
 the
 VM)

>>>
>>> No problem at all. Just tested this:
>>>
>>>  
>>>
>>>  
>>>  
>>>
>>>  
>>>  
>>>
>>>  
>>>
>>>  
>>>
>>> So this VM had this config:
>>>
>>> auto ens7
>>> iface ens7 inet static
>>>address 192.168.100.101
>>>netmask 255.255.255.0
>>>
>>> auto ens7:0
>>> iface ens7:0 inet static
>>>address 192.168.100.201
>>>netmask 255.255.255.0
>>>
>>> auto dummy0
>>> iface dummy0 inet static
>>>address 10.0.0.1
>>>netmask 255.255.255.0
>>>
>>> From my other host I could reach all IPs just fine:
>>>
>>> $ ip route add 10.0.0.0/24 via 192.168.100.101
>>>
>>> Trying to use any other IP than listed in the filter would be dropped.
>>>
>>> So it can support multiple IPs and routed subnets as well. The latter
>>> would be required for IPv6 with DHCPv6+Prefix Delegation.
>>>
>>> Wido
>>>
 Lucian

 --
 Sent from the Delta quadrant using Borg technology!

 Nux!
 www.nux.ro

 - Original Message -
> From: "Wido den Hollander" 
> To: dev@cloudstack.apache.org
> Sent: Wednesday, 6 January, 2016 10:02:31
> Subject: KVM: Security grouping through libvirt instead of Python

> Hi,
>
> A while back I opened CLOUDSTACK-1164 [0] since I think that we should
> use as much features of libvirt as possible.
>
> libvirt supports network filtering [1] which basically controls
> ebtables, iptables and ip6tables (IPv6 support!).
>
> Using a XML definition you can create a filter and than use this filter
> for a interface.
>
> I created a simple setup to test:
> - Can I prevent MAC spoofing?
> - Can I prevent IP spoofing?
> - Can I reload a filter without stopping my VM
>
> All the questions were answered by "Yes", so I figured it was useful to
> share this information.
>
> On my laptop running Ubuntu 14.04 and libvirt 1.2.2 I created two VMs:
> - One NIC with NAT for Internet access (no filter)
> - One NIC on a isolated bridge
>
> On the second NIC I assigned 192.168.100.1 and .2.
>
> VM network_filter_1 got a filter assigned:
>
>
>  
>  
>  
>  
>
>
> I created a filter called 'network_filter_1'
>
> 
>  64b80046-9a9d-40c2-8782-ed5878146262
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
> 
>
> libvirt can auto-detect the MAC and IP, but since we already know that
> information I didn't think I needed to test that.
>
> $ virsh nwfilter-define filter.xml
> $ virsh define network_filter_1.xml
> $ virsh start n

[GitHub] cloudstack pull request: fix mariadb related listCapacity bug (CLO...

2016-01-06 Thread lttmtins 
GitHub user lttmtins opened a pull request:

https://github.com/apache/cloudstack/pull/1313

fix mariadb related listCapacity bug (CLOUDSTACK-8966)  a bigint(20) …

…with varchar type does not work well on MariaDB
so forcing it to type decimal
Tested on ACS4.7 with MariaDB10.0.22 (galera)

To test (this is the output with the pull request code underneath):
(nl2) > list capacity sortby=usage type=0
count = 1
capacity:
capacitytotal = 0
capacityused = 3501740523520
percentused = 0
type = 0
zoneid = 76251030-aca1-44c6-b47d-8010ee17e0ad
zonename = NL2
(nl2) > 

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/lttmtins/cloudstack master

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cloudstack/pull/1313.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #1313


commit 957e37df012f0b3be84735a5bde70eb004d18493
Author: Anton Opgenoort 
Date:   2016-01-06T16:15:02Z

fix mariadb related listCapacity bug (CLOUDSTACK-8966)  a bigint(20) with 
varchar type does not work well on MariaDB
so forcing it to type decimal




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Re: KVM: Security grouping through libvirt instead of Python

2016-01-06 Thread Wido den Hollander 


On 06-01-16 16:42, Nux! wrote:
> Ok, as long as compatibility is maintained, then awesome!
> 

Yes

> BTW, I might be going too far, but would this allow us to "live" change the 
> SGs of an instance?
> Until very recently this was not possible at all, but last week the folks 
> from Exoscale added a patch[1] that allows one to change the SGs of an 
> instance, however the instance must be stopped/started.
> 

Seems like it. If we create a specific filter for each instance running
on that host we can re-define the filter at any moment as long as the
name and UUID stays the same.

Security Group Rules -> Libvirt XML

That way you can simply re-generate the XML and thus switch security
group while the Instance is running.

Wido

> 
> [1] https://github.com/apache/cloudstack/pull/1297
> 
> --
> Sent from the Delta quadrant using Borg technology!
> 
> Nux!
> www.nux.ro
> 
> - Original Message -
>> From: "Wido den Hollander" 
>> To: dev@cloudstack.apache.org
>> Sent: Wednesday, 6 January, 2016 15:37:39
>> Subject: Re: KVM: Security grouping through libvirt instead of Python
> 
>> On 06-01-16 16:20, Nux! wrote:
>>> That's great! Fine by me then, but we need to be careful and not mess up 
>>> the SG
>>> bits for XenServer.
>>>
>>> I think they are sharing the same python scripts right now.
>>>
>>
>> No reason to delete the Python script from the Git repo. For KVM we can
>> however switch to using libvirt and just generate XMLs and call the API
>> functions.
>>
>> Wido
>>
>>> --
>>> Sent from the Delta quadrant using Borg technology!
>>>
>>> Nux!
>>> www.nux.ro
>>>
>>> - Original Message -
 From: "Wido den Hollander" 
 To: dev@cloudstack.apache.org
 Sent: Wednesday, 6 January, 2016 14:38:17
 Subject: Re: KVM: Security grouping through libvirt instead of Python
>>>
 On 06-01-16 13:12, Nux! wrote:
> Hi Wido,
>
> +1 for using more libvirt and less custom stuff, but what do we do about
> XenServer? SG is supported with it as well and there is no libvirt there.
> Would this be a different implementation just for KVM?
>

 Yes. For KVM we control almost everything through libvirt. Moving
 Security Grouping there would be a good thing.

 I never do anything with Xen, so I have no clue there.

> In addition, I have the following in production and it's not clear if it 
> would
> continue to work with libvirt filters - my hunch is that it will not 
> since it
> involves multiple, different src IPs.
>
> 1 - additional IPs on instance
> 2 - subnets routed via instance IPs (I usually assign them on loopback on 
> the
> VM)
>

 No problem at all. Just tested this:

  

  
  

  
  

  

  

 So this VM had this config:

 auto ens7
 iface ens7 inet static
address 192.168.100.101
netmask 255.255.255.0

 auto ens7:0
 iface ens7:0 inet static
address 192.168.100.201
netmask 255.255.255.0

 auto dummy0
 iface dummy0 inet static
address 10.0.0.1
netmask 255.255.255.0

 From my other host I could reach all IPs just fine:

 $ ip route add 10.0.0.0/24 via 192.168.100.101

 Trying to use any other IP than listed in the filter would be dropped.

 So it can support multiple IPs and routed subnets as well. The latter
 would be required for IPv6 with DHCPv6+Prefix Delegation.

 Wido

> Lucian
>
> --
> Sent from the Delta quadrant using Borg technology!
>
> Nux!
> www.nux.ro
>
> - Original Message -
>> From: "Wido den Hollander" 
>> To: dev@cloudstack.apache.org
>> Sent: Wednesday, 6 January, 2016 10:02:31
>> Subject: KVM: Security grouping through libvirt instead of Python
>
>> Hi,
>>
>> A while back I opened CLOUDSTACK-1164 [0] since I think that we should
>> use as much features of libvirt as possible.
>>
>> libvirt supports network filtering [1] which basically controls
>> ebtables, iptables and ip6tables (IPv6 support!).
>>
>> Using a XML definition you can create a filter and than use this filter
>> for a interface.
>>
>> I created a simple setup to test:
>> - Can I prevent MAC spoofing?
>> - Can I prevent IP spoofing?
>> - Can I reload a filter without stopping my VM
>>
>> All the questions were answered by "Yes", so I figured it was useful to
>> share this information.
>>
>> On my laptop running Ubuntu 14.04 and libvirt 1.2.2 I created two VMs:
>> - One NIC with NAT for Internet access (no filter)
>> - One NIC on a isolated bridge
>>
>> On the second NIC I assigned 192.168.100.1 and .2.
>>
>> VM network_filter_1 got a filter assigned:
>>
>>
>>  
>>  
>>  
>>  
>>
>>
>> I created a

[GitHub] cloudstack pull request: Fix mariadb related listCapacity bug (CLO...

2016-01-06 Thread lttmtins 
GitHub user lttmtins opened a pull request:

https://github.com/apache/cloudstack/pull/1314

Fix mariadb related listCapacity bug (CLOUDSTACK-8966)

type bigint(20) with type  varchar does not work well on MariaDB
So forcing it to type decimal

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/lttmtins/cloudstack 4.7-CLOUDSTACK-8966

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cloudstack/pull/1314.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #1314


commit b90019e0541b18580d654870d5cce2430072dbd7
Author: Anton Opgenoort 
Date:   2016-01-06T16:30:55Z

Fix mariadb related listCapacity bug (CLOUDSTACK-8966)

type bigint(20) with type  varchar does not work well on MariaDB
So forcing it to type decimal




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: fix mariadb related listCapacity bug (CLO...

2016-01-06 Thread lttmtins 
Github user lttmtins commented on the pull request:

https://github.com/apache/cloudstack/pull/1313#issuecomment-169381926
  
On advice of release master this is now a pull request against 4.7


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: fix mariadb related listCapacity bug (CLO...

2016-01-06 Thread lttmtins 
Github user lttmtins closed the pull request at:

https://github.com/apache/cloudstack/pull/1313


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: README: revert back to the normal cloudst...

2016-01-06 Thread asfgit 
Github user asfgit closed the pull request at:

https://github.com/apache/cloudstack/pull/1312


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: Fix mariadb related listCapacity bug (CLO...

2016-01-06 Thread lttmtins 
Github user lttmtins commented on the pull request:

https://github.com/apache/cloudstack/pull/1314#issuecomment-169384312
  
To test with cloudmonkey (this is the output with the pull request code 
underneath) you need 2 API calls (e.g. via cloudmonkey):
(nl2) > list capacity sortby=usage type=0
count = 1
capacity:
capacitytotal = 0
capacityused = 3501740523520
percentused = 0
type = 0
zoneid = 76251030-aca1-44c6-b47d-8010ee17e0ad
zonename = NL2
(nl2) >

Suggested tests to see if the 'capacitytotal != 0':
(nl2) > list capacity type=0 clusterid=
(nl2) > list capacity type=1 clusterid=
(nl2) > list capacity type=3 clusterid=
(nl2) > list capacity type=0 sortby=usage
(nl2) > list capacity type=1 sortby=usage
(nl2) > list capacity type=3 sortby=usage


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: Fix mariadb related listCapacity bug (CLO...

2016-01-06 Thread lttmtins 
GitHub user lttmtins reopened a pull request:

https://github.com/apache/cloudstack/pull/1314

Fix mariadb related listCapacity bug (CLOUDSTACK-8966)

type bigint(20) with type  varchar does not work well on MariaDB
So forcing it to type decimal

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/lttmtins/cloudstack 4.7-CLOUDSTACK-8966

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cloudstack/pull/1314.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #1314


commit b90019e0541b18580d654870d5cce2430072dbd7
Author: Anton Opgenoort 
Date:   2016-01-06T16:30:55Z

Fix mariadb related listCapacity bug (CLOUDSTACK-8966)

type bigint(20) with type  varchar does not work well on MariaDB
So forcing it to type decimal




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: Fix mariadb related listCapacity bug (CLO...

2016-01-06 Thread lttmtins 
Github user lttmtins closed the pull request at:

https://github.com/apache/cloudstack/pull/1314


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Re: KVM: Security grouping through libvirt instead of Python

2016-01-06 Thread Nux! 
Thanks Wido,

Let's see what the others think of it.

--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

- Original Message -
> From: "Wido den Hollander" 
> To: dev@cloudstack.apache.org
> Sent: Wednesday, 6 January, 2016 16:30:57
> Subject: Re: KVM: Security grouping through libvirt instead of Python

> On 06-01-16 16:42, Nux! wrote:
>> Ok, as long as compatibility is maintained, then awesome!
>> 
> 
> Yes
> 
>> BTW, I might be going too far, but would this allow us to "live" change the 
>> SGs
>> of an instance?
>> Until very recently this was not possible at all, but last week the folks 
>> from
>> Exoscale added a patch[1] that allows one to change the SGs of an instance,
>> however the instance must be stopped/started.
>> 
> 
> Seems like it. If we create a specific filter for each instance running
> on that host we can re-define the filter at any moment as long as the
> name and UUID stays the same.
> 
> Security Group Rules -> Libvirt XML
> 
> That way you can simply re-generate the XML and thus switch security
> group while the Instance is running.
> 
> Wido
> 
>> 
>> [1] https://github.com/apache/cloudstack/pull/1297
>> 
>> --
>> Sent from the Delta quadrant using Borg technology!
>> 
>> Nux!
>> www.nux.ro
>> 
>> - Original Message -
>>> From: "Wido den Hollander" 
>>> To: dev@cloudstack.apache.org
>>> Sent: Wednesday, 6 January, 2016 15:37:39
>>> Subject: Re: KVM: Security grouping through libvirt instead of Python
>> 
>>> On 06-01-16 16:20, Nux! wrote:
 That's great! Fine by me then, but we need to be careful and not mess up 
 the SG
 bits for XenServer.

 I think they are sharing the same python scripts right now.

>>>
>>> No reason to delete the Python script from the Git repo. For KVM we can
>>> however switch to using libvirt and just generate XMLs and call the API
>>> functions.
>>>
>>> Wido
>>>
 --
 Sent from the Delta quadrant using Borg technology!

 Nux!
 www.nux.ro

 - Original Message -
> From: "Wido den Hollander" 
> To: dev@cloudstack.apache.org
> Sent: Wednesday, 6 January, 2016 14:38:17
> Subject: Re: KVM: Security grouping through libvirt instead of Python

> On 06-01-16 13:12, Nux! wrote:
>> Hi Wido,
>>
>> +1 for using more libvirt and less custom stuff, but what do we do about
>> XenServer? SG is supported with it as well and there is no libvirt there.
>> Would this be a different implementation just for KVM?
>>
>
> Yes. For KVM we control almost everything through libvirt. Moving
> Security Grouping there would be a good thing.
>
> I never do anything with Xen, so I have no clue there.
>
>> In addition, I have the following in production and it's not clear if it 
>> would
>> continue to work with libvirt filters - my hunch is that it will not 
>> since it
>> involves multiple, different src IPs.
>>
>> 1 - additional IPs on instance
>> 2 - subnets routed via instance IPs (I usually assign them on loopback 
>> on the
>> VM)
>>
>
> No problem at all. Just tested this:
>
>  
>
>  
>  
>
>  
>  
>
>  
>
>  
>
> So this VM had this config:
>
> auto ens7
> iface ens7 inet static
>address 192.168.100.101
>netmask 255.255.255.0
>
> auto ens7:0
> iface ens7:0 inet static
>address 192.168.100.201
>netmask 255.255.255.0
>
> auto dummy0
> iface dummy0 inet static
>address 10.0.0.1
>netmask 255.255.255.0
>
> From my other host I could reach all IPs just fine:
>
> $ ip route add 10.0.0.0/24 via 192.168.100.101
>
> Trying to use any other IP than listed in the filter would be dropped.
>
> So it can support multiple IPs and routed subnets as well. The latter
> would be required for IPv6 with DHCPv6+Prefix Delegation.
>
> Wido
>
>> Lucian
>>
>> --
>> Sent from the Delta quadrant using Borg technology!
>>
>> Nux!
>> www.nux.ro
>>
>> - Original Message -
>>> From: "Wido den Hollander" 
>>> To: dev@cloudstack.apache.org
>>> Sent: Wednesday, 6 January, 2016 10:02:31
>>> Subject: KVM: Security grouping through libvirt instead of Python
>>
>>> Hi,
>>>
>>> A while back I opened CLOUDSTACK-1164 [0] since I think that we should
>>> use as much features of libvirt as possible.
>>>
>>> libvirt supports network filtering [1] which basically controls
>>> ebtables, iptables and ip6tables (IPv6 support!).
>>>
>>> Using a XML definition you can create a filter and than use this filter
>>> for a interface.
>>>
>>> I created a simple setup to test:
>>> - Can I prevent MAC spoofing?
>>> - Can I prevent IP spoofing?
>>> - Can I reload a filter without stopping my VM
>>>
>>>

Build failed in Jenkins: build-master-slowbuild #2921

2016-01-06 Thread jenkins 
See 

Changes:

[Rohit Yadav] README: revert back to the normal cloudstack logo

--
[...truncated 28723 lines...]
[INFO] 
[INFO] --- findbugs-maven-plugin:3.0.1:findbugs (findbugs) @ cloud-quickcloud 
---
[INFO] 
[INFO] <<< findbugs-maven-plugin:3.0.1:check (cloudstack-findbugs) @ 
cloud-quickcloud <<<
[INFO] 
[INFO] --- findbugs-maven-plugin:3.0.1:check (cloudstack-findbugs) @ 
cloud-quickcloud ---
[INFO] 
[INFO] --- cobertura-maven-plugin:2.6:instrument (default-cli) @ 
cloud-quickcloud ---
[WARNING] No files to instrument.
[INFO] NOT adding cobertura ser file to attached artifacts list.
[INFO] 
[INFO] --- maven-resources-plugin:2.5:testResources (default-testResources) @ 
cloud-quickcloud ---
[debug] execute contextualize
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory 

[INFO] Copying 3 resources
[INFO] Copying 3 resources
[INFO] 
[INFO] --- maven-compiler-plugin:3.2:testCompile (default-testCompile) @ 
cloud-quickcloud ---
[INFO] No sources to compile
[INFO] 
[INFO] --- maven-surefire-plugin:2.18.1:test (default-test) @ cloud-quickcloud 
---
[INFO] 
[INFO] <<< cobertura-maven-plugin:2.6:cobertura (default-cli) @ 
cloud-quickcloud <<<
[INFO] 
[INFO] --- cobertura-maven-plugin:2.6:cobertura (default-cli) @ 
cloud-quickcloud ---
[INFO] 
[INFO] Reactor Summary:
[INFO] 
[INFO] Apache CloudStack Developer Tools - Checkstyle Configuration  SUCCESS 
[1.739s]
[INFO] Apache CloudStack . SUCCESS [2.096s]
[INFO] Apache CloudStack Maven Conventions Parent  SUCCESS [0.785s]
[INFO] Apache CloudStack Framework - Managed Context . SUCCESS [18.831s]
[INFO] Apache CloudStack Utils ... SUCCESS [1:30.460s]
[INFO] Apache CloudStack Framework ... SUCCESS [0.115s]
[INFO] Apache CloudStack Framework - Event Notification .. SUCCESS [53.108s]
[INFO] Apache CloudStack Framework - Configuration ... SUCCESS [27.661s]
[INFO] Apache CloudStack API . SUCCESS [1:50.705s]
[INFO] Apache CloudStack Framework - REST  SUCCESS [17.043s]
[INFO] Apache CloudStack Framework - IPC . SUCCESS [30.169s]
[INFO] Apache CloudStack Cloud Engine  SUCCESS [0.087s]
[INFO] Apache CloudStack Cloud Engine API  SUCCESS [28.374s]
[INFO] Apache CloudStack Framework - Security  SUCCESS [25.283s]
[INFO] Apache CloudStack Core  SUCCESS [1:21.154s]
[INFO] Apache CloudStack Agents .. SUCCESS [36.344s]
[INFO] Apache CloudStack Framework - Clustering .. SUCCESS [36.771s]
[INFO] Apache CloudStack Framework - Event Notification .. SUCCESS [14.350s]
[INFO] Apache CloudStack Cloud Engine Schema Component ... SUCCESS [2:07.519s]
[INFO] Apache CloudStack Framework - Jobs  SUCCESS [40.813s]
[INFO] Apache CloudStack Cloud Engine Internal Components API  SUCCESS [25.570s]
[INFO] Apache CloudStack Server .. SUCCESS [4:10.264s]
[INFO] Apache CloudStack Framework - Quota ... SUCCESS [38.043s]
[INFO] Apache CloudStack Usage Server  SUCCESS [43.641s]
[INFO] Apache CloudStack Cloud Engine Orchestration Component  SUCCESS 
[1:20.620s]
[INFO] Apache CloudStack Cloud Services .. SUCCESS [0.068s]
[INFO] Apache CloudStack Secondary Storage ... SUCCESS [0.434s]
[INFO] Apache CloudStack Secondary Storage Service ... SUCCESS [54.145s]
[INFO] Apache CloudStack Engine Storage Component  SUCCESS [48.315s]
[INFO] Apache CloudStack Engine Storage Volume Component . SUCCESS [31.744s]
[INFO] Apache CloudStack Engine Storage Image Component .. SUCCESS [26.618s]
[INFO] Apache CloudStack Engine Storage Data Motion Component  SUCCESS [30.801s]
[INFO] Apache CloudStack Engine Storage Cache Component .. SUCCESS [23.829s]
[INFO] Apache CloudStack Engine Storage Snapshot Component  SUCCESS [34.942s]
[INFO] Apache CloudStack Cloud Engine API  SUCCESS [12.520s]
[INFO] Apache CloudStack Cloud Engine Service  SUCCESS [8.197s]
[INFO] Apache CloudStack Plugin POM .. SUCCESS [0.964s]
[INFO] Apache CloudStack Plugin - API Rate Limit . SUCCESS [26.829s]
[INFO] Apache CloudStack Plugin - Storage Volume default provider  SUCCESS 
[23.576s]
[INFO] Apache CloudStack Plugin - Storage Volume SolidFire Provider  SUCCESS 
[37.445s]
[INFO] Apache CloudStack Plugin - API SolidFire .. SUCCESS [17.311s]
[INFO] Apache CloudStack Plugin - API Discovery .. SUCCESS [23.562s]
[INFO] Apache CloudStack Plugin - ACL Static Role Based .. SUCCESS [15.891s]
[INFO] Apache CloudS

RE: BVT Report for the week of 1/5

2016-01-06 Thread Raja Pullela 
sure, will post this weekend, have the data.. 

-Original Message-
From: Daan Hoogland [mailto:daan.hoogl...@gmail.com] 
Sent: Tuesday, January 5, 2016 4:00 PM
To: dev 
Subject: Re: BVT Report for the week of 1/5

Raja, thanks. I hve one question: can you produce historic data? preferable 
graphical so I can kid myself I understand it ;)

On Tue, Jan 5, 2016 at 11:13 AM, Raja Pullela 
wrote:

> Happy New Year to all!
>
> Please see the BVT report
> KVM Basic  - 97.1%
> XS Basic - 94.0%
> KVM Adv - 85.8% - action item on me to add configurations for the new 
> tests to run XS Adv - 79.1% - action item on me to add configurations 
> for the new tests to run
>
> Failed Tests - same tests from last BVT report.  Hope to fix the 
> configurations for the new Tests  around next week or so.
>
> Also, looking to export the test data including logs to a website 
> which is accessible to everyone.  Hope to accomplish it this month?
>
> Please let me know if you have any questions, Raja
>
>


-- 
Daan

Re: Checkout master issue

2016-01-06 Thread Heber Gonçalves Junior 
Some programs blocking the files that are using.
I had the same problem with the same error message.
When i closed the program that i was using. I could execute rebase or 
checkout for another branch.

Srry for the bad english.

Build failed in Jenkins: build-master-slowbuild #2922

2016-01-06 Thread jenkins 
See 

--
[...truncated 28723 lines...]
[INFO] 
[INFO] --- findbugs-maven-plugin:3.0.1:findbugs (findbugs) @ cloud-quickcloud 
---
[INFO] 
[INFO] <<< findbugs-maven-plugin:3.0.1:check (cloudstack-findbugs) @ 
cloud-quickcloud <<<
[INFO] 
[INFO] --- findbugs-maven-plugin:3.0.1:check (cloudstack-findbugs) @ 
cloud-quickcloud ---
[INFO] 
[INFO] --- cobertura-maven-plugin:2.6:instrument (default-cli) @ 
cloud-quickcloud ---
[WARNING] No files to instrument.
[INFO] NOT adding cobertura ser file to attached artifacts list.
[INFO] 
[INFO] --- maven-resources-plugin:2.5:testResources (default-testResources) @ 
cloud-quickcloud ---
[debug] execute contextualize
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory 

[INFO] Copying 3 resources
[INFO] Copying 3 resources
[INFO] 
[INFO] --- maven-compiler-plugin:3.2:testCompile (default-testCompile) @ 
cloud-quickcloud ---
[INFO] No sources to compile
[INFO] 
[INFO] --- maven-surefire-plugin:2.18.1:test (default-test) @ cloud-quickcloud 
---
[INFO] 
[INFO] <<< cobertura-maven-plugin:2.6:cobertura (default-cli) @ 
cloud-quickcloud <<<
[INFO] 
[INFO] --- cobertura-maven-plugin:2.6:cobertura (default-cli) @ 
cloud-quickcloud ---
[INFO] 
[INFO] Reactor Summary:
[INFO] 
[INFO] Apache CloudStack Developer Tools - Checkstyle Configuration  SUCCESS 
[1.819s]
[INFO] Apache CloudStack . SUCCESS [2.075s]
[INFO] Apache CloudStack Maven Conventions Parent  SUCCESS [0.788s]
[INFO] Apache CloudStack Framework - Managed Context . SUCCESS [19.493s]
[INFO] Apache CloudStack Utils ... SUCCESS [1:30.368s]
[INFO] Apache CloudStack Framework ... SUCCESS [0.110s]
[INFO] Apache CloudStack Framework - Event Notification .. SUCCESS [53.810s]
[INFO] Apache CloudStack Framework - Configuration ... SUCCESS [28.876s]
[INFO] Apache CloudStack API . SUCCESS [1:48.116s]
[INFO] Apache CloudStack Framework - REST  SUCCESS [16.322s]
[INFO] Apache CloudStack Framework - IPC . SUCCESS [29.776s]
[INFO] Apache CloudStack Cloud Engine  SUCCESS [0.089s]
[INFO] Apache CloudStack Cloud Engine API  SUCCESS [28.154s]
[INFO] Apache CloudStack Framework - Security  SUCCESS [24.883s]
[INFO] Apache CloudStack Core  SUCCESS [1:22.821s]
[INFO] Apache CloudStack Agents .. SUCCESS [35.751s]
[INFO] Apache CloudStack Framework - Clustering .. SUCCESS [36.809s]
[INFO] Apache CloudStack Framework - Event Notification .. SUCCESS [14.764s]
[INFO] Apache CloudStack Cloud Engine Schema Component ... SUCCESS [2:08.079s]
[INFO] Apache CloudStack Framework - Jobs  SUCCESS [40.605s]
[INFO] Apache CloudStack Cloud Engine Internal Components API  SUCCESS [25.517s]
[INFO] Apache CloudStack Server .. SUCCESS [4:12.597s]
[INFO] Apache CloudStack Framework - Quota ... SUCCESS [39.084s]
[INFO] Apache CloudStack Usage Server  SUCCESS [45.124s]
[INFO] Apache CloudStack Cloud Engine Orchestration Component  SUCCESS 
[1:23.632s]
[INFO] Apache CloudStack Cloud Services .. SUCCESS [0.071s]
[INFO] Apache CloudStack Secondary Storage ... SUCCESS [0.466s]
[INFO] Apache CloudStack Secondary Storage Service ... SUCCESS [53.218s]
[INFO] Apache CloudStack Engine Storage Component  SUCCESS [48.136s]
[INFO] Apache CloudStack Engine Storage Volume Component . SUCCESS [29.797s]
[INFO] Apache CloudStack Engine Storage Image Component .. SUCCESS [26.424s]
[INFO] Apache CloudStack Engine Storage Data Motion Component  SUCCESS [25.407s]
[INFO] Apache CloudStack Engine Storage Cache Component .. SUCCESS [20.714s]
[INFO] Apache CloudStack Engine Storage Snapshot Component  SUCCESS [35.430s]
[INFO] Apache CloudStack Cloud Engine API  SUCCESS [12.707s]
[INFO] Apache CloudStack Cloud Engine Service  SUCCESS [8.271s]
[INFO] Apache CloudStack Plugin POM .. SUCCESS [0.977s]
[INFO] Apache CloudStack Plugin - API Rate Limit . SUCCESS [26.464s]
[INFO] Apache CloudStack Plugin - Storage Volume default provider  SUCCESS 
[23.197s]
[INFO] Apache CloudStack Plugin - Storage Volume SolidFire Provider  SUCCESS 
[35.782s]
[INFO] Apache CloudStack Plugin - API SolidFire .. SUCCESS [17.322s]
[INFO] Apache CloudStack Plugin - API Discovery .. SUCCESS [23.687s]
[INFO] Apache CloudStack Plugin - ACL Static Role Based .. SUCCESS [15.888s]
[INFO] Apache CloudStack Plugin - Host Anti-Affinity Processor  SUCCESS 
[16.694s]
[INFO] Apache Cloud

[GitHub] cloudstack pull request: Fix mariadb related listCapacity bug (CLO...

2016-01-06 Thread borisroman 
Github user borisroman commented on the pull request:

https://github.com/apache/cloudstack/pull/1314#issuecomment-169486361
  
@lttmtins I've ran the code! When I deployed a management server and open 
the UI it throws an error!

Will investigate tomorrow!

https://cloud.githubusercontent.com/assets/5996146/12157061/48131416-b4cf-11e5-9519-e9bd51224216.png";>



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Build failed in Jenkins: build-master-slowbuild #2923

2016-01-06 Thread jenkins 
See 

--
[...truncated 28733 lines...]
[INFO] 
[INFO] --- findbugs-maven-plugin:3.0.1:findbugs (findbugs) @ cloud-quickcloud 
---
[INFO] 
[INFO] <<< findbugs-maven-plugin:3.0.1:check (cloudstack-findbugs) @ 
cloud-quickcloud <<<
[INFO] 
[INFO] --- findbugs-maven-plugin:3.0.1:check (cloudstack-findbugs) @ 
cloud-quickcloud ---
[INFO] 
[INFO] --- cobertura-maven-plugin:2.6:instrument (default-cli) @ 
cloud-quickcloud ---
[WARNING] No files to instrument.
[INFO] NOT adding cobertura ser file to attached artifacts list.
[INFO] 
[INFO] --- maven-resources-plugin:2.5:testResources (default-testResources) @ 
cloud-quickcloud ---
[debug] execute contextualize
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory 

[INFO] Copying 3 resources
[INFO] Copying 3 resources
[INFO] 
[INFO] --- maven-compiler-plugin:3.2:testCompile (default-testCompile) @ 
cloud-quickcloud ---
[INFO] No sources to compile
[INFO] 
[INFO] --- maven-surefire-plugin:2.18.1:test (default-test) @ cloud-quickcloud 
---
[INFO] 
[INFO] <<< cobertura-maven-plugin:2.6:cobertura (default-cli) @ 
cloud-quickcloud <<<
[INFO] 
[INFO] --- cobertura-maven-plugin:2.6:cobertura (default-cli) @ 
cloud-quickcloud ---
[INFO] 
[INFO] Reactor Summary:
[INFO] 
[INFO] Apache CloudStack Developer Tools - Checkstyle Configuration  SUCCESS 
[1.769s]
[INFO] Apache CloudStack . SUCCESS [2.111s]
[INFO] Apache CloudStack Maven Conventions Parent  SUCCESS [0.786s]
[INFO] Apache CloudStack Framework - Managed Context . SUCCESS [18.968s]
[INFO] Apache CloudStack Utils ... SUCCESS [1:30.842s]
[INFO] Apache CloudStack Framework ... SUCCESS [0.106s]
[INFO] Apache CloudStack Framework - Event Notification .. SUCCESS [53.737s]
[INFO] Apache CloudStack Framework - Configuration ... SUCCESS [27.010s]
[INFO] Apache CloudStack API . SUCCESS [1:51.474s]
[INFO] Apache CloudStack Framework - REST  SUCCESS [16.063s]
[INFO] Apache CloudStack Framework - IPC . SUCCESS [29.595s]
[INFO] Apache CloudStack Cloud Engine  SUCCESS [0.088s]
[INFO] Apache CloudStack Cloud Engine API  SUCCESS [28.206s]
[INFO] Apache CloudStack Framework - Security  SUCCESS [25.371s]
[INFO] Apache CloudStack Core  SUCCESS [1:23.296s]
[INFO] Apache CloudStack Agents .. SUCCESS [36.239s]
[INFO] Apache CloudStack Framework - Clustering .. SUCCESS [36.278s]
[INFO] Apache CloudStack Framework - Event Notification .. SUCCESS [15.671s]
[INFO] Apache CloudStack Cloud Engine Schema Component ... SUCCESS [2:06.688s]
[INFO] Apache CloudStack Framework - Jobs  SUCCESS [40.899s]
[INFO] Apache CloudStack Cloud Engine Internal Components API  SUCCESS [25.471s]
[INFO] Apache CloudStack Server .. SUCCESS [4:08.637s]
[INFO] Apache CloudStack Framework - Quota ... SUCCESS [37.376s]
[INFO] Apache CloudStack Usage Server  SUCCESS [44.718s]
[INFO] Apache CloudStack Cloud Engine Orchestration Component  SUCCESS 
[1:20.509s]
[INFO] Apache CloudStack Cloud Services .. SUCCESS [0.068s]
[INFO] Apache CloudStack Secondary Storage ... SUCCESS [0.423s]
[INFO] Apache CloudStack Secondary Storage Service ... SUCCESS [53.790s]
[INFO] Apache CloudStack Engine Storage Component  SUCCESS [47.545s]
[INFO] Apache CloudStack Engine Storage Volume Component . SUCCESS [29.875s]
[INFO] Apache CloudStack Engine Storage Image Component .. SUCCESS [26.368s]
[INFO] Apache CloudStack Engine Storage Data Motion Component  SUCCESS [25.863s]
[INFO] Apache CloudStack Engine Storage Cache Component .. SUCCESS [22.906s]
[INFO] Apache CloudStack Engine Storage Snapshot Component  SUCCESS [35.080s]
[INFO] Apache CloudStack Cloud Engine API  SUCCESS [12.498s]
[INFO] Apache CloudStack Cloud Engine Service  SUCCESS [8.442s]
[INFO] Apache CloudStack Plugin POM .. SUCCESS [1.019s]
[INFO] Apache CloudStack Plugin - API Rate Limit . SUCCESS [26.935s]
[INFO] Apache CloudStack Plugin - Storage Volume default provider  SUCCESS 
[23.512s]
[INFO] Apache CloudStack Plugin - Storage Volume SolidFire Provider  SUCCESS 
[35.774s]
[INFO] Apache CloudStack Plugin - API SolidFire .. SUCCESS [17.025s]
[INFO] Apache CloudStack Plugin - API Discovery .. SUCCESS [22.739s]
[INFO] Apache CloudStack Plugin - ACL Static Role Based .. SUCCESS [16.874s]
[INFO] Apache CloudStack Plugin - Host Anti-Affinity Processor  SUCCESS 
[16.940s]
[INFO] Apache Cloud

Build failed in Jenkins: build-master-slowbuild #2924

2016-01-06 Thread jenkins 
See 

--
[...truncated 28723 lines...]
[INFO] 
[INFO] --- findbugs-maven-plugin:3.0.1:findbugs (findbugs) @ cloud-quickcloud 
---
[INFO] 
[INFO] <<< findbugs-maven-plugin:3.0.1:check (cloudstack-findbugs) @ 
cloud-quickcloud <<<
[INFO] 
[INFO] --- findbugs-maven-plugin:3.0.1:check (cloudstack-findbugs) @ 
cloud-quickcloud ---
[INFO] 
[INFO] --- cobertura-maven-plugin:2.6:instrument (default-cli) @ 
cloud-quickcloud ---
[WARNING] No files to instrument.
[INFO] NOT adding cobertura ser file to attached artifacts list.
[INFO] 
[INFO] --- maven-resources-plugin:2.5:testResources (default-testResources) @ 
cloud-quickcloud ---
[debug] execute contextualize
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory 

[INFO] Copying 3 resources
[INFO] Copying 3 resources
[INFO] 
[INFO] --- maven-compiler-plugin:3.2:testCompile (default-testCompile) @ 
cloud-quickcloud ---
[INFO] No sources to compile
[INFO] 
[INFO] --- maven-surefire-plugin:2.18.1:test (default-test) @ cloud-quickcloud 
---
[INFO] 
[INFO] <<< cobertura-maven-plugin:2.6:cobertura (default-cli) @ 
cloud-quickcloud <<<
[INFO] 
[INFO] --- cobertura-maven-plugin:2.6:cobertura (default-cli) @ 
cloud-quickcloud ---
[INFO] 
[INFO] Reactor Summary:
[INFO] 
[INFO] Apache CloudStack Developer Tools - Checkstyle Configuration  SUCCESS 
[1.718s]
[INFO] Apache CloudStack . SUCCESS [2.069s]
[INFO] Apache CloudStack Maven Conventions Parent  SUCCESS [0.787s]
[INFO] Apache CloudStack Framework - Managed Context . SUCCESS [18.785s]
[INFO] Apache CloudStack Utils ... SUCCESS [1:30.058s]
[INFO] Apache CloudStack Framework ... SUCCESS [0.103s]
[INFO] Apache CloudStack Framework - Event Notification .. SUCCESS [53.214s]
[INFO] Apache CloudStack Framework - Configuration ... SUCCESS [27.273s]
[INFO] Apache CloudStack API . SUCCESS [1:57.698s]
[INFO] Apache CloudStack Framework - REST  SUCCESS [17.065s]
[INFO] Apache CloudStack Framework - IPC . SUCCESS [29.591s]
[INFO] Apache CloudStack Cloud Engine  SUCCESS [0.079s]
[INFO] Apache CloudStack Cloud Engine API  SUCCESS [27.819s]
[INFO] Apache CloudStack Framework - Security  SUCCESS [25.166s]
[INFO] Apache CloudStack Core  SUCCESS [1:21.721s]
[INFO] Apache CloudStack Agents .. SUCCESS [35.714s]
[INFO] Apache CloudStack Framework - Clustering .. SUCCESS [36.471s]
[INFO] Apache CloudStack Framework - Event Notification .. SUCCESS [14.215s]
[INFO] Apache CloudStack Cloud Engine Schema Component ... SUCCESS [2:08.952s]
[INFO] Apache CloudStack Framework - Jobs  SUCCESS [40.860s]
[INFO] Apache CloudStack Cloud Engine Internal Components API  SUCCESS [26.658s]
[INFO] Apache CloudStack Server .. SUCCESS [4:11.154s]
[INFO] Apache CloudStack Framework - Quota ... SUCCESS [37.449s]
[INFO] Apache CloudStack Usage Server  SUCCESS [44.536s]
[INFO] Apache CloudStack Cloud Engine Orchestration Component  SUCCESS 
[1:21.632s]
[INFO] Apache CloudStack Cloud Services .. SUCCESS [0.067s]
[INFO] Apache CloudStack Secondary Storage ... SUCCESS [0.450s]
[INFO] Apache CloudStack Secondary Storage Service ... SUCCESS [53.751s]
[INFO] Apache CloudStack Engine Storage Component  SUCCESS [47.590s]
[INFO] Apache CloudStack Engine Storage Volume Component . SUCCESS [29.708s]
[INFO] Apache CloudStack Engine Storage Image Component .. SUCCESS [26.624s]
[INFO] Apache CloudStack Engine Storage Data Motion Component  SUCCESS [26.553s]
[INFO] Apache CloudStack Engine Storage Cache Component .. SUCCESS [20.856s]
[INFO] Apache CloudStack Engine Storage Snapshot Component  SUCCESS [35.229s]
[INFO] Apache CloudStack Cloud Engine API  SUCCESS [12.326s]
[INFO] Apache CloudStack Cloud Engine Service  SUCCESS [8.467s]
[INFO] Apache CloudStack Plugin POM .. SUCCESS [0.921s]
[INFO] Apache CloudStack Plugin - API Rate Limit . SUCCESS [26.434s]
[INFO] Apache CloudStack Plugin - Storage Volume default provider  SUCCESS 
[23.561s]
[INFO] Apache CloudStack Plugin - Storage Volume SolidFire Provider  SUCCESS 
[35.841s]
[INFO] Apache CloudStack Plugin - API SolidFire .. SUCCESS [17.288s]
[INFO] Apache CloudStack Plugin - API Discovery .. SUCCESS [23.149s]
[INFO] Apache CloudStack Plugin - ACL Static Role Based .. SUCCESS [15.815s]
[INFO] Apache CloudStack Plugin - Host Anti-Affinity Processor  SUCCESS 
[16.912s]
[INFO] Apache Cloud

[GitHub] cloudstack pull request: Strongswan vpn feature

2016-01-06 Thread jayapalu 
Github user jayapalu commented on the pull request:

https://github.com/apache/cloudstack/pull/872#issuecomment-169546574
  
@remibergsma Did you find some time to test this ?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: Automation for CLOUDSTACK-9214 , detect w...

2016-01-06 Thread pavanb018 
GitHub user pavanb018 opened a pull request:

https://github.com/apache/cloudstack/pull/1315

Automation for CLOUDSTACK-9214 , detect wrong GW or NM

Automation for CLOUDSTACK-9214

This script automates the validation of  network address or broadcast 
address given for gateway or wrong netmask is given during network creation, 

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/pavanb018/cloudstack master

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cloudstack/pull/1315.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #1315


commit 792e49366b5ee1f7ce86c75f6d1f6cf61dd37bf8
Author: pavanb018 
Date:   2016-01-07T05:17:28Z

Automation for CLOUDSTACK-9214 , detect wrong GW or NM




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---