Locallization issue
Hi, After login into the mgmt server, the alert panel not works well.When vm create failed, the db store this alert, which type is 7. But in the panel , it shows it's vlan type. Through the codes , it found that it was caused by scripts/sharedFunctions.js#403 toAlertType: function(alertCode) { 395 switch (alertCode) { 396 case 0 : return _l('label.memory'); 397 case 1 : return _l('label.cpu'); 398 case 2 : return _l('label.storage'); 399 case 3 : return _l('label.primary.storage'); 400 case 4 : return _l('label.public.ips'); 401 case 5 : return _l('label.management.ips'); 402 case 6 : return _l('label.secondary.storage'); 403 case 7 : return _l('label.vlan'); 404 case 8 : return _l('label.direct.ips'); 405 case 9 : return _l('label.local.storage'); 406 407 // These are old values -- can be removed in the future 408 case 10 : return Routing Host; 409 case 11 : return Storage; 410 case 12 : return Usage Server; 411 case 13 : return Management Server; 412 case 14 : return Domain Router; 413 case 15 : return Console Proxy; 414 case 16 : return User VM; 415 case 17 : return VLAN; 416 case 18 : return Secondary Storage VM; 417 } so i changed *label.vlan ** to **label.user.vm* , accordingly add the* label.user.vm=User VM *to resource file *client/WEB-INF/classes/resources/messages.properties.* After restart mgmt service, the alert panel still shows* vlan *type. My question is did i miss something in configuration locallization? Thanks, Yitao
Re: Review Request 14124: CLOUDSTACK-4622 : If a VM from guest network is added to network tier of VPC then IP reservation allows the CIDR to be a superset of Network CIDR for that VPC tier
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/14124/ --- (Updated Dec. 24, 2013, 9:18 a.m.) Review request for cloudstack and Sateesh Chodapuneedi. Changes --- Modified isNetworkAWithinNetworkB to compare IP ranges. Bugs: CLOUDSTACK-4622 https://issues.apache.org/jira/browse/CLOUDSTACK-4622 Repository: cloudstack-git Description --- Add a new utility method for comparing 2 CIDRs. The method takes in 2 cidrs, cidrA and cidrB and returns true if cidrA's IP range is equal or a subset of cidrB's IP range. Diffs (updated) - utils/src/com/cloud/utils/net/NetUtils.java f6f6285 utils/test/com/cloud/utils/net/NetUtilsTest.java c7407bf Diff: https://reviews.apache.org/r/14124/diff/ Testing --- Added unit test for the utility. Tested locally. Build is successful. Patch applies cleanly. Thanks, Saksham Srivastava
Re: Review Request 14124: CLOUDSTACK-4622 : If a VM from guest network is added to network tier of VPC then IP reservation allows the CIDR to be a superset of Network CIDR for that VPC tier
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/14124/ --- (Updated Dec. 24, 2013, 9:20 a.m.) Review request for cloudstack, Jayapal Reddy and Sateesh Chodapuneedi. Bugs: CLOUDSTACK-4622 https://issues.apache.org/jira/browse/CLOUDSTACK-4622 Repository: cloudstack-git Description --- Add a new utility method for comparing 2 CIDRs. The method takes in 2 cidrs, cidrA and cidrB and returns true if cidrA's IP range is equal or a subset of cidrB's IP range. Diffs - utils/src/com/cloud/utils/net/NetUtils.java f6f6285 utils/test/com/cloud/utils/net/NetUtilsTest.java c7407bf Diff: https://reviews.apache.org/r/14124/diff/ Testing --- Added unit test for the utility. Tested locally. Build is successful. Patch applies cleanly. Thanks, Saksham Srivastava
RE: Faulty method isNetworkAWithinNetworkB ?
Thanks Jayapal for reviewing. I have updated the patch. Now isNetworkAWithinNetworkB method uses IP ranges of cidrs for comparison. Also updated the unittests for the same. Thanks, Saksham -Original Message- From: Jayapal Reddy Uradi [mailto:jayapalreddy.ur...@citrix.com] Sent: Monday, December 23, 2013 6:03 PM To: dev@cloudstack.apache.org Subject: Re: Faulty method isNetworkAWithinNetworkB ? Hi Saksham, Always the higher suffix cidr will be in lower suffix cidr. 10.1.1.0/24 will have 256 addresses and 10.1.1.0/25 will have 128 addresses[1]. /25 will be completely in /24 but not wise versa. The below are incorrect. isNetworkAWithinNetworkB(10.1.1.0/24, 10.1.1.0/25) returns true isNetworkAWithinNetworkB(10.1.1.0/22, 10.1.1.0/23) returns true I think you can change isNetworkAWithinNetworkB method to compare respective ip ranges for cidrs. What about changing method name isNetworkACompletelyWithinNetworkB() ? [1]https://www.dan.me.uk/ipsubnets?ip=10.1.1.0 Thanks, Jayapal On 13-Dec-2013, at 4:49 PM, Saksham Srivastava saksham.srivast...@citrix.com wrote: Hi, I encountered a method isNetworkAWithinNetworkB(cidrA, cidrB) in NetUtils.java which should return true if cidrA is a subset of cidrB. The method returns flawed output in many scenarios. After unittesting it I found : isNetworkAWithinNetworkB(10.1.1.0/24, 10.1.1.0/25) returns true isNetworkAWithinNetworkB(10.1.1.0/25, 10.1.1.0/24) returns true isNetworkAWithinNetworkB(10.1.1.0/23, 10.1.1.0/22) returns true isNetworkAWithinNetworkB(10.1.1.0/22, 10.1.1.0/23) returns true Due to this I am able to create VPC tiers with cidr 10.1.0.0/24 even when the VPC super cidr has been defined as 10.1.1.0/25 IMO the simpler/cleaner way to compare cidrs should be to compare the respective IP ranges. I have an old patch [1] in RB which uses the IP ranges to compare 2 cidrs. We could leverage that to replace isNetworkAWithinNetworkB() or in case of any other suggestions please share. Thanks, Saksham [1] https://reviews.apache.org/r/14124/diff/#index_header
Re: Locallization issue
In alert panel after login , it shows *label.user.vm *after modification, not it's value. I changed two files, messages.properties and messages_zh_CN.properties, and still exists this problem. Thanks, Yitao 2013/12/24 Yitao Jiang willier...@gmail.com Hi, After login into the mgmt server, the alert panel not works well.When vm create failed, the db store this alert, which type is 7. But in the panel , it shows it's vlan type. Through the codes , it found that it was caused by scripts/sharedFunctions.js#403 toAlertType: function(alertCode) { 395 switch (alertCode) { 396 case 0 : return _l('label.memory'); 397 case 1 : return _l('label.cpu'); 398 case 2 : return _l('label.storage'); 399 case 3 : return _l('label.primary.storage'); 400 case 4 : return _l('label.public.ips'); 401 case 5 : return _l('label.management.ips'); 402 case 6 : return _l('label.secondary.storage'); 403 case 7 : return _l('label.vlan'); 404 case 8 : return _l('label.direct.ips'); 405 case 9 : return _l('label.local.storage'); 406 407 // These are old values -- can be removed in the future 408 case 10 : return Routing Host; 409 case 11 : return Storage; 410 case 12 : return Usage Server; 411 case 13 : return Management Server; 412 case 14 : return Domain Router; 413 case 15 : return Console Proxy; 414 case 16 : return User VM; 415 case 17 : return VLAN; 416 case 18 : return Secondary Storage VM; 417 } so i changed *label.vlan ** to **label.user.vm* , accordingly add the* label.user.vm=User VM *to resource file *client/WEB-INF/classes/resources/messages.properties.* After restart mgmt service, the alert panel still shows* vlan *type. My question is did i miss something in configuration locallization? Thanks, Yitao
Re: Locallization issue
Sorry, guys. i got what i missed.After insert 'label.user.vm': 'fmt:message key=label.user.vm /' into client/dictionary.jsp file , all works well. But , did it suppose to be a bug ? Thanks, Yitao 2013/12/24 Yitao Jiang willier...@gmail.com In alert panel after login , it shows *label.user.vm *after modification, not it's value. I changed two files, messages.properties and messages_zh_CN.properties, and still exists this problem. Thanks, Yitao 2013/12/24 Yitao Jiang willier...@gmail.com Hi, After login into the mgmt server, the alert panel not works well.When vm create failed, the db store this alert, which type is 7. But in the panel , it shows it's vlan type. Through the codes , it found that it was caused by scripts/sharedFunctions.js#403 toAlertType: function(alertCode) { 395 switch (alertCode) { 396 case 0 : return _l('label.memory'); 397 case 1 : return _l('label.cpu'); 398 case 2 : return _l('label.storage'); 399 case 3 : return _l('label.primary.storage'); 400 case 4 : return _l('label.public.ips'); 401 case 5 : return _l('label.management.ips'); 402 case 6 : return _l('label.secondary.storage'); 403 case 7 : return _l('label.vlan'); 404 case 8 : return _l('label.direct.ips'); 405 case 9 : return _l('label.local.storage'); 406 407 // These are old values -- can be removed in the future 408 case 10 : return Routing Host; 409 case 11 : return Storage; 410 case 12 : return Usage Server; 411 case 13 : return Management Server; 412 case 14 : return Domain Router; 413 case 15 : return Console Proxy; 414 case 16 : return User VM; 415 case 17 : return VLAN; 416 case 18 : return Secondary Storage VM; 417 } so i changed *label.vlan ** to **label.user.vm* , accordingly add the* label.user.vm=User VM *to resource file *client/WEB-INF/classes/resources/messages.properties.* After restart mgmt service, the alert panel still shows* vlan *type. My question is did i miss something in configuration locallization? Thanks, Yitao
Review Request 16456: prepended the description of storage.overprovisioning.factor with NFS only as this feature works only with NFS
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/16456/ --- Review request for cloudstack, Abhinandan Prateek and Jayapal Reddy. Repository: cloudstack-git Description --- prepended the description of storage.overprovisioning.factor with NFS only as this feature works only with NFS Diffs - engine/components-api/src/com/cloud/capacity/CapacityManager.java 0cda826 setup/db/db/schema-421to430.sql 574f510 Diff: https://reviews.apache.org/r/16456/diff/ Testing --- manually tested Thanks, Rajani Karuturi
Re: Review Request 16456: prepended the description of storage.overprovisioning.factor with NFS only as this feature works only with NFS
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/16456/#review30853 --- Rajani, storage.overprovisioning.factor works for VMFS also. Please have a look at https://issues.apache.org/jira/browse/CLOUDSTACK-5061 - Saksham Srivastava On Dec. 24, 2013, 1:20 p.m., Rajani Karuturi wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/16456/ --- (Updated Dec. 24, 2013, 1:20 p.m.) Review request for cloudstack, Abhinandan Prateek and Jayapal Reddy. Repository: cloudstack-git Description --- prepended the description of storage.overprovisioning.factor with NFS only as this feature works only with NFS Diffs - engine/components-api/src/com/cloud/capacity/CapacityManager.java 0cda826 setup/db/db/schema-421to430.sql 574f510 Diff: https://reviews.apache.org/r/16456/diff/ Testing --- manually tested Thanks, Rajani Karuturi
RE: TLSv1 vs TLS vs SSL use throughout CS
If all of the servers and clients support the latest TLS version (1.2) then that is the preferred option. If not, perhaps we could configure fallback behavior with a list of acceptable SSL/TLS versions? So, if the admin lists TLS 1.2 and TLS 1.1 as acceptable then 1.2 would be tried first and then 1.1; if the last one failed then the connection would fail. How about that? The SSLContext.getInstance() method also takes a parameter for the security provider and in one case below someone has named a specific one - SunJSSE. It might be good to allow an admin to configure the provider as well so that providers with other characteristics (FIPS, etc.) could be easily chosen. -Original Message- From: Chiradeep Vittal [mailto:chiradeep.vit...@citrix.com] Sent: Monday, December 23, 2013 3:00 PM To: dev@cloudstack.apache.org Subject: Re: TLSv1 vs TLS vs SSL use throughout CS Why not set it to the highest secure protocol level always? On 12/20/13 12:56 PM, Demetrius Tsitrelis dtsitre...@live.com wrote: I was looking at the SSL code in CloudStack and noticed that there are about a dozen calls to the SSLContext.getInstance() method. Some of them use the SSL protocol while others use TLS or TLSv1. So I'm wondering if it makes sense to expose a configuration setting which specifies an organization's minimum secure protocol level and then use that in all of CloudStack. Is there a need to maintain distinct protocol configurations for each SSL/TLS connection? Here's the usage list today: plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/XenServerCon nectionPool.java:90:javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance(TLS); plugins/network-elements/nicira-nvp/src/com/cloud/network/nicira/NiciraNvp Api.java:555:SSLContext sc = SSLContext.getInstance(SSL); plugins/network-elements/palo-alto/src/com/cloud/network/utils/HttpClientW rapper.java:42:SSLContext ctx = SSLContext.getInstance(TLS); plugins/storage/volume/solidfire/src/org/apache/cloudstack/storage/datasto re/util/SolidFireUtil.java:703:SSLContext sslContext = SSLContext.getInstance(SSL); services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecur eServerFactoryImpl.java:71:sslContext = SSLContext.getInstance(TLS); services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecur eServerFactoryImpl.java:94:sslContext = SSLContext.getInstance(TLS); services/console-proxy/server/src/com/cloud/consoleproxy/util/RawHTTP.java :236:sslContext = SSLContext.getInstance(SSL, SunJSSE); services/console-proxy-rdp/rdpconsole/src/main/java/streamer/SocketWrapper .java:130:SSLContext sslContext = SSLContext.getInstance(TLSv1); utils/src/com/cloud/utils/nio/Link.java:430:sslContext = SSLContext.getInstance(TLS); utils/src/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketF actory.java:114:SSLContext context = SSLContext.getInstance(SSL); vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareClient.java:102: javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance(SSL); vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareContext.java:80: javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance(SSL);
Re: Review Request 16385: Fix for CloudStack JIRA 4406
On Dec. 23, 2013, 5:58 p.m., Nitin Mehta wrote: api/src/org/apache/cloudstack/api/BaseCmd.java, line 415 https://reviews.apache.org/r/16385/diff/1/?file=400859#file400859line415 Can you please create names which are more intuitive such as cmdRequestContainsSensitiveInfo and also better names for getters and setters ? Mandar Barve wrote: Nitin, I wanted to keep names short at the same time convey adequate meaning hence I chose those names. But I see your point, I could create following names. Here the thought is to have intuitive names plus try to follow getter/setter existing naming convention. Let me know if you have concerns. Member variables can be named as: responseHasSensitiveInfo requestHasSensitiveInfo The getter/setters can be named as: getRequestHasSensitiveInfo setRequestHasSensitiveInfo getResponseHasSensitiveInfo setResponseHasSensitiveInfo Thanks, Mandar Good enough.. On Dec. 23, 2013, 5:58 p.m., Nitin Mehta wrote: api/src/org/apache/cloudstack/api/BaseListTemplateOrIsoPermissionsCmd.java, line 53 https://reviews.apache.org/r/16385/diff/1/?file=400860#file400860line53 You shouldn't have to override for every cmd. By default its false and the cmds having sensitive information can have methods returning true. Also they do not need to be set in execute. This is static information, doesn't change per command so why this needs to be set ? Mandar Barve wrote: Nitin, You are right. This was discussed in the earlier discussion thread. You should really have to modify only commands that carry sensitive information. The problem with that approach as stated earlier is API developer can forget to declare command/response sensitivity by implementing a method that sets the flags, returns true etc. The wrapper abstract method was introduced essentially to ensure new APIs as they get introduced will give compiler error if this wrapper is not implemented enforcing the developer to declare such sensitivity upfront. Hope that addresses your concern. Thanks, Mandar Thanks Mandar. I see your point and was thinking on the same lines as well. I appreciate your thinking for future API devs. But I have the following concerns 1. I probably think that this information should be static for the Cmd class and doesnt have to be set on every execute invocation 2. For few commands having sensitive information we are writing boilerplate code in all the api's, this is not en elegant way of enforcing every API developer to look into this. I would rather want this to be dealt through an annotation (if it doesnt exist lets create one in the public @interface APICommand and keep the default value to true that it contains sensitive information) - Nitin --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/16385/#review30828 --- On Dec. 23, 2013, 6:13 p.m., Mandar Barve wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/16385/ --- (Updated Dec. 23, 2013, 6:13 p.m.) Review request for cloudstack and daan Hoogland. Bugs: CLOUDSTACK-4406 https://issues.apache.org/jira/browse/CLOUDSTACK-4406 Repository: cloudstack-git Description --- JIRA 4406 expects removal of cleanString() call for performance improvements. This is called when building audit trail for command responses and used for removing sensitive data (passwords, secret keys) from the log buffer. All the API responses do not carry such sensitive information so pattern matching done by cleanString against all API response strings can be costly. I propose following for a solution: * Modify BaseCmd class to add flags that will store cmd/response sensitivity * At init these flags will be set to false indicating no cmd req/resp carries sensitive data * any child api cmd class that will carry sensitive data in the req/resp should set the respective flags * before calling any logging function the flag should be checked and cleanString should be called only for cmds with flags set Pro: This approach will scale well as new cmds get added and no additional changes should be required. Con: Big change upfront as it will touch all API cmd classes that carry sensitive information along with BaseCmd class. NOTE: changes should be simple and straightforward though spread across multiple classes. Diffs - api/src/com/cloud/api/commands/ListRecurringSnapshotScheduleCmd.java d34c09c api/src/org/apache/cloudstack/api/BaseCmd.java 0cfb950
Increase max number of VMs in a host?
Hi, I am not able to add a new VM instance through CloudStack because the number of VMs in my KVM hypervisor hosts have reached 50. Is there a way to increase the limit? I can't seem to find it on the Global Settings. === 2013-12-25 06:02:20,995 DEBUG [cloud.capacity.CapacityManagerImpl] (Job-Executor-77:job-6222 = [ fb1c8047-8de6-4144-a970-34381ae48911 ] FirstFitRoutingAllocator) Host name: hv-kvm-01, hostId: 34 already reached max Running VMs(count includes system VMs), limit is: 50,Running VM counts is: 50 2013-12-25 06:02:20,995 DEBUG [cloud.capacity.CapacityManagerImpl] (Job-Executor-75:job-6221 = [ 814d494b-d4fc-459b-8ceb-5acd51326bd9 ] FirstFitRoutingAllocator) Host name: hv-kvm-02, hostId: 37 already reached max Running VMs(count includes system VMs), limit is: 50,Running VM counts is: 50 === Looking forward to your reply, thank you. Cheers.
Re: Review Request 16337: [CLOUDSTACK-5526] Fix LibvirtDomainXMLParser error when diskCacheMode is empty string
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/16337/ --- (Updated Dec. 25, 2013, 1:47 a.m.) Review request for cloudstack, Wei Zhou and Wido den Hollander. Bugs: CLOUDSTACK-5526 https://issues.apache.org/jira/browse/CLOUDSTACK-5526 Repository: cloudstack-git Description --- When using LibvirtDomainXMLParser parser xml from Domain. The attribute diskCacheMode not always have value , and will be empty string String diskCacheMode = getAttrValue(driver, cache, disk); when the code go to here valueOf } else if (type.equalsIgnoreCase(block)) { def.defBlockBasedDisk(diskDev, diskLabel, DiskDef.diskBus.valueOf(bus.toUpperCase())); def.setCacheMode(DiskDef.diskCacheMode.valueOf(diskCacheMode)); } There will be cause IllegalArgumentException at at java.lang.Enum.valueOf(Enum.java:196) I suggest we may check if diskCacheMode is empty string , such as if (diskCacheMode == null || diskCacheMode.isEmpty()) { def.setCacheMode(DiskDef.diskCacheMode.NONE); } else { def.setCacheMode(DiskDef.diskCacheMode.valueOf(diskCacheMode)); } Diffs - plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtDomainXMLParser.java 127f648 Diff: https://reviews.apache.org/r/16337/diff/ Testing --- Thanks, Howie YU
Re: Issue in accessing Windows and Linux VM
Hi, I do not know much about windows, but your linux issue is pretty simple, you just need to ensure you have ssh installed, thanks. On Mon, Dec 23, 2013 at 6:43 PM, Daan Hoogland daan.hoogl...@gmail.comwrote: Jitendra, I am not sure what you expect as an answer but it seems to me you want to configure those machines in the console and then create shapshots and then new templates from those. Correct? Otherwise I don't see how these are cloudstack questions, regards On Mon, Dec 9, 2013 at 8:48 PM, jitendra shelar jitendra.shelar...@gmail.com wrote: Hi All, Can someone please tell me how to add drivers to the windows VM created from windows ISO? Also please tell me how to configure this windows VM to make it accessible via RDP. And what all changes I need to make on linux vm to make it accessible via putty? Thanks in advance. Regards, Jitendra -- Skype: Frankie.Onuonga twitter: Frankieonuonga irc #freenode: Frankie.onuonga
RE: Increase max number of VMs in a host?
Hi Indra, You need to call the updateHypervisorCapabilities API and set the 'maxguestslimit' to a new value for the KVM hypervisor. The listHypervisorCapabilities API will let you know the necessary ID of the capability to be updated. Prachi -Original Message- From: Indra Pramana [mailto:in...@sg.or.id] Sent: Tuesday, December 24, 2013 5:48 PM To: us...@cloudstack.apache.org; dev@cloudstack.apache.org Subject: Increase max number of VMs in a host? Hi, I am not able to add a new VM instance through CloudStack because the number of VMs in my KVM hypervisor hosts have reached 50. Is there a way to increase the limit? I can't seem to find it on the Global Settings. === 2013-12-25 06:02:20,995 DEBUG [cloud.capacity.CapacityManagerImpl] (Job-Executor-77:job-6222 = [ fb1c8047-8de6-4144-a970-34381ae48911 ] FirstFitRoutingAllocator) Host name: hv-kvm-01, hostId: 34 already reached max Running VMs(count includes system VMs), limit is: 50,Running VM counts is: 50 2013-12-25 06:02:20,995 DEBUG [cloud.capacity.CapacityManagerImpl] (Job-Executor-75:job-6221 = [ 814d494b-d4fc-459b-8ceb-5acd51326bd9 ] FirstFitRoutingAllocator) Host name: hv-kvm-02, hostId: 37 already reached max Running VMs(count includes system VMs), limit is: 50,Running VM counts is: 50 === Looking forward to your reply, thank you. Cheers.