[GitHub] cloudstack pull request #1742: CLOUDSTACK-9544: Check access on account tryi...

2016-10-27 Thread rhtyd 
GitHub user rhtyd reopened a pull request:

https://github.com/apache/cloudstack/pull/1742

CLOUDSTACK-9544: Check access on account trying to generate user API keys

This is to merge Marc's fix on 4.8+ branches.

Tests run:
$ nosetests --with-xunit --xunit-file=test-results.xml --with-marvin 
--marvin-config=../marvin-cfgs/adv-kvm.cfg  -s -a tags=role 
--zone=Sandbox-simulator --hypervisor=Simulator  
test/integration/component/test_accounts.py

 Marvin Init Started 

=== Marvin Parse Config Successful ===

=== Marvin Setting TestData Successful===

 Log Folder Path: /tmp//MarvinLogs//Oct_27_2016_22_44_32_GVC833. All 
logs will be available here 

=== Marvin Init Logging Successful===

 Marvin Init Successful 
=== TestName: test_user_cannot_renew_other_keys | Status : SUCCESS ===

=== TestName: test_user_key_renew_same_account | Status : SUCCESS ===

=== TestName: test_updateAdminDetails | Status : SUCCESS ===

=== TestName: test_updateDomainAdminDetails | Status : SUCCESS ===

=== TestName: test_updateUserDetails | Status : SUCCESS ===

===final results are now copied to: /tmp//MarvinLogs/test_accounts_90CDC2===


You can merge this pull request into a Git repository by running:

$ git pull https://github.com/shapeblue/cloudstack cve-2016-6813

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cloudstack/pull/1742.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #1742


commit 158497d68a92ab1e1f864a77371ea1de5c4dc5bb
Author: Marc-Aurèle Brothier 
Date:   2016-10-18T13:33:38Z

CLOUDSTACK-9544: Check access on account trying to generate user API keys

This fixes CVE-2016-6813

Signed-off-by: Marc-Aurèle Brothier 
Signed-off-by: Rohit Yadav 




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request #1742: CLOUDSTACK-9544: Check access on account tryi...

2016-10-27 Thread rhtyd 
Github user rhtyd closed the pull request at:

https://github.com/apache/cloudstack/pull/1742


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1638: CLOUDSTACK-9456: Migrate master to Spring 4.x

2016-10-27 Thread blueorangutan 
Github user blueorangutan commented on the issue:

https://github.com/apache/cloudstack/pull/1638
  
@rhtyd a Jenkins job has been kicked to build packages. I'll keep you 
posted as I make progress.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1638: CLOUDSTACK-9456: Migrate master to Spring 4.x

2016-10-27 Thread rhtyd 
Github user rhtyd commented on the issue:

https://github.com/apache/cloudstack/pull/1638
  
@blueorangutan package


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Re: Disable open inactive plugins: Contrail plugin

2016-10-27 Thread Rohit Yadav 
Venkata,


Fair enough, in that case let's work towards fixing the build issue.


Do we have anybody from Juniper or have contacts with people at Juniper who can 
help us with following:


- Publish and host the dependency artifacts at a reliable maven repository


- Refactor and switch the plugin from using snapshots repo to releases 
repository (see https://github.com/Juniper/contrail-maven)


- Build/publish a compatible library so the plugin can be built against JDK8


Regards.


From: Venkata Yedugundla 
Sent: 28 October 2016 11:13:49
To: dev@cloudstack.apache.org
Cc: Rohit Yadav; us...@cloudstack.apache.org
Subject: Re: Disable open inactive plugins: Contrail plugin

I second this. I am aware of the customers who are actively using this. In 
fact, I have a PR to be merged in this area. Rather, we need to fix the build 
failures

https://github.com/apache/cloudstack/pull/1715

Thanks,
Subhash


rohit.ya...@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue
  
 

On Oct 27, 2016, at 10:50 PM, Will Stevens 
> wrote:

Just because recent builds are failing does not really mean that no one is
using it.  In my experience working with different companies who have ACS
in production, a lot of them are using much older versions of ACS (4.4 for
example).  Only a subset of companies keep their ACS install "close" to
master and they are likely 2 or 3 versions behind master as well.

I would suggest we wait a bit to see if anyone from the users@ list pops up.

I think we can probably disable Midonet. I think Contrail is more likely to
have active users on previous versions.



I would be in favor. I think that nobody uses them since all recent builds
are failing, right?

Your proposal seems good to me.

Wido


Regards.

rohit.ya...@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue






DISCLAIMER == This e-mail may contain privileged and confidential 
information which is the property of Accelerite, a Persistent Systems business. 
It is intended only for the use of the individual or entity to which it is 
addressed. If you are not the intended recipient, you are not authorized to 
read, retain, copy, print, distribute or use this message. If you have received 
this communication in error, please notify the sender and delete all copies of 
this message. Accelerite, a Persistent Systems business does not accept any 
liability for virus infected mails.

Re: Disable open inactive plugins: Contrail plugin

2016-10-27 Thread Venkata Yedugundla 
I second this. I am aware of the customers who are actively using this. In 
fact, I have a PR to be merged in this area. Rather, we need to fix the build 
failures

https://github.com/apache/cloudstack/pull/1715

Thanks,
Subhash

On Oct 27, 2016, at 10:50 PM, Will Stevens 
> wrote:

Just because recent builds are failing does not really mean that no one is
using it.  In my experience working with different companies who have ACS
in production, a lot of them are using much older versions of ACS (4.4 for
example).  Only a subset of companies keep their ACS install "close" to
master and they are likely 2 or 3 versions behind master as well.

I would suggest we wait a bit to see if anyone from the users@ list pops up.

I think we can probably disable Midonet. I think Contrail is more likely to
have active users on previous versions.



I would be in favor. I think that nobody uses them since all recent builds
are failing, right?

Your proposal seems good to me.

Wido


Regards.

rohit.ya...@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue








DISCLAIMER
==
This e-mail may contain privileged and confidential information which is the 
property of Accelerite, a Persistent Systems business. It is intended only for 
the use of the individual or entity to which it is addressed. If you are not 
the intended recipient, you are not authorized to read, retain, copy, print, 
distribute or use this message. If you have received this communication in 
error, please notify the sender and delete all copies of this message. 
Accelerite, a Persistent Systems business does not accept any liability for 
virus infected mails.

Re: Disable open inactive plugins: Contrail plugin

2016-10-27 Thread Rohit Yadav 
Will, you make a fair point and we should not be removing plugins just because 
they fail to build but that's NOT what I've said.


Let me break down my arguments:


- The only obligation project has is towards any CloudStack users who may be 
using these plugins, but given the state of the plugin it's highly unlikely 
that they are in production use. The purpose of this thread is to investigate 
and ask if there are any such users, so far I'm not hearing anything from any 
of those users.


- If the vendors who had initially contributed the plugins are not maintaining 
them or are not responsive, the project should not be obligated towards 
maintaining a broken component that does not even build, and project should in 
that case work towards a plan to deprecate such plugins over time.


- The first thing I'm proposing here is to comment those plugins in 
'plugins/pom.xml' to exclude them in the default build process. The next steps 
could be to discuss deprecating and removing them from the codebase over time, 
this is open for discussion and should be discussed separately.


- The specific plugin (contrail) also fails to build against JDK8 that adds a 
roadblock to our plan to migrate to JDK8 in future.


- Background: I checked with few people including original 
authors/contributors, the story I'm told is that several of the network plugins 
were created as a proof-of-concept or go-to-market tools, and did not take off 
or got attention from their vendors as they failed to achieve specific business 
goals. Given CloudStack has been user-driven (than vendor-driven) it is fair to 
conclude that several of the plugins are not maintained most-likely because 
nobody is using them.


Regards.


From: williamstev...@gmail.com  on behalf of Will 
Stevens 
Sent: 27 October 2016 22:50:19
To: dev@cloudstack.apache.org
Cc: Rohit Yadav; us...@cloudstack.apache.org
Subject: Re: Disable open inactive plugins: Contrail plugin

Just because recent builds are failing does not really mean that no one is 
using it.  In my experience working with different companies who have ACS in 
production, a lot of them are using much older versions of ACS (4.4 for 
example).  Only a subset of companies keep their ACS install "close" to master 
and they are likely 2 or 3 versions behind master as well.

I would suggest we wait a bit to see if anyone from the users@ list pops up.

I think we can probably disable Midonet. I think Contrail is more likely to 
have active users on previous versions.



I would be in favor. I think that nobody uses them since all recent builds are 
failing, right?

Your proposal seems good to me.

Wido

>
> Regards.
>
> rohit.ya...@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> @shapeblue
>
>
>


rohit.ya...@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue

[GitHub] cloudstack issue #1716: CLOUDSTACK-9555 when a template is deleted and then ...

2016-10-27 Thread cloudmonger 
Github user cloudmonger commented on the issue:

https://github.com/apache/cloudstack/pull/1716
  
### ACS CI BVT Run
 **Sumarry:**
 Build Number 129
 Hypervisor xenserver
 NetworkType Advanced
 Passed=103
 Failed=2
 Skipped=6

_Link to logs Folder (search by build_no):_ 
https://www.dropbox.com/sh/yj3wnzbceo9uef2/AAB6u-Iap-xztdm6jHX9SjPja?dl=0


**Failed tests:**
* test_deploy_vm_iso.py

 * test_deploy_vm_from_iso Failing since 14 runs

* test_vm_life_cycle.py

 * test_10_attachAndDetach_iso Failing since 15 runs


**Skipped tests:**
test_01_test_vm_volume_snapshot
test_vm_nic_adapter_vmxnet3
test_static_role_account_acls
test_11_ss_nfs_version_on_ssvm
test_3d_gpu_support
test_deploy_vgpu_enabled_vm

**Passed test suits:**
test_deploy_vm_with_userdata.py
test_affinity_groups_projects.py
test_portable_publicip.py
test_over_provisioning.py
test_global_settings.py
test_scale_vm.py
test_service_offerings.py
test_routers_iptables_default_policy.py
test_loadbalance.py
test_routers.py
test_reset_vm_on_reboot.py
test_snapshots.py
test_deploy_vms_with_varied_deploymentplanners.py
test_network.py
test_router_dns.py
test_non_contigiousvlan.py
test_login.py
test_list_ids_parameter.py
test_public_ip_range.py
test_multipleips_per_nic.py
test_regions.py
test_affinity_groups.py
test_network_acl.py
test_pvlan.py
test_volumes.py
test_nic.py
test_deploy_vm_root_resize.py
test_resource_detail.py
test_secondary_storage.py
test_routers_network_ops.py
test_disk_offerings.py


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1716: CLOUDSTACK-9555 when a template is deleted and then ...

2016-10-27 Thread cloudmonger 
Github user cloudmonger commented on the issue:

https://github.com/apache/cloudstack/pull/1716
  
### ACS CI BVT Run
 **Sumarry:**
 Build Number 128
 Hypervisor xenserver
 NetworkType Advanced
 Passed=103
 Failed=2
 Skipped=6

_Link to logs Folder (search by build_no):_ 
https://www.dropbox.com/sh/yj3wnzbceo9uef2/AAB6u-Iap-xztdm6jHX9SjPja?dl=0


**Failed tests:**
* test_deploy_vm_iso.py

 * test_deploy_vm_from_iso Failing since 13 runs

* test_vm_life_cycle.py

 * test_10_attachAndDetach_iso Failing since 14 runs


**Skipped tests:**
test_01_test_vm_volume_snapshot
test_vm_nic_adapter_vmxnet3
test_static_role_account_acls
test_11_ss_nfs_version_on_ssvm
test_3d_gpu_support
test_deploy_vgpu_enabled_vm

**Passed test suits:**
test_deploy_vm_with_userdata.py
test_affinity_groups_projects.py
test_portable_publicip.py
test_over_provisioning.py
test_global_settings.py
test_scale_vm.py
test_service_offerings.py
test_routers_iptables_default_policy.py
test_loadbalance.py
test_routers.py
test_reset_vm_on_reboot.py
test_snapshots.py
test_deploy_vms_with_varied_deploymentplanners.py
test_network.py
test_router_dns.py
test_non_contigiousvlan.py
test_login.py
test_list_ids_parameter.py
test_public_ip_range.py
test_multipleips_per_nic.py
test_regions.py
test_affinity_groups.py
test_network_acl.py
test_pvlan.py
test_volumes.py
test_nic.py
test_deploy_vm_root_resize.py
test_resource_detail.py
test_secondary_storage.py
test_routers_network_ops.py
test_disk_offerings.py


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Re: Disable open inactive plugins: Contrail plugin

2016-10-27 Thread Will Stevens 
Just because recent builds are failing does not really mean that no one is
using it.  In my experience working with different companies who have ACS
in production, a lot of them are using much older versions of ACS (4.4 for
example).  Only a subset of companies keep their ACS install "close" to
master and they are likely 2 or 3 versions behind master as well.

I would suggest we wait a bit to see if anyone from the users@ list pops up.

I think we can probably disable Midonet. I think Contrail is more likely to
have active users on previous versions.



> I would be in favor. I think that nobody uses them since all recent builds
> are failing, right?
>
> Your proposal seems good to me.
>
> Wido
>
> >
> > Regards.
> >
> > rohit.ya...@shapeblue.com
> > www.shapeblue.com
> > 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> > @shapeblue
> >
> >
> >
>

[GitHub] cloudstack pull request #1742: CLOUDSTACK-9544: Check access on account tryi...

2016-10-27 Thread rhtyd 
GitHub user rhtyd opened a pull request:

https://github.com/apache/cloudstack/pull/1742

CLOUDSTACK-9544: Check access on account trying to generate user API keys

This is to merge Marc's fix on 4.8+ branches.

Tests run:
$ nosetests --with-xunit --xunit-file=test-results.xml --with-marvin 
--marvin-config=../marvin-cfgs/adv-kvm.cfg  -s -a tags=role 
--zone=Sandbox-simulator --hypervisor=Simulator  
test/integration/component/test_accounts.py

 Marvin Init Started 

=== Marvin Parse Config Successful ===

=== Marvin Setting TestData Successful===

 Log Folder Path: /tmp//MarvinLogs//Oct_27_2016_22_44_32_GVC833. All 
logs will be available here 

=== Marvin Init Logging Successful===

 Marvin Init Successful 
=== TestName: test_user_cannot_renew_other_keys | Status : SUCCESS ===

=== TestName: test_user_key_renew_same_account | Status : SUCCESS ===

=== TestName: test_updateAdminDetails | Status : SUCCESS ===

=== TestName: test_updateDomainAdminDetails | Status : SUCCESS ===

=== TestName: test_updateUserDetails | Status : SUCCESS ===

===final results are now copied to: /tmp//MarvinLogs/test_accounts_90CDC2===


You can merge this pull request into a Git repository by running:

$ git pull https://github.com/shapeblue/cloudstack cve-2016-6813

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cloudstack/pull/1742.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #1742


commit 158497d68a92ab1e1f864a77371ea1de5c4dc5bb
Author: Marc-Aurèle Brothier 
Date:   2016-10-18T13:33:38Z

CLOUDSTACK-9544: Check access on account trying to generate user API keys

This fixes CVE-2016-6813

Signed-off-by: Marc-Aurèle Brothier 
Signed-off-by: Rohit Yadav 




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2016-10-27 Thread swill 
Github user swill commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
@rhtyd & @jburwell this PR requires a new System VM template to function.  
I have a XenServer test environment which I have been using where I deploy RPMs 
and the System VM which I build with Jenkins for this PR.  My current test 
setup is not implemented in Marvin, but instead uses my  
[`csapi`](https://github.com/swill/csapi) library.  Is there a way to run 
Marvin tests against an ACS environment which is installed using RPMs?  I would 
probably have to create a Marvin config file to match the existing 
configuration, but can this be done?

The current status of this PR is:

**`Remote Access VPN` seems to be working for our tests so far.**  
- _Mac_ : Working without the need for any modifications.
- _Windows_ : Working, but requires [a change to the 
registry](https://support.microsoft.com/en-us/kb/926179) to set 
`AssumeUDPEncapsulationContextOnSendRule = 2`.
- _Ubuntu_ : Untested so far...

**`Site-to-Site VPN` seems to be working quite well so far.**
- A `Diffie-Hellman` group is currently **required** in order for a 
connection to be established.

How do you guys recommend we get this PR through the official testing and 
validation process?  I should be able to setup a modified Bubble environment 
that uses my System VM in order to do the current Marvin tests against KVM.  
Can BlueO test PRs that require a new System VM?

Cheers...


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1716: CLOUDSTACK-9555 when a template is deleted and then ...

2016-10-27 Thread cloudmonger 
Github user cloudmonger commented on the issue:

https://github.com/apache/cloudstack/pull/1716
  
### ACS CI BVT Run
 **Sumarry:**
 Build Number 127
 Hypervisor xenserver
 NetworkType Advanced
 Passed=102
 Failed=3
 Skipped=6

_Link to logs Folder (search by build_no):_ 
https://www.dropbox.com/sh/yj3wnzbceo9uef2/AAB6u-Iap-xztdm6jHX9SjPja?dl=0


**Failed tests:**
* test_non_contigiousvlan.py

 * test_extendPhysicalNetworkVlan Failed

* test_deploy_vm_iso.py

 * test_deploy_vm_from_iso Failing since 12 runs

* test_vm_life_cycle.py

 * test_10_attachAndDetach_iso Failing since 13 runs


**Skipped tests:**
test_01_test_vm_volume_snapshot
test_vm_nic_adapter_vmxnet3
test_static_role_account_acls
test_11_ss_nfs_version_on_ssvm
test_3d_gpu_support
test_deploy_vgpu_enabled_vm

**Passed test suits:**
test_deploy_vm_with_userdata.py
test_affinity_groups_projects.py
test_portable_publicip.py
test_over_provisioning.py
test_global_settings.py
test_scale_vm.py
test_service_offerings.py
test_routers_iptables_default_policy.py
test_loadbalance.py
test_routers.py
test_reset_vm_on_reboot.py
test_snapshots.py
test_deploy_vms_with_varied_deploymentplanners.py
test_network.py
test_router_dns.py
test_login.py
test_list_ids_parameter.py
test_public_ip_range.py
test_multipleips_per_nic.py
test_regions.py
test_affinity_groups.py
test_network_acl.py
test_pvlan.py
test_volumes.py
test_nic.py
test_deploy_vm_root_resize.py
test_resource_detail.py
test_secondary_storage.py
test_routers_network_ops.py
test_disk_offerings.py


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Re: [ANNOUNCE] Apache CloudStack Security Releases 4.8.1.1, 4.9.0.1

2016-10-27 Thread Rohit Yadav 
All,

Since this CVE was a severe issue and there are several CloudStack 4.5.x
users who may still want a patch, I've went ahead and cherry-picked Marc's
CVE fix on top of last release 4.5.2.1 to create a community-backed 4.5.2.2
tag [1] that can be used by anyone to build packages. This was not
officially voted and I've added a note on this tag as well. The git history
may be viewed to see what exactly was changed.

[1] https://github.com/apache/cloudstack/releases/tag/4.5.2.2

Regards.

On Thu, Oct 27, 2016 at 9:37 AM, Rohit Yadav  wrote:

> # Apache CloudStack Security Releases 4.8.1.1, 4.9.0.1
>
> The Apache CloudStack project announces security releases 4.8.1.1, 4.9.0.1
> that fixes the bug causing vulnerability over previously released minor
> versions 4.8.1 and 4.9.0 respectively. As a security release, no new
> features are included but only includes the fix for CVE-2016-6813.
>
> Apache CloudStack is an integrated Infrastructure-as-a-Service (IaaS)
> software platform that allows users to build feature-rich public and
> private cloud environments. CloudStack includes an intuitive user interface
> and rich API for managing the compute, networking, software, and storage
> resources. The project became an Apache top level project in March 2013.
>
> More information about Apache CloudStack can be found at:
>
> http://cloudstack.apache.org/
>
> ## Upgrade Notes
>
> Affected users are only required to upgrade their management server(s) to
> suitable security release version. The upgrade does not require any
> database or systemvm-template related change.
>
> ## Downloads
>
> The official source code release can be downloaded from:
>
> http://cloudstack.apache.org/downloads.html
>
> In addition to the official source code release, individual contributors
> have also made convenience binaries available on the Apache CloudStack
> download page, and as follows:
>
> http://www.shapeblue.com/packages/
> http://cloudstack.apt-get.eu/ubuntu/dists/ (packages to be published soon)
> http://cloudstack.apt-get.eu/centos/6/ (packages to be published soon)
> http://cloudstack.apt-get.eu/centos/7/ (packages to be published soon)
>
> ###
>
> Regards,
> Rohit Yadav
>

[GitHub] cloudstack issue #1711: Xenserver7 Support

2016-10-27 Thread syed 
Github user syed commented on the issue:

https://github.com/apache/cloudstack/pull/1711
  
@jburwell I have reviewed all the smoke tests and I have not found at any 
place we skipping because of a version mismatch so we are good there. I still 
have to figure out why some of the tests are failing especially the ones 
related to snapshots


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

CVE-2016-6813: Apache CloudStack registerUserKeys authorization vulnerability

2016-10-27 Thread John Kinsella 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

CVE-2016-6813: Apache CloudStack registerUserKeys authorization vulnerability

CVSS v3:
9.1 (AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L)

Vendors:
The Apache Software Foundation
Accelerite, Inc

Versions affected:
CloudStack versions 4.1 and newer are affected by this issue.

Description:
Apache CloudStack contains an API call[1] designed to allow a user
to register for the developer API.  If a malicious user is able to
determine the ID of another (non-"root") CloudStack user, the
malicious user may be able to reset the API keys for the other user,
in turn accessing their account and resources.

Mitigation:
Some users may be protected from this weakness already, if they
have configured their commands.properties file to limit access to
this api call from the integration API port, instead of general API
port. This can be accomplished by setting registerUserKeys to 1.

Users of Apache CloudStack version 4.9 whom are using the dynamic
roles feature can delete the "Allow" rule for "registerUserKeys"
for each non-administrator role under the Roles/Rules section of
the user interface.

Alternately, users of Apache CloudStack should upgrade to one of
the following versions, based on which release they are currently
using: 4.8.1.1, or 4.9.0.1. These versions contain only security
updates, and no other functionality change. Full details about the
security releases can be found at [2]

Credit:
This vulnerability was reported by Marc-Aurèle Brothier from Exoscale.

1: https://cloudstack.apache.org/api/apidocs-4.8/user/registerUserKeys.html
2: https://s.apache.org/qV5l
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCgAGBQJYEg0wAAoJEOom9N0pCN7SK2kP/jnhxB4u1wUaf32N2EWVbPur
uv1CarrwkV7XDlmlmcBn2G7uitPO6hbDMf9z+ZB55d5pnc5EwMluUltWjwsa2ixm
aMkqepr1wNIKZkJkPo8dlpoEHtqzv3WiY4i18TS7kUV8cjUuWe0UHB3Tj4QSSTAF
CbuQhl3+xJ5S0aU2LV5buHrhbbPCpTBzK5p2NFP2Bq1YEjdh1vsXpeoJM1miKyb+
/gTt79SNDbTRmoy5zp2dtJ10nZFxW04gEAjGyV8JJlhDJhgQo3F9zVKbyIbGcDJ6
ZFJkl90EptO/ebePJ9LmV3uLYUMm21DzfcF/b2TwzaOmvIpVou0dSqqGBBsgiGbl
OFm/7YRTbBDS6w5tFtUXta4LWWEBr3tyirB2X+Qi5Ctqw5HJSmhL2yyiPYtKKKpx
pp3tOQw5oho/Qkm0Xt0ClpHfF+K5ndGWw7gbpwPdF+XpsCPciuM7LhhI1db67Azu
eY9O69fY4daX4QsppT+cBX1Yc47ZTwHJvVCSvUQLr7KHBuxCF62S52i92bknE06F
WsRlNZT8HzBMI82PImVLCreO0Eh7QgouWsDoadqeCGQw97FBXF3aLkSji90hLy6y
DO6ucUKqRwtGP9orhCB7fsK4SKFYCy4xwIUMPxY3SHahiruZEV/II8GrptyOWWLV
0K9uAQryK2GZ3Nmml1r4
=o0kf
-END PGP SIGNATURE-

Re: Disable open inactive plugins: Contrail plugin

2016-10-27 Thread Simon Weller 


From: Wido den Hollander 
Sent: Thursday, October 27, 2016 6:12 AM
To: Rohit Yadav; dev@cloudstack.apache.org
Cc: us...@cloudstack.apache.org
Subject: Re: Disable open inactive plugins: Contrail plugin


> Op 27 oktober 2016 om 13:00 schreef Rohit Yadav :
>
>
> All,
>
>
> The Juniper contrail plugin is failing for last few hours, this plugin has 
> not been maintained in last few years, except for codebase/architectural 
> changes no changes were made to the plugin itself in last 2 years.
>
>
> The Jenkins failure is due to the dependency not available, further the maven 
> dependency that we are using is the snapshot one and not the release one, 
> both of which is not actively maintained and has not seen any update/changes 
> in past 2+ years.
>
> [ERROR] Failed to execute goal 
> org.apache.maven.plugins:maven-remote-resources-plugin:1.3:process (default) 
> on project cloudstack: Failed to resolve dependencies for one or more 
> projects in the reactor. Reason: Unable to get dependency information for 
> org.powermock:powermock-module-junit4:jar:1.6.4: Failed to process POM for 
> org.powermock:powermock-module-junit4:jar:1.6.4: Non-resolvable parent POM 
> for org.powermock:powermock-module-junit4:[unknown-version]: Could not 
> transfer artifact org.powermock:powermock-modules:pom:1.6.4 from/to 
> juniper-contrail (http://juniper.github.io/contrail-maven/snapshots): Connect 
> to juniper.github.io:80 [juniper.github.io/151.101.16.133] failed: Connection 
> timed out
> [ERROR] org.powermock:powermock-module-junit4:jar:1.6.4
>
>
> I propose commenting the plugin out for all recent/active branches from the 
> default build profile. Please shout out now if you're using this plugin?
>
>
> Let's also discuss deprecating following network plugins with (a) commenting 
> them out from default build profiles, (b) removing them from the codebase:
>
>
> plugins/network/juniper-contrail/
>
> plugins/network/midonet/
>
>
> Please also advise any such inactive plugins that you may have identified and 
> should be deprecated.
>
>
> Comments, questions?
>

>I would be in favor. I think that nobody uses them since all recent builds are 
>failing, right?
>
>Your proposal seems good to me.
>
>Wido

AFAIK, the contrail plugin only every supported Xenserver anyway. The midonet 
plugin hasn't been usable for a very long time. We actually reached out to them 
earlier this year and they had no interest in taking our money with ACS.

- Si

>
> Regards.
>
> rohit.ya...@shapeblue.com
> www.shapeblue.com
ShapeBlue - The CloudStack Company
www.shapeblue.com
Last year we had a project which required us to build out a KVM environment 
which used shared storage. Most often



> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> @shapeblue
>
>
>

[GitHub] cloudstack issue #1729: CLOUDSTACK-9564: Fix memory leaks in VmwareContextPo...

2016-10-27 Thread blueorangutan 
Github user blueorangutan commented on the issue:

https://github.com/apache/cloudstack/pull/1729
  
Trillian test result (tid-205)
Environment: vmware-55u3 (x2), Advanced Networking with Mgmt server 6
Total time taken: 35126 seconds
Marvin logs: 
https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr1729-t205-vmware-55u3.zip
Test completed. 47 look ok, 1 have error(s)


Test | Result | Time (s) | Test File
--- | --- | --- | ---
test_01_vpc_site2site_vpn | `Error` | 507.51 | test_vpc_vpn.py
test_01_redundant_vpc_site2site_vpn | `Error` | 754.36 | test_vpc_vpn.py
test_01_vpc_remote_access_vpn | Success | 172.22 | test_vpc_vpn.py
test_02_VPC_default_routes | Success | 391.53 | test_vpc_router_nics.py
test_01_VPC_nics_after_destroy | Success | 753.80 | test_vpc_router_nics.py
test_05_rvpc_multi_tiers | Success | 724.38 | test_vpc_redundant.py
test_04_rvpc_network_garbage_collector_nics | Success | 1566.03 | 
test_vpc_redundant.py
test_03_create_redundant_VPC_1tier_2VMs_2IPs_2PF_ACL_reboot_routers | 
Success | 741.15 | test_vpc_redundant.py
test_02_redundant_VPC_default_routes | Success | 687.36 | 
test_vpc_redundant.py
test_01_create_redundant_VPC_2tiers_4VMs_4IPs_4PF_ACL | Success | 1410.84 | 
test_vpc_redundant.py
test_09_delete_detached_volume | Success | 25.88 | test_volumes.py
test_06_download_detached_volume | Success | 65.74 | test_volumes.py
test_05_detach_volume | Success | 100.47 | test_volumes.py
test_04_delete_attached_volume | Success | 10.24 | test_volumes.py
test_03_download_attached_volume | Success | 20.42 | test_volumes.py
test_02_attach_volume | Success | 53.92 | test_volumes.py
test_01_create_volume | Success | 507.93 | test_volumes.py
test_03_delete_vm_snapshots | Success | 280.30 | test_vm_snapshots.py
test_02_revert_vm_snapshots | Success | 229.35 | test_vm_snapshots.py
test_01_test_vm_volume_snapshot | Success | 187.43 | test_vm_snapshots.py
test_01_create_vm_snapshots | Success | 161.76 | test_vm_snapshots.py
test_deploy_vm_multiple | Success | 223.80 | test_vm_life_cycle.py
test_deploy_vm | Success | 0.03 | test_vm_life_cycle.py
test_advZoneVirtualRouter | Success | 0.02 | test_vm_life_cycle.py
test_10_attachAndDetach_iso | Success | 27.09 | test_vm_life_cycle.py
test_09_expunge_vm | Success | 125.27 | test_vm_life_cycle.py
test_08_migrate_vm | Success | 81.46 | test_vm_life_cycle.py
test_07_restore_vm | Success | 0.14 | test_vm_life_cycle.py
test_06_destroy_vm | Success | 10.20 | test_vm_life_cycle.py
test_03_reboot_vm | Success | 5.17 | test_vm_life_cycle.py
test_02_start_vm | Success | 20.27 | test_vm_life_cycle.py
test_01_stop_vm | Success | 10.17 | test_vm_life_cycle.py
test_CreateTemplateWithDuplicateName | Success | 241.99 | test_templates.py
test_08_list_system_templates | Success | 0.05 | test_templates.py
test_07_list_public_templates | Success | 0.05 | test_templates.py
test_05_template_permissions | Success | 0.07 | test_templates.py
test_04_extract_template | Success | 15.24 | test_templates.py
test_03_delete_template | Success | 5.13 | test_templates.py
test_02_edit_template | Success | 90.15 | test_templates.py
test_01_create_template | Success | 121.10 | test_templates.py
test_10_destroy_cpvm | Success | 267.28 | test_ssvm.py
test_09_destroy_ssvm | Success | 264.24 | test_ssvm.py
test_08_reboot_cpvm | Success | 156.79 | test_ssvm.py
test_07_reboot_ssvm | Success | 158.86 | test_ssvm.py
test_06_stop_cpvm | Success | 182.11 | test_ssvm.py
test_05_stop_ssvm | Success | 209.18 | test_ssvm.py
test_04_cpvm_internals | Success | 1.36 | test_ssvm.py
test_03_ssvm_internals | Success | 3.69 | test_ssvm.py
test_02_list_cpvm_vm | Success | 0.13 | test_ssvm.py
test_01_list_sec_storage_vm | Success | 0.18 | test_ssvm.py
test_01_snapshot_root_disk | Success | 26.50 | test_snapshots.py
test_04_change_offering_small | Success | 92.52 | test_service_offerings.py
test_03_delete_service_offering | Success | 0.05 | test_service_offerings.py
test_02_edit_service_offering | Success | 0.10 | test_service_offerings.py
test_01_create_service_offering | Success | 0.15 | test_service_offerings.py
test_02_sys_template_ready | Success | 0.14 | test_secondary_storage.py
test_01_sys_vm_start | Success | 0.19 | test_secondary_storage.py
test_09_reboot_router | Success | 131.02 | test_routers.py
test_08_start_router | Success | 141.12 | test_routers.py
test_07_stop_router | Success | 25.28 | test_routers.py
test_06_router_advanced | Success | 0.06 | test_routers.py
test_05_router_basic | Success | 0.05 | test_routers.py
test_04_restart_network_wo_cleanup | Success | 5.76 | test_routers.py
test_03_restart_network_cleanup | Success | 141.19 | test_routers.py
test_02_router_internal_adv |

[GitHub] cloudstack issue #872: Strongswan vpn feature

2016-10-27 Thread swill 
Github user swill commented on the issue:

https://github.com/apache/cloudstack/pull/872
  
I am not able to merge my changes with @jayapalu's branch, so I have 
created a new PR #1741 which includes everything from this PR as well as all 
the changes I had to make to get both Remote Access VPN and Site-to-Site VPN 
working.  I will be moving all my testing and such for this feature to PR #1741.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request #1741: Updated StrongSwanVPN Implementation

2016-10-27 Thread swill 
GitHub user swill opened a pull request:

https://github.com/apache/cloudstack/pull/1741

Updated StrongSwanVPN Implementation

This PR is a merge of @jayapalu changes in #872 and the changes I had to 
make to get the functionality working.

I have done pretty extensive testing of this code so far and we are looking 
to be in pretty good shape.  One thing to note is that a `Diffie-Hellman` group 
**is required** in order for this feature to work correctly.  It is not 
highlighted in the tests below, but I have shown that the `PFS` is not required 
for this feature to work.  In #872 I have shown a more exhaustive set of tests 
of this code, but I have limited this set of tests to a recommended `IKE` and 
`ESP` configuration in order to reduce the noise and test the other areas of 
functionality.

**Test Results**
I am testing this functionality by creating two VPCs with VMs in each and 
creating a S2S VPN connection between the two VPCs. Then I SSH into a VM in one 
VPC and I ping the private IP of a VM in the other VPC. Then I tear it down and 
try a different configuration.

_Setup_
```
VPC 1  VPC 2   
=  =   
VPN GatewayVPN Gateway 
VPN Customer Gateway   VPN Customer Gateway
VPN Connection<--->VPN Connection
 - Passive = True   - Passive = False
```

_Legend_
`SKIP` => At least one of the VPN Connections did not come up, so no test 
was run.
`OK` => The ping test was successful over the S2S VPN connection.
`FAIL` => The ping test failed over the S2S VPN connection.

`Passive` => Specifies if either the ` : ` sides of the VPN 
Connection is set to passive.
`Conn State` => Specifies the connection status of the ` : ` 
VPN Connection in the UI.
`Requires Reset` => If the ping test does not result in an `OK`, then a VPN 
Connection Reset is performed on either ` : ` sides of the VPN 
Connection based on which side is not showing `Connected`.  The results in the 
`Status` column is the final result after the reset is performed.

_Results_
```

++--+---+---+--+--+---+-++
| Status | IKE & ESP| DPD   | Encap | IKE Life | ESP Life | 
Passive   | Conn State  | Requires Reset |

++==+===+===+==+==+===+=++
| OK | aes128-sha1;modp1536 | True  | False | 86400| 3600 | 
True : False  | Disconnected : Connected| False : False  |

++--+---+---+--+--+---+-++
| OK | aes128-sha1;modp1536 | False | False | 86400| 3600 | 
True : False  | Disconnected : Connected| False : False  |

++--+---+---+--+--+---+-++
| OK | aes128-sha1;modp1536 | True  | True  | 86400| 3600 | 
True : False  | Disconnected : Connected| False : False  |

++--+---+---+--+--+---+-++
| OK | aes128-sha1;modp1536 | True  | False |  | 3600 | 
True : False  | Disconnected : Connected| False : False  |

++--+---+---+--+--+---+-++
| OK | aes128-sha1;modp1536 | True  | False | 86400|  | 
True : False  | Disconnected : Connected| False : False  |

++--+---+---+--+--+---+-++
| OK | aes128-sha1;modp1536 | True  | False |  |  | 
True : False  | Disconnected : Connected| False : False  |

++--+---+---+--+--+---+-++
| OK | aes128-sha1;modp1536 | True  | False | 86400| 3600 | 
False : False | Connected : Connected   | False : False  |

++--+---+---+--+--+---+-++
| OK | aes128-sha1;modp1536 | True  | False | 86400| 3600 | 
True : True   | Disconnected : Disconnected | False : False  |

++--+---+---+--+--+---+-++
| SKIP   | aes128-sha1  | True  | False | 86400| 3600 | 
True : False  |

[GitHub] cloudstack issue #872: Strongswan vpn feature

2016-10-27 Thread swill 
Github user swill commented on the issue:

https://github.com/apache/cloudstack/pull/872
  
@jayapalu I need to get all my changes merged into this PR though. This PR 
has bugs as it is. I will open a new PR with a merge of your changes and my 
changes today. 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #872: Strongswan vpn feature

2016-10-27 Thread jayapalu 
Github user jayapalu commented on the issue:

https://github.com/apache/cloudstack/pull/872
  
@swill  We will try to wrap up this PR by next week. I will also try to 
post the test results then we will push the changes after LGTMs.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request #1740: CLOUDSTACK-9572 Snapshot on primary storage n...

2016-10-27 Thread yvsubhash 
GitHub user yvsubhash opened a pull request:

https://github.com/apache/cloudstack/pull/1740

CLOUDSTACK-9572 Snapshot on primary storage not cleaned up after Stor…

Snapshot on primary storage not cleaned up after Storage migration. This 
happens in the following two scenarios
Live Migration Case

1. Create an instance on the local storage on any host
2. Create a scheduled snapshot of the volume:
3. Wait until ACS created the snapshot. ACS is creating a snapshot on local 
storage and is transferring this snapshot to secondary storage. But the latest 
snapshot on local storage will stay there. This is as expected.
4. Migrate the instance to another XenServer host with ACS UI and Storage 
Live Migration
5. The Snapshot on the old host on local storage will not be cleaned up and 
is staying on local storage. So local storage will fill up with unneeded 
snapshots.



You can merge this pull request into a Git repository by running:

$ git pull https://github.com/yvsubhash/cloudstack CLOUDSTACK-9572

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cloudstack/pull/1740.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #1740


commit 66391617d0fd3f404719c7f675eef5be7ee4ee2f
Author: subhash yedugundla 
Date:   2016-09-12T13:29:53Z

CLOUDSTACK-9572 Snapshot on primary storage not cleaned up after Storage 
migration




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request #1739: Fix xapi pluginlib for XenServer 7

2016-10-27 Thread ArmedGuy 
Github user ArmedGuy closed the pull request at:

https://github.com/apache/cloudstack/pull/1739


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1739: Fix xapi pluginlib for XenServer 7

2016-10-27 Thread ArmedGuy 
Github user ArmedGuy commented on the issue:

https://github.com/apache/cloudstack/pull/1739
  
Ah, my bad then. Thought I had searched for it.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1739: Fix xapi pluginlib for XenServer 7

2016-10-27 Thread karuturi 
Github user karuturi commented on the issue:

https://github.com/apache/cloudstack/pull/1739
  
PR #1711 has this and bunch of other changes needed for XS7 support.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1729: CLOUDSTACK-9564: Fix memory leaks in VmwareContextPo...

2016-10-27 Thread rhtyd 
Github user rhtyd commented on the issue:

https://github.com/apache/cloudstack/pull/1729
  
Pinging for review -- @sateesh-chodapuneedi @koushik-das @sureshanaparti 
@karuturi @murali-reddy and other vmware contributors/maintainers


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Re: Disable open inactive plugins: Contrail plugin

2016-10-27 Thread Wido den Hollander 

> Op 27 oktober 2016 om 13:00 schreef Rohit Yadav :
> 
> 
> All,
> 
> 
> The Juniper contrail plugin is failing for last few hours, this plugin has 
> not been maintained in last few years, except for codebase/architectural 
> changes no changes were made to the plugin itself in last 2 years.
> 
> 
> The Jenkins failure is due to the dependency not available, further the maven 
> dependency that we are using is the snapshot one and not the release one, 
> both of which is not actively maintained and has not seen any update/changes 
> in past 2+ years.
> 
> [ERROR] Failed to execute goal 
> org.apache.maven.plugins:maven-remote-resources-plugin:1.3:process (default) 
> on project cloudstack: Failed to resolve dependencies for one or more 
> projects in the reactor. Reason: Unable to get dependency information for 
> org.powermock:powermock-module-junit4:jar:1.6.4: Failed to process POM for 
> org.powermock:powermock-module-junit4:jar:1.6.4: Non-resolvable parent POM 
> for org.powermock:powermock-module-junit4:[unknown-version]: Could not 
> transfer artifact org.powermock:powermock-modules:pom:1.6.4 from/to 
> juniper-contrail (http://juniper.github.io/contrail-maven/snapshots): Connect 
> to juniper.github.io:80 [juniper.github.io/151.101.16.133] failed: Connection 
> timed out
> [ERROR] org.powermock:powermock-module-junit4:jar:1.6.4
> 
> 
> I propose commenting the plugin out for all recent/active branches from the 
> default build profile. Please shout out now if you're using this plugin?
> 
> 
> Let's also discuss deprecating following network plugins with (a) commenting 
> them out from default build profiles, (b) removing them from the codebase:
> 
> 
> plugins/network/juniper-contrail/
> 
> plugins/network/midonet/
> 
> 
> Please also advise any such inactive plugins that you may have identified and 
> should be deprecated.
> 
> 
> Comments, questions?
> 

I would be in favor. I think that nobody uses them since all recent builds are 
failing, right?

Your proposal seems good to me.

Wido

> 
> Regards.
> 
> rohit.ya...@shapeblue.com 
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> @shapeblue
>   
>  
>

Disable open inactive plugins: Contrail plugin

2016-10-27 Thread Rohit Yadav 
All,


The Juniper contrail plugin is failing for last few hours, this plugin has not 
been maintained in last few years, except for codebase/architectural changes no 
changes were made to the plugin itself in last 2 years.


The Jenkins failure is due to the dependency not available, further the maven 
dependency that we are using is the snapshot one and not the release one, both 
of which is not actively maintained and has not seen any update/changes in past 
2+ years.

[ERROR] Failed to execute goal 
org.apache.maven.plugins:maven-remote-resources-plugin:1.3:process (default) on 
project cloudstack: Failed to resolve dependencies for one or more projects in 
the reactor. Reason: Unable to get dependency information for 
org.powermock:powermock-module-junit4:jar:1.6.4: Failed to process POM for 
org.powermock:powermock-module-junit4:jar:1.6.4: Non-resolvable parent POM for 
org.powermock:powermock-module-junit4:[unknown-version]: Could not transfer 
artifact org.powermock:powermock-modules:pom:1.6.4 from/to juniper-contrail 
(http://juniper.github.io/contrail-maven/snapshots): Connect to 
juniper.github.io:80 [juniper.github.io/151.101.16.133] failed: Connection 
timed out
[ERROR] org.powermock:powermock-module-junit4:jar:1.6.4


I propose commenting the plugin out for all recent/active branches from the 
default build profile. Please shout out now if you're using this plugin?


Let's also discuss deprecating following network plugins with (a) commenting 
them out from default build profiles, (b) removing them from the codebase:


plugins/network/juniper-contrail/

plugins/network/midonet/


Please also advise any such inactive plugins that you may have identified and 
should be deprecated.


Comments, questions?


Regards.

rohit.ya...@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue

[GitHub] cloudstack pull request #1739: Fix xapi pluginlib for XenServer 7

2016-10-27 Thread ArmedGuy 
GitHub user ArmedGuy opened a pull request:

https://github.com/apache/cloudstack/pull/1739

Fix xapi pluginlib for XenServer 7

This makes cloudstack_pluginlib.py compatible with XenServer 7 dom0, as 
(from what I gathered) simplejson was included by default as "json" in the 
version that XenServer 7 dom0 uses. (python --version returns 2.7.5).
This is the only issue I have found so far with this setup.

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/ArmedGuy/cloudstack 
xenserver-7-pluginlib-json-fix

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cloudstack/pull/1739.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #1739


commit 9230b78b6cc11730890f619c92871935426a80de
Author: Johan Jatko 
Date:   2016-10-27T10:14:30Z

Fix xapi pluginlib for XenServer 7

This makes cloudstack_pluginlib.py compatible with XenServer 7 dom0, as 
(from what I gathered) simplejson was included as json in the version that 
XenServer 7 dom0 uses. (python --version returns 2.7.5).
This is the only issue I have found so far.




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1716: CLOUDSTACK-9555 when a template is deleted and then ...

2016-10-27 Thread cloudmonger 
Github user cloudmonger commented on the issue:

https://github.com/apache/cloudstack/pull/1716
  
### ACS CI BVT Run
 **Sumarry:**
 Build Number 126
 Hypervisor xenserver
 NetworkType Advanced
 Passed=100
 Failed=3
 Skipped=6

_Link to logs Folder (search by build_no):_ 
https://www.dropbox.com/sh/yj3wnzbceo9uef2/AAB6u-Iap-xztdm6jHX9SjPja?dl=0


**Failed tests:**
* test_service_offerings.py

 * ContextSuite context=TestServiceOfferings>:setup Failing since 17 runs

* test_deploy_vm_iso.py

 * test_deploy_vm_from_iso Failing since 11 runs

* test_vm_life_cycle.py

 * test_10_attachAndDetach_iso Failing since 12 runs


**Skipped tests:**
test_01_test_vm_volume_snapshot
test_vm_nic_adapter_vmxnet3
test_static_role_account_acls
test_11_ss_nfs_version_on_ssvm
test_3d_gpu_support
test_deploy_vgpu_enabled_vm

**Passed test suits:**
test_deploy_vm_with_userdata.py
test_affinity_groups_projects.py
test_portable_publicip.py
test_over_provisioning.py
test_global_settings.py
test_scale_vm.py
test_routers_iptables_default_policy.py
test_loadbalance.py
test_routers.py
test_reset_vm_on_reboot.py
test_snapshots.py
test_deploy_vms_with_varied_deploymentplanners.py
test_network.py
test_router_dns.py
test_non_contigiousvlan.py
test_login.py
test_list_ids_parameter.py
test_public_ip_range.py
test_multipleips_per_nic.py
test_regions.py
test_affinity_groups.py
test_network_acl.py
test_pvlan.py
test_volumes.py
test_nic.py
test_deploy_vm_root_resize.py
test_resource_detail.py
test_secondary_storage.py
test_routers_network_ops.py
test_disk_offerings.py


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request #1738: CLOUDSTACK-9566 instance-id metadata for bare...

2016-10-27 Thread SudharmaJain 
GitHub user SudharmaJain opened a pull request:

https://github.com/apache/cloudstack/pull/1738

CLOUDSTACK-9566 instance-id metadata for baremetal VM returns ID

There is difference in instance-id metadata across baremetal and other 
hypervisors.  

On Baremetal
[root@ip-172-17-0-144 ~]# curl 
http://8.37.203.221/latest/meta-data/instance-id
6021

on Xen
[root@ip-172-17-2-103 ~]# curl 
http://172.17.0.252/latest/meta-data/instance-id
cbeb517a-e833-4a0c-b1e8-9ed70200fbbf

In both cases it should be vm's uuid. 

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/SudharmaJain/cloudstack cs-9566

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cloudstack/pull/1738.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #1738


commit 759a92d2516a99b90b59dc096f23e2e903d0673b
Author: Sudharma Jain 
Date:   2016-10-27T08:20:39Z

CLOUDSTACK-9566 instance-id metadata for baremetal VM returns ID




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request #1615: CLOUDSTACK-9438: Fix for CLOUDSTACK-9252 - Ma...

2016-10-27 Thread asfgit 
Github user asfgit closed the pull request at:

https://github.com/apache/cloudstack/pull/1615


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Re: Question about JavaScript validators in UI

2016-10-27 Thread Wido den Hollander 

> Op 27 oktober 2016 om 7:52 schreef Marc-Aurèle Brothier :
> 
> 
> From a quick look at the code you've forgotten one "|" for the or condition:
> 

No, I didn't. Otherwise the test will always fail since either IPv4 or IPv6 
will fail.

I think I got it now:

$.validator.addMethod("ipv46cidr", function(value, element) {
if (this.optional(element) && value.length == 0)
return true;

var parts = value.split('/');
if (typeof parts == 'undefined' || parts.length != 2) {
return false;
}

if (parts[1] != Number(parts[1]).toString())
return false;

if (Number(parts[1]) < 0)
return false;

if ($.validator.methods.ipv4.call(this, parts[0], element)) {
if (Number(parts[1] > 32))
return false;

return true;
} else if ($.validator.methods.ipv6.call(this, parts[0], element)) {
if (Number(parts[1] > 128))
return false;

return true;
} else if (parts[0] == '::') {
if (Number(parts[1] > 128))
return false;

return true;
}

return false;
}, "The specified IPv4/IPv6 CIDR is invalid.");

Wido

> $.validator.addMethod("ipv46cidr", function(value, element) {
> if (!$.validator.methods.ipv4cidr.call(this, value, element) ||
> !$.validator.methods.ipv6cidr.call(this, value, element))
> return false;
> 
> return true;
> }, "The specified IPv4/IPv6 CIDR is invalid.");
> 
> On Wed, Oct 26, 2016 at 4:37 PM, Wido den Hollander  wrote:
> 
> > So my JS skills are way to low, but I tried this, but it doesn't seem to
> > work:
> >
> > $.validator.addMethod("ipv46cidr", function(value, element) {
> > if (!$.validator.methods.ipv4cidr.call(this, value, element) |
> > !$.validator.methods.ipv6cidr.call(this, value, element))
> > return false;
> >
> > return true;
> > }, "The specified IPv4/IPv6 CIDR is invalid.");
> >
> > What am I missing here?
> >
> > Wido
> >
> > > Op 23 oktober 2016 om 9:37 schreef Rohit Yadav <
> > rohit.ya...@shapeblue.com>:
> > >
> > >
> > > Hi Wido,
> > >
> > >
> > > Yes, you can add a new validator that can validator that the provided
> > address is either ipv4 or ipv6, here:
> > >
> > > https://github.com/apache/cloudstack/blob/master/ui/
> > scripts/sharedFunctions.js#L2327
> > >
> > >
> > > Give the validator any appropriate name, and use it in the network.js
> > code replacing the currently defined validator with yours.
> > >
> > >
> > > Regards.
> > >
> > > 
> > > From: Wido den Hollander 
> > > Sent: 21 October 2016 17:33:29
> > > To: dev@cloudstack.apache.org
> > > Subject: Question about JavaScript validators in UI
> > >
> > > Hi,
> > >
> > > While working on the IPv6 for Basic Networking I'm at the stage of the
> > Security Groups.
> > >
> > > When entering a CIDR in the UI which is not IPv4 (eg ::/0) it will show:
> > 'The specified IPv4 CIDR is invalid.'
> > >
> > > That's true, so looking in network.js I see this piece of code:
> > >
> > > 'cidr': {
> > >   edit: true,
> > >   label: 'label.cidr',
> > >   isHidden: true,
> > >   validation: {
> > > ipv4cidr: true
> > >   }
> > >  },
> > >
> > > There is a ipv6cidr validation method as well. How can I modify the
> > JavaScript in such a way that either a valid IPv4 OR IPv6 CIDR has to be
> > entered?
> > >
> > > My JavaScript skills are rather low.
> > >
> > > Thanks!
> > >
> > > Wido
> > >
> > > rohit.ya...@shapeblue.com
> > > www.shapeblue.com
> > > 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> > > @shapeblue
> > >
> > >
> > >
> >