Re: SSL - LetsEncrypt the Console Proxy

[Rafael Weingärtner]

I do think it is an interesting integration to have. However, as Wido
pointed out, I do not think that it is that easy to code. Moreover, we
still need to enable people to use the current model.

One thing that I was thinking while reading this e-mail is the integration
of the ACS CA framework with Let’s encrypt. By doing that, we would be able
to generate valid certificates.

Thanks for the idea! Maybe someone implements it in the future. Could you
open an issue for it?

On Fri, Jan 18, 2019 at 2:37 PM Wido den Hollander  wrote:

> Hi,
>
> On 1/18/19 4:41 AM, asen...@testlabs.com.au wrote:
> > Hi Guys,
> >
> > Many people are using letsencrypt. This could replace the old retired
> > realhostip.com DNS resolver . Noone would need to muck around with certs
> > again on the console proxy.
> >
> > I think it would be a fairly easy code change.
> >
> > Thoughts?
> >
>
> Will this work in all cases? It doesn't seem like a very easy change to
> me. Yes, it would work with the HTTP ACME client, but only if you are
> connected to the Internet with the CP.
>
> The change might be easy, I don't know actually. Sounds like more work
> as the Java code will need to talk to LE and request the certificate and
> install it.
>
> Wido
>
> > Adrian Sender
>


-- 
Rafael Weingärtner

Workaround for StrongSwan with several rightsubnet's - ikev1

[Lotic Lists]

Hi all

 

After upgrading ACS from 4.9.3 (openswan) to 4.11.2 (strongswan), all VPNs
with multiple networks have stopped working. Only one of the networks
declared in the encryption domain passed traffic.

 

rightsubnet=192.168.198.0/23,192.168.208.0/23,192.168.170.0/23,192.168.234.0
/23,192.168.69.0/24

I changed the configuration manually by creating different Child SAs, one
for each network, now all networks work.

https://lists.strongswan.org/pipermail/users/2015-November/008966.html



Example:

#conn for vpn-4.3.2.1

conn vpn-4.3.2.1

left=1.2.3.4

leftsubnet=192.168.101.0/24

right=4.3.2.1

type=tunnel 

 authby=secret 

 keyexchange=ike

ike=aes128-sha1-modp1024

ikelifetime=1h 

 esp=aes128-sha1-modp1024

lifetime=8h 

 keyingtries=2

auto=start

forceencaps=no

dpddelay=30

dpdtimeout=120

dpdaction=restart

 

conn net-192.168.198.0

also=vpn-4.3.2.1

rightsubnet=192.168.198.0/23

auto=start

 

conn net-192.168.208.0

also=vpn-4.3.2.1

rightsubnet=192.168.208.0/23

auto=start

 

conn net-192.168.170.0

also=vpn-4.3.2.1

rightsubnet=192.168.170.0/23

auto=start

 

conn net-192.168.234.0

also=vpn-4.3.2.1

rightsubnet=192.168.234.0/23

auto=start

 

conn net-192.168.69.0

also=vpn-4.3.2.1

rightsubnet=192.168.69.0/24

auto=start

 

Issue: https://github.com/apache/cloudstack/issues/3138

 

Re: SSL - LetsEncrypt the Console Proxy

[Wido den Hollander]

Hi,

On 1/18/19 4:41 AM, asen...@testlabs.com.au wrote:
> Hi Guys,
> 
> Many people are using letsencrypt. This could replace the old retired
> realhostip.com DNS resolver . Noone would need to muck around with certs
> again on the console proxy.
> 
> I think it would be a fairly easy code change.
> 
> Thoughts?
> 

Will this work in all cases? It doesn't seem like a very easy change to
me. Yes, it would work with the HTTP ACME client, but only if you are
connected to the Internet with the CP.

The change might be easy, I don't know actually. Sounds like more work
as the Java code will need to talk to LE and request the certificate and
install it.

Wido

> Adrian Sender

CloudStack meetup London, March 14

[Steve Roles]

Hi guys,

The initial agenda has now been published for the event - please see here for 
more information and to register if you haven't already:

https://www.eventbrite.co.uk/e/cloudstack-european-user-group-meetup-tickets-53905627182

Hope to see you there!

Best regards,


steve.ro...@shapeblue.com 
www.shapeblue.com
Amadeus House, Floral Street, London  WC2E 9DPUK
@shapeblue
  
 

Re: CloudStack Collab in Brazil

[Rafael Weingärtner]

Copy, and paste fail. Let me update the times:
And, the best times are the following (All times are in GMT-2):

   - 10:00 PM - 11:00 PM
   - 5:00 PM - 6:00 PM
   - 2:00 PM - 3:00 PM
   - 09:00 PM - 10:00 PM
   - 4:00 PM - 5:00 PM


On Fri, Jan 18, 2019 at 2:08 PM Rafael Weingärtner <
rafaelweingart...@gmail.com> wrote:

> Thanks for the people that are willing to help us!
>
> I am now closing the pool. The best day is: 5 February, 2019.
> And, the best times are the following (All times are in GMT-2):
>
>- 10:00 AM - 11:00 AM
>- 5:00 PM - 6:00 PM
>- 09:00 AM - 10:00 AM
>- 4:00 PM - 5:00 PM
>
> I will now reach the TDC organizers with this dates, and times to schedule
> a meeting.
>
> Thanks again guys!
>
> On Tue, Jan 15, 2019 at 1:32 PM Cristian Latapiat 
> wrote:
>
>> Done!
>>
>> Em sáb, 12 de jan de 2019 às 12:33, Rafael Weingärtner <
>> rafaelweingart...@gmail.com> escreveu:
>>
>> > Sounds like a great idea!
>> > Thanks for the suggestion. Do you know if they follow our lists? I mean,
>> > this is an open invitation to everybody; and they are very welcome to
>> chip
>> > in. If they do not follow the list, I can try to ping them.
>> >
>> > I can participate in a call. My GMT is +2.
>> > >
>> > Can you mark the dates and times in Doodle that best suit you? If none
>> of
>> > them work, just tell me, and I will add others.
>> > Doodle link: https://doodle.com/poll/7dpvtiqg67it452m
>> >
>> > On Sat, Jan 12, 2019 at 11:56 AM Ivan Serdyuk <
>> > local.tourist.k...@gmail.com>
>> > wrote:
>> >
>> > > Hello, Rafael/Mike/Tim.
>> > >
>> > > On Fri, Jan 11, 2019 at 8:47 PM Rafael Weingärtner <
>> > > rafaelweingart...@gmail.com> wrote:
>> > >
>> > >>
>> > >>
>> > >> As you all know, we are trying to organize the CCC as a joint event
>> with
>> > >> TDC in Brazil.
>> > >
>> > >
>> > > Sounds interesting. How about inviting someone from tucha.ua company?
>> > > They have experience with CloudStack Ops engineering.
>> > >
>> > > I was thinking about an idea to invite speakers to one of our DevOps
>> > > confs, in October: https://devopsstage.com/ 
>> .
>> > >
>> > >
>> > >> We have proposed the topics for presentations, and now the
>> > >> next step is to schedule a meeting with the TDC organizers. We need
>> to
>> > >> discuss channels to spread the word regarding the conference, talks
>> > >> selection process, branding (CCC, Apache CloudStack) with the TDC,
>> and
>> > so
>> > >> on. Who would be willing to join me in this call?
>> > >>
>> > >>
>> > > I can participate in a call. My GMT is +2.
>> > >
>> > >
>> > >> They are unavailable in January. Therefore, I am proposing the call
>> to
>> > be
>> > >> in the first week of February. I am starting a pool in Doodle to see
>> if
>> > we
>> > >> can find the best time and date. As pools tend to get cluttered when
>> we
>> > >> have a lot of options, I am starting with 4 and 5 of February. Beware
>> > that
>> > >> the time is in GMT-02:00 (Brasilia time). Therefore, before selecting
>> > one,
>> > >> it might be a good idea to check the difference between GMT-02:00 and
>> > your
>> > >> timezone.
>> > >>
>> > >
>> > > Ivan
>> > >
>> >
>> >
>> > --
>> > Rafael Weingärtner
>> >
>>
>>
>> --
>> Cristian Latapiat
>> (12)981281976
>>
>
>
> --
> Rafael Weingärtner
>


-- 
Rafael Weingärtner

Re: CloudStack Collab in Brazil

[Rafael Weingärtner]

Thanks for the people that are willing to help us!

I am now closing the pool. The best day is: 5 February, 2019.
And, the best times are the following (All times are in GMT-2):

   - 10:00 AM - 11:00 AM
   - 5:00 PM - 6:00 PM
   - 09:00 AM - 10:00 AM
   - 4:00 PM - 5:00 PM

I will now reach the TDC organizers with this dates, and times to schedule
a meeting.

Thanks again guys!

On Tue, Jan 15, 2019 at 1:32 PM Cristian Latapiat 
wrote:

> Done!
>
> Em sáb, 12 de jan de 2019 às 12:33, Rafael Weingärtner <
> rafaelweingart...@gmail.com> escreveu:
>
> > Sounds like a great idea!
> > Thanks for the suggestion. Do you know if they follow our lists? I mean,
> > this is an open invitation to everybody; and they are very welcome to
> chip
> > in. If they do not follow the list, I can try to ping them.
> >
> > I can participate in a call. My GMT is +2.
> > >
> > Can you mark the dates and times in Doodle that best suit you? If none of
> > them work, just tell me, and I will add others.
> > Doodle link: https://doodle.com/poll/7dpvtiqg67it452m
> >
> > On Sat, Jan 12, 2019 at 11:56 AM Ivan Serdyuk <
> > local.tourist.k...@gmail.com>
> > wrote:
> >
> > > Hello, Rafael/Mike/Tim.
> > >
> > > On Fri, Jan 11, 2019 at 8:47 PM Rafael Weingärtner <
> > > rafaelweingart...@gmail.com> wrote:
> > >
> > >>
> > >>
> > >> As you all know, we are trying to organize the CCC as a joint event
> with
> > >> TDC in Brazil.
> > >
> > >
> > > Sounds interesting. How about inviting someone from tucha.ua company?
> > > They have experience with CloudStack Ops engineering.
> > >
> > > I was thinking about an idea to invite speakers to one of our DevOps
> > > confs, in October: https://devopsstage.com/ 
> .
> > >
> > >
> > >> We have proposed the topics for presentations, and now the
> > >> next step is to schedule a meeting with the TDC organizers. We need to
> > >> discuss channels to spread the word regarding the conference, talks
> > >> selection process, branding (CCC, Apache CloudStack) with the TDC, and
> > so
> > >> on. Who would be willing to join me in this call?
> > >>
> > >>
> > > I can participate in a call. My GMT is +2.
> > >
> > >
> > >> They are unavailable in January. Therefore, I am proposing the call to
> > be
> > >> in the first week of February. I am starting a pool in Doodle to see
> if
> > we
> > >> can find the best time and date. As pools tend to get cluttered when
> we
> > >> have a lot of options, I am starting with 4 and 5 of February. Beware
> > that
> > >> the time is in GMT-02:00 (Brasilia time). Therefore, before selecting
> > one,
> > >> it might be a good idea to check the difference between GMT-02:00 and
> > your
> > >> timezone.
> > >>
> > >
> > > Ivan
> > >
> >
> >
> > --
> > Rafael Weingärtner
> >
>
>
> --
> Cristian Latapiat
> (12)981281976
>


-- 
Rafael Weingärtner

Re: [DISCUSS] Bring back static analysis and bugfixing

[Rohit Yadav]

Thanks for sharing Gregor, we can add that back when it's back online.

(for the record, the analysis on coverity was few years old of the 4.6 version, 
the analysis on sonarcloud is for latest master/4.12, uploaded yesterday).


- Rohit






From: Riepl, Gregor (SWISS TXT) 
Sent: Friday, January 18, 2019 2:41:47 PM
To: dev@cloudstack.apache.org
Subject: Re: [DISCUSS] Bring back static analysis and bugfixing

Looks like it's only temporary: 
https://community.synopsys.com/s/article/Coverity-Scan-Update


Their old hosting provider shut down, but they want to restore the service as 
soon as possible.


From: Rohit Yadav 
Sent: 17 January 2019 20:49:21
To: dev@cloudstack.apache.org
Subject: Re: [DISCUSS] Bring back static analysis and bugfixing

All,


Unfortunately, it seems the Coverity project is no longer available due to the 
project sponsorers removing the infra/websites. I've configured static analysis 
with sonarcloud instead:

https://sonarcloud.io/dashboard?id=apachecloudstack


- Rohit






From: Rohit Yadav 
Sent: Sunday, December 23, 2018 3:39:29 PM
To: dev@cloudstack.apache.org
Subject: Re: [DISCUSS] Bring back static analysis and bugfixing

All,


Coverity has processed latest master (4.12.0.0-SNAPSHOT), results are available 
now: https://scan.coverity.com/projects/cloudstack?tab=overview


In addition, I've also setup latest master on sonarcloud: 
https://sonarcloud.io/dashboard?id=rhtyd_cloudstack


- Rohit






From: Rohit Yadav 
Sent: Sunday, December 9, 2018 3:28:03 PM
To: dev@cloudstack.apache.org
Subject: [DISCUSS] Bring back static analysis and bugfixing

All,


Our coverity integration has been dead/unused for about 3 years now, I've build 
latest master/ecd2b95d492282d60107f5e132e39f0cd2d808c0 and submitted a build 
[1]. We should be able to see outstanding defects towards master 
(4.12.0.0-SNAPSHOT) soon.


After some searching, I could find my login access. If you want to collaborate 
and don't have an invite ping me. Happy fixing!


[1] https://scan.coverity.com/projects/cloudstack


- Rohit





rohit.ya...@shapeblue.com
www.shapeblue.com
Amadeus House, Floral Street, London  WC2E 9DPUK
@shapeblue




rohit.ya...@shapeblue.com
www.shapeblue.com
Amadeus House, Floral Street, London  WC2E 9DPUK
@shapeblue




rohit.ya...@shapeblue.com
www.shapeblue.com
Amadeus House, Floral Street, London  WC2E 9DPUK
@shapeblue




rohit.ya...@shapeblue.com 
www.shapeblue.com
Amadeus House, Floral Street, London  WC2E 9DPUK
@shapeblue
  
 

Re: 4.11.2.0 Release Notes Missing From Website

[Rohit Yadav]

Hi Adrian,


I've fixed the website, kindly check shortly. Thanks for reporting.


- Rohit






From: asen...@testlabs.com.au 
Sent: Friday, January 18, 2019 9:08:23 AM
To: dev@cloudstack.apache.org
Subject: 4.11.2.0 Release Notes Missing From Website

Hi Guys,

Just noticed a broken link on the Apache Cloudstack site...

http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.11.2.0/

If you could fix that would be great.

-Adrian Sender

rohit.ya...@shapeblue.com 
www.shapeblue.com
Amadeus House, Floral Street, London  WC2E 9DPUK
@shapeblue
  
 

Re: [DISCUSS] Bring back static analysis and bugfixing

[Riepl, Gregor (SWISS TXT)]

Looks like it's only temporary: 
https://community.synopsys.com/s/article/Coverity-Scan-Update


Their old hosting provider shut down, but they want to restore the service as 
soon as possible.


From: Rohit Yadav 
Sent: 17 January 2019 20:49:21
To: dev@cloudstack.apache.org
Subject: Re: [DISCUSS] Bring back static analysis and bugfixing

All,


Unfortunately, it seems the Coverity project is no longer available due to the 
project sponsorers removing the infra/websites. I've configured static analysis 
with sonarcloud instead:

https://sonarcloud.io/dashboard?id=apachecloudstack


- Rohit






From: Rohit Yadav 
Sent: Sunday, December 23, 2018 3:39:29 PM
To: dev@cloudstack.apache.org
Subject: Re: [DISCUSS] Bring back static analysis and bugfixing

All,


Coverity has processed latest master (4.12.0.0-SNAPSHOT), results are available 
now: https://scan.coverity.com/projects/cloudstack?tab=overview


In addition, I've also setup latest master on sonarcloud: 
https://sonarcloud.io/dashboard?id=rhtyd_cloudstack


- Rohit






From: Rohit Yadav 
Sent: Sunday, December 9, 2018 3:28:03 PM
To: dev@cloudstack.apache.org
Subject: [DISCUSS] Bring back static analysis and bugfixing

All,


Our coverity integration has been dead/unused for about 3 years now, I've build 
latest master/ecd2b95d492282d60107f5e132e39f0cd2d808c0 and submitted a build 
[1]. We should be able to see outstanding defects towards master 
(4.12.0.0-SNAPSHOT) soon.


After some searching, I could find my login access. If you want to collaborate 
and don't have an invite ping me. Happy fixing!


[1] https://scan.coverity.com/projects/cloudstack


- Rohit





rohit.ya...@shapeblue.com
www.shapeblue.com
Amadeus House, Floral Street, London  WC2E 9DPUK
@shapeblue




rohit.ya...@shapeblue.com
www.shapeblue.com
Amadeus House, Floral Street, London  WC2E 9DPUK
@shapeblue




rohit.ya...@shapeblue.com
www.shapeblue.com
Amadeus House, Floral Street, London  WC2E 9DPUK
@shapeblue