Re: [GitHub] cloudstack pull request: CLOUDSTACK-8814 - Refactoring the configu...

[Ian Southam]

On 09 Sep 2015, at 12:14, koushik-das 
> wrote:

One more doubt. Why the ordering of interfaces are different in regular VR and 
VPC VR? Has it changed recently or was like this since the beginning? And will 
it cause more issues down the line when VR or VPC VR scripts are modified?

It was always like that.

—
Ian

Re: [DISCUSS] Out of Band VR migration, should we reboot VR or not?

[Ian Southam]

On 04 Jun 2015, at 16:50, Koushik Das 
koushik@citrix.commailto:koushik@citrix.com wrote:

Thanks for the clarification Daan. So as I understand - after VR reboot outside 
of CS if there is any config differences (between persisted ones and DB) then 
MS will immediately push the config from DB to VR. Is that correct?
Is there any document/write-up available for the persistence changes?

Hi,

I cannot find the docs we wrote up but will send the link when I do!

Essentially the shell commands are replaced with json which is passed to VPCr 
or VR.  The son object is then merged into a son configuration on the router.  
There is one config per type (firewallacls, lips, forwarding_rules etc.).  
These are stored in /etc/cloudstack.

(See ./core/src/com/cloud/agent/resource/virtualnetwork/facade/ and 
./core/src/com/cloud/agent/resource/virtualnetwork/model/)

Each time the config is merged, some python runs which compares the configured 
state to the expected state from the json files.  It will then provision (or 
deprovision) anything that has changed.

(See systemvm/patches/debian/config/opt/cloud/bin/configure.py)

In addition on reboot (planned or otherwise), the configurator is also called 
setting the provisioned state back to the last known good state.

For VPCs we also implemented a redundant VPCr (based upon the same technology 
as the normal VR) and, calls to allow an upgrade from single VPCr to redundant 
VPCr.

Beyond this, cloudstack will work the same as it always did.  If it loses touch 
with a router, it will takes steps to recreate it etc.

So yes, the router is no longer truly stateless but, cloudstack remains in 
charge.  The intention is not to break the orchestration paradagm.

—
Grts!
Ian

Re: [DISCUSS] Out of Band VR migration, should we reboot VR or not?

[Ian Southam]

The idea is to resist everything.

If stuff does not persist then it can be viewed as a bug ;).

—
Ian

On 04 Jun 2015, at 09:54, Daan Hoogland 
daan.hoogl...@gmail.commailto:daan.hoogl...@gmail.com wrote:

By design all config is persisted but let's double check on that.

@Ian: sir, can you confirm?

Re: [DISCUSS] Out of Band VR migration, should we reboot VR or not?

[Ian Southam]

resist should be persist.   Do not answer mails on iphones ;)

 On 04 Jun 2015, at 11:31, Ian Southam isout...@schubergphilis.com wrote:
 
 The idea is to resist everything.
 
 If stuff does not persist then it can be viewed as a bug ;).
 
 —
 Ian
 
 On 04 Jun 2015, at 09:54, Daan Hoogland 
 daan.hoogl...@gmail.commailto:daan.hoogl...@gmail.com wrote:
 
 By design all config is persisted but let's double check on that.
 
 @Ian: sir, can you confirm?
 

Re: [DISCUSS] Out of Band VR migration, should we reboot VR or not?

[Ian Southam]

If the machine crashes and/or rebooted during the oob migration by a party that 
is not the orchestrator, (read vCenter) then the rules will be lost. 

The new persistent config code in the 4.6 branch will definitely prevent this 
behaviour as, the config will be preserved even if the machines is rebooted 
without receiving the “command line” parameters.  The previous known state will 
be preserved.

—
Ian


 On 03 Jun 2015, at 16:58, Rene Moser m...@renemoser.net wrote:
 
 Sorry for not answering in the thread, I was not on the dev ML so I
 could not reply
 
 I reported this current behavior to be an issue on the user ML and
 wanted to ask Koushik Das about his experiences.
 
 I would not agree, in an Vmware environment live migrations, e.g. Vmware
 DRS breaks IPtables normally. In my opinion, this would make DRS
 senseless. And if it happens, it would be uncommon.
 
 We do live migrations daily with VMs having IPtables rules and I didn't
 see such a behaviour on any of these VMs.
 
 Could you share more information about your experiences Koushik Das? In
 what conditions this happend?
 
 In any case I would love to test DRS live migraions on VR without this
 current behavior. In any way, with this current behaviour, we would have
 a lot of downtimes.
 
 The other solution would be reapplying the rules without reboot, I am
 not fully aware of the new behaviour af aggration but wouldn't this also
 cause a network outage?
 
 Yours
 René
 
 
 

Re: support for /31 Networks

[Ian Southam]

Hi Devender,

You have started quite a discussion in our office about using the .0 and 
putting a host on the cast address …...

Just as a matter of interest, why do you do this - we are presuming it does 
actually work ;)

—
Grts!
Ian

 On 21 May 2015, at 10:29, Singh, Devender dsi...@virtela.net wrote:
 
 Hi Cloudstack Team,
 
 
 We had no problems building and using /31 networks on 4.2.0, but after our 
 upgrade to 4.4.2  we are no longer able to add new ones.
 We have a lot of them already in place.  As an example I pasted some output 
 from cloudmonkey on a link that is already established and working.
 Does anyone have a workaround, or can point me in the right direction for a 
 patch?
 (local)  list networks id=e044c442-48f7-4bae-8c5d-530423a249f7
 count = 1
 network:
 id = e044c442-48f7-4bae-8c5d-530423a249f7
 name = VLAN180
 acltype = Domain
 broadcastdomaintype = Vlan
 broadcasturi = vlan://180
 canusefordeploy = False
 cidr = 202.90.43.0/31
 displaynetwork = True
 displaytext = VM-UTILITY-2
 dns1 = 4.2.2.1
 domain = ROOT
 domainid = 8acf0368-e5b1-11e2-b5cf-2ef4cf18a6ae
 gateway = 202.90.43.0
 ispersistent = False
 issystem = False
 netmask = 255.255.255.254
 networkofferingavailability = Optional
 networkofferingconservemode = False
 networkofferingdisplaytext = private-guest1_switch
 networkofferingid = 0b63d457-5f5e-426f-a81e-8797e522eb8c
 networkofferingname = private-guest1_switch
 physicalnetworkid = cf4c2846-2418-4ba4-b307-6a6405860799
 related = e044c442-48f7-4bae-8c5d-530423a249f7
 restartrequired = False
 service:
 specifyipranges = True
 state = Setup
 strechedl2subnet = False
 subdomainaccess = True
 tags:
 traffictype = Guest
 type = Shared
 vlan = 180
 zoneid = 88066cb4-64ab-4c54-83a9-3279a1e030cb
 zonename = UTILITY-ZONE-1
 
 (local)  list nics nicid=e062922f-c0ea-4f8a-beca-b86146dee622 
 virtualmachineid=842054e6-c379-49fe-92f9-e2fdefa6779f
 count = 1
 nic:
 id = e062922f-c0ea-4f8a-beca-b86146dee622
 deviceid = 0
 gateway = 202.90.43.0
 ipaddress = 202.90.43.1
 isdefault = True
 macaddress = 06:ca:b4:00:00:20
 netmask = 255.255.255.254
 networkid = e044c442-48f7-4bae-8c5d-530423a249f7
 virtualmachineid = 842054e6-c379-49fe-92f9-e2fdefa6779f
 (local) 
 
 Devender Kumar Singh

Re: Bug resolve for 4.5.2

[Ian Southam]

On 19 May 2015, at 09:30, Rohit Yadav 
rohit.ya...@shapeblue.commailto:rohit.ya...@shapeblue.com wrote:

I think you’ve already figured out a workaround “SNAT all – * eth2 0.0.0.0/0 
0.0.0.0/0 to:IP”, probably the fix needs to go into 
systemvm/patches/debian/config/opt/cloud/bin/vpc_snat.sh” (on 4.5 for example) 
and usage of SetSourceNatCommand.

OK, we should pop this not the 4.6 version too.

Does it really need to be this permissive?

—
Grts!
Ian

Re: Marvin Error

[Ian Southam]

On 28 Apr 2015, at 14:52, Srikanteswararao Talluri 
srikanteswararao.tall...@citrix.commailto:srikanteswararao.tall...@citrix.com
 wrote:

Yeah, it is available post 2.7.9, Its my bad to use the private variable
from module. I¹ll see If I can fix that.

Yes indeed using 2.7.9 does indeed make the problem go away!

For now that works for me ;).

Thanks for the reply.

—
Grts!
Ian

Marvin Error

[Ian Southam]

Hi,

Latest Marvin build has an error in it.  Has anyone already worked out the 
cause before I put work into it?  Common.py will not load because of an 
unresolved symbol in vcenter.py

Traceback (most recent call last):
  File /cloudstack/cloudstack/test/integration/smoke/misc/test_deploy_vm.py, 
line 33, in module
from marvin.lib.common import get_zone, get_domain, get_template
  File 
/cloudstack/test/venv/lib/python2.7/site-packages/marvin/lib/common.py, line 
91, in module
from marvin.lib.vcenter import Vcenter
  File 
/cloudstack/test/venv/lib/python2.7/site-packages/marvin/lib/vcenter.py, line 
22, in module
ssl._create_default_https_context = ssl._create_unverified_context
AttributeError: 'module' object has no attribute ‘_create_unverified_context'

—
Grts!
Ian

Re: Next ACS release?

[Ian Southam]

At SBP, we are working on two environments for testing.  Primarily focussed on 
Xen and KVM with Nicira and without Nicira.

One will focus more on building and extending the current integration tests and 
making sure they are running on real hardware in real life situations.  The 
other we are planning to be more “chaos monkey” in operation.  So genuinely 
testing how the system reacts to hypervisors crashing.  Loss of network 
connectivity, VR failures/failovers and so on.

I know other people in the community are doing similar things.  By having 
enough such systems that together have a high coverage of all the various 
configuration and hardware combinations out there, we should be able to really 
get to a much shorter delivery cycle with quite high levels of confidence about 
quality.

We are not there yet but, I am absolutely convinced that aiming for a 2 week 
release cycle is the way to go. 

—
Grts!
Ian

 On 23 Apr 2015, at 10:38, Abhinandan Prateek 
 abhinandan.prat...@shapeblue.com wrote:
 
 On automated QA front following is available:
 
 1. Before pushing in a feature a dev can run simulator based tests that will 
 basically test various functionality that does not depend on the type of 
 Hypervisor.
 (https://cwiki.apache.org/confluence/display/CLOUDSTACK/Validating+check-ins+for+your+local+changes%2C+using+Simulator.)
 The test suite are located in testing/integration/smoke folder.
 The travis system runs most of the test in this folder.
 
 
 2. Then there are tests that will require real hardware to run most of these 
 are in testing/integration/component.
 
 
 Basically there are two kind of test cases not strictly classified as per 
 above directory structure - Ones that have required_hardware set as “false” 
 and “others” that have this as “true”.
 The one with required_hardware is false can run on simulator but for the 
 others you need a real Hypervisor based environment.
 
 I have been able to run a lot of tests both with hardware and simulator. The 
 problem I faced is scattered documentation. Missing description of a model 
 deployment; say for a particular Hypervisor that will allow a dev to run the 
 provisioning tests.
 
 In all there is a huge scope for improvement.
 
 
 -abhi
 
 
 On 23-Apr-2015, at 1:02 am, Remi Bergsma r...@remi.nl wrote:
 
 Hi,
 
 The '2 week cycle' was intended as something to work towards, like a
 mission. The nice thing is that it immediately shows that we cannot achieve
 such a thing if we keep our current method of (semi)manual testing, as you
 said. Totally agree.
 
 That's why we need to improve on our automated functional testing. And that
 will of course take time and effort. As I don't currently have a clear
 overview of what is already available, I'll try to get that first and work
 from there. I spoke to several people recently and most seem to do testing
 on their own way (with sometimes cool automatic stuff going on!). It'd be
 interesting to bring that together and share.
 I think improving this is important, so I'll try to spend as much time on
 this as possible.
 
 However, the tread started with comments on 4.5. Let's try to get it stable
 and deliver 4.5.1. What is still to be done here? Can we share the load
 somehow to fasten it?
 
 Regards,
 Remi
 
 2015-04-22 20:13 GMT+02:00 Paul Angus paul.an...@shapeblue.com:
 
 I fully support the idea of a stable master with an automated CD process
 to protect against regressions.
 
 However, we obviously don't currently have fantastic integration
 testing otherwise we wouldn't have relied on 'people' to pick up the
 release blockers recently.  A 2 week release cycle IMHO is way too frequent
 to expect 'people' to be carrying out integration testing.
 
 Maybe 1 month is a workable compromise until the integration testing is of
 a coverage and standard that can give real confidence.
 
 
 
 I'm also going to compile a list of people who vote +1 - it works on my
 laptop and devise a Guinness related punishment for any of them that show
 up at the CloudStack day in Dublin.
 
 Regards
 
 Paul Angus
 Cloud Architect
 S: +44 20 3603 0540 | M: +447711418784 | T: CloudyAngus
 paul.an...@shapeblue.com
 
 -Original Message-
 From: Remi Bergsma [mailto:r...@remi.nl]
 Sent: 22 April 2015 10:25
 To: dev@cloudstack.apache.org
 Subject: Re: Next ACS release?
 
 I'd be happy to help here as well. Last week in Austin, we also discussed
 this topic a couple of times. I do agree shorter release cycles are better.
 
 In my opinion, the first thing to improve is the minor releases in both the
 4.4 and 4.5 branches. If we speed those up to let's say once every 2-weeks
 we will be able to do the next minor release with less effort and users can
 choose to either wait to start using 4.5 or start now and upgrade when the
 next minor release is available. This would have helped in getting 4.5 out
 on time and quickly fixing issues after the initial release. Also, it will
 save time which we can invest in getting 

Re: Jenkins build is still unstable: simulator-singlerun #1136

[Ian Southam]

Traceback (most recent call last):
  File 
/var/lib/jenkins/workspace/simulator-singlerun/tools/marvin/marvin/sshClient.py,
 line 121, in createConnection
timeout=self.timeout)
  File /usr/local/lib/python2.7/site-packages/paramiko/client.py, line 251, 
in connect
retry_on_signal(lambda: sock.connect(addr))
  File /usr/local/lib/python2.7/site-packages/paramiko/util.py, line 270, in 
retry_on_signal
return function()
  File /usr/local/lib/python2.7/site-packages/paramiko/client.py, line 251, 
in lambda
retry_on_signal(lambda: sock.connect(addr))
  File /usr/local/lib/python2.7/socket.py, line 224, in meth
return getattr(self._sock,name)(*args)
timeout: timed out
Trying SSH Connection: Host:192.168.2.5 User:root   
Port:22 RetryCnt:1===


I am seeing something similar on my test env.  Looking at it now.

—
Ian

On 22 Apr 2015, at 14:02, Daan Hoogland 
daan.hoogl...@gmail.commailto:daan.hoogl...@gmail.com wrote:

The simulator run has not been stable for three weeks. Anybody knows
what the problem with the ISO test is?

On Wed, Apr 22, 2015 at 1:48 PM,  
jenk...@cloudstack.orgmailto:jenk...@cloudstack.org wrote:
See http://jenkins.buildacloud.org/job/simulator-singlerun/changes




--
Daan

Re: [VOTE] Apache Cloudstack 4.4.3

[Ian Southam]

Change ceph.com to eu.ceph.com in ./plugins/hypervisors/kvm/pom.xml then it 
will compile again.

—
Grts!
Ian

On 16 Apr 2015, at 10:37, Nux! n...@li.nux.ro wrote:

 Looks like there is a pom here
 http://repo1.maven.org/maven2/com/github/K0zka/libvirt/0.5.1/
 
 What file needs to be modified to point the build process there?
 
 --
 Sent from the Delta quadrant using Borg technology!
 
 Nux!
 www.nux.ro
 
 - Original Message -
 From: Nux! n...@li.nux.ro
 To: dev@cloudstack.apache.org
 Sent: Thursday, 16 April, 2015 09:30:24
 Subject: Re: [VOTE] Apache Cloudstack 4.4.3
 
 Ok, I can't even build it, it stops at:
 
 [INFO] 
 
 [INFO] Building Apache CloudStack Plugin - Hypervisor KVM 4.4.3
 [INFO] 
 
 Downloading:
 http://libvirt.org/maven2/org/libvirt/libvirt/0.5.1/libvirt-0.5.1.pom
 Downloading: 
 http://ceph.com/maven/org/libvirt/libvirt/0.5.1/libvirt-0.5.1.pom
 
 
 Apparently those URLs do not work.
 
 --
 Sent from the Delta quadrant using Borg technology!
 
 Nux!
 www.nux.ro
 
 - Original Message -
 From: Nux! n...@li.nux.ro
 To: dev@cloudstack.apache.org
 Sent: Thursday, 16 April, 2015 09:00:50
 Subject: Re: [VOTE] Apache Cloudstack 4.4.3
 
 https://dist.apache.org/repos/dist/dev/cloudstack/4.4/ does not exist.
 
 I guess the valid one is either
 https://dist.apache.org/repos/dist/dev/cloudstack/4.4.3/ OR simply
 https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=snapshot;h=e9441d47867104505ef260c1857549f93df96aba;sf=tgz
 
 --
 Sent from the Delta quadrant using Borg technology!
 
 Nux!
 www.nux.ro
 
 - Original Message -
 From: Daan Hoogland daan.hoogl...@gmail.com
 To: dev dev@cloudstack.apache.org
 Sent: Wednesday, 15 April, 2015 23:02:55
 Subject: [VOTE] Apache Cloudstack 4.4.3
 
 Hi All,
 
 I've created a 4.4.3 release, with the following artifacts up for a vote:
 
 Git Branch and Commit SH:
 https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=shortlog;h=refs/heads/4.4
 Commit: e9441d47867104505ef260c1857549f93df96aba
 
 List of changes:
 https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=shortlog;h=refs/heads/4.4
 https://issues.apache.org/jira/issues/?filter=12330007
 
 Source release (checksums and signatures are available at the same
 location):
 https://dist.apache.org/repos/dist/dev/cloudstack/4.4/
 
 PGP release keys (signed using 2048D/5AABEBEA):
 https://dist.apache.org/repos/dist/release/cloudstack/KEYS
 
 Vote will be open for 72 hours.
 
 For sanity in tallying the vote, can PMC members please be sure to
 indicate (binding) with their vote?
 
 [ ] +1  approve
 [ ] +0  no opinion
 [ ] -1  disapprove (and reason why)
 
 --
 Daan

Re: Downloading pom from ceph.com fails

[Ian Southam]

Hi,

Probably a good idea to commit but I confess it is a “works on my laptop” 
change ;).

—
Ian

On 16 Apr 2015, at 14:41, Gaurav Aradhye gaurav.arad...@clogeny.com wrote:

 Changed subject to not spam original post.
 
 I encountered this issue in building latest master also. Ian, should this 
 change be committed?
 
 Regards,
 Gaurav Aradhye
 
 On Apr 16, 2015, at 6:07 PM, Ian Southam isout...@schubergphilis.com wrote:
 
 Change ceph.com to eu.ceph.com in ./plugins/hypervisors/kvm/pom.xml then it 
 will compile again.
 
 —
 Grts!
 Ian
 
 On 16 Apr 2015, at 10:37, Nux! n...@li.nux.ro wrote:
 
 Looks like there is a pom here
 http://repo1.maven.org/maven2/com/github/K0zka/libvirt/0.5.1/
 
 What file needs to be modified to point the build process there?
 
 --
 Sent from the Delta quadrant using Borg technology!
 
 Nux!
 www.nux.ro
 
 - Original Message -
 From: Nux! n...@li.nux.ro
 To: dev@cloudstack.apache.org
 Sent: Thursday, 16 April, 2015 09:30:24
 Subject: Re: [VOTE] Apache Cloudstack 4.4.3
 
 Ok, I can't even build it, it stops at:
 
 [INFO] 
 
 [INFO] Building Apache CloudStack Plugin - Hypervisor KVM 4.4.3
 [INFO] 
 
 Downloading:
 http://libvirt.org/maven2/org/libvirt/libvirt/0.5.1/libvirt-0.5.1.pom
 Downloading: 
 http://ceph.com/maven/org/libvirt/libvirt/0.5.1/libvirt-0.5.1.pom
 
 
 Apparently those URLs do not work.
 
 --
 Sent from the Delta quadrant using Borg technology!
 
 Nux!
 www.nux.ro
 
 - Original Message -
 From: Nux! n...@li.nux.ro
 To: dev@cloudstack.apache.org
 Sent: Thursday, 16 April, 2015 09:00:50
 Subject: Re: [VOTE] Apache Cloudstack 4.4.3
 
 https://dist.apache.org/repos/dist/dev/cloudstack/4.4/ does not exist.
 
 I guess the valid one is either
 https://dist.apache.org/repos/dist/dev/cloudstack/4.4.3/ OR simply
 https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=snapshot;h=e9441d47867104505ef260c1857549f93df96aba;sf=tgz
 
 --
 Sent from the Delta quadrant using Borg technology!
 
 Nux!
 www.nux.ro
 
 - Original Message -
 From: Daan Hoogland daan.hoogl...@gmail.com
 To: dev dev@cloudstack.apache.org
 Sent: Wednesday, 15 April, 2015 23:02:55
 Subject: [VOTE] Apache Cloudstack 4.4.3
 
 Hi All,
 
 I've created a 4.4.3 release, with the following artifacts up for a vote:
 
 Git Branch and Commit SH:
 https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=shortlog;h=refs/heads/4.4
 Commit: e9441d47867104505ef260c1857549f93df96aba
 
 List of changes:
 https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=shortlog;h=refs/heads/4.4
 https://issues.apache.org/jira/issues/?filter=12330007
 
 Source release (checksums and signatures are available at the same
 location):
 https://dist.apache.org/repos/dist/dev/cloudstack/4.4/
 
 PGP release keys (signed using 2048D/5AABEBEA):
 https://dist.apache.org/repos/dist/release/cloudstack/KEYS
 
 Vote will be open for 72 hours.
 
 For sanity in tallying the vote, can PMC members please be sure to
 indicate (binding) with their vote?
 
 [ ] +1  approve
 [ ] +0  no opinion
 [ ] -1  disapprove (and reason why)
 
 --
 Daan
 
 

Re: junkins

[Ian Southam]

Daan,
On 17 Mar 2015, at 12:23, Daan Hoogland 
daan.hoogl...@gmail.commailto:daan.hoogl...@gmail.com wrote:

Laszlo, I don't think anyone is working on this. Jenkins output is
largely ignored in this community. The fact that the present cause is
a resource problem is worrying. I think these are SBP hosted slaves
and will have a look (not in the office now). If I fix this the
slowbuild will not work at least. The last time I saw it passing by it
had 6 new unattended issues from the findbugs output. Coverity
complained about new issues as well, i noticed just now.

Do I have access to these boxes?  Quite happy to have a look.

—
Ian

Re: [ASK] Is password server disabled in VPC?

[Ian Southam]

Password server is run in vpc via vpc_passwd_server a little wrapper script 
that is kicked off on guest network creation by vpc_guestnw.sh

It does not use the service start/stop mechanism.

—
Ian


On 17 Mar 2015, at 12:04, Rohit Yadav rohit.ya...@shapeblue.com wrote:

 Hi Andrija,
 
 Are you sure, on latest 4.3 too it looks like it is one of the disabled 
 services, see:
 
 https://github.com/apache/cloudstack/blob/4.3/systemvm/patches/debian/config/opt/cloud/bin/patchsystemvm.sh#L109
 
 (Unless there is some other script enabling/disabling services on VR and I’m 
 looking at wrong place.)
 
 If I enable the password server service for VPC, anyone has any objections?
 
 On 17-Mar-2015, at 3:49 pm, Andrija Panic andrija.pa...@gmail.com wrote:
 
 Password reset feature works in VPC 4.3.2 and 4.3.0 0 - we are using it in
 production.
 
 On 17 March 2015 at 11:07, Rohit Yadav rohit.ya...@shapeblue.com wrote:
 
 From the patchsystemvm.sh script looks like the password service is
 disabled for VPCs:
 
 https://github.com/apache/cloudstack/blob/4.5/systemvm/
 patches/debian/config/opt/cloud/bin/patchsystemvm.sh#L109
 
 Anyone has any ideas why we disabled it?
 
 This is similar behaviour on 4.3+ branches, so I guess this is
 intentional and not a bug. The side effect is that if I use password
 enabled template to create VMs in a VPC tier (whose default password is
 not known) I cannot ssh or use it since reset password doesn't work on it.
 
 
 On Tuesday 17 March 2015 03:25 PM, Rohit Yadav wrote:
 
 Hi,
 
 While testing latest 4.5, I found that VPC routers have ENABLED=0 in
 '/etc/default/cloud-passwd-srvr' -- so password server won't run in VPC
 VRs to serve for vms/templates that are password enabled.
 
 Is password server disabled by default for VPCs? Is there a way to
 enable it; is this a bug or we don't allow password enabled templates in
 VPCs?
 
 Regards,
 Rohit Yadav
 Software Architect, ShapeBlue
 M. +91 8826230892 | rohit.ya...@shapeblue.com
 Blog: bhaisaab.org | Twitter: @_bhaisaab
 PS. If you see any footer below, I did not add it :)
 Find out more about ShapeBlue and our range of CloudStack related services
 
 IaaS Cloud Design 
 Buildhttp://shapeblue.com/iaas-cloud-design-and-build//
 CSForge – rapid IaaS deployment frameworkhttp://shapeblue.com/csforge/
 CloudStack Consultinghttp://shapeblue.com/cloudstack-consultancy/
 CloudStack Software
 Engineeringhttp://shapeblue.com/cloudstack-software-engineering/
 CloudStack Infrastructure
 Supporthttp://shapeblue.com/cloudstack-infrastructure-support/
 CloudStack Bootcamp Training
 Courseshttp://shapeblue.com/cloudstack-training/
 
 This email and any attachments to it may be confidential and are
 intended solely for the use of the individual to whom it is addressed.
 Any views or opinions expressed are solely those of the author and do
 not necessarily represent those of Shape Blue Ltd or related companies.
 If you are not the intended recipient of this email, you must neither
 take any action based upon its contents, nor copy or show it to anyone.
 Please contact the sender if you believe you have received this email in
 error. Shape Blue Ltd is a company incorporated in England  Wales.
 ShapeBlue Services India LLP is a company incorporated in India and is
 operated under license from Shape Blue Ltd. Shape Blue Brasil
 Consultoria Ltda is a company incorporated in Brasil and is operated
 under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company
 registered by The Republic of South Africa and is traded under license
 from Shape Blue Ltd. ShapeBlue is a registered trademark.
 
 
 --
 
 Regards,
 Rohit Yadav
 Software Architect, ShapeBlue
 M. +91 8826230892 | rohit.ya...@shapeblue.com
 Blog: bhaisaab.org | Twitter: @_bhaisaab
 PS. If you see any footer below, I did not add it :)
 Find out more about ShapeBlue and our range of CloudStack related services
 
 IaaS Cloud Design  Buildhttp://shapeblue.com/
 iaas-cloud-design-and-build//
 CSForge – rapid IaaS deployment frameworkhttp://shapeblue.com/csforge/
 CloudStack Consultinghttp://shapeblue.com/cloudstack-consultancy/
 CloudStack Software Engineeringhttp://shapeblue.com/cloudstack-software-
 engineering/
 CloudStack Infrastructure Supporthttp://shapeblue.com/
 cloudstack-infrastructure-support/
 CloudStack Bootcamp Training Courseshttp://shapeblue.com/
 cloudstack-training/
 
 This email and any attachments to it may be confidential and are intended
 solely for the use of the individual to whom it is addressed. Any views or
 opinions expressed are solely those of the author and do not necessarily
 represent those of Shape Blue Ltd or related companies. If you are not the
 intended recipient of this email, you must neither take any action based
 upon its contents, nor copy or show it to anyone. Please contact the sender
 if you believe you have received this email in error. Shape Blue Ltd is a
 company incorporated in England  Wales. ShapeBlue Services India LLP is a
 company incorporated in 

Re: [MERGE] Redundant VPC routers and persistent router config

[Ian Southam]

Hi All,

We have had a discussion about this development in-house and have decided to 
slow things down just a little.  We just want a few days to get our own 
integration test coverage better.  We hope that way to be able to merge code 
with a much fewer faults.

We do not however have the resources to test everything and of course we known 
there will be use cases out there that we have not properly considered.

Our plan, is to test Xen and KVM as thoroughly as we can.  We will not test 
VMware, OVM or Hyperv.  We hope that we can reply on the community to help us 
there!

The plan is then to aim to merge master on the 5 March (in two weeks time).

@Marcus.

Persistent config means that the configuration can survive reboots and crashes. 
 It should not affect recreate operations.

In the case of the VPC we explicitly provide both options, restart and recreate.

To be honest some of the things we do, do slightly challenge the cloud paradigm 
as our model does contain some elements of self healing.   Also we let VRRP 
make its own decisions about master and backup (whilst ensuring the the 
orchestration layer knows what is happening).  If you have some concerns about 
this, I am happy o discuss.

—
Grts!
Ian



On 18 Feb 2015, at 08:37, Daan Hoogland daan.hoogl...@gmail.com wrote:

 Good point Marcus. I'll look into that.
 
 On Tue, Feb 17, 2015 at 9:38 PM, Marcus shadow...@gmail.com wrote:
 Yes, I just want to make sure that it doesn't require/assume
 persistency when some people rely on recreate.systemvm.enabled=true to
 provide clean/fresh systemvms with every reboot, consistent with the
 cloud paradigm.
 
 On Tue, Feb 17, 2015 at 12:09 PM, Daan Hoogland daan.hoogl...@gmail.com 
 wrote:
 Yes, the delete works. Dont know if we included the option recreate in
 our tests. Should not be a biggy though. It is not relevant for the
 persistency.
 
 On Tue, Feb 17, 2015 at 8:05 PM, Marcus shadow...@gmail.com wrote:
 But a recreate will still work, right? If you delete the router or set
 recreate.systemvm.enabled=true it will still result in a working
 router?
 
 On Tue, Feb 17, 2015 at 11:05 AM, Daan Hoogland daan.hoogl...@gmail.com 
 wrote:
 It means that cloudstack doesn't have to reconfigure them on reboot as
 they have the config on disk.
 
 On Tue, Feb 17, 2015 at 4:16 PM, Marcus shadow...@gmail.com wrote:
 Can someone expand on what's meant by 'systemvm persistent config'?
 Somehow this makes me think that the systemvms would no longer be
 easily rebuildable.
 
 On Tue, Feb 17, 2015 at 5:11 AM, Wilder Rodrigues
 wrodrig...@schubergphilis.com wrote:
 Hi there,
 
 I’m building a devcloud-kvm in order to test our changes with a 
 different environment as well.
 
 Cheers,
 Wilder
 
 
 On 17 Feb 2015, at 01:46, Wilder Rodrigues 
 wrodrig...@schubergphilis.com wrote:
 
 Hi all,
 
 I have been some tests on the branch in order to give you all some 
 confidence.
 
 During the tests I found 1 bug related to communication from VM A on 
 Tier 1 to VM B on Tier 2 in a Single VPC. I can reproduce the bug and 
 it disappears when I convert the Single VPC to a redundant one. I 
 already talked to Ian and he is on it.
 
 Results follow below.
 
 Cheers,
 Wilder
 
 Environment:
 
 Xen 6.2 running on VMware zone within our Betacloud (ACS 4.4.2)
 MySQL running on MacBook Pro
 Management Server on MacBook Pro
 
 ::: Manual Tests:::
 
 Isolated Networks
 
 * Create Network
 * Create 2 VMs using new Network
 * Create FW rules
 * Create PF rules
 * SSH to the VMs
 * SSH from one VM onto the other in the same isolated network
 * Destroy Master router
 * Restart the Network
 * Restart the Network with Clean-up option
 * Repeat steps above
 
 Redundant Isolated Networks
 
 * Create Redundant Network Offering
 * Create 2 VMs using new offering
 * Create FW rules
 * Create PF rules
 * SSH to the VMs
 * SSH from one VM onto the other in the same redundant isolated network
 * Destroy Master router
 * Restart the Network
 * Stop the Master Router
 
 Single VPC
 
 * Create VPC
 * Create 2 Tiers
 * Create ACLS
 * Create 1 Vm for each Tier
 * Associate 2 IP address
 * Add PF rules
 * SSH onto VMs
 * SSH from 1 VM onto another
 * Restart VPC - Make it redundant
 * Repeat steps above
 
 Redundant VPC
 
 * Create VPC
 * Create 2 Tiers
 * Create ACLS
 * Create 1 Vm for each Tier
 * Associate 2 IP address
 * Add PF rules
 * SSH onto VMs
 * SSH from 1 VM onto another
 * Stop/Destroy the Master Router
 * Observe the Backup router became Master
 * SSH again onto the VMs
 * Restart VPC (without clean-up)
 * Observer only 1 new router is created
 * New router is started as Backup
 * SSH onto VMs
 * Restart VPC (with clean-up)
 * Observer only 2 new routers are created
 * SSH onto VMs
 
 ::: Automated Tests :::
 
 Test Create Account and user for that account ... === TestName: 
 test_01_create_account | Status : SUCCESS ===
 ok
 Test Sub domain allowed to launch VM  when a Domain level zone is 
 created ... === TestName: test_01_add_vm_to_subdomain 

Re: [32/50] [abbrv] git commit: updated refs/heads/feature/systemvm-persistent-config to 4fe7264

[Ian Southam]

One of the many  things on “to fix” list but thanks, we do not want to go 
forward with stupid stuff in there, the idea is to make things better!

—
Cheers
Ian

On 04 Feb 2015, at 22:53, John Kinsella j...@stratosec.co wrote:

 Would be nice if we weren’t setting a static VRRP password...
 
 John
 
 On Feb 4, 2015, at 12:28 PM, d...@apache.org wrote:
 
 Fix router priuority using the same logic as the one for the state
 Fix the router state. do not show UNKNOW, but MASTER or BACKUP depending on 
 the type of router
 Implement the virtual_router_id to be passed as a boot parameter to the 
 router
 - it is needed for the keepalived configuration
 
 
 Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
 Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/5303d2a8
 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/5303d2a8
 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/5303d2a8
 
 Branch: refs/heads/feature/systemvm-persistent-config
 Commit: 5303d2a8e4ccd34d518c7e529d3ebd95e2933808
 Parents: cc384ee
 Author: wilderrodrigues wrodrig...@schubergphilis.com
 Authored: Tue Jan 27 14:05:38 2015 +0100
 Committer: wilderrodrigues wrodrig...@schubergphilis.com
 Committed: Wed Feb 4 18:47:09 2015 +0100
 
 --
 .../VirtualNetworkApplianceManagerImpl.java | 22 +---
 .../debian/config/opt/cloud/bin/cs/CsDatabag.py |  7 ++-
 .../config/opt/cloud/bin/cs/CsRedundant.py  |  3 ++-
 .../opt/cloud/templates/keepalived.conf.templ   |  4 ++--
 4 files changed, 24 insertions(+), 12 deletions(-)
 --
 
 
 http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5303d2a8/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
 --
 diff --git 
 a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
  
 b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
 index f0730f5..1c32c7e 100644
 --- 
 a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
 +++ 
 b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
 @@ -1302,23 +1302,24 @@ Configurable, StateListenerState, 
 VirtualMachine.Event, VirtualMachine {
}
}
 
 -protected int getUpdatedPriority(final Network network, final 
 ListDomainRouterVO routers, final DomainRouterVO exclude)
 +protected int getUpdatedPriority(final Network network, final 
 ListDomainRouterVO routers, final DomainRouterVO masterRouter)
throws InsufficientVirtualNetworkCapacityException {
int priority;
if (routers.size() == 0) {
priority = DEFAULT_PRIORITY;
} else {
int maxPriority = 0;
 -for (final DomainRouterVO r : routers) {
 -if (!r.getIsRedundantRouter()) {
 +
 +final DomainRouterVO router0 = routers.get(0);
 +if (router0.getId() == masterRouter.getId()) {
 +if (!router0.getIsRedundantRouter()) {
throw new CloudRuntimeException(Redundant router is 
 mixed with single router in one network!);
}
 -// FIXME Assume the maxPriority one should be running or 
 just
 -// created.
 -if (r.getId() != exclude.getId()  
 _nwHelper.getRealPriority(r)  maxPriority) {
 -maxPriority = _nwHelper.getRealPriority(r);
 -}
 +maxPriority = _nwHelper.getRealPriority(router0);
 +} else {
 +maxPriority = DEFAULT_PRIORITY;
}
 +
if (maxPriority == 0) {
return DEFAULT_PRIORITY;
}
 @@ -1330,6 +1331,7 @@ Configurable, StateListenerState, 
 VirtualMachine.Event, VirtualMachine {
throw new InsufficientVirtualNetworkCapacityException(Too 
 many times fail-over happened! Current maximum priority is too high as  + 
 maxPriority + !,
network.getId());
}
 +
priority = maxPriority - DEFAULT_DELTA + 1;
}
return priority;
 @@ -1589,6 +1591,7 @@ Configurable, StateListenerState, 
 VirtualMachine.Event, VirtualMachine {
final boolean isRedundant = router.getIsRedundantRouter();
if (isRedundant) {
buf.append( redundant_router=1);
 +buf.append( router_id=).append(router.getId());
 
final Long vpcId = router.getVpcId();
final ListDomainRouterVO routers;
 @@ -1599,13 +1602,16 @@ Configurable, StateListenerState, 
 VirtualMachine.Event, VirtualMachine {
}
 
String redundantState = RedundantState.BACKUP.toString();
 +router.setRedundantState(RedundantState.BACKUP);
if (routers.size() == 0) {
redundantState 

RE: VRouter sets the same public IP on 2 interfaces

[Ian Southam]

Have you used the same address range for your public network as your management?

--
Ian

-Original Message-
From: Nux! [mailto:n...@li.nux.ro] 
Sent: dinsdag 19 augustus 2014 14:25
To: dev; us...@cloudstack.apache.org
Subject: Re: VRouter sets the same public IP on 2 interfaces

Right, so the SNAT on the VR is done on eth3 instead of eth2, not sure why this 
is happening. Can't spot anything dodgy in the logs.
Once I remove the SNAT and add it on the eth2 (which has the same IP) then all 
my egress rules start to work again.

I'll try to recreate the zone and hope this glitch goes away.



--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro


- Original Message -
 From: Nux! n...@li.nux.ro
 To: dev dev@cloudstack.apache.org, us...@cloudstack.apache.org
 Sent: Tuesday, 19 August, 2014 12:12:31 PM
 Subject: VRouter sets the same public IP on 2 interfaces
 
 Hi,
 
 I have 4 networks defined (public, guest, storage and mgmt). It looks 
 like the VR sets up two internal NIcs (eth2 and eth3) for connecting 
 to the public network. It also sets the same IP address on them.
 Egress = Allow is also ignored and my VMs can't reach anything.
 
 Has anyone seen this before? I'm on 4.3
 
 Thanks
 
 --
 Sent from the Delta quadrant using Borg technology!
 
 Nux!
 www.nux.ro
 
 

StretchedL2Subnet

[Ian Southam]

Anybody know what this is?

I see our Integration testing (for Nicira) has started failing of late.  We are 
not requesting such a network so I presume a default has changed somewhere?

snip

ERROR: 
test-create-nicira-network-offerings.testNetworkOffering.testCreateNetworkOfferingNiciraL2
--
Traceback (most recent call last):
  File /usr/local/lib/python2.7/site-packages/nose/case.py, line 197, in 
runTest
self.test(*self.arg)
  File /home/jenkins/slave/workspace/team_tkt/Cloudstack Integration 
Testing/build-cloud/scripts/test-create-nicira-network-offerings.py, line 80, 
in testCreateNetworkOfferingNiciraL2
resp = conn.marvinRequest(createNetOff)
  File /usr/local/lib/python2.7/site-packages/marvin/cloudstackConnection.py, 
line 279, in marvinRequest
response = jsonHelper.getResultObj(response.json(), response_type)
  File /usr/local/lib/python2.7/site-packages/marvin/jsonHelper.py, line 148, 
in getResultObj
raise cloudstackException.cloudstackAPIException(respname, errMsg)
cloudstackAPIException: Execute cmd: createnetworkoffering failed, due to: 
errorCode: 431, errorText:Provider: NiciraNvp does not support StretchedL2Subnet
  begin captured stdout  -
DEBUG: sending GET request: createNetworkOffering {'specifyipranges': 'false', 
'serviceproviderlist[2].provider': 'VirtualRouter', 
'serviceproviderlist[5].service': 'Lb', 'displaytext': 'NiciraNvpL2SNAT', 
'serviceproviderlist[0].service': 'UserData', 
'serviceproviderlist[4].provider': 'VirtualRouter', 
'serviceproviderlist[1].provider': 'VirtualRouter', 'availability': 'Optional', 
'conservemode': 'true', 'serviceproviderlist[3].service': 'StaticNat', 
'serviceproviderlist[5].provider': 'VirtualRouter', 
'serviceproviderlist[0].provider': 'VirtualRouter', 'specifyvlan': 'false', 
'serviceproviderlist[8].provider': 'VirtualRouter', 
'serviceproviderlist[9].provider': 'NiciraNvp', 
'serviceproviderlist[1].service': 'Vpn', 'serviceproviderlist[4].service': 
'PortForwarding', 'supportedservices': 
'UserData,Vpn,Dhcp,StaticNat,PortForwarding,Lb,Firewall,Dns,SourceNat,Connectivity',
 'traffictype': 'GUEST', 'serviceproviderlist[6].provider': 'VirtualRouter', 
'serviceproviderlist[8].service': 'SourceNat', 
'serviceproviderlist[3].provider': 'VirtualRouter', 'name': 'NiciraNvpL2SNAT', 
'serviceproviderlist[9].service': 'Connectivity', 'guestiptype': 'Isolated', 
'serviceproviderlist[7].provider': 'VirtualRouter', 
'serviceproviderlist[7].service': 'Dns', 'serviceproviderlist[2].service': 
'Dhcp', 'serviceproviderlist[6].service': 'Firewall'}
DEBUG: Computed Signature by Marvin: uwA97AMbhXAPNjW+vzx90pAZv1M=
DEBUG: Request: 
http://cittapp232:8080/client/api?specifyipranges=falseserviceproviderlist%5B2%5D.provider=VirtualRouterserviceproviderlist%5B5%5D.service=LbapiKey=ZJi1_VqmRIhto3bj9zGlPq9y9ywI15bskwdvIGooKjfppdKk5lQhwVSMPyhs2wDN8o_EK51ePHN8ibzPxXXSTgdisplaytext=NiciraNvpL2SNATserviceproviderlist%5B0%5D.service=UserDataserviceproviderlist%5B4%5D.provider=VirtualRouterserviceproviderlist%5B1%5D.provider=VirtualRouteravailability=Optionalconservemode=trueserviceproviderlist%5B3%5D.service=StaticNatserviceproviderlist%5B5%5D.provider=VirtualRouterresponse=jsonserviceproviderlist%5B0%5D.provider=VirtualRouterspecifyvlan=falseserviceproviderlist%5B8%5D.provider=VirtualRouterserviceproviderlist%5B9%5D.provider=NiciraNvpserviceproviderlist%5B1%5D.service=Vpnserviceproviderlist%5B4%5D.service=PortForwardingsupportedservices=UserData%2CVpn%2CDhcp%2CStaticNat%2CPortForwarding%2CLb%2CFirewall%2CDns%2CSourceNat%2CConnectivitytraffictype=GUESTserviceproviderlist%5B6%5D.provider=VirtualRouterserviceproviderlist%5B8%5D.service=SourceNatserviceproviderlist%5B3%5D.provider=VirtualRoutername=NiciraNvpL2SNATserviceproviderlist%5B9%5D.service=Connectivityguestiptype=Isolatedserviceproviderlist%5B7%5D.provider=VirtualRouterserviceproviderlist%5B7%5D.service=Dnsserviceproviderlist%5B2%5D.service=Dhcpserviceproviderlist%5B6%5D.service=Firewallcommand=createNetworkOfferingsignature=uwA97AMbhXAPNjW%2Bvzx90pAZv1M%3D
 Response: { createnetworkofferingresponse : 
{uuidList:[],errorcode:431,cserrorcode:4350,errortext:Provider: 
NiciraNvp does not support StretchedL2Subnet} }

/snip

--
TIA
Ian

RE: StretchedL2Subnet

[Ian Southam]

Thanks!

-Original Message-
From: murali reddy [mailto:muralimmre...@gmail.com] 
Sent: dinsdag 6 mei 2014 14:11
To: dev@cloudstack.apache.org
Subject: Re: StretchedL2Subnet

On Tue, May 6, 2014 at 5:30 PM, Ian Southam isout...@schubergphilis.comwrote:

 Anybody know what this is?

 I see our Integration testing (for Nicira) has started failing of late.
  We are not requesting such a network so I presume a default has 
 changed somewhere?


I added this as capability to 'Connectivity' service providers. This should not 
be affecting default behaviour. Let me check on this,



 snip

 ERROR:
 test-create-nicira-network-offerings.testNetworkOffering.testCreateNet
 workOfferingNiciraL2
 --
 Traceback (most recent call last):
   File /usr/local/lib/python2.7/site-packages/nose/case.py, line 
 197, in runTest
 self.test(*self.arg)
   File /home/jenkins/slave/workspace/team_tkt/Cloudstack Integration 
 Testing/build-cloud/scripts/test-create-nicira-network-offerings.py, 
 line 80, in testCreateNetworkOfferingNiciraL2
 resp = conn.marvinRequest(createNetOff)
   File
 /usr/local/lib/python2.7/site-packages/marvin/cloudstackConnection.py
 ,
 line 279, in marvinRequest
 response = jsonHelper.getResultObj(response.json(), response_type)
   File /usr/local/lib/python2.7/site-packages/marvin/jsonHelper.py, 
 line 148, in getResultObj
 raise cloudstackException.cloudstackAPIException(respname, errMsg)
 cloudstackAPIException: Execute cmd: createnetworkoffering failed, due to:
 errorCode: 431, errorText:Provider: NiciraNvp does not support 
 StretchedL2Subnet
   begin captured stdout  -
 DEBUG: sending GET request: createNetworkOffering {'specifyipranges':
 'false', 'serviceproviderlist[2].provider': 'VirtualRouter',
 'serviceproviderlist[5].service': 'Lb', 'displaytext': 
 'NiciraNvpL2SNAT',
 'serviceproviderlist[0].service': 'UserData',
 'serviceproviderlist[4].provider': 'VirtualRouter',
 'serviceproviderlist[1].provider': 'VirtualRouter', 'availability':
 'Optional', 'conservemode': 'true', 'serviceproviderlist[3].service':
 'StaticNat', 'serviceproviderlist[5].provider': 'VirtualRouter',
 'serviceproviderlist[0].provider': 'VirtualRouter', 'specifyvlan': 
 'false',
 'serviceproviderlist[8].provider': 'VirtualRouter',
 'serviceproviderlist[9].provider': 'NiciraNvp',
 'serviceproviderlist[1].service': 'Vpn', 'serviceproviderlist[4].service':
 'PortForwarding', 'supportedservices':
 'UserData,Vpn,Dhcp,StaticNat,PortForwarding,Lb,Firewall,Dns,SourceNat,
 Connectivity',
 'traffictype': 'GUEST', 'serviceproviderlist[6].provider': 
 'VirtualRouter',
 'serviceproviderlist[8].service': 'SourceNat',
 'serviceproviderlist[3].provider': 'VirtualRouter', 'name':
 'NiciraNvpL2SNAT', 'serviceproviderlist[9].service': 'Connectivity',
 'guestiptype': 'Isolated', 'serviceproviderlist[7].provider':
 'VirtualRouter', 'serviceproviderlist[7].service': 'Dns',
 'serviceproviderlist[2].service': 'Dhcp', 'serviceproviderlist[6].service':
 'Firewall'}
 DEBUG: Computed Signature by Marvin: uwA97AMbhXAPNjW+vzx90pAZv1M=
 DEBUG: Request:
 http://cittapp232:8080/client/api?specifyipranges=falseserviceproviderlist%5B2%5D.provider=VirtualRouterserviceproviderlist%5B5%5D.service=LbapiKey=ZJi1_VqmRIhto3bj9zGlPq9y9ywI15bskwdvIGooKjfppdKk5lQhwVSMPyhs2wDN8o_EK51ePHN8ibzPxXXSTgdisplaytext=NiciraNvpL2SNATserviceproviderlist%5B0%5D.service=UserDataserviceproviderlist%5B4%5D.provider=VirtualRouterserviceproviderlist%5B1%5D.provider=VirtualRouteravailability=Optionalconservemode=trueserviceproviderlist%5B3%5D.service=StaticNatserviceproviderlist%5B5%5D.provider=VirtualRouterresponse=jsonserviceproviderlist%5B0%5D.provider=VirtualRouterspecifyvlan=falseserviceproviderlist%5B8%5D.provider=VirtualRouterserviceproviderlist%5B9%5D.provider=NiciraNvpserviceproviderlist%5B1%5D.service=Vpnserviceproviderlist%5B4%5D.service=PortForwardingsupportedservices=UserData%2CVpn%2CDhcp%2CStaticNat%2CPortForwarding%2CLb%2CFirewall%2CDns%2CSourceNat%2CConnectivitytraffictype=GUESTserviceproviderlist%5B6%5D.provider=VirtualRouterserviceproviderlist%5B8%5D.service=SourceNatserviceproviderlist%5B3%5D.provider=VirtualRoutername=NiciraNvpL2SNATserviceproviderlist%5B9%5D.service=Connectivityguestiptype=Isolatedserviceproviderlist%5B7%5D.provider=VirtualRouterserviceproviderlist%5B7%5D.service=Dnsserviceproviderlist%5B2%5D.service=Dhcpserviceproviderlist%5B6%5D.service=Firewallcommand=createNetworkOfferingsignature=uwA97AMbhXAPNjW%2Bvzx90pAZv1M%3DResponse:
  { createnetworkofferingresponse :
 {uuidList:[],errorcode:431,cserrorcode:4350,errortext:Provider:
 NiciraNvp does not support StretchedL2Subnet} }

 /snip

 --
 TIA
 Ian

RE: Coding Standards Questions

[Ian Southam]

Hi,

It is all a question of good computer science.  A return can easily become a 
sneaky goto so, it does makes sense to avoid dotting them all over methods 
because it can (and often does) indicate that the code is poorly structured.

That said, use common sense.  Making code less readable or unnecessarily 
complex makes it more difficult to maintain and that, is also bad from a 
computer science POV.

From Stephen's example

public int getNumberOfWidgets(Foo input) {
if (input == null)
  return -1;

int ret;
// 30 lines of computation
return ret;
}

It is also possible to do somethinglike

public int getNumberOfWidgets(Foo input) {
if (input == null)
  return -1;
  else
 return doMainProcessing(...)
}

Int doMainProcessing() {
int ret;
// 30 lines of computation
return ret;
}

This can avoid the need for everything being nested in an (ugly) if not null 
condition.

It is also probably a good idea to consider whether it is reasonable that input 
is null.  Avoiding exceptions is a good thing, returning junk that does more 
damage than an exception is a bad thing (tm).

--
Grts!
Ian

-Original Message-
From: Gabor Apati-Nagy [mailto:gabor.apati-n...@citrix.com] 
Sent: maandag 14 april 2014 12:59
To: dev@cloudstack.apache.org
Subject: RE: Coding Standards Questions

To my mind having multiple return statements might be unclear sometimes, but 
personally I do prefer this option. In this case we can easily make sure that 
the return value is not going to be changed. If we know the result, let's 
return it asap. If we reach a return statement anywhere, we can be sure that 
the right value is returned there is no need to double check further code in 
the method (except when exception can be raised by the return itself).

If we had only one return at the end of the method, it almost always adds more 
complexity (needs if/else blocks, maybe nested ones..., breaks for loops) The 
compiler checks for code paths that do not return before reaching the end of 
the method, this check is almost useless if we have one return at the end of 
the method.

Regards,
Gabor


-Original Message-
From: Stephen Turner [mailto:stephen.tur...@citrix.com] 
Sent: 14 April 2014 10:35
To: dev@cloudstack.apache.org
Subject: RE: Coding Standards Questions

I agree that pulling the return value out into a variable and returning it at 
the end can be clearer, but I wouldn't want to make an absolute rule about it. 
Sometimes returning early can reduce the number of nested if/else statements 
and increase clarity. For example, I would rather see:

public int getNumberOfWidgets(Foo input) {
if (input == null)
  return -1;

int ret;
// 30 lines of computation
return ret;
}

than put the bulk of the function in an else block. But maybe others disagree?

-- 
Stephen Turner


-Original Message-
From: Alex Hitchins [mailto:a...@alexhitchins.com] 
Sent: 11 April 2014 21:45
To: dev@cloudstack.apache.org
Subject: RE: Coding Standards Questions

Daan,

Are you referring to keeping line lengths up to 80 characters? Sorry - tired 
eyes.

My thoughts were more that in a function there should only be one return
statement rather than many, all nested in layers of if/else statements.


Alex Hitchins | 07788 423 969 | 01892 523 587
-

-Original Message-
From: Daan Hoogland [mailto:daan.hoogl...@gmail.com]
Sent: 11 April 2014 18:30
To: dev
Subject: Re: Coding Standards Questions

H Alex,

I agree with you that would be nicer if your function fits in a screen.
Another coding convention we should adhere to. As it is I think it not so much 
'not a major concern' as too much to ask for.
Feel free to refactor and submit patches;)

Daan

On Fri, Apr 11, 2014 at 9:54 AM, Alex Hitchins a...@alexhitchins.com
wrote:
 All,



 As I've been looking through the code, I've seen a fair number of 
 places where return statements are called within if statements and the 
 like. I've always found that having one place to return is easier to 
 debug and follow the code flow.



 Are there any guidelines on this? Or is it not a major concern?



 Thanks,



 Alex







 Alex Hitchins

 --

 E: a...@alexhitchins.com

 W: alexhitchins.com

 M: 07788 423 969

 T: 01892 523 587






--
Daan

Review Request 18115: Eliminated findbugs findings in rdp console proxy (useless assignment to local variable)

[Ian Southam]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/18115/
---

Review request for cloudstack, daan Hoogland and Hugo Trippaers.


Repository: cloudstack-git


Description
---

Part of a small project te eliminate bugs from cloudstack.
Includes a basic unit test


Diffs
-

  
services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxyRdpClient.java
 7d49b19 
  
services/console-proxy/server/test/com/cloud/consoleproxy/ConsoleProxyRdpClientTest.java
 PRE-CREATION 

Diff: https://reviews.apache.org/r/18115/diff/


Testing
---


Thanks,

Ian Southam

Review Request 18116: Fix and test GroupBy SQL query creation

[Ian Southam]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/18116/
---

Review request for cloudstack, daan Hoogland and Hugo Trippaers.


Repository: cloudstack-git


Description
---

Findbugs finding fixed.

Incorrect String comparison (==)

Uncludes Unit Test (with thanks to Antonio)


Diffs
-

  framework/db/src/com/cloud/utils/db/GroupBy.java 716b585 
  framework/db/src/com/cloud/utils/db/SearchBase.java 3f123be 
  framework/db/test/com/cloud/utils/db/GroupByTest.java PRE-CREATION 
  
plugins/affinity-group-processors/explicit-dedication/src/org/apache/cloudstack/affinity/ExplicitDedicationProcessor.java
 8c253ee 
  
plugins/dedicated-resources/src/org/apache/cloudstack/dedicated/DedicatedResourceManagerImpl.java
 b82b361 
  plugins/network-elements/ovs/src/com/cloud/network/element/OvsElement.java 
ea46f93 
  
plugins/network-elements/ovs/src/com/cloud/network/guru/OvsGuestNetworkGuru.java
 6aacbb2 
  plugins/network-elements/ovs/src/com/cloud/network/ovs/OvsTunnelManager.java 
eaf2d66 
  
plugins/network-elements/ovs/src/com/cloud/network/ovs/OvsTunnelManagerImpl.java
 aa0f42e 
  
plugins/storage/volume/default/src/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackPrimaryDataStoreLifeCycleImpl.java
 37861b4 
  
plugins/storage/volume/default/src/org/apache/cloudstack/storage/datastore/provider/CloudStackPrimaryDataStoreProviderImpl.java
 410416c 
  services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxy.java 
02fda64 
  
services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxyRdpClient.java
 7d49b19 
  
services/console-proxy/server/test/com/cloud/consoleproxy/ConsoleProxyRdpClientTest.java
 PRE-CREATION 

Diff: https://reviews.apache.org/r/18116/diff/


Testing
---


Thanks,

Ian Southam

Re: Review Request 18116: Fix and test GroupBy SQL query creation

[Ian Southam]

 On Feb. 14, 2014, 1:49 p.m., Hugo Trippaers wrote:
  Ian,
  
  Can you upload a single patch file for this change? The current patch 
  consists of several patch files.

Patch has been updated sorry about that, seems my diff went wrong!


- Ian


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/18116/#review34487
---


On Feb. 14, 2014, 12:10 p.m., Ian Southam wrote:
 
 ---
 This is an automatically generated e-mail. To reply, visit:
 https://reviews.apache.org/r/18116/
 ---
 
 (Updated Feb. 14, 2014, 12:10 p.m.)
 
 
 Review request for cloudstack, daan Hoogland and Hugo Trippaers.
 
 
 Repository: cloudstack-git
 
 
 Description
 ---
 
 Findbugs finding fixed.
 
 Incorrect String comparison (==)
 
 Uncludes Unit Test (with thanks to Antonio)
 
 
 Diffs
 -
 
   framework/db/src/com/cloud/utils/db/GroupBy.java 716b585 
   framework/db/src/com/cloud/utils/db/SearchBase.java 3f123be 
   framework/db/test/com/cloud/utils/db/GroupByTest.java PRE-CREATION 
   
 plugins/affinity-group-processors/explicit-dedication/src/org/apache/cloudstack/affinity/ExplicitDedicationProcessor.java
  8c253ee 
   
 plugins/dedicated-resources/src/org/apache/cloudstack/dedicated/DedicatedResourceManagerImpl.java
  b82b361 
   plugins/network-elements/ovs/src/com/cloud/network/element/OvsElement.java 
 ea46f93 
   
 plugins/network-elements/ovs/src/com/cloud/network/guru/OvsGuestNetworkGuru.java
  6aacbb2 
   
 plugins/network-elements/ovs/src/com/cloud/network/ovs/OvsTunnelManager.java 
 eaf2d66 
   
 plugins/network-elements/ovs/src/com/cloud/network/ovs/OvsTunnelManagerImpl.java
  aa0f42e 
   
 plugins/storage/volume/default/src/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackPrimaryDataStoreLifeCycleImpl.java
  37861b4 
   
 plugins/storage/volume/default/src/org/apache/cloudstack/storage/datastore/provider/CloudStackPrimaryDataStoreProviderImpl.java
  410416c 
   services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxy.java 
 02fda64 
   
 services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxyRdpClient.java
  7d49b19 
   
 services/console-proxy/server/test/com/cloud/consoleproxy/ConsoleProxyRdpClientTest.java
  PRE-CREATION 
 
 Diff: https://reviews.apache.org/r/18116/diff/
 
 
 Testing
 ---
 
 
 Thanks,
 
 Ian Southam
 

Re: Review Request 18116: Fix and test GroupBy SQL query creation

[Ian Southam]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/18116/
---

(Updated Feb. 14, 2014, 2:10 p.m.)


Review request for cloudstack, daan Hoogland and Hugo Trippaers.


Changes
---

First patch file contained incorrect patch


Repository: cloudstack-git


Description
---

Findbugs finding fixed.

Incorrect String comparison (==)

Uncludes Unit Test (with thanks to Antonio)


Diffs (updated)
-

  framework/db/src/com/cloud/utils/db/GroupBy.java 716b585 
  framework/db/src/com/cloud/utils/db/SearchBase.java 3f123be 
  framework/db/test/com/cloud/utils/db/GroupByTest.java PRE-CREATION 

Diff: https://reviews.apache.org/r/18116/diff/


Testing
---


Thanks,

Ian Southam

Review Request 17748: Solve fixBugs finding

[Ian Southam]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/17748/
---

Review request for cloudstack and daan Hoogland.


Repository: cloudstack-git


Description
---

fixBugs raised this as a scariest category bug.

Equals is breaking its contract by comparing (potentially) unequal objects.

(In the end, The helper class is referenced in spring and being used) 


Diffs
-

  
engine/storage/src/org/apache/cloudstack/storage/image/format/ImageFormatHelper.java
 9523d24 

Diff: https://reviews.apache.org/r/17748/diff/


Testing
---


Thanks,

Ian Southam

Review Request 16858: Looking for keystore template in incorrect location

[Ian Southam]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/16858/
---

Review request for cloudstack and Hugo Trippaers.


Repository: cloudstack-git


Description
---

Breaks build with

EVERE: Exception sending context initialized event to listener instance of 
class org.apache.cloudstack.spring.module.web.CloudStackContextLoaderListener
org.springframework.beans.factory.BeanCreationException: Error creating bean 
with name 'org.apache.cloudstack.spring.lifecycle.ConfigDepotLifeCycle#0': 
Injection of autowired dependencies failed; nested exception is 
org.springframework.beans.factory.BeanCreationException: Could not autowire 
field: org.apache.cloudstack.framework.config.ConfigDepotAdmin 
org.apache.cloudstack.spring.lifecycle.ConfigDepotLifeCycle.configDepotAdmin; 
nested exception is 
org.springframework.beans.factory.CannotLoadBeanClassException: Cannot find 
class [com.cloud.keystore.KeystoreManagerImpl] for bean with name 
'keystoreManagerImpl' defined in URL 
[jar:file:/usr/share/cloudstack-management/webapps/client/WEB-INF/lib/cloud-server-4.4.0-SNAPSHOT.jar!/META-INF/cloudstack/core/spring-server-core-managers-context.xml];
 nested exception is java.lang.ClassNotFoundException: 
com.cloud.keystore.KeystoreManagerImpl


Diffs
-

  
server/resources/META-INF/cloudstack/core/spring-server-core-managers-context.xml
 d4ee85e 

Diff: https://reviews.apache.org/r/16858/diff/


Testing
---


Thanks,

Ian Southam

Review Request 16647: Install fails through duplicate column add

[Ian Southam]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/16647/
---

Review request for cloudstack and Hugo Trippaers.


Repository: cloudstack-git


Description
---

ADD COLUMN `is_exclusive_gslb_provider` is duplicated in the schema upgrade 
script schema-421to430.sql.

This causes installation and upgrades to fail

The patch removes the duplicate line


Diffs
-

  setup/db/db/schema-421to430.sql b7b1b2b 

Diff: https://reviews.apache.org/r/16647/diff/


Testing
---

Script no longer fails


Thanks,

Ian Southam

Re: Review Request 16647: Install fails through duplicate column add

[Ian Southam]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/16647/#review31237
---

Ship it!


Ship It!

- Ian Southam


On Jan. 6, 2014, 1:08 p.m., Ian Southam wrote:
 
 ---
 This is an automatically generated e-mail. To reply, visit:
 https://reviews.apache.org/r/16647/
 ---
 
 (Updated Jan. 6, 2014, 1:08 p.m.)
 
 
 Review request for cloudstack and Hugo Trippaers.
 
 
 Repository: cloudstack-git
 
 
 Description
 ---
 
 ADD COLUMN `is_exclusive_gslb_provider` is duplicated in the schema upgrade 
 script schema-421to430.sql.
 
 This causes installation and upgrades to fail
 
 The patch removes the duplicate line
 
 
 Diffs
 -
 
   setup/db/db/schema-421to430.sql b7b1b2b 
 
 Diff: https://reviews.apache.org/r/16647/diff/
 
 
 Testing
 ---
 
 Script no longer fails
 
 
 Thanks,
 
 Ian Southam