[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-02-14 Thread swill 
Github user swill commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
thank you sir.  :)


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-02-14 Thread rhtyd 
Github user rhtyd commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
Thanks @swill @jayapalu for the work. I'll build a new systemvmtemplate to 
use with upcoming Trilian tests on master/4.10+.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-02-14 Thread karuturi 
Github user karuturi commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
It has required LGTMs and tests. I am merging this.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-02-14 Thread swill 
Github user swill commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
@deepthimachiraju remember that you need a new system vm built from this PR 
for this functionality to work. 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-02-13 Thread deepthimachiraju 
Github user deepthimachiraju commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
@swill  Would do some basic testing of the PR and update the results.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-02-10 Thread swill 
Github user swill commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
Here is another set of tests run to validate all the settings (in addition 
to the normal tests).

```

++++---+---+--+--+---+-++
| Status | IKE| ESP| DPD   | Encap 
| IKE Life | ESP Life | Passive   | Conn State  | Requires 
Reset |

++++===+===+==+==+===+=++
| OK | aes128-sha1;modp1536   | aes128-sha1;modp1536   | True  | False 
| 86400| 3600 | True : False  | Disconnected : Connected| True : 
False   |

++++---+---+--+--+---+-++
| OK | aes128-sha1;modp1536   | aes128-sha1;modp1536   | True  | True  
| 86400| 3600 | True : False  | Disconnected : Connected| False : 
False  |

++++---+---+--+--+---+-++
| OK | aes128-sha1;modp1536   | aes128-sha1;modp1536   | True  | False 
|  | 3600 | True : False  | Disconnected : Connected| False : 
False  |

++++---+---+--+--+---+-++
| OK | aes128-sha1;modp1536   | aes128-sha1;modp1536   | True  | False 
| 86400|  | True : False  | Disconnected : Connected| False : 
False  |

++++---+---+--+--+---+-++
| OK | aes128-sha1;modp1536   | aes128-sha1;modp1536   | True  | False 
|  |  | True : False  | Disconnected : Connected| False : 
False  |

++++---+---+--+--+---+-++
| OK | aes128-sha1;modp1536   | aes128-sha1;modp1536   | True  | False 
| 86400| 3600 | False : False | Connected : Connected   | False : 
False  |

++++---+---+--+--+---+-++
| OK | aes128-sha1;modp1536   | aes128-sha1;modp1536   | True  | False 
| 86400| 3600 | True : True   | Disconnected : Disconnected | False : 
False  |

++++---+---+--+--+---+-++
| OK | aes128-sha1;modp1536   | aes128-sha1;modp1536   | True  | False 
| 86400| 3600 | False : True  | Connected : Disconnected| False : 
False  |

++++---+---+--+--+---+-++
| OK | aes128-sha1;modp1536   | aes128-sha1;modp1536   | False | False 
| 86400| 3600 | False : False | Connected : Connected   | False : 
False  |

++++---+---+--+--+---+-++
| OK | aes128-sha1;modp1536   | aes128-sha1;modp1536   | False | False 
| 86400| 3600 | True : False  | Disconnected : Connected| False : 
False  |

++++---+---+--+--+---+-++
| OK | aes128-sha1;modp1536   | aes128-sha1;modp1536   | False | False 
| 86400| 3600 | True : True   | Disconnected : Disconnected | False : 
False  |

++++---+---+--+--+---+-++
| OK | aes128-sha1;modp1536   | aes128-sha1;modp1536   | False | False 
| 86400| 3600 | False : True  | Connected : Disconnected| False : 
False  |

++++---+---+--+--+---+-++
| OK | aes128-sha1;modp1536   | aes128-sha1| True  | False 
| 86400| 3600 | True : False  | Disconnected : Connected| False : 
False  |

Re: [GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-02-10 Thread Rajani Karuturi 
I planning to create first RC end of feb(in 20 days).

~ Rajani

http://cloudplatform.accelerite.com/

On February 10, 2017 at 2:24 PM, Daan Hoogland
(daan.hoogl...@shapeblue.com) wrote:

sorry to keep you guys waiting, I am struggling my way back in
and am working on this (and a lot) will keep you posted. @Rajani,
what is the ETA that I must meet to get this in 4.10?

daan.hoogl...@shapeblue.com
www.shapeblue.com ( http://www.shapeblue.com )
53 Chandos Place, Covent Garden, Utrecht Utrecht 3531
VENetherlands
@shapeblue

-Original Message-
From: jayapalu [mailto:g...@git.apache.org]
Sent: vrijdag 10 februari 2017 09:27
To: dev@cloudstack.apache.org
Subject: [GitHub] cloudstack issue #1741: Updated StrongSwan VPN
Implementation

Github user jayapalu commented on the issue:

https://github.com/apache/cloudstack/pull/1741

@swill I have tested this PR with systemvm template with
strongswan installed long back. The s2s vpn worked fine.
LGTM from my side.

---
If your project is set up for it, you can reply to this email
and have your reply appear on GitHub as well. If your project
does not have this feature enabled and wishes so, or if the
feature is enabled but not working, please contact infrastructure
at infrastruct...@apache.org or file a JIRA ticket with INFRA.
---

RE: [GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-02-10 Thread Daan Hoogland 
sorry to keep you guys waiting, I am struggling my way back in and am working 
on this (and a lot) will keep you posted. @Rajani, what is the ETA that I must 
meet to get this in 4.10?

daan.hoogl...@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, Utrecht Utrecht 3531 VENetherlands
@shapeblue
  
 


-Original Message-
From: jayapalu [mailto:g...@git.apache.org] 
Sent: vrijdag 10 februari 2017 09:27
To: dev@cloudstack.apache.org
Subject: [GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

Github user jayapalu commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
@swill I have tested this PR with  systemvm template with strongswan 
installed long back. The s2s vpn worked fine. 
LGTM from my side.


---
If your project is set up for it, you can reply to this email and have your 
reply appear on GitHub as well. If your project does not have this feature 
enabled and wishes so, or if the feature is enabled but not working, please 
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with 
INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-02-10 Thread jayapalu 
Github user jayapalu commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
@swill I have tested this PR with  systemvm template with strongswan 
installed long back. The s2s vpn worked fine. 
LGTM from my side.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-02-09 Thread swill 
Github user swill commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
@DaanHoogland: yes, I want it run in Trillian, but my understanding is that 
manual steps need to be taken in the test setup for Trillian in order to first 
build the SystemVM from this PR and then use that SystemVM in the Trillian test 
run.  That has not been done, and any test done by Trillian without that done 
is not a valid test of the PR.  Make sense?  

So yes, I would like to have this run against Trillian, but it is only 
valid if the run includes the SystemVM from this PR.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-02-09 Thread DaanHoogland 
Github user DaanHoogland commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
@swill I know and work needs done. On the other hand, you mentioned you
wanted to see this run in trillian. You still want that? Else I will skip
and just review the code tomorrow.

Biligual auto correct use.  Read at your own risico

On 9 Feb 2017 6:29 pm, "Will Stevens"  wrote:

> @DaanHoogland  did you make the test run
> in Trillian install a SystemVM built from this PR? If you didn't it won't
> actually be a valid test run...
>
> —
> You are receiving this because you were mentioned.
> Reply to this email directly, view it on GitHub
> ,
> or mute the thread
> 

> .
>



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-02-09 Thread swill 
Github user swill commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
@DaanHoogland did you make the test run in Trillian install a SystemVM 
built from this PR?  If you didn't it won't actually be a valid test run...


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-02-09 Thread DaanHoogland 
Github user DaanHoogland commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
I started a build yesterday but am not at my computer today. I'll look at
the results later.

Biligual auto correct use.  Read at your own risico

On 8 Feb 2017 4:58 pm, "Will Stevens"  wrote:

> @DaanHoogland  I don't think this will
> work. I think you have to manually specify a SystemVM template built from
> this PR in order for the tests to work. I don't think a SystemVM from this
> PR is used by default.
>
> —
> You are receiving this because you were mentioned.
> Reply to this email directly, view it on GitHub
> ,
> or mute the thread
> 

> .
>



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-02-09 Thread swill 
Github user swill commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
Here is the CI run for this PR using my KVM Bubble environment.  This CI 
run is using a SystemVM built from this PR branch (required for a valid test) 
and since we have not been able to do that with Trillian (so far), only my CI 
runs are actually testing this functionality correctly (so far).

The failures listed are not associated with my PR.  Historically, I have 
had some trouble with consistency with connectivity inside a bubble CI run, so 
it is possible that could be coming into play as well.

I think this PR is ready.  We have been running this PR in production for 
two months now and it fixes a lot of problems.  Can I please get some LGTM on 
this so we can get it into 4.10?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-02-09 Thread swill 
Github user swill commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  


### CI RESULTS

```
Tests Run: 87
  Skipped: 1
   Failed: 4
   Errors: 0
 Duration: 9h 13m 51s
```

**Summary of the problem(s):**
```
FAIL: Create a redundant VPC with 1 Tier, 1 VM, 1 ACL, 1 PF and test 
Network GC Nics
--
Traceback (most recent call last):
  File 
"/data/git/cs1/cloudstack/test/integration/smoke/test_vpc_redundant.py", line 
635, in test_04_rvpc_network_garbage_collector_nics
self.do_vpc_test(False)
  File 
"/data/git/cs1/cloudstack/test/integration/smoke/test_vpc_redundant.py", line 
727, in do_vpc_test
self.check_ssh_into_vm(vm.get_vm(), vm.get_ip(), expectFail=expectFail, 
retries=retries)
  File 
"/data/git/cs1/cloudstack/test/integration/smoke/test_vpc_redundant.py", line 
571, in check_ssh_into_vm
self.fail("Failed to SSH into VM - %s" % 
(public_ip.ipaddress.ipaddress))
AssertionError: Failed to SSH into VM - 192.168.23.5
--
Additional details in: /tmp/MarvinLogs/test_network_23KW40/results.txt
```

```
FAIL: test_02_vpc_privategw_static_routes 
(integration.smoke.test_privategw_acl.TestPrivateGwACL)
--
Traceback (most recent call last):
  File 
"/data/git/cs1/cloudstack/test/integration/smoke/test_privategw_acl.py", line 
271, in test_02_vpc_privategw_static_routes
self.performVPCTests(vpc_off)
  File 
"/data/git/cs1/cloudstack/test/integration/smoke/test_privategw_acl.py", line 
362, in performVPCTests
self.check_pvt_gw_connectivity(vm1, public_ip_1, [vm2.nic[0].ipaddress, 
vm1.nic[0].ipaddress])
  File 
"/data/git/cs1/cloudstack/test/integration/smoke/test_privategw_acl.py", line 
724, in check_pvt_gw_connectivity
"Ping to VM on Network Tier N from VM in Network Tier A should be 
successful at least for 2 out of 3 VMs"
AssertionError: Ping to VM on Network Tier N from VM in Network Tier A 
should be successful at least for 2 out of 3 VMs
--
Additional details in: /tmp/MarvinLogs/test_network_23KW40/results.txt
```

```
FAIL: test_03_vpc_privategw_restart_vpc_cleanup 
(integration.smoke.test_privategw_acl.TestPrivateGwACL)
--
Traceback (most recent call last):
  File 
"/data/git/cs1/cloudstack/test/integration/smoke/test_privategw_acl.py", line 
283, in test_03_vpc_privategw_restart_vpc_cleanup
self.performVPCTests(vpc_off, restart_with_cleanup = True)
  File 
"/data/git/cs1/cloudstack/test/integration/smoke/test_privategw_acl.py", line 
362, in performVPCTests
self.check_pvt_gw_connectivity(vm1, public_ip_1, [vm2.nic[0].ipaddress, 
vm1.nic[0].ipaddress])
  File 
"/data/git/cs1/cloudstack/test/integration/smoke/test_privategw_acl.py", line 
724, in check_pvt_gw_connectivity
"Ping to VM on Network Tier N from VM in Network Tier A should be 
successful at least for 2 out of 3 VMs"
AssertionError: Ping to VM on Network Tier N from VM in Network Tier A 
should be successful at least for 2 out of 3 VMs
--
Additional details in: /tmp/MarvinLogs/test_network_23KW40/results.txt
```

```
FAIL: test_04_rvpc_privategw_static_routes 
(integration.smoke.test_privategw_acl.TestPrivateGwACL)
--
Traceback (most recent call last):
  File 
"/data/git/cs1/cloudstack/test/integration/smoke/test_privategw_acl.py", line 
295, in test_04_rvpc_privategw_static_routes
self.performVPCTests(vpc_off)
  File 
"/data/git/cs1/cloudstack/test/integration/smoke/test_privategw_acl.py", line 
362, in performVPCTests
self.check_pvt_gw_connectivity(vm1, public_ip_1, [vm2.nic[0].ipaddress, 
vm1.nic[0].ipaddress])
  File 
"/data/git/cs1/cloudstack/test/integration/smoke/test_privategw_acl.py", line 
724, in check_pvt_gw_connectivity
"Ping to VM on Network Tier N from VM in Network Tier A should be 
successful at least for 2 out of 3 VMs"
AssertionError: Ping to VM on Network Tier N from VM in Network Tier A 
should be successful at least for 2 out of 3 VMs
--
Additional details in: /tmp/MarvinLogs/test_network_23KW40/results.txt
```



**Associated Uploads**

**`/tmp/MarvinLogs/DeployDataCenter__Feb_08_2017_21_26_59_GVX6SA:`**
*

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-02-08 Thread swill 
Github user swill commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
@DaanHoogland I don't think this will work.  I think you have to manually 
specify a SystemVM template built from this PR in order for the tests to work.  
I don't think a SystemVM from this PR is used by default.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-02-08 Thread blueorangutan 
Github user blueorangutan commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
@DaanHoogland a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has 
been kicked to run smoke tests


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-02-08 Thread DaanHoogland 
Github user DaanHoogland commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
@blueorangutan test


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-02-07 Thread blueorangutan 
Github user blueorangutan commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
Packaging result: ✔centos6 ✔centos7 ✔debian. JID-474


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-02-07 Thread blueorangutan 
Github user blueorangutan commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
@DaanHoogland a Jenkins job has been kicked to build packages. I'll keep 
you posted as I make progress.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-02-07 Thread DaanHoogland 
Github user DaanHoogland commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
@blueorangutan package


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-02-06 Thread swill 
Github user swill commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
@borisstoyanov thanks.  Yes, that explains why there are failures.  When I 
ran my tests, I did it with a system VM built from this PR: 
https://github.com/apache/cloudstack/pull/1741#issuecomment-273827361

Is it possible to manually build the system VM template and specify it when 
testing with Trillian.  I can see if I can build and expose publicly templates 
for Xen and KVM if that helps.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-02-06 Thread borisstoyanov 
Github user borisstoyanov commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
@swill blueorangutan package builds a yum repo from the PR, but it doesn't 
build new system vms, we'll need to build them manually, build an env with the 
packages, update the ssvm and kick the tests manually AFAIK. 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-02-02 Thread swill 
Github user swill commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
Rebased against current master to try to fix new issues with tomcat.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-02-02 Thread swill 
Github user swill commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
I am curious.  For the Trillian tests, is a new SystemVM being being built 
with this PR and that system VM is being used for the test?  This PR requires a 
new system VM template, so if that is not being deployed, then there is no way 
the tests would pass.  Let me know...


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Re: [GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-01-31 Thread Will Stevens 
Sorry, been swamped. I need to fix our Jenkins to support Java 8 to be able
to continue validation on Java 8.

On Jan 31, 2017 1:48 AM, "rhtyd"  wrote:

> Github user rhtyd commented on the issue:
>
> https://github.com/apache/cloudstack/pull/1741
>
> Ping, update on this?
>
>
> ---
> If your project is set up for it, you can reply to this email and have your
> reply appear on GitHub as well. If your project does not have this feature
> enabled and wishes so, or if the feature is enabled but not working, please
> contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
> with INFRA.
> ---
>

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-01-30 Thread rhtyd 
Github user rhtyd commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
Ping, update on this? 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-01-26 Thread swill 
Github user swill commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
Thanks @PaulAngus.  I have been side tracked recently.  I need to get our 
Jenkins fixed to be able to build with Java 8 to be able to test the latest 
rebase to see if anything changed due to that rebase.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-01-25 Thread PaulAngus 
Github user PaulAngus commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
I ran the failing test suite against 4.9.2 - and everything passed
Test Site 2 Site VPN Across redundant VPCs ... === TestName: 
test_01_redundant_vpc_site2site_vpn | Status : SUCCESS ===
ok
Test Remote Access VPN in VPC ... === TestName: 
test_01_vpc_remote_access_vpn | Status : SUCCESS ===
ok
Test Site 2 Site VPN Across VPCs ... === TestName: 
test_01_vpc_site2site_vpn | Status : SUCCESS ===
ok
--
Ran 3 tests in 747.901s
OK

so the failures appear to be due to the changes in the PR


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-01-24 Thread blueorangutan 
Github user blueorangutan commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
Trillian test result (tid-785)
Environment: kvm-centos7 (x1), Advanced Networking with Mgmt server 7
Total time taken: 34369 seconds
Marvin logs: 
https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr1741-t785-kvm-centos7.zip
Intermitten failure detected: 
/marvin/tests/smoke/test_affinity_groups_projects.py
Intermitten failure detected: /marvin/tests/smoke/test_affinity_groups.py
Intermitten failure detected: /marvin/tests/smoke/test_privategw_acl.py
Intermitten failure detected: 
/marvin/tests/smoke/test_routers_network_ops.py
Intermitten failure detected: /marvin/tests/smoke/test_vpc_redundant.py
Intermitten failure detected: /marvin/tests/smoke/test_vpc_vpn.py
Test completed. 45 look ok, 4 have error(s)


Test | Result | Time (s) | Test File
--- | --- | --- | ---
test_01_vpc_site2site_vpn | `Failure` | 155.41 | test_vpc_vpn.py
test_01_redundant_vpc_site2site_vpn | `Failure` | 220.58 | test_vpc_vpn.py
test_02_redundant_VPC_default_routes | `Failure` | 848.90 | 
test_vpc_redundant.py
test_04_rvpc_privategw_static_routes | `Failure` | 300.60 | 
test_privategw_acl.py
test_DeployVmAntiAffinityGroup | `Error` | 70.93 | test_affinity_groups.py
test_01_vpc_remote_access_vpn | Success | 61.06 | test_vpc_vpn.py
test_02_VPC_default_routes | Success | 272.13 | test_vpc_router_nics.py
test_01_VPC_nics_after_destroy | Success | 455.18 | test_vpc_router_nics.py
test_05_rvpc_multi_tiers | Success | 480.53 | test_vpc_redundant.py
test_04_rvpc_network_garbage_collector_nics | Success | 1387.47 | 
test_vpc_redundant.py
test_03_create_redundant_VPC_1tier_2VMs_2IPs_2PF_ACL_reboot_routers | 
Success | 527.99 | test_vpc_redundant.py
test_01_create_redundant_VPC_2tiers_4VMs_4IPs_4PF_ACL | Success | 1268.53 | 
test_vpc_redundant.py
test_09_delete_detached_volume | Success | 156.69 | test_volumes.py
test_08_resize_volume | Success | 151.38 | test_volumes.py
test_07_resize_fail | Success | 156.50 | test_volumes.py
test_06_download_detached_volume | Success | 156.33 | test_volumes.py
test_05_detach_volume | Success | 145.76 | test_volumes.py
test_04_delete_attached_volume | Success | 146.24 | test_volumes.py
test_03_download_attached_volume | Success | 151.29 | test_volumes.py
test_02_attach_volume | Success | 89.09 | test_volumes.py
test_01_create_volume | Success | 620.84 | test_volumes.py
test_deploy_vm_multiple | Success | 252.72 | test_vm_life_cycle.py
test_deploy_vm | Success | 0.03 | test_vm_life_cycle.py
test_advZoneVirtualRouter | Success | 0.02 | test_vm_life_cycle.py
test_10_attachAndDetach_iso | Success | 26.71 | test_vm_life_cycle.py
test_09_expunge_vm | Success | 125.17 | test_vm_life_cycle.py
test_07_restore_vm | Success | 0.13 | test_vm_life_cycle.py
test_06_destroy_vm | Success | 125.85 | test_vm_life_cycle.py
test_03_reboot_vm | Success | 125.87 | test_vm_life_cycle.py
test_02_start_vm | Success | 5.14 | test_vm_life_cycle.py
test_01_stop_vm | Success | 35.33 | test_vm_life_cycle.py
test_CreateTemplateWithDuplicateName | Success | 50.61 | test_templates.py
test_08_list_system_templates | Success | 0.03 | test_templates.py
test_07_list_public_templates | Success | 0.04 | test_templates.py
test_05_template_permissions | Success | 0.05 | test_templates.py
test_04_extract_template | Success | 5.15 | test_templates.py
test_03_delete_template | Success | 5.10 | test_templates.py
test_02_edit_template | Success | 90.10 | test_templates.py
test_01_create_template | Success | 30.36 | test_templates.py
test_10_destroy_cpvm | Success | 161.37 | test_ssvm.py
test_09_destroy_ssvm | Success | 133.46 | test_ssvm.py
test_08_reboot_cpvm | Success | 131.38 | test_ssvm.py
test_07_reboot_ssvm | Success | 103.38 | test_ssvm.py
test_06_stop_cpvm | Success | 131.48 | test_ssvm.py
test_05_stop_ssvm | Success | 163.31 | test_ssvm.py
test_04_cpvm_internals | Success | 0.96 | test_ssvm.py
test_03_ssvm_internals | Success | 2.88 | test_ssvm.py
test_02_list_cpvm_vm | Success | 0.12 | test_ssvm.py
test_01_list_sec_storage_vm | Success | 0.13 | test_ssvm.py
test_01_snapshot_root_disk | Success | 11.22 | test_snapshots.py
test_04_change_offering_small | Success | 204.56 | test_service_offerings.py
test_03_delete_service_offering | Success | 0.04 | test_service_offerings.py
test_02_edit_service_offering | Success | 0.05 | test_service_offerings.py
test_01_create_service_offering | Success | 0.11 | test_service_offerings.py
test_02_sys_template_ready | Success | 0.14 | test_secondary_storage.py
test_01_sys_vm_start | Success | 0.19 | test_secondary_storage.py
test_09_reboot_router | Success | 35.30 | test_routers.py
test_08_start_router |

Re: [GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-01-21 Thread Will Stevens 
It is likely my environment. I had some connectivity issues in this envs
when I was using them before. I have a pretty recent master in, but I can
relate tonight to be sure. Can we kick off your CI to see what yours says?

On Jan 21, 2017 2:24 AM, "PaulAngus"  wrote:

> Github user PaulAngus commented on the issue:
>
> https://github.com/apache/cloudstack/pull/1741
>
> hi @remibergsma , the design puts the same MAC on the two VPC routers.
> XenServer doesn't seem to like this. (ESXi hosts give a specific warning).
> @swill have you pulled in the updated marvin smoke tests? We had all
> green on KVM tests with the updated component test suite
>
>
> ---
> If your project is set up for it, you can reply to this email and have your
> reply appear on GitHub as well. If your project does not have this feature
> enabled and wishes so, or if the feature is enabled but not working, please
> contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
> with INFRA.
> ---
>

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-01-21 Thread remibergsma 
Github user remibergsma commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
@PaulAngus Sounds like an old bug? This PR was supposed to fix it and is 
merged: https://github.com/apache/cloudstack/pull/1483


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-01-20 Thread PaulAngus 
Github user PaulAngus commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
hi @remibergsma , the design puts the same MAC on the two VPC routers. 
XenServer doesn't seem to like this. (ESXi hosts give a specific warning).
@swill have you pulled in the updated marvin smoke tests? We had all green 
on KVM tests with the updated component test suite


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-01-20 Thread remibergsma 
Github user remibergsma commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
@swill OK, check. Shouldn't be dependent on hypervisor type I'd say. 
Anyway, when I find some time I'll spin master and have a look. All I can say 
is that we run quite a bunch of them without serious issues. But obviously the 
code base diverged quite a bit in the past year.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-01-20 Thread swill 
Github user swill commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
@remibergsma last time we tested rvr we had a lot of problems and have not 
yet been able to adopt it. @pdion891 do you have any details on this? I am not 
sure if we have tested it recently. 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-01-20 Thread remibergsma 
Github user remibergsma commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
@PaulAngus Out of curiosity, why wouldn't rVPCs work properly on XenServer? 
As far as I know it works fine, but I may have missed your point.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-01-20 Thread swill 
Github user swill commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
This set of test was run on KVM.  I am not sure of the current state of RVR 
in general, so I can run this PR again because some of those issues were SSH 
connectivity issues (which could be env related).

Can we run Trillian against this PR now @rhtyd?  I have fixed some of the 
tests which would have been failing before due to the DH status before.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-01-20 Thread PaulAngus 
Github user PaulAngus commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
Any failures relating to rVPC maybe can't be completely ignored but the 
design of the rVPC means that it will not work under XenServer or vSphere, so 
tests will fail under those hypervisors.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-01-19 Thread swill 
Github user swill commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
I don't believe any of these issues are related to the StrongSwan feature...


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-01-19 Thread swill 
Github user swill commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  


### CI RESULTS

```
Tests Run: 87
  Skipped: 1
   Failed: 6
   Errors: 0
 Duration: 9h 25m 26s
```

**Summary of the problem(s):**
```
FAIL: Test redundant router internals
--
Traceback (most recent call last):
  File 
"/data/git/cs1/cloudstack/test/integration/smoke/test_routers_network_ops.py", 
line 338, in test_01_RVR_Network_FW_PF_SSH_default_routes_egress_true
result = check_router_command(virtual_machine, nat_rule.ipaddress, 
ssh_command, check_string, self)
  File 
"/data/git/cs1/cloudstack/test/integration/smoke/test_routers_network_ops.py", 
line 64, in check_router_command
test_case.fail("Failed to SSH into the Virtual Machine: %s" % e)
AssertionError: Failed to SSH into the Virtual Machine: SSH connection has 
Failed. Waited 150s. Error is SSH Connection Failed
--
Additional details in: /tmp/MarvinLogs/test_network_AZXMBM/results.txt
```

```
FAIL: Test redundant router internals
--
Traceback (most recent call last):
  File 
"/data/git/cs1/cloudstack/test/integration/smoke/test_routers_network_ops.py", 
line 502, in test_02_RVR_Network_FW_PF_SSH_default_routes_egress_false
result = check_router_command(virtual_machine, nat_rule.ipaddress, 
ssh_command, check_string, self)
  File 
"/data/git/cs1/cloudstack/test/integration/smoke/test_routers_network_ops.py", 
line 64, in check_router_command
test_case.fail("Failed to SSH into the Virtual Machine: %s" % e)
AssertionError: Failed to SSH into the Virtual Machine: SSH connection has 
Failed. Waited 150s. Error is SSH Connection Failed
--
Additional details in: /tmp/MarvinLogs/test_network_AZXMBM/results.txt
```

```
FAIL: Test redundant router internals
--
Traceback (most recent call last):
  File 
"/data/git/cs1/cloudstack/test/integration/smoke/test_routers_network_ops.py", 
line 693, in test_03_RVR_Network_check_router_state
self.fail("No Master or too many master routers found %s" % 
cnts[vals.index('MASTER')])
AssertionError: No Master or too many master routers found 0
--
Additional details in: /tmp/MarvinLogs/test_network_AZXMBM/results.txt
```

```
FAIL: test_02_vpc_privategw_static_routes 
(integration.smoke.test_privategw_acl.TestPrivateGwACL)
--
Traceback (most recent call last):
  File 
"/data/git/cs1/cloudstack/test/integration/smoke/test_privategw_acl.py", line 
271, in test_02_vpc_privategw_static_routes
self.performVPCTests(vpc_off)
  File 
"/data/git/cs1/cloudstack/test/integration/smoke/test_privategw_acl.py", line 
362, in performVPCTests
self.check_pvt_gw_connectivity(vm1, public_ip_1, [vm2.nic[0].ipaddress, 
vm1.nic[0].ipaddress])
  File 
"/data/git/cs1/cloudstack/test/integration/smoke/test_privategw_acl.py", line 
724, in check_pvt_gw_connectivity
"Ping to VM on Network Tier N from VM in Network Tier A should be 
successful at least for 2 out of 3 VMs"
AssertionError: Ping to VM on Network Tier N from VM in Network Tier A 
should be successful at least for 2 out of 3 VMs
--
Additional details in: /tmp/MarvinLogs/test_network_AZXMBM/results.txt
```

```
FAIL: test_03_vpc_privategw_restart_vpc_cleanup 
(integration.smoke.test_privategw_acl.TestPrivateGwACL)
--
Traceback (most recent call last):
  File 
"/data/git/cs1/cloudstack/test/integration/smoke/test_privategw_acl.py", line 
283, in test_03_vpc_privategw_restart_vpc_cleanup
self.performVPCTests(vpc_off, restart_with_cleanup = True)
  File 
"/data/git/cs1/cloudstack/test/integration/smoke/test_privategw_acl.py", line 
362, in performVPCTests
self.check_pvt_gw_connectivity(vm1, public_ip_1, [vm2.nic[0].ipaddress, 
vm1.nic[0].ipaddress])
  File 
"/data/git/cs1/cloudstack/test/integration/smoke/test_privategw_acl.py", line 
724, in check_pvt_gw_connectivity
"Ping to VM on Network Tier N from VM in Network Tier A should be 
successful at least for 2 out of 3 VMs"
AssertionError: Ping to VM on Network Tier N from VM in Network Tier A 
should be successful at least for 2 out of 3 VMs

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-01-16 Thread swill 
Github user swill commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
I don't think we should try to support non-DH connections since they are 
security risk.  DH should be required.  I have made it required in the UI and 
have added a bunch of additional hashing and DH/PFS groups that are supported 
by StrongSwan.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Re: [GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-01-03 Thread Will Stevens 
I am going to try something today to see if I can try to find a way to
support non-DH connections. I will let you know.

On Jan 3, 2017 9:02 AM, "rhtyd"  wrote:

> Github user rhtyd commented on the issue:
>
> https://github.com/apache/cloudstack/pull/1741
>
> @swill thanks, looking forward to getting this in 4.10. I'm not sure
> about any side-effects and regressions of the DH-group related change, I
> think if it's not supported we should remove the option from UI. @jayapalu
> comments?
>
>
> ---
> If your project is set up for it, you can reply to this email and have your
> reply appear on GitHub as well. If your project does not have this feature
> enabled and wishes so, or if the feature is enabled but not working, please
> contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
> with INFRA.
> ---
>

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-01-03 Thread rhtyd 
Github user rhtyd commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
@swill thanks, looking forward to getting this in 4.10. I'm not sure about 
any side-effects and regressions of the DH-group related change, I think if 
it's not supported we should remove the option from UI. @jayapalu comments?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Re: [GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-01-03 Thread Will Stevens 
I will do a final round of testing in the next couple days and squash the
commits as you asked. Sorry for the delay.  It has been running in prod for
the last month or so and it is going well.

Strongswan does not support leaving the DH group empty. Should I remove
that as an option from the UI and make that required?

On Jan 3, 2017 1:00 AM, "rhtyd"  wrote:

> Github user rhtyd commented on the issue:
>
> https://github.com/apache/cloudstack/pull/1741
>
> @swill @jayapalu updates on this, is this good to go?
>
>
> ---
> If your project is set up for it, you can reply to this email and have your
> reply appear on GitHub as well. If your project does not have this feature
> enabled and wishes so, or if the feature is enabled but not working, please
> contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
> with INFRA.
> ---
>

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2017-01-02 Thread rhtyd 
Github user rhtyd commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
@swill @jayapalu updates on this, is this good to go?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2016-12-18 Thread rhtyd 
Github user rhtyd commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
@swill can you squash your commits and use the JIRA id in the commit 
summary.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2016-12-09 Thread swill 
Github user swill commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
@rhtyd yes I know. I am not pushing for this to be in 4.10. I will be 
pushing for it to go into 4.11 right away, but I know how hard it is to wrap 
things up as we get close to freeze.  Your doing good dude. Thanks for the hard 
work. 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2016-12-09 Thread rhtyd 
Github user rhtyd commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
Thanks @swill but at this time, the scope of testing this and building a 
new systemvmtemplate is limited. Given the declared hard freeze, we can target 
this for 4.11, and I can help with tests against various environments.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2016-12-09 Thread swill 
Github user swill commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
We are running this PR as well as #1706 in production and the merge 
conflict for merging the two PRs together is quite complicated.  Because we had 
to do the merge conflict for our production of these two PRs, I decided to add 
it to this PR so other people who don't have an environment to test against 
don't have to be responsible for figuring out the merge conflict.

This PR now includes:
- StrongSwan upgrade from OpenSwan.
- Fixes the reversing of public IPs on eth1 when the VR is rebooted.
- #1706 - Cleans up public IPs from the databag when they are removed via 
ACS.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2016-12-07 Thread swill 
Github user swill commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
@jayapalu were you working off the latest version of my PR?  I have fixed 
the issue of the IP being out of order on reboot in this PR.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2016-12-07 Thread swill 
Github user swill commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
Rebased again because changes in #1659 caused the fixes to 
`systemvm/patches/debian/config/opt/cloud/bin/cs_ip.py` to conflict...


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2016-12-06 Thread swill 
Github user swill commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
Rebased against master and fixed merge conflicts...


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2016-12-06 Thread kiwiflyer 
Github user kiwiflyer commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
@jayapalu Can you expand on your findings regarding public ip order? Did 
you pull in the latest PR with the fixes from @swill?



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2016-12-06 Thread jayapalu 
Github user jayapalu commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
@rhtyd 
While testing this feature public ip order change on reboot issue blocked 
this.
My suggestion is that public ip out of order is different issue. If vpn 
functionalities working except the reboot with multiple ips then we will go 
ahead with this PR.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2016-12-01 Thread rhtyd 
Github user rhtyd commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
@swill @jayapalu thanks for your work, can you rebase against latest 
master, fix the conflicts. Also use the JIRA id in the git commit summary. 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2016-11-03 Thread swill 
Github user swill commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
@murali-reddy I have tested with Isolated Guest Networks.  The problem that 
we experienced with the SourceNAT IP not being primary on the public nic if 
more than one public IP exists does not exist for Isolated Guest Networks.  I 
have tested my change to the `cs_ip.py` file with Isolated Guest Networks and 
it does not change the functionality and still works in that case.  That 
`cs_ip.py` change is looking good so far in our testing.

We are currently going through the `l2tp.conf` and `ipsec.conf` files and 
removing everything that is now deprecated for StrongSwan 5.x so the 
configuration is cleaner and does not include old legacy options that are not 
required anymore.

I am also going to see if I can upgrade the IKE policy to IKEv2 instead of 
IKEv1 for Remote Access VPN since it provides better security.  I am also 
looking to see if I can change the hashing algorithm from `sha1` to something 
like `sha256` for Remote Access VPN, also to improve security.

I will not be able to make these change for S2S VPN initially because the 
configuration fields are different enough between IKEv1 and IKEv2 in that case 
that I would have to go through and modify a lot more code.  That will have to 
wait for phase two of this implementation.

We are continuing to test and improve the implementation, but it is looking 
pretty good so far.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2016-11-03 Thread swill 
Github user swill commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
@murali-reddy I will check isolated guest networks today. 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2016-11-02 Thread murali-reddy 
Github user murali-reddy commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
@jburwell No, I have fixed issue with static nat on any public IP 
associated in case of multiple public interfaces.

@swill Is there any possibility of public IP going out of order for non-VPC 
case as well on reboot?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2016-11-02 Thread jburwell 
Github user jburwell commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
@murali-reddy did you also fix some issues around source NAT?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2016-11-02 Thread swill 
Github user swill commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
I have isolated and fixed the issue where the reboot through the API 
results in the Remote Access VPN no longer working if either a PF rule or 
Static NAT rule is defined.  The problem existed because the public IPs on 
`eth1` were getting reversed, so the Source NAT IP was no longer the primary 
IP.  Because of this, the Remote Access VPN would stop working after an API VR 
reboot if there were other public IPs configured on that VR.

I have done basic testing to verify this fixes the problem.  We are doing 
more extensive testing now...


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2016-10-28 Thread swill 
Github user swill commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
I am troubleshooting an issue right now behaves as follows.
- I create a VR and connect with the Remote Access VPN and everything works.
- I create a Port Forwarding rule on that VR, Remote Access VPN still works.
- I reboot that VR, now the PF rule works, but Remote Access VPN will no 
longer connect.

I will keep you guys posted with the details.  I have noted that the PF IP 
is now the main IP on the `eth1` instead of the Source NAT IP.  Maybe that is 
the problem, but I have not been able to confirm it yet.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2016-10-28 Thread swill 
Github user swill commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
Thanks guys. :) 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2016-10-28 Thread jayapalu 
Github user jayapalu commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
@swill  I will test with latest template in the coming week


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2016-10-28 Thread rhtyd 
Github user rhtyd commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
I've built systemvm templates with strongswan here: 
http://hydra.scale.ninja/strongswan
The links/server may be taken down in few weeks.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2016-10-28 Thread blueorangutan 
Github user blueorangutan commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
Packaging result: ✔centos6 ✔centos7 ✔debian. JID-111


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2016-10-28 Thread rhtyd 
Github user rhtyd commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
@swill I've kicked new systemvmtemplate build jobs based on your PR, I've 
also included @wido 's systemvm template to include qemu-guest-agent from #1545 
: https://github.com/shapeblue/cloudstack/commits/strongswan-sysvm


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2016-10-28 Thread blueorangutan 
Github user blueorangutan commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
@rhtyd a Jenkins job has been kicked to build packages. I'll keep you 
posted as I make progress.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2016-10-28 Thread rhtyd 
Github user rhtyd commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
@blueorangutan package


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2016-10-28 Thread rhtyd 
Github user rhtyd commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
@swill we had lost our Jenkins setup, while I've built all I could not get 
a systemvmbuilder job setup yet, so let me do that first so we can build 
systemvmtemplates once again. blueorangutan acts like a translator that in the 
background kicks a Jenkins-trillian job, Trillian is general purpose and can 
accept a custom systemvmtemplate option (in Jenkins but not via the github 
bot). Can you write tests using Marvin, as it could be easier to run them 
instead of setup something new. You may modify Marvin to include more 
dependencies etc. I'll keep you posted once I'm able to build systemvmtemplates.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1741: Updated StrongSwan VPN Implementation

2016-10-27 Thread swill 
Github user swill commented on the issue:

https://github.com/apache/cloudstack/pull/1741
  
@rhtyd & @jburwell this PR requires a new System VM template to function.  
I have a XenServer test environment which I have been using where I deploy RPMs 
and the System VM which I build with Jenkins for this PR.  My current test 
setup is not implemented in Marvin, but instead uses my  
[`csapi`](https://github.com/swill/csapi) library.  Is there a way to run 
Marvin tests against an ACS environment which is installed using RPMs?  I would 
probably have to create a Marvin config file to match the existing 
configuration, but can this be done?

The current status of this PR is:

**`Remote Access VPN` seems to be working for our tests so far.**  
- _Mac_ : Working without the need for any modifications.
- _Windows_ : Working, but requires [a change to the 
registry](https://support.microsoft.com/en-us/kb/926179) to set 
`AssumeUDPEncapsulationContextOnSendRule = 2`.
- _Ubuntu_ : Untested so far...

**`Site-to-Site VPN` seems to be working quite well so far.**
- A `Diffie-Hellman` group is currently **required** in order for a 
connection to be established.

How do you guys recommend we get this PR through the official testing and 
validation process?  I should be able to setup a modified Bubble environment 
that uses my System VM in order to do the current Marvin tests against KVM.  
Can BlueO test PRs that require a new System VM?

Cheers...


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---