Remove 'md5Hashed' variable from Javascript

[Rafael Weingärtner]

Hello fellow CloudStackers,

Today I was working on CLOUDSTACK-5235, which is a security issue, and I
noticed a variable ‘md5Hashed’ in the javascript that does not seem to be
useful at all. This variable was used to control if we hash or not the
password of users in the user side (browser). However, we no longer hash
the password on the user side. All of the password processing is executed
in the server side according to the priority of hashing mechanism defined
by the administrator.

I am addressing this cleanup with this PR
https://github.com/apache/cloudstack/pull/2555.

If you have any objections regarding this variable and its relate code
removal, please do so. Otherwise, we will proceed to remove it.

--
Rafael Weingärtner

dedicatePublicIpRange to domain doesn't work

[Jochim, Ingo]

Hi all,

does anyone having the same issue with using a dedicated network for a domain 
in 4.11?
Details can be found here: https://github.com/apache/cloudstack/issues/2545

Regards,
Ingo

uploadSslCert

[Stephan Seitz]

Hi!

I'm currently trying to use uploadSslCert ( 
https://cloudstack.apache.org/api/apidocs-4.11/apis/uploadSslCert.html )
via cloudmonkey.

I'm running into different kinds of errors. ( / 503) ( 500 "None"), Parsing 
Errors on Cert/Key (the message isn't clear on which part though)

The Certificate is a valid openssl x509, the key sha-256 rsa 4096bit (i tried 
both secured by DER and also open without passphrase)

It seems to get a bit further if I don't urlencode by myself, but don't know if 
i have to?
If I urlencode the cert and key, the request as seen in the logfile shows %250A 
instead of %0A (a carriage return). If I leave it "raw", the request (in the 
logs) shows a valid urlencoded form.

Could some one please shed some light?

For one project, I need SSL offloading at the VR's haproxy.

Thanks in advance!


cheers,

- Stephan


signature.asc
Description: This is a digitally signed message part

Re: cloudstack Wikipedia page

[Ron Wheeler]

The edit has been undone already.

There could be a better section on Key Features.
Perhaps a short paragraph outlining:
- what it is good for,
- what it competes with and
- why it needs to exist at all.

Is the other info accurate?

Is the user list up to date?

Ron

On 09/01/2018 5:21 AM, Giles Sirett wrote:

Somebody has made an edit to the cloudstack wikipedia entry

https://en.wikipedia.org/w/index.php?diff=819108440=815849996

In essence, they have changed the start of the history section to give a 
history of the cloud.com domain name. I do not think that is either relevant or 
appropriate to the history of cloudstack itself

Has anybody here got experience in editing on Wikipedia and able to 
object/change this edit ?

I'm happy to take this task on, but have no experience in the process, 
policies, etc


Kind regards
Giles


giles.sir...@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue
   
  



--
Ron Wheeler
President
Artifact Software Inc
email: rwhee...@artifact-software.com
skype: ronaldmwheeler
phone: 866-970-2435, ext 102

Re: Untagged Networking for Advanced Zone possible?

[Dag Sonstebo]

Excellent – glad you got it working.

Regards,
Dag Sonstebo
Cloud Architect
ShapeBlue


dag.sonst...@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue
  
 

On 08/04/2018, 19:46, "Parth Patel"  wrote:

Hi Dag,

Thanks a lot  It worked. Now I can mess around and learn how to
configure VPC, autoscale and try my shot at ShapeBlue Container Service
Plugin. Appreciate your help.

Regards,
Parth Patel

On Fri, 6 Apr 2018 at 18:17 Dag Sonstebo  wrote:

> Hi Parth,
>
> No problem, glad I could help. Let us know how you get on with the dummy
> interface bridge.
>
> With regards to your tagging question – yes this is quite a big and
> complicated topic. Suffice to summarise it as follows:
> - Basic zones use a larger L3 network, and guest isolation is done by ACLs
> – in other words firewall rules which controls which VMs can speak to each
> other on the same network.
> - Advanced zones use multiple isolated guest networks which are behind
> virtual routers, and each isolated network must be secured from
> eavesdropping from a neighbour network – to do this you need to put in
> place an isolation mechanism like layer 2 VLAN tags, or a layer 3 SDN
> solution – which uses a slightly different type of tagging to isolate
> networks.
>
> Regards,
> Dag Sonstebo
> Cloud Architect
> ShapeBlue
>
>
> dag.sonst...@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> @shapeblue
>
>
>
> On 06/04/2018, 13:34, "Parth Patel"  wrote:
>
> Hi Dag,
>
> Thank you for guiding me, i know it's a weird use case and probably
> would
> never be required in a production environment. I will definitely try 
to
> make a dummy interface and give it to the guest network target bridge.
> I
> know it would be out of the scope of this email trail for you to
> explain me
> tagged and untagged networking in L2 and L3 networks, but I would
> search
> around the internet and ping this thread if I'm again stuck at some
> specific issue after I reach my university's lab. Appreciate your 
help.
>
> Thanks,
> Parth Patel
>
> On Fri, 6 Apr 2018 at 17:06 Dag Sonstebo 
> wrote:
>
> > Hi Parth,
> >
> > Take a look through the full email trail – I think we discussed this
> > earlier on. In short the answer is no – by definition you can not 
run
> > completely untagged isolated networks in an advanced zone – but
> “tagged”
> > means different things for L2 and L3 isolation. The real answer - 
“it
> > depends” – an advanced zone always relies on some sort of guest
> network
> > isolation, which in it’s simplest form equates to L2 VLANs. If you
> were to
> > invest time, effort and money into an SDN solution like Nuage or
> Nicira/NSX
> > you could potentially get around it – but complexity and cost goes
> up. You
> > could have a play with something like GRE tunnelling (L3) – but in 
my
> > experience this doesn’t scale well, eats a ton of CPU cycles and may
> not be
> > fit for purpose. Again you are looking at a more complex solution.
> >
> > Regarding the dummy network interface it looks to me like a simple
> module
> > install and configuration – see e.g.
> >
> 
https://www.question-defense.com/2012/11/26/linux-create-fake-ethernet-interface
> > . Not my post and I can’t vouch for it’s validity – but the process
> seems
> > straight forward:
> >
> > [root@kvm1 hooks]# lsmod | grep dummy
> > [root@kvm1 hooks]# modprobe dummy
> > [root@kvm1 hooks]# lsmod | grep dummy
> > dummy   2714  0
> > [root@kvm1 hooks]# ip link set name eth99 dev dummy0
> > [root@kvm1 hooks]# ifconfig eth99
> > eth99 Link encap:Ethernet  HWaddr 92:BF:A6:30:20:3E
> >   BROADCAST NOARP  MTU:1500  Metric:1
> >   RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> >   TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> >   collisions:0 txqueuelen:0
> >   RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
> >
> >
> > Dag Sonstebo
> > Cloud Architect
> > ShapeBlue
> >
> >
> > dag.sonst...@shapeblue.com
> > www.shapeblue.com
> > 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> > @shapeblue
> >
> >
> >
> > On 06/04/2018, 11:45, "Parth Patel"