Re: [DISCUSS] Freezing master for 4.11
Kristian, You've not properly explained the issues you're facing post upgrade yet. Tell us what is working and not working for you, what is blocking you from using the mgmt server -- sharing snippets from logs are not useful. For example, are you unable to see UI, are you seeing any ERRORs, for example upgrade failures? Did you see the 4.11 systemvmtemplate before upgrade etc. For example, follow http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/latest/upgrade/upgrade-4.10.html If you're using a non-default ehcache configuration, copy those config files from old mgmt server's /etc/cloudstack/management to the test environment. If you're unable to log in, based on logs it says the commands.properties file is missing. So you either copy the commands.properties file from prod env and use that or, migrate to dynamic roles: http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/latest/accounts.html#using-dynamic-roles - Rohit <https://cloudstack.apache.org> From: Kristian Liivak Sent: Wednesday, January 24, 2018 12:56:40 PM To: users Subject: Re: [DISCUSS] Freezing master for 4.11 Rohit, In first cloned my old ACS 4.10 production server and upgraded. Then i took new clean installed centos 7 server Results are same. i can see errors in management log. 2018-01-24 13:48:17,207 WARN [n.s.e.c.ConfigurationFactory] (main:null) (logid:) No configuration found. Configuring ehcache from ehcache-failsafe.xml found in the classpath: jar:file:/usr/share/cloudstack-management/lib/cloudstack-4.11.0.0.jar!/ehcache-failsafe.xml 2018-01-24 13:48:17,514 WARN [c.c.c.ConsoleProxyManagerImpl] (main:null) (logid:) Empty console proxy domain, explicitly disabling SSL 2018-01-24 13:48:17,553 WARN [c.c.s.d.DownloadMonitorImpl] (main:null) (logid:) Only realhostip.com ssl cert is supported, ignoring self-signed and other certs 2018-01-24 13:48:18,912 ERROR [c.c.u.PropertiesUtil] (main:null) (logid:) Unable to find properties file: commands.properties 2018-01-24 13:48:25,430 INFO [c.c.h.x.r.XenServerConnectionPool] (main:null) (logid:) XenServer Connection Pool Configs: sleep.interval.on.error=1 Lugupidamisega / Regards Kristian Liivak Tegevjuht / Executive director WaveCom As Endla 16, 10142 Tallinn Estonia Tel: +3726850001 Gsm: +37256850001 E-mail: k...@wavecom.ee Skype: kristian.liivak http://www.wavecom.ee http://www.facebook.com/wavecom.ee rohit.ya...@shapeblue.com www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue - Original Message - From: "rohit yadav" To: "users" Sent: Tuesday, January 23, 2018 4:37:44 PM Subject: Re: [DISCUSS] Freezing master for 4.11 Kristian, 4.11+ has migrated to embedded Jetty. Can you share which environment you've upgraded your environment from, i.e. Java version, ACS version etc. The log you're seeing is not a failure. If you wait for some time, the management server should run. Tail for the management server logs for details, or journalctl -f. - Rohit <https://cloudstack.apache.org> From: Kristian Liivak Sent: Monday, January 22, 2018 6:59:11 PM To: users Subject: Re: [DISCUSS] Freezing master for 4.11 Hello, I just installed RC1 for testing from centos packages but there is problem starting it in centos7 enviroment Clodustack won´t start and i can see in management log [o.e.j.w.StandardDescriptorProcessor] (main:null) (logid:) NO JSP Support for /client, did not find org.eclipse.jetty.jsp.JettyJspServlet Can anyone suggest a fix/workaround ? Lugupidamisega / Regards Kristian Liivak CTO WaveCom As Endla 16, 10142 Tallinn Estonia Tel: +3726850001 Gsm: +37256850001 E-mail: k...@wavecom.ee Skype: kristian.liivak http://www.wavecom.ee http://www.facebook.com/wavecom.ee rohit.ya...@shapeblue.com www.shapeblue.com<http://www.shapeblue.com> 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue - Original Message - From: "rohit yadav" To: "users" Cc: "dev" Sent: Friday, January 19, 2018 11:13:49 AM Subject: Re: [DISCUSS] Freezing master for 4.11 Hi Kristian, I looked at https://issues.apache.org/jira/browse/CLOUDSTACK-10141 If the new VM is deployed with a password and/or ssh-key enabled VM template, then VR should get new password and the user/account specific ssh-public key so the mentioned issues don't affect such new VMs. However, I agree VMs may have access to old VM's password (if not consumed) and ssh-public key if are not password/ssh-public-key enabled - but they may be useless/stale information and I feel they are more of a GC issue than a security issue. Are you able to reproduce a case when a new VM deployed using old VM's IP and with a password and/or public-key enabled template is getting the password and/or ss
Re: [DISCUSS] Freezing master for 4.11
Rohit, In first cloned my old ACS 4.10 production server and upgraded. Then i took new clean installed centos 7 server Results are same. i can see errors in management log. 2018-01-24 13:48:17,207 WARN [n.s.e.c.ConfigurationFactory] (main:null) (logid:) No configuration found. Configuring ehcache from ehcache-failsafe.xml found in the classpath: jar:file:/usr/share/cloudstack-management/lib/cloudstack-4.11.0.0.jar!/ehcache-failsafe.xml 2018-01-24 13:48:17,514 WARN [c.c.c.ConsoleProxyManagerImpl] (main:null) (logid:) Empty console proxy domain, explicitly disabling SSL 2018-01-24 13:48:17,553 WARN [c.c.s.d.DownloadMonitorImpl] (main:null) (logid:) Only realhostip.com ssl cert is supported, ignoring self-signed and other certs 2018-01-24 13:48:18,912 ERROR [c.c.u.PropertiesUtil] (main:null) (logid:) Unable to find properties file: commands.properties 2018-01-24 13:48:25,430 INFO [c.c.h.x.r.XenServerConnectionPool] (main:null) (logid:) XenServer Connection Pool Configs: sleep.interval.on.error=1 Lugupidamisega / Regards Kristian Liivak Tegevjuht / Executive director WaveCom As Endla 16, 10142 Tallinn Estonia Tel: +3726850001 Gsm: +37256850001 E-mail: k...@wavecom.ee Skype: kristian.liivak http://www.wavecom.ee http://www.facebook.com/wavecom.ee - Original Message - From: "rohit yadav" To: "users" Sent: Tuesday, January 23, 2018 4:37:44 PM Subject: Re: [DISCUSS] Freezing master for 4.11 Kristian, 4.11+ has migrated to embedded Jetty. Can you share which environment you've upgraded your environment from, i.e. Java version, ACS version etc. The log you're seeing is not a failure. If you wait for some time, the management server should run. Tail for the management server logs for details, or journalctl -f. - Rohit <https://cloudstack.apache.org> From: Kristian Liivak Sent: Monday, January 22, 2018 6:59:11 PM To: users Subject: Re: [DISCUSS] Freezing master for 4.11 Hello, I just installed RC1 for testing from centos packages but there is problem starting it in centos7 enviroment Clodustack won´t start and i can see in management log [o.e.j.w.StandardDescriptorProcessor] (main:null) (logid:) NO JSP Support for /client, did not find org.eclipse.jetty.jsp.JettyJspServlet Can anyone suggest a fix/workaround ? Lugupidamisega / Regards Kristian Liivak CTO WaveCom As Endla 16, 10142 Tallinn Estonia Tel: +3726850001 Gsm: +37256850001 E-mail: k...@wavecom.ee Skype: kristian.liivak http://www.wavecom.ee http://www.facebook.com/wavecom.ee rohit.ya...@shapeblue.com www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue - Original Message - From: "rohit yadav" To: "users" Cc: "dev" Sent: Friday, January 19, 2018 11:13:49 AM Subject: Re: [DISCUSS] Freezing master for 4.11 Hi Kristian, I looked at https://issues.apache.org/jira/browse/CLOUDSTACK-10141 If the new VM is deployed with a password and/or ssh-key enabled VM template, then VR should get new password and the user/account specific ssh-public key so the mentioned issues don't affect such new VMs. However, I agree VMs may have access to old VM's password (if not consumed) and ssh-public key if are not password/ssh-public-key enabled - but they may be useless/stale information and I feel they are more of a GC issue than a security issue. Are you able to reproduce a case when a new VM deployed using old VM's IP and with a password and/or public-key enabled template is getting the password and/or ssh-public-key from old VM (and the old user/account)? I think if yes, then it's a security issue. Thoughts, comments? - Rohit <https://cloudstack.apache.org> From: Kristian Liivak Sent: Monday, January 15, 2018 4:19:03 PM To: users Cc: d...@cloudstack.apache.org Subject: Re: [DISCUSS] Freezing master for 4.11 Hello, I have created issue in jira 2 month ago. https://issues.apache.org/jira/browse/CLOUDSTACK-10141 In version 4.10 VR password and ssh key distribution don´t work on instance creation. When instance is allreay excisting reset function is operational. Also there is major security hole. When instance is destroyd and expunged and new instance is created with old IP all old data is unaffected in VR New instance will get then old root password and ssh key if they were present in VR In my knowledege cloudstack older versions are not affected. Lugupidamisega / Regards Kristian Liivak CTO WaveCom As Endla 16, 10142 Tallinn Estonia Tel: +3726850001 Gsm: +37256850001 E-mail: k...@wavecom.ee Skype: kristian.liivak http://www.wavecom.ee http://www.facebook.com/wavecom.ee rohit.ya...@shapeblue.com www.shapeblue.com<http://www.shapeblue.com> 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue - Original Message - From: "Rohit Yadav" To: d...@clou
Re: [DISCUSS] Freezing master for 4.11
Kristian, 4.11+ has migrated to embedded Jetty. Can you share which environment you've upgraded your environment from, i.e. Java version, ACS version etc. The log you're seeing is not a failure. If you wait for some time, the management server should run. Tail for the management server logs for details, or journalctl -f. - Rohit <https://cloudstack.apache.org> From: Kristian Liivak Sent: Monday, January 22, 2018 6:59:11 PM To: users Subject: Re: [DISCUSS] Freezing master for 4.11 Hello, I just installed RC1 for testing from centos packages but there is problem starting it in centos7 enviroment Clodustack won´t start and i can see in management log [o.e.j.w.StandardDescriptorProcessor] (main:null) (logid:) NO JSP Support for /client, did not find org.eclipse.jetty.jsp.JettyJspServlet Can anyone suggest a fix/workaround ? Lugupidamisega / Regards Kristian Liivak CTO WaveCom As Endla 16, 10142 Tallinn Estonia Tel: +3726850001 Gsm: +37256850001 E-mail: k...@wavecom.ee Skype: kristian.liivak http://www.wavecom.ee http://www.facebook.com/wavecom.ee rohit.ya...@shapeblue.com www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue - Original Message - From: "rohit yadav" To: "users" Cc: "dev" Sent: Friday, January 19, 2018 11:13:49 AM Subject: Re: [DISCUSS] Freezing master for 4.11 Hi Kristian, I looked at https://issues.apache.org/jira/browse/CLOUDSTACK-10141 If the new VM is deployed with a password and/or ssh-key enabled VM template, then VR should get new password and the user/account specific ssh-public key so the mentioned issues don't affect such new VMs. However, I agree VMs may have access to old VM's password (if not consumed) and ssh-public key if are not password/ssh-public-key enabled - but they may be useless/stale information and I feel they are more of a GC issue than a security issue. Are you able to reproduce a case when a new VM deployed using old VM's IP and with a password and/or public-key enabled template is getting the password and/or ssh-public-key from old VM (and the old user/account)? I think if yes, then it's a security issue. Thoughts, comments? - Rohit <https://cloudstack.apache.org> From: Kristian Liivak Sent: Monday, January 15, 2018 4:19:03 PM To: users Cc: d...@cloudstack.apache.org Subject: Re: [DISCUSS] Freezing master for 4.11 Hello, I have created issue in jira 2 month ago. https://issues.apache.org/jira/browse/CLOUDSTACK-10141 In version 4.10 VR password and ssh key distribution don´t work on instance creation. When instance is allreay excisting reset function is operational. Also there is major security hole. When instance is destroyd and expunged and new instance is created with old IP all old data is unaffected in VR New instance will get then old root password and ssh key if they were present in VR In my knowledege cloudstack older versions are not affected. Lugupidamisega / Regards Kristian Liivak CTO WaveCom As Endla 16, 10142 Tallinn Estonia Tel: +3726850001 Gsm: +37256850001 E-mail: k...@wavecom.ee Skype: kristian.liivak http://www.wavecom.ee http://www.facebook.com/wavecom.ee rohit.ya...@shapeblue.com www.shapeblue.com<http://www.shapeblue.com> 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue - Original Message - From: "Rohit Yadav" To: d...@cloudstack.apache.org, "users" Sent: Sunday, January 14, 2018 8:41:15 PM Subject: Re: [DISCUSS] Freezing master for 4.11 All, To give you update, all feature PRs have been reviewed, tested and merged towards the 4.11.0.0. I'll engage with Mike and others for any post-merge regressions (smoketest to be kicked shortly). I see an outstanding PR that may be a critical/blocker PR, please advise and also review: https://github.com/apache/cloudstack/pull/2402 If anyone has any blocker to report, please do so. Thanks. I'll cut RC1 as planned by EOD today (Mon/15 Jan 2018). - Rohit <https://cloudstack.apache.org> ________ From: Tutkowski, Mike Sent: Saturday, January 13, 2018 3:23:40 AM To: d...@cloudstack.apache.org Subject: Re: [DISCUSS] Freezing master for 4.11 I’m investigating these now. I have found and fixed two of them so far. rohit.ya...@shapeblue.com www.shapeblue.com<http://www.shapeblue.com> 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue > On Jan 12, 2018, at 2:49 PM, Rohit Yadav wrote: > > Thanks Rafael and Daan. > > >> From: Rafael Weingärtner >> >> I believe there is no problem in merging Wido’s and Mike’s PRs, they have >> been extensively discussed and improved (specially Mike’s one). > > Thanks, Mike's PR has several regression smoketest failures and can be > accepted only when
Re: [DISCUSS] Freezing master for 4.11
Hello, I just installed RC1 for testing from centos packages but there is problem starting it in centos7 enviroment Clodustack won´t start and i can see in management log [o.e.j.w.StandardDescriptorProcessor] (main:null) (logid:) NO JSP Support for /client, did not find org.eclipse.jetty.jsp.JettyJspServlet Can anyone suggest a fix/workaround ? Lugupidamisega / Regards Kristian Liivak CTO WaveCom As Endla 16, 10142 Tallinn Estonia Tel: +3726850001 Gsm: +37256850001 E-mail: k...@wavecom.ee Skype: kristian.liivak http://www.wavecom.ee http://www.facebook.com/wavecom.ee - Original Message - From: "rohit yadav" To: "users" Cc: "dev" Sent: Friday, January 19, 2018 11:13:49 AM Subject: Re: [DISCUSS] Freezing master for 4.11 Hi Kristian, I looked at https://issues.apache.org/jira/browse/CLOUDSTACK-10141 If the new VM is deployed with a password and/or ssh-key enabled VM template, then VR should get new password and the user/account specific ssh-public key so the mentioned issues don't affect such new VMs. However, I agree VMs may have access to old VM's password (if not consumed) and ssh-public key if are not password/ssh-public-key enabled - but they may be useless/stale information and I feel they are more of a GC issue than a security issue. Are you able to reproduce a case when a new VM deployed using old VM's IP and with a password and/or public-key enabled template is getting the password and/or ssh-public-key from old VM (and the old user/account)? I think if yes, then it's a security issue. Thoughts, comments? - Rohit <https://cloudstack.apache.org> From: Kristian Liivak Sent: Monday, January 15, 2018 4:19:03 PM To: users Cc: d...@cloudstack.apache.org Subject: Re: [DISCUSS] Freezing master for 4.11 Hello, I have created issue in jira 2 month ago. https://issues.apache.org/jira/browse/CLOUDSTACK-10141 In version 4.10 VR password and ssh key distribution don´t work on instance creation. When instance is allreay excisting reset function is operational. Also there is major security hole. When instance is destroyd and expunged and new instance is created with old IP all old data is unaffected in VR New instance will get then old root password and ssh key if they were present in VR In my knowledege cloudstack older versions are not affected. Lugupidamisega / Regards Kristian Liivak CTO WaveCom As Endla 16, 10142 Tallinn Estonia Tel: +3726850001 Gsm: +37256850001 E-mail: k...@wavecom.ee Skype: kristian.liivak http://www.wavecom.ee http://www.facebook.com/wavecom.ee rohit.ya...@shapeblue.com www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue - Original Message - From: "Rohit Yadav" To: d...@cloudstack.apache.org, "users" Sent: Sunday, January 14, 2018 8:41:15 PM Subject: Re: [DISCUSS] Freezing master for 4.11 All, To give you update, all feature PRs have been reviewed, tested and merged towards the 4.11.0.0. I'll engage with Mike and others for any post-merge regressions (smoketest to be kicked shortly). I see an outstanding PR that may be a critical/blocker PR, please advise and also review: https://github.com/apache/cloudstack/pull/2402 If anyone has any blocker to report, please do so. Thanks. I'll cut RC1 as planned by EOD today (Mon/15 Jan 2018). - Rohit <https://cloudstack.apache.org> From: Tutkowski, Mike Sent: Saturday, January 13, 2018 3:23:40 AM To: d...@cloudstack.apache.org Subject: Re: [DISCUSS] Freezing master for 4.11 I’m investigating these now. I have found and fixed two of them so far. rohit.ya...@shapeblue.com www.shapeblue.com<http://www.shapeblue.com> 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue > On Jan 12, 2018, at 2:49 PM, Rohit Yadav wrote: > > Thanks Rafael and Daan. > > >> From: Rafael Weingärtner >> >> I believe there is no problem in merging Wido’s and Mike’s PRs, they have >> been extensively discussed and improved (specially Mike’s one). > > Thanks, Mike's PR has several regression smoketest failures and can be > accepted only when those failures are fixed. > > We'll cut 4.11 branch start rc1 on Monday that would be a hard freeze. If > Mike wants, he can help fix them over the weekend, I can help run smoketests. > >> Having said that; I would be ok with it (no need to revert it), but we need >> to be more careful with these things. If one wants to merge something, >> there is no harm in waiting and calling for reviewers via Github, Slack, or >> even email them directly. > > Additional review was requested, but mea culpa - thanks for your support, > noted. > > - Rohit > > On Fri, Jan 12, 2018 at 3:57 PM, Rohit Yadav > wrote: > >> All, >>
Re: [DISCUSS] Freezing master for 4.11
Hi Kristian, I looked at https://issues.apache.org/jira/browse/CLOUDSTACK-10141 If the new VM is deployed with a password and/or ssh-key enabled VM template, then VR should get new password and the user/account specific ssh-public key so the mentioned issues don't affect such new VMs. However, I agree VMs may have access to old VM's password (if not consumed) and ssh-public key if are not password/ssh-public-key enabled - but they may be useless/stale information and I feel they are more of a GC issue than a security issue. Are you able to reproduce a case when a new VM deployed using old VM's IP and with a password and/or public-key enabled template is getting the password and/or ssh-public-key from old VM (and the old user/account)? I think if yes, then it's a security issue. Thoughts, comments? - Rohit <https://cloudstack.apache.org> From: Kristian Liivak Sent: Monday, January 15, 2018 4:19:03 PM To: users Cc: d...@cloudstack.apache.org Subject: Re: [DISCUSS] Freezing master for 4.11 Hello, I have created issue in jira 2 month ago. https://issues.apache.org/jira/browse/CLOUDSTACK-10141 In version 4.10 VR password and ssh key distribution don´t work on instance creation. When instance is allreay excisting reset function is operational. Also there is major security hole. When instance is destroyd and expunged and new instance is created with old IP all old data is unaffected in VR New instance will get then old root password and ssh key if they were present in VR In my knowledege cloudstack older versions are not affected. Lugupidamisega / Regards Kristian Liivak CTO WaveCom As Endla 16, 10142 Tallinn Estonia Tel: +3726850001 Gsm: +37256850001 E-mail: k...@wavecom.ee Skype: kristian.liivak http://www.wavecom.ee http://www.facebook.com/wavecom.ee rohit.ya...@shapeblue.com www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue - Original Message - From: "Rohit Yadav" To: d...@cloudstack.apache.org, "users" Sent: Sunday, January 14, 2018 8:41:15 PM Subject: Re: [DISCUSS] Freezing master for 4.11 All, To give you update, all feature PRs have been reviewed, tested and merged towards the 4.11.0.0. I'll engage with Mike and others for any post-merge regressions (smoketest to be kicked shortly). I see an outstanding PR that may be a critical/blocker PR, please advise and also review: https://github.com/apache/cloudstack/pull/2402 If anyone has any blocker to report, please do so. Thanks. I'll cut RC1 as planned by EOD today (Mon/15 Jan 2018). - Rohit <https://cloudstack.apache.org> From: Tutkowski, Mike Sent: Saturday, January 13, 2018 3:23:40 AM To: d...@cloudstack.apache.org Subject: Re: [DISCUSS] Freezing master for 4.11 I’m investigating these now. I have found and fixed two of them so far. rohit.ya...@shapeblue.com www.shapeblue.com<http://www.shapeblue.com> 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue > On Jan 12, 2018, at 2:49 PM, Rohit Yadav wrote: > > Thanks Rafael and Daan. > > >> From: Rafael Weingärtner >> >> I believe there is no problem in merging Wido’s and Mike’s PRs, they have >> been extensively discussed and improved (specially Mike’s one). > > Thanks, Mike's PR has several regression smoketest failures and can be > accepted only when those failures are fixed. > > We'll cut 4.11 branch start rc1 on Monday that would be a hard freeze. If > Mike wants, he can help fix them over the weekend, I can help run smoketests. > >> Having said that; I would be ok with it (no need to revert it), but we need >> to be more careful with these things. If one wants to merge something, >> there is no harm in waiting and calling for reviewers via Github, Slack, or >> even email them directly. > > Additional review was requested, but mea culpa - thanks for your support, > noted. > > - Rohit > > On Fri, Jan 12, 2018 at 3:57 PM, Rohit Yadav > wrote: > >> All, >> >> >> We're down to one feature PR towards 4.11 milestone now: >> >> https://github.com/apache/cloudstack/pull/2298 >> >> >> The config drive PR from Frank (Nuage) has been accepted today after no >> regression test failures seen from yesterday's smoketest run. We've also >> tested, reviewed and merge Wido's (blocker fix) PR. >> >> >> I've asked Mike to stabilize the branch; based on the smoketest results >> from today we can see some failures caused by the PR. I'm willing to work >> with Mike and others to get this PR tested, and merged over the weekends if >> we can demonstrate that no regression is caused by it, i.e. no new >> smokete
Re: [DISCUSS] Freezing master for 4.11
Hi Rohit, Im currenlty moving our office to new location and therefore busy at least week. After that i can set up test enviroment and make all tests. Lugupidamisega / Regards Kristian Liivak WaveCom As Endla 16, 10142 Tallinn Estonia Tel: +3726850001 Gsm: +37256850001 E-mail: k...@wavecom.ee Skype: kristian.liivak http://www.wavecom.ee http://www.facebook.com/wavecom.ee - Original Message - From: "Rohit Yadav" To: "users" Cc: "dev" Sent: Tuesday, January 16, 2018 1:17:20 PM Subject: Re: [DISCUSS] Freezing master for 4.11 Hi Kristian, Can you test and confirm that you can reproduce the issue with 4.11.0.0-rc1? - Rohit <https://cloudstack.apache.org> From: Kristian Liivak Sent: Tuesday, January 16, 2018 4:10:17 PM To: users Cc: dev Subject: Re: [DISCUSS] Freezing master for 4.11 Daan, For us and i guess for many others public cloud and vps providers its very big hole. Imagine that 10-20 chinese guys have made fraud orders and 10-20 vps are provisioned. We dealing with fradulent orders daily basis. Some time later abusers will get catch in the act and vpses will be terminated. If your customer increase is considerable, most probably one or more ips will be given to new customers during same day. Newly created instances get then abusers keys and root passwords. If new instance uses only keys, root password will be never changed. Abusers need just log in with them old passwords and bitcoin mining or spamming will be started again. Some of smarter customers are able to connect dots and serviceprovider reputation will be damaged seriously. Lugupidamisega / Regards Kristian Liivak Tegevjuht / Executive director WaveCom As Endla 16, 10142 Tallinn Estonia Tel: +3726850001 Gsm: +37256850001 E-mail: k...@wavecom.ee Skype: kristian.liivak http://www.wavecom.ee http://www.facebook.com/wavecom.ee rohit.ya...@shapeblue.com www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue - Original Message - From: "Daan Hoogland" To: "users" Cc: "dev" Sent: Monday, January 15, 2018 1:49:04 PM Subject: Re: [DISCUSS] Freezing master for 4.11 Kristian, On Mon, Jan 15, 2018 at 11:49 AM, Kristian Liivak wrote: >> > ... As for this one: > Also there is major security hole. When instance is destroyd and expunged >> > and new instance is created with old IP all old data is unaffected in VR >> > New instance will get then old root password and ssh key if they were >> > present in VR >> > I don't see how this is a security issue. The user won't get in and update the key and password to get in. No harm done or am I overlooking something? -- Daan
Re: [DISCUSS] Freezing master for 4.11
Hi Kristian, Can you test and confirm that you can reproduce the issue with 4.11.0.0-rc1? - Rohit <https://cloudstack.apache.org> From: Kristian Liivak Sent: Tuesday, January 16, 2018 4:10:17 PM To: users Cc: dev Subject: Re: [DISCUSS] Freezing master for 4.11 Daan, For us and i guess for many others public cloud and vps providers its very big hole. Imagine that 10-20 chinese guys have made fraud orders and 10-20 vps are provisioned. We dealing with fradulent orders daily basis. Some time later abusers will get catch in the act and vpses will be terminated. If your customer increase is considerable, most probably one or more ips will be given to new customers during same day. Newly created instances get then abusers keys and root passwords. If new instance uses only keys, root password will be never changed. Abusers need just log in with them old passwords and bitcoin mining or spamming will be started again. Some of smarter customers are able to connect dots and serviceprovider reputation will be damaged seriously. Lugupidamisega / Regards Kristian Liivak Tegevjuht / Executive director WaveCom As Endla 16, 10142 Tallinn Estonia Tel: +3726850001 Gsm: +37256850001 E-mail: k...@wavecom.ee Skype: kristian.liivak http://www.wavecom.ee http://www.facebook.com/wavecom.ee rohit.ya...@shapeblue.com www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue - Original Message - From: "Daan Hoogland" To: "users" Cc: "dev" Sent: Monday, January 15, 2018 1:49:04 PM Subject: Re: [DISCUSS] Freezing master for 4.11 Kristian, On Mon, Jan 15, 2018 at 11:49 AM, Kristian Liivak wrote: >> > ... As for this one: > Also there is major security hole. When instance is destroyd and expunged >> > and new instance is created with old IP all old data is unaffected in VR >> > New instance will get then old root password and ssh key if they were >> > present in VR >> > I don't see how this is a security issue. The user won't get in and update the key and password to get in. No harm done or am I overlooking something? -- Daan
Re: [DISCUSS] Freezing master for 4.11
please discuss on the VOTE thread Kristian. Give your -1 with explanation there. On Tue, Jan 16, 2018 at 11:40 AM, Kristian Liivak wrote: > Daan, > > For us and i guess for many others public cloud and vps providers its very > big hole. > Imagine that 10-20 chinese guys have made fraud orders and 10-20 vps are > provisioned. > We dealing with fradulent orders daily basis. > Some time later abusers will get catch in the act and vpses will be > terminated. > If your customer increase is considerable, most probably one or more ips > will be given to new customers during same day. > Newly created instances get then abusers keys and root passwords. > If new instance uses only keys, root password will be never changed. > Abusers need just log in with them old passwords and bitcoin mining or > spamming will be started again. > Some of smarter customers are able to connect dots and serviceprovider > reputation will be damaged seriously. > > > Lugupidamisega / Regards > > Kristian Liivak > > Tegevjuht / Executive director > > WaveCom As > Endla 16, 10142 Tallinn > Estonia > Tel: +3726850001 > Gsm: +37256850001 > E-mail: k...@wavecom.ee > Skype: kristian.liivak > http://www.wavecom.ee > http://www.facebook.com/wavecom.ee > > - Original Message - > From: "Daan Hoogland" > To: "users" > Cc: "dev" > Sent: Monday, January 15, 2018 1:49:04 PM > Subject: Re: [DISCUSS] Freezing master for 4.11 > > Kristian, > > > > On Mon, Jan 15, 2018 at 11:49 AM, Kristian Liivak wrote: > >> > > ... > > > > As for this one: > > > Also there is major security hole. When instance is destroyd and expunged > >> > and new instance is created with old IP all old data is unaffected in > VR > >> > New instance will get then old root password and ssh key if they were > >> > present in VR > >> > > I don't see how this is a security issue. The user won't get in and > update the key and password to get in. No harm done or am I overlooking > something? > > > -- > Daan > -- Daan
Re: [DISCUSS] Freezing master for 4.11
Daan, For us and i guess for many others public cloud and vps providers its very big hole. Imagine that 10-20 chinese guys have made fraud orders and 10-20 vps are provisioned. We dealing with fradulent orders daily basis. Some time later abusers will get catch in the act and vpses will be terminated. If your customer increase is considerable, most probably one or more ips will be given to new customers during same day. Newly created instances get then abusers keys and root passwords. If new instance uses only keys, root password will be never changed. Abusers need just log in with them old passwords and bitcoin mining or spamming will be started again. Some of smarter customers are able to connect dots and serviceprovider reputation will be damaged seriously. Lugupidamisega / Regards Kristian Liivak Tegevjuht / Executive director WaveCom As Endla 16, 10142 Tallinn Estonia Tel: +3726850001 Gsm: +37256850001 E-mail: k...@wavecom.ee Skype: kristian.liivak http://www.wavecom.ee http://www.facebook.com/wavecom.ee - Original Message - From: "Daan Hoogland" To: "users" Cc: "dev" Sent: Monday, January 15, 2018 1:49:04 PM Subject: Re: [DISCUSS] Freezing master for 4.11 Kristian, On Mon, Jan 15, 2018 at 11:49 AM, Kristian Liivak wrote: >> > ... As for this one: > Also there is major security hole. When instance is destroyd and expunged >> > and new instance is created with old IP all old data is unaffected in VR >> > New instance will get then old root password and ssh key if they were >> > present in VR >> > I don't see how this is a security issue. The user won't get in and update the key and password to get in. No harm done or am I overlooking something? -- Daan
RE: [DISCUSS] Freezing master for 4.11
Hi Ivan, Here's email from Rohit, systemvm template path is at the bottom I've created a 4.11.0.0 release, with the following artifacts up for testing and a vote: Git Branch and Commit SH: https://gitbox.apache.org/repos/asf?p=cloudstack.git;a=shortlog;h=refs/heads/4.11.0.0-RC20180115T1603 Commit: 1b8a532ba52127f388847690df70e65c6b46f4d4 Source release (checksums and signatures are available at the same location): https://dist.apache.org/repos/dist/dev/cloudstack/4.11.0.0/ PGP release keys (signed using 5ED1E1122DC5E8A4A45112C2484248210EE3D884): https://dist.apache.org/repos/dist/release/cloudstack/KEYS The vote will be open for 72 hours. For sanity in tallying the vote, can PMC members please be sure to indicate "(binding)" with their vote? [ ] +1 approve [ ] +0 no opinion [ ] -1 disapprove (and reason why) Additional information: For users' convenience, I've built packages from 1b8a532ba52127f388847690df70e65c6b46f4d4 and published RC1 repository here: http://cloudstack.apt-get.eu/testing/4.11-rc1 The release notes are still work-in-progress, but the systemvmtemplate upgrade section has been updated. You may refer the following for systemvmtemplate upgrade testing: http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/latest/index.html 4.11 systemvmtemplates are available from here: https://download.cloudstack.org/systemvm/4.11/ Regards, Rohit Yadav Kind regards, Paul Angus paul.an...@shapeblue.com www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue -Original Message- From: Ivan Kudryavtsev [mailto:kudryavtsev...@bw-sw.com] Sent: 15 January 2018 17:34 To: users@cloudstack.apache.org Subject: Re: [DISCUSS] Freezing master for 4.11 Hello,all. Do we already have systemvm and packages for RC? I would like to upgrade my dev to help testing it. 15 янв. 2018 г. 18:51 пользователь "Daan Hoogland" написал: > I suggest you discuss it on the vote thread for RC1 Kristian. > > On Mon, Jan 15, 2018 at 12:47 PM, Kristian Liivak wrote: > > > > > This fix is only for smaller part of password management.. > > Is´t possible that someone have look VR password distribution with > > instance creation ? > > > -- > Daan >
Re: [DISCUSS] Freezing master for 4.11
Hello,all. Do we already have systemvm and packages for RC? I would like to upgrade my dev to help testing it. 15 янв. 2018 г. 18:51 пользователь "Daan Hoogland" написал: > I suggest you discuss it on the vote thread for RC1 Kristian. > > On Mon, Jan 15, 2018 at 12:47 PM, Kristian Liivak wrote: > > > > > This fix is only for smaller part of password management.. > > Is´t possible that someone have look VR password distribution with > > instance creation ? > > > -- > Daan >
Re: [DISCUSS] Freezing master for 4.11
Kristian, On Mon, Jan 15, 2018 at 11:49 AM, Kristian Liivak wrote: >> > ... As for this one: > Also there is major security hole. When instance is destroyd and expunged >> > and new instance is created with old IP all old data is unaffected in VR >> > New instance will get then old root password and ssh key if they were >> > present in VR >> > I don't see how this is a security issue. The user won't get in and update the key and password to get in. No harm done or am I overlooking something? -- Daan
Re: [DISCUSS] Freezing master for 4.11
I suggest you discuss it on the vote thread for RC1 Kristian. On Mon, Jan 15, 2018 at 12:47 PM, Kristian Liivak wrote: > > This fix is only for smaller part of password management.. > Is´t possible that someone have look VR password distribution with > instance creation ? -- Daan
Re: [DISCUSS] Freezing master for 4.11
This fix is only for smaller part of password management.. Is´t possible that someone have look VR password distribution with instance creation ? Lugupidamisega / Regards Kristian Liivak Tegevjuht / Executive director WaveCom As Endla 16, 10142 Tallinn Estonia Tel: +3726850001 Gsm: +37256850001 E-mail: k...@wavecom.ee Skype: kristian.liivak http://www.wavecom.ee http://www.facebook.com/wavecom.ee - Original Message - From: "Daan Hoogland" To: "users" Cc: "dev" Sent: Monday, January 15, 2018 1:42:00 PM Subject: Re: [DISCUSS] Freezing master for 4.11 Yes, I know. I made that that's why i asked. This fix isn't in 4.10 but is in 4.11. On Mon, Jan 15, 2018 at 12:37 PM, Kristian Liivak wrote: > > We made lot testing but did´nt had time to dig code this time. > There was similar VR password management related and fixed issue > https://issues.apache.org/jira/browse/CLOUDSTACK-10113 > > > > Lugupidamisega / Regards > > Kristian Liivak > > CTO > WaveCom As > Endla 16, 10142 Tallinn > Estonia > Tel: +3726850001 > Gsm: +37256850001 > E-mail: k...@wavecom.ee > Skype: kristian.liivak > http://www.wavecom.ee > http://www.facebook.com/wavecom.ee > > - Original Message - > From: "Daan Hoogland" > To: "users" > Cc: "dev" > Sent: Monday, January 15, 2018 1:22:23 PM > Subject: Re: [DISCUSS] Freezing master for 4.11 > > kristian, > > these sound like serious regressions. Do you have a fix or did you analyse > the code yet? > > On Mon, Jan 15, 2018 at 11:49 AM, Kristian Liivak wrote: > > > Hello, > > > > I have created issue in jira 2 month ago. > > https://issues.apache.org/jira/browse/CLOUDSTACK-10141 > > > > In version 4.10 VR password and ssh key distribution don´t work on > > instance creation. > > When instance is allreay excisting reset function is operational. > > > > Also there is major security hole. When instance is destroyd and expunged > > and new instance is created with old IP all old data is unaffected in VR > > New instance will get then old root password and ssh key if they were > > present in VR > > > > In my knowledege cloudstack older versions are not affected. > > > > Lugupidamisega / Regards > > > > Kristian Liivak > > > > CTO > > > > WaveCom As > > Endla 16, 10142 Tallinn > > Estonia > > Tel: +3726850001 > > Gsm: +37256850001 > > E-mail: k...@wavecom.ee > > Skype: kristian.liivak > > http://www.wavecom.ee > > http://www.facebook.com/wavecom.ee > > > > - Original Message - > > From: "Rohit Yadav" > > To: d...@cloudstack.apache.org, "users" > > Sent: Sunday, January 14, 2018 8:41:15 PM > > Subject: Re: [DISCUSS] Freezing master for 4.11 > > > > All, > > > > > > To give you update, all feature PRs have been reviewed, tested and merged > > towards the 4.11.0.0. I'll engage with Mike and others for any post-merge > > regressions (smoketest to be kicked shortly). > > > > > > I see an outstanding PR that may be a critical/blocker PR, please advise > > and also review: > > > > https://github.com/apache/cloudstack/pull/2402 > > > > > > If anyone has any blocker to report, please do so. Thanks. > > > > > > I'll cut RC1 as planned by EOD today (Mon/15 Jan 2018). > > > > > > - Rohit > > > > <https://cloudstack.apache.org> > > > > > > > > > > From: Tutkowski, Mike > > Sent: Saturday, January 13, 2018 3:23:40 AM > > To: d...@cloudstack.apache.org > > Subject: Re: [DISCUSS] Freezing master for 4.11 > > > > I’m investigating these now. I have found and fixed two of them so far. > > > > > > rohit.ya...@shapeblue.com > > www.shapeblue.com > > 53 Chandos Place, Covent Garden, London WC2N 4HSUK > > @shapeblue > > > > > > > > > On Jan 12, 2018, at 2:49 PM, Rohit Yadav > > wrote: > > > > > > Thanks Rafael and Daan. > > > > > > > > >> From: Rafael Weingärtner > > >> > > >> I believe there is no problem in merging Wido’s and Mike’s PRs, they > > have > > >> been extensively discussed and improved (specially Mike’s one). > > > > > > Thanks, Mike's PR has several regression smoketest failures and can be > > accepted only when those failures are fixed. > > > > > > We'll cut 4.11 branch start rc1 on Monday t
Re: [DISCUSS] Freezing master for 4.11
Yes, I know. I made that that's why i asked. This fix isn't in 4.10 but is in 4.11. On Mon, Jan 15, 2018 at 12:37 PM, Kristian Liivak wrote: > > We made lot testing but did´nt had time to dig code this time. > There was similar VR password management related and fixed issue > https://issues.apache.org/jira/browse/CLOUDSTACK-10113 > > > > Lugupidamisega / Regards > > Kristian Liivak > > CTO > WaveCom As > Endla 16, 10142 Tallinn > Estonia > Tel: +3726850001 > Gsm: +37256850001 > E-mail: k...@wavecom.ee > Skype: kristian.liivak > http://www.wavecom.ee > http://www.facebook.com/wavecom.ee > > - Original Message - > From: "Daan Hoogland" > To: "users" > Cc: "dev" > Sent: Monday, January 15, 2018 1:22:23 PM > Subject: Re: [DISCUSS] Freezing master for 4.11 > > kristian, > > these sound like serious regressions. Do you have a fix or did you analyse > the code yet? > > On Mon, Jan 15, 2018 at 11:49 AM, Kristian Liivak wrote: > > > Hello, > > > > I have created issue in jira 2 month ago. > > https://issues.apache.org/jira/browse/CLOUDSTACK-10141 > > > > In version 4.10 VR password and ssh key distribution don´t work on > > instance creation. > > When instance is allreay excisting reset function is operational. > > > > Also there is major security hole. When instance is destroyd and expunged > > and new instance is created with old IP all old data is unaffected in VR > > New instance will get then old root password and ssh key if they were > > present in VR > > > > In my knowledege cloudstack older versions are not affected. > > > > Lugupidamisega / Regards > > > > Kristian Liivak > > > > CTO > > > > WaveCom As > > Endla 16, 10142 Tallinn > > Estonia > > Tel: +3726850001 > > Gsm: +37256850001 > > E-mail: k...@wavecom.ee > > Skype: kristian.liivak > > http://www.wavecom.ee > > http://www.facebook.com/wavecom.ee > > > > - Original Message - > > From: "Rohit Yadav" > > To: d...@cloudstack.apache.org, "users" > > Sent: Sunday, January 14, 2018 8:41:15 PM > > Subject: Re: [DISCUSS] Freezing master for 4.11 > > > > All, > > > > > > To give you update, all feature PRs have been reviewed, tested and merged > > towards the 4.11.0.0. I'll engage with Mike and others for any post-merge > > regressions (smoketest to be kicked shortly). > > > > > > I see an outstanding PR that may be a critical/blocker PR, please advise > > and also review: > > > > https://github.com/apache/cloudstack/pull/2402 > > > > > > If anyone has any blocker to report, please do so. Thanks. > > > > > > I'll cut RC1 as planned by EOD today (Mon/15 Jan 2018). > > > > > > - Rohit > > > > <https://cloudstack.apache.org> > > > > > > > > > > From: Tutkowski, Mike > > Sent: Saturday, January 13, 2018 3:23:40 AM > > To: d...@cloudstack.apache.org > > Subject: Re: [DISCUSS] Freezing master for 4.11 > > > > I’m investigating these now. I have found and fixed two of them so far. > > > > > > rohit.ya...@shapeblue.com > > www.shapeblue.com > > 53 Chandos Place, Covent Garden, London WC2N 4HSUK > > @shapeblue > > > > > > > > > On Jan 12, 2018, at 2:49 PM, Rohit Yadav > > wrote: > > > > > > Thanks Rafael and Daan. > > > > > > > > >> From: Rafael Weingärtner > > >> > > >> I believe there is no problem in merging Wido’s and Mike’s PRs, they > > have > > >> been extensively discussed and improved (specially Mike’s one). > > > > > > Thanks, Mike's PR has several regression smoketest failures and can be > > accepted only when those failures are fixed. > > > > > > We'll cut 4.11 branch start rc1 on Monday that would be a hard freeze. > > If Mike wants, he can help fix them over the weekend, I can help run > > smoketests. > > > > > >> Having said that; I would be ok with it (no need to revert it), but we > > need > > >> to be more careful with these things. If one wants to merge something, > > >> there is no harm in waiting and calling for reviewers via Github, > > Slack, or > > >> even email them directly. > > > > > > Additional review was requested, but mea culpa - thanks for your > > support, noted.
Re: [DISCUSS] Freezing master for 4.11
We made lot testing but did´nt had time to dig code this time. There was similar VR password management related and fixed issue https://issues.apache.org/jira/browse/CLOUDSTACK-10113 Lugupidamisega / Regards Kristian Liivak CTO WaveCom As Endla 16, 10142 Tallinn Estonia Tel: +3726850001 Gsm: +37256850001 E-mail: k...@wavecom.ee Skype: kristian.liivak http://www.wavecom.ee http://www.facebook.com/wavecom.ee - Original Message - From: "Daan Hoogland" To: "users" Cc: "dev" Sent: Monday, January 15, 2018 1:22:23 PM Subject: Re: [DISCUSS] Freezing master for 4.11 kristian, these sound like serious regressions. Do you have a fix or did you analyse the code yet? On Mon, Jan 15, 2018 at 11:49 AM, Kristian Liivak wrote: > Hello, > > I have created issue in jira 2 month ago. > https://issues.apache.org/jira/browse/CLOUDSTACK-10141 > > In version 4.10 VR password and ssh key distribution don´t work on > instance creation. > When instance is allreay excisting reset function is operational. > > Also there is major security hole. When instance is destroyd and expunged > and new instance is created with old IP all old data is unaffected in VR > New instance will get then old root password and ssh key if they were > present in VR > > In my knowledege cloudstack older versions are not affected. > > Lugupidamisega / Regards > > Kristian Liivak > > CTO > > WaveCom As > Endla 16, 10142 Tallinn > Estonia > Tel: +3726850001 > Gsm: +37256850001 > E-mail: k...@wavecom.ee > Skype: kristian.liivak > http://www.wavecom.ee > http://www.facebook.com/wavecom.ee > > - Original Message ----- > From: "Rohit Yadav" > To: d...@cloudstack.apache.org, "users" > Sent: Sunday, January 14, 2018 8:41:15 PM > Subject: Re: [DISCUSS] Freezing master for 4.11 > > All, > > > To give you update, all feature PRs have been reviewed, tested and merged > towards the 4.11.0.0. I'll engage with Mike and others for any post-merge > regressions (smoketest to be kicked shortly). > > > I see an outstanding PR that may be a critical/blocker PR, please advise > and also review: > > https://github.com/apache/cloudstack/pull/2402 > > > If anyone has any blocker to report, please do so. Thanks. > > > I'll cut RC1 as planned by EOD today (Mon/15 Jan 2018). > > > - Rohit > > <https://cloudstack.apache.org> > > > > > From: Tutkowski, Mike > Sent: Saturday, January 13, 2018 3:23:40 AM > To: d...@cloudstack.apache.org > Subject: Re: [DISCUSS] Freezing master for 4.11 > > I’m investigating these now. I have found and fixed two of them so far. > > > rohit.ya...@shapeblue.com > www.shapeblue.com > 53 Chandos Place, Covent Garden, London WC2N 4HSUK > @shapeblue > > > > > On Jan 12, 2018, at 2:49 PM, Rohit Yadav > wrote: > > > > Thanks Rafael and Daan. > > > > > >> From: Rafael Weingärtner > >> > >> I believe there is no problem in merging Wido’s and Mike’s PRs, they > have > >> been extensively discussed and improved (specially Mike’s one). > > > > Thanks, Mike's PR has several regression smoketest failures and can be > accepted only when those failures are fixed. > > > > We'll cut 4.11 branch start rc1 on Monday that would be a hard freeze. > If Mike wants, he can help fix them over the weekend, I can help run > smoketests. > > > >> Having said that; I would be ok with it (no need to revert it), but we > need > >> to be more careful with these things. If one wants to merge something, > >> there is no harm in waiting and calling for reviewers via Github, > Slack, or > >> even email them directly. > > > > Additional review was requested, but mea culpa - thanks for your > support, noted. > > > > - Rohit > > > > On Fri, Jan 12, 2018 at 3:57 PM, Rohit Yadav > > wrote: > > > >> All, > >> > >> > >> We're down to one feature PR towards 4.11 milestone now: > >> > >> https://github.com/apache/cloudstack/pull/2298 > >> > >> > >> The config drive PR from Frank (Nuage) has been accepted today after no > >> regression test failures seen from yesterday's smoketest run. We've also > >> tested, reviewed and merge Wido's (blocker fix) PR. > >> > >> > >> I've asked Mike to stabilize the branch; based on the smoketest results > >> from today we can see some failures caused by the PR. I'm willing to > work > >> with Mike and others to
Re: [DISCUSS] Freezing master for 4.11
kristian, these sound like serious regressions. Do you have a fix or did you analyse the code yet? On Mon, Jan 15, 2018 at 11:49 AM, Kristian Liivak wrote: > Hello, > > I have created issue in jira 2 month ago. > https://issues.apache.org/jira/browse/CLOUDSTACK-10141 > > In version 4.10 VR password and ssh key distribution don´t work on > instance creation. > When instance is allreay excisting reset function is operational. > > Also there is major security hole. When instance is destroyd and expunged > and new instance is created with old IP all old data is unaffected in VR > New instance will get then old root password and ssh key if they were > present in VR > > In my knowledege cloudstack older versions are not affected. > > Lugupidamisega / Regards > > Kristian Liivak > > CTO > > WaveCom As > Endla 16, 10142 Tallinn > Estonia > Tel: +3726850001 > Gsm: +37256850001 > E-mail: k...@wavecom.ee > Skype: kristian.liivak > http://www.wavecom.ee > http://www.facebook.com/wavecom.ee > > - Original Message - > From: "Rohit Yadav" > To: d...@cloudstack.apache.org, "users" > Sent: Sunday, January 14, 2018 8:41:15 PM > Subject: Re: [DISCUSS] Freezing master for 4.11 > > All, > > > To give you update, all feature PRs have been reviewed, tested and merged > towards the 4.11.0.0. I'll engage with Mike and others for any post-merge > regressions (smoketest to be kicked shortly). > > > I see an outstanding PR that may be a critical/blocker PR, please advise > and also review: > > https://github.com/apache/cloudstack/pull/2402 > > > If anyone has any blocker to report, please do so. Thanks. > > > I'll cut RC1 as planned by EOD today (Mon/15 Jan 2018). > > > - Rohit > > <https://cloudstack.apache.org> > > > > > From: Tutkowski, Mike > Sent: Saturday, January 13, 2018 3:23:40 AM > To: d...@cloudstack.apache.org > Subject: Re: [DISCUSS] Freezing master for 4.11 > > I’m investigating these now. I have found and fixed two of them so far. > > > rohit.ya...@shapeblue.com > www.shapeblue.com > 53 Chandos Place, Covent Garden, London WC2N 4HSUK > @shapeblue > > > > > On Jan 12, 2018, at 2:49 PM, Rohit Yadav > wrote: > > > > Thanks Rafael and Daan. > > > > > >> From: Rafael Weingärtner > >> > >> I believe there is no problem in merging Wido’s and Mike’s PRs, they > have > >> been extensively discussed and improved (specially Mike’s one). > > > > Thanks, Mike's PR has several regression smoketest failures and can be > accepted only when those failures are fixed. > > > > We'll cut 4.11 branch start rc1 on Monday that would be a hard freeze. > If Mike wants, he can help fix them over the weekend, I can help run > smoketests. > > > >> Having said that; I would be ok with it (no need to revert it), but we > need > >> to be more careful with these things. If one wants to merge something, > >> there is no harm in waiting and calling for reviewers via Github, > Slack, or > >> even email them directly. > > > > Additional review was requested, but mea culpa - thanks for your > support, noted. > > > > - Rohit > > > > On Fri, Jan 12, 2018 at 3:57 PM, Rohit Yadav > > wrote: > > > >> All, > >> > >> > >> We're down to one feature PR towards 4.11 milestone now: > >> > >> https://github.com/apache/cloudstack/pull/2298 > >> > >> > >> The config drive PR from Frank (Nuage) has been accepted today after no > >> regression test failures seen from yesterday's smoketest run. We've also > >> tested, reviewed and merge Wido's (blocker fix) PR. > >> > >> > >> I've asked Mike to stabilize the branch; based on the smoketest results > >> from today we can see some failures caused by the PR. I'm willing to > work > >> with Mike and others to get this PR tested, and merged over the > weekends if > >> we can demonstrate that no regression is caused by it, i.e. no new > >> smoketest regressions. I'll also try to fix regression and test failures > >> over the weekend. > >> > >> > >> Lastly, I would like to discuss a mistake I made today with merging the > >> following PR which per our guideline lacks one code review > lgtm/approval: > >> > >> https://github.com/apache/cloudstack/pull/2152 > >> > >> > >> The changes in above (merged) P
Re: [DISCUSS] Freezing master for 4.11
Hello, I have created issue in jira 2 month ago. https://issues.apache.org/jira/browse/CLOUDSTACK-10141 In version 4.10 VR password and ssh key distribution don´t work on instance creation. When instance is allreay excisting reset function is operational. Also there is major security hole. When instance is destroyd and expunged and new instance is created with old IP all old data is unaffected in VR New instance will get then old root password and ssh key if they were present in VR In my knowledege cloudstack older versions are not affected. Lugupidamisega / Regards Kristian Liivak CTO WaveCom As Endla 16, 10142 Tallinn Estonia Tel: +3726850001 Gsm: +37256850001 E-mail: k...@wavecom.ee Skype: kristian.liivak http://www.wavecom.ee http://www.facebook.com/wavecom.ee - Original Message - From: "Rohit Yadav" To: d...@cloudstack.apache.org, "users" Sent: Sunday, January 14, 2018 8:41:15 PM Subject: Re: [DISCUSS] Freezing master for 4.11 All, To give you update, all feature PRs have been reviewed, tested and merged towards the 4.11.0.0. I'll engage with Mike and others for any post-merge regressions (smoketest to be kicked shortly). I see an outstanding PR that may be a critical/blocker PR, please advise and also review: https://github.com/apache/cloudstack/pull/2402 If anyone has any blocker to report, please do so. Thanks. I'll cut RC1 as planned by EOD today (Mon/15 Jan 2018). - Rohit <https://cloudstack.apache.org> From: Tutkowski, Mike Sent: Saturday, January 13, 2018 3:23:40 AM To: d...@cloudstack.apache.org Subject: Re: [DISCUSS] Freezing master for 4.11 I’m investigating these now. I have found and fixed two of them so far. rohit.ya...@shapeblue.com www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue > On Jan 12, 2018, at 2:49 PM, Rohit Yadav wrote: > > Thanks Rafael and Daan. > > >> From: Rafael Weingärtner >> >> I believe there is no problem in merging Wido’s and Mike’s PRs, they have >> been extensively discussed and improved (specially Mike’s one). > > Thanks, Mike's PR has several regression smoketest failures and can be > accepted only when those failures are fixed. > > We'll cut 4.11 branch start rc1 on Monday that would be a hard freeze. If > Mike wants, he can help fix them over the weekend, I can help run smoketests. > >> Having said that; I would be ok with it (no need to revert it), but we need >> to be more careful with these things. If one wants to merge something, >> there is no harm in waiting and calling for reviewers via Github, Slack, or >> even email them directly. > > Additional review was requested, but mea culpa - thanks for your support, > noted. > > - Rohit > > On Fri, Jan 12, 2018 at 3:57 PM, Rohit Yadav > wrote: > >> All, >> >> >> We're down to one feature PR towards 4.11 milestone now: >> >> https://github.com/apache/cloudstack/pull/2298 >> >> >> The config drive PR from Frank (Nuage) has been accepted today after no >> regression test failures seen from yesterday's smoketest run. We've also >> tested, reviewed and merge Wido's (blocker fix) PR. >> >> >> I've asked Mike to stabilize the branch; based on the smoketest results >> from today we can see some failures caused by the PR. I'm willing to work >> with Mike and others to get this PR tested, and merged over the weekends if >> we can demonstrate that no regression is caused by it, i.e. no new >> smoketest regressions. I'll also try to fix regression and test failures >> over the weekend. >> >> >> Lastly, I would like to discuss a mistake I made today with merging the >> following PR which per our guideline lacks one code review lgtm/approval: >> >> https://github.com/apache/cloudstack/pull/2152 >> >> >> The changes in above (merged) PR are all localized to a xenserver-swift >> file, that is not tested by Travis or Trillian, since no new regression >> failures were seen I accepted and merge it on that discretion. The PR was >> originally on the 4.11 milestone, however, due to it lacking a JIRA id and >> no response from the author it was only recently removed from the milestone. >> >> >> Please advise if I need to revert this, or we can review/lgtm it >> post-merge? I'll also ping on the above PR. >> >> >> - Rohit >> >> <https://cloudstack.apache.org> > Apache CloudStack: Open Source Cloud Computing<https://cloudstack.apache.org/> > cloudstack.apache.org > CloudStack is open source cloud computing software for creating, managing, > and deployin
Re: [DISCUSS] Freezing master for 4.11
All, To give you update, all feature PRs have been reviewed, tested and merged towards the 4.11.0.0. I'll engage with Mike and others for any post-merge regressions (smoketest to be kicked shortly). I see an outstanding PR that may be a critical/blocker PR, please advise and also review: https://github.com/apache/cloudstack/pull/2402 If anyone has any blocker to report, please do so. Thanks. I'll cut RC1 as planned by EOD today (Mon/15 Jan 2018). - Rohit <https://cloudstack.apache.org> From: Tutkowski, Mike Sent: Saturday, January 13, 2018 3:23:40 AM To: d...@cloudstack.apache.org Subject: Re: [DISCUSS] Freezing master for 4.11 I’m investigating these now. I have found and fixed two of them so far. rohit.ya...@shapeblue.com www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue > On Jan 12, 2018, at 2:49 PM, Rohit Yadav wrote: > > Thanks Rafael and Daan. > > >> From: Rafael Weingärtner >> >> I believe there is no problem in merging Wido’s and Mike’s PRs, they have >> been extensively discussed and improved (specially Mike’s one). > > Thanks, Mike's PR has several regression smoketest failures and can be > accepted only when those failures are fixed. > > We'll cut 4.11 branch start rc1 on Monday that would be a hard freeze. If > Mike wants, he can help fix them over the weekend, I can help run smoketests. > >> Having said that; I would be ok with it (no need to revert it), but we need >> to be more careful with these things. If one wants to merge something, >> there is no harm in waiting and calling for reviewers via Github, Slack, or >> even email them directly. > > Additional review was requested, but mea culpa - thanks for your support, > noted. > > - Rohit > > On Fri, Jan 12, 2018 at 3:57 PM, Rohit Yadav > wrote: > >> All, >> >> >> We're down to one feature PR towards 4.11 milestone now: >> >> https://github.com/apache/cloudstack/pull/2298 >> >> >> The config drive PR from Frank (Nuage) has been accepted today after no >> regression test failures seen from yesterday's smoketest run. We've also >> tested, reviewed and merge Wido's (blocker fix) PR. >> >> >> I've asked Mike to stabilize the branch; based on the smoketest results >> from today we can see some failures caused by the PR. I'm willing to work >> with Mike and others to get this PR tested, and merged over the weekends if >> we can demonstrate that no regression is caused by it, i.e. no new >> smoketest regressions. I'll also try to fix regression and test failures >> over the weekend. >> >> >> Lastly, I would like to discuss a mistake I made today with merging the >> following PR which per our guideline lacks one code review lgtm/approval: >> >> https://github.com/apache/cloudstack/pull/2152 >> >> >> The changes in above (merged) PR are all localized to a xenserver-swift >> file, that is not tested by Travis or Trillian, since no new regression >> failures were seen I accepted and merge it on that discretion. The PR was >> originally on the 4.11 milestone, however, due to it lacking a JIRA id and >> no response from the author it was only recently removed from the milestone. >> >> >> Please advise if I need to revert this, or we can review/lgtm it >> post-merge? I'll also ping on the above PR. >> >> >> - Rohit >> >> <https://cloudstack.apache.org> > Apache CloudStack: Open Source Cloud Computing<https://cloudstack.apache.org/> > cloudstack.apache.org > CloudStack is open source cloud computing software for creating, managing, > and deploying infrastructure cloud services > > > >> >> >> >> >> From: Wido den Hollander >> Sent: Thursday, January 11, 2018 9:17:26 PM >> To: d...@cloudstack.apache.org >> Subject: Re: [DISCUSS] Freezing master for 4.11 >> >> >> >>> On 01/10/2018 07:26 PM, Daan Hoogland wrote: >>> I hope we understand each other correctly: No-one running an earlier >>> version then 4.11 should miss out on any functionality they are using >> now. >>> >>> So if you use ipv6 and multiple cidrs now it must continue to work with >> no >>> loss of functionality. see my question below. >>> >>> On Wed, Jan 10, 2018 at 7:06 PM, Ivan Kudryavtsev < >> kudryavtsev...@bw-sw.com> >>> wrote: >>> >>>> Daan, yes this sounds reasonable, I suppose who would like to fix, could >>