You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by Sheng Yang <sh...@yasker.org> on 2013/11/01 19:47:56 UTC
Re: [Merge] Palo Alto Networks firewall integration to master
Nice work Will!
I've checked the code, it included the UI part and unit test as well.
Really impressed!
Just one comment: you can git-format-patch to generate the patch. It would
includes author and description information automatically, which is easier
for applying.
+1!
--Sheng
On Thu, Oct 31, 2013 at 1:50 PM, Will Stevens <ws...@cloudops.com> wrote:
> Hi,
>
> I would like to merge support for Palo Alto Network's firewall appliances
> to the master branch. Development for this has been done by Will Stevens
> at CloudOps on branch [1].
>
> There was an introduction [2], a proposal [3], and a discussion [4] on the
> mailing list regarding this feature.
>
> Checklist:
> Jira ticket for the feature is here [5].
> The FS can be found at [6].
> Unit tests for the feature are available at [7] and [8]. I have developed
> the unit tests with a flag to output additional detail in the console [9].
> Here is the result of the tests without detail [10] and here is the result
> of the tests with detail [11].
>
> This plugin communicates to the Palo Alto Networks firewall appliances
> through an API documented at [12] with a training manual [13].
> This plugin depends on a modification to core to remove a limitation which
> was discussed here [14], with this jira issue [15] and has been approved
> here [16].
> This plugin is being reviewed at [17] according to this patch [18].
>
> There are no 3rd party libraries needed for this plugin, however it does
> depend on a 3rd party API [12][13] to orchestrate the configuration on the
> appliance. The plugin is currently being built via the 'nonoss' flag. It
> should be moved into either the 'noredist' or core because it appears that
> 'nonoss' will be going away [19] and 'noredist' has been merged [20]. I
> would appreciate input on which build this should be put into given its
> interaction with an 3rd party appliance.
>
> Here are the slides for a presentation [21] given about this integration at
> the CloudStack Collaboration Conference in Santa Clara, CA.
>
> [1] https://github.com/cloudops/cs_palo_alto/tree/palo_alto
> [2]
>
> http://markmail.org/message/hukydzwkec3dwuxq?q=list:org%2Eapache%2Eincubator%2Ecloudstack-%2A+Palo+Alto
> [3]
>
> http://markmail.org/message/odbg2icft7esj3ut?q=list:org%2Eapache%2Eincubator%2Ecloudstack-%2A+Palo+Alto
> [4]
>
> http://markmail.org/message/n5276i4hfh7ek57o?q=list:org%2Eapache%2Eincubator%2Ecloudstack-%2A+Palo+Alto
> [5] https://issues.apache.org/jira/browse/CLOUDSTACK-1275
> [6]
>
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Palo+Alto+Firewall+Integration
> [7]
>
> https://github.com/cloudops/cs_palo_alto/blob/palo_alto/plugins/network-elements/palo-alto/test/com/cloud/network/resource/PaloAltoResourceTest.java
> [8]
>
> https://github.com/cloudops/cs_palo_alto/blob/palo_alto/plugins/network-elements/palo-alto/test/com/cloud/network/resource/MockablePaloAltoResource.java
> [9]
>
> https://github.com/cloudops/cs_palo_alto/blob/palo_alto/plugins/network-elements/palo-alto/test/com/cloud/network/resource/PaloAltoResourceTest.java#L156
> [10]
>
> https://cwiki.apache.org/confluence/download/attachments/30753712/palo_alto_tests_without_logging.txt?version=1&modificationDate=1383248404474
> [11]
>
> https://cwiki.apache.org/confluence/download/attachments/30753712/palo_alto_tests_with_logging.txt?version=1&modificationDate=1383248432061
> [12]
>
> https://cwiki.apache.org/confluence/download/attachments/30753712/XML-API-5-1.0-RevA.pdf?version=1&modificationDate=1366305634000
> [13]
>
> https://cwiki.apache.org/confluence/download/attachments/30753712/XML_API_Training.pdf?version=1&modificationDate=1366305635000
> [14]
>
> http://markmail.org/message/374hyn7ko6zrb2cf?q=list:org%2Eapache%2Eincubator%2Ecloudstack-%2A+supported+source+nat+types
> [15] https://issues.apache.org/jira/browse/CLOUDSTACK-4991
> [16] https://reviews.apache.org/r/15047/
> [17] https://reviews.apache.org/r/15050/
> [18] https://reviews.apache.org/r/15050/diff/
> [19]
>
> http://markmail.org/message/37qcg4lgudmf57ws?q=DISCUSS%5D+rename+nonoss+to+noredist
> [20]
>
> http://markmail.org/message/zqkiuod5qabcyra6?q=%5BMERGE%5D+changing+nonoss+to+noredist
> [21]
>
> https://cwiki.apache.org/confluence/download/attachments/30753712/CS_PA_Integration.pptx?version=1&modificationDate=1383250830719
>
> Cheers,
>
> Will
>
Re: [Merge] Palo Alto Networks firewall integration to master
Posted by Chip Childers <ch...@apache.org>.
On Thu, Nov 07, 2013 at 06:59:25PM +0000, Animesh Chaturvedi wrote:
> mvn --projects='org.apache.cloudstack:cloudstack' org.apache.rat:apache-rat-plugin:0.8:check
s/0.8/0.10 if you want the latest
Re: [Merge] Palo Alto Networks firewall integration to master
Posted by Will Stevens <ws...@cloudops.com>.
Perfect. Thank you for the details.
On Thu, Nov 7, 2013 at 1:59 PM, Sheng Yang <sh...@yasker.org> wrote:
> Oh, that means something wrong with the license header of the file(header
> missing in this case).
>
> http://creadur.apache.org/rat/
>
> --Sheng
>
>
> On Thu, Nov 7, 2013 at 10:50 AM, Will Stevens <ws...@cloudops.com>
> wrote:
>
> > Just so I know, can you explain what it means to 'Fail RAT'? Thx...
> >
> >
> > On Thu, Nov 7, 2013 at 1:46 PM, Sheng Yang <sh...@yasker.org> wrote:
> >
> > > Fixed.
> > >
> > > --Sheng
> > >
> > >
> > > On Thu, Nov 7, 2013 at 10:23 AM, Animesh Chaturvedi <
> > > animesh.chaturvedi@citrix.com> wrote:
> > >
> > > > Fails RAT on
> > > >
> > >
> >
> plugins/network-elements/palo-alto/src/com/cloud/network/utils/HttpClientWrapper.java
> > > >
> > > >
> > > > > -----Original Message-----
> > > > > From: williamstevens@gmail.com [mailto:williamstevens@gmail.com]
> On
> > > > > Behalf Of Will Stevens
> > > > > Sent: Wednesday, November 06, 2013 10:15 AM
> > > > > To: dev@cloudstack.apache.org
> > > > > Subject: Re: [Merge] Palo Alto Networks firewall integration to
> > master
> > > > >
> > > > > Great! Thank you Sheng...
> > > > >
> > > > >
> > > > > On Wed, Nov 6, 2013 at 1:10 PM, Sheng Yang <sh...@yasker.org>
> wrote:
> > > > >
> > > > > > Looks good to me.
> > > > > >
> > > > > > Applied to MASTER branch. Thanks!
> > > > > >
> > > > > > --Sheng
> > > > > >
> > > > > >
> > > > > > On Tue, Nov 5, 2013 at 7:51 PM, Will Stevens <
> > wstevens@cloudops.com>
> > > > > > wrote:
> > > > > >
> > > > > > > @Sheng: This should be ready to go now. I built the patch
> from
> > > > > > tonight's
> > > > > > > master and I included a more detailed commit message as you
> > > > > requested.
> > > > > > Let
> > > > > > > me know if you have any questions/problems...
> > > > > > >
> > > > > > > @David: As per this discussion (and a previous one [1]), I
> have
> > > > > > > moved
> > > > > > this
> > > > > > > code from being built with the depreciated 'nonoss' flag to
> core
> > > > > > > since it does not depend on any 3rd party libraries at build or
> > > > > runtime.
> > > > > > >
> > > > > > > Cheers,
> > > > > > >
> > > > > > > Will
> > > > > > >
> > > > > > > [1]
> > > > > > >
> > > > > > >
> > > > > >
> > > http://markmail.org/message/fxphjkba7bonlesd?q=list:org%2Eapache%2Einc
> > > > > > ubator%2Ecloudstack-%2A+Palo+Alto
> > > > > > >
> > > > > > >
> > > > > > > On Tue, Nov 5, 2013 at 11:42 AM, Will Stevens
> > > > > > > <ws...@cloudops.com>
> > > > > > > wrote:
> > > > > > >
> > > > > > > > Thanks for that David. You are absolutely correct, this
> plugin
> > > > > > > > has no dependencies on any 3rd party code at build or
> runtime.
> > > > > > > > Everything the plugin requires is built into the plugin. I
> was
> > > > > > > > unclear if its
> > > > > > > dependance
> > > > > > > > on a 3rd party API and appliance to be functional was
> relevant.
> > > > > > > >
> > > > > > > > I think you are right. I think it should probably be in the
> > core
> > > > > > build.
> > > > > > > > I will make that change when I merge in the latest master
> for
> > > > > > > > Sheng
> > > > > > and
> > > > > > > > rebuild the patch.
> > > > > > > >
> > > > > > > > Thanks,
> > > > > > > >
> > > > > > > > Will
> > > > > > > >
> > > > > > > >
> > > > > > > > On Tue, Nov 5, 2013 at 10:19 AM, David Nalley <david@gnsa.us
> >
> > > > > wrote:
> > > > > > > >
> > > > > > > >> So perhaps a bit of history.
> > > > > > > >>
> > > > > > > >> nonoss/noredist is for targets that aren't built 'by
> default'
> > > > > (e.g.
> > > > > > > >> you must explicitly turn them on). We do this because the
> ASF
> > > > > > > >> wants the default build to be truly unencumbered and where
> > there
> > > > > > > >> are dependencies on non-open source, or non-Apache
> compatible
> > > > > > > >> code, we typically turn them off. In example: historically,
> > > > > > > >> Netscaler libraries were not open source, and we had a
> > > dependency
> > > > > > > >> on those libraries, so we placed the netscaler plugin into
> the
> > > > > > > >> nonoss. Since then the netscaler libraries have been open
> > > > > > > >> sourced, and we could move those out of noredist.
> > > > > > > >>
> > > > > > > >> So - is there third party code that you have as a build or
> > > > > > > >> runtime dependency? If so what is the license for that third
> > > > > > > >> party code? (My really fast perusal didn't catch anything
> that
> > > > > > > >> was immediately
> > > > > > > >> troubling)
> > > > > > > >>
> > > > > > > >> --David
> > > > > > > >>
> > > > > > > >> On Tue, Nov 5, 2013 at 7:08 AM, Will Stevens
> > > > > > > >> <ws...@cloudops.com>
> > > > > > > >> wrote:
> > > > > > > >> > Its dependence on a third party API and appliance, similar
> > to
> > > > > > > >> > the
> > > > > > srx
> > > > > > > >> and
> > > > > > > >> > netscaler. I am not convinced it should be in noredist,
> but
> > I
> > > > > > > >> > was
> > > > > > > >> following
> > > > > > > >> > the same model as other similar plugins. Feedback on this
> > > > > > > >> > would be helpful.
> > > > > > > >> >
> > > > > > > >> > Ws
> > > > > > > >> >
> > > > > > > >> > On Tuesday, November 5, 2013, David Nalley wrote:
> > > > > > > >> >
> > > > > > > >> >> On Mon, Nov 4, 2013 at 7:32 PM, Will Stevens <
> > > > > > wstevens@cloudops.com
> > > > > > > >> <javascript:;>>
> > > > > > > >> >> wrote:
> > > > > > > >> >> > Sheng, I will rebuild the patch for the latest master.
> > The
> > > > > > latest
> > > > > > > >> master
> > > > > > > >> >> > has depreciated the 'nonoss' flag in favour of
> > 'noredist'.
> > > I
> > > > > > > >> >> > was
> > > > > > > >> building
> > > > > > > >> >> > in nonoss previously. I am guessing I should use the
> > > > > > > >> >> > noredist
> > > > > > flag
> > > > > > > >> now?
> > > > > > > >> >> >
> > > > > > > >> >>
> > > > > > > >> >> Will - what is causing this to be noredist/nonoss? My
> quick
> > > > > > > >> >> perusal
> > > > > > > of
> > > > > > > >> >> your patch didn't surface anything that would push it
> into
> > > > > > > >> >> that category.
> > > > > > > >> >>
> > > > > > > >> >> --David
> > > > > > > >> >>
> > > > > > > >>
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > >
> > >
> >
>
Re: [Merge] Palo Alto Networks firewall integration to master
Posted by Sheng Yang <sh...@yasker.org>.
Oh, that means something wrong with the license header of the file(header
missing in this case).
http://creadur.apache.org/rat/
--Sheng
On Thu, Nov 7, 2013 at 10:50 AM, Will Stevens <ws...@cloudops.com> wrote:
> Just so I know, can you explain what it means to 'Fail RAT'? Thx...
>
>
> On Thu, Nov 7, 2013 at 1:46 PM, Sheng Yang <sh...@yasker.org> wrote:
>
> > Fixed.
> >
> > --Sheng
> >
> >
> > On Thu, Nov 7, 2013 at 10:23 AM, Animesh Chaturvedi <
> > animesh.chaturvedi@citrix.com> wrote:
> >
> > > Fails RAT on
> > >
> >
> plugins/network-elements/palo-alto/src/com/cloud/network/utils/HttpClientWrapper.java
> > >
> > >
> > > > -----Original Message-----
> > > > From: williamstevens@gmail.com [mailto:williamstevens@gmail.com] On
> > > > Behalf Of Will Stevens
> > > > Sent: Wednesday, November 06, 2013 10:15 AM
> > > > To: dev@cloudstack.apache.org
> > > > Subject: Re: [Merge] Palo Alto Networks firewall integration to
> master
> > > >
> > > > Great! Thank you Sheng...
> > > >
> > > >
> > > > On Wed, Nov 6, 2013 at 1:10 PM, Sheng Yang <sh...@yasker.org> wrote:
> > > >
> > > > > Looks good to me.
> > > > >
> > > > > Applied to MASTER branch. Thanks!
> > > > >
> > > > > --Sheng
> > > > >
> > > > >
> > > > > On Tue, Nov 5, 2013 at 7:51 PM, Will Stevens <
> wstevens@cloudops.com>
> > > > > wrote:
> > > > >
> > > > > > @Sheng: This should be ready to go now. I built the patch from
> > > > > tonight's
> > > > > > master and I included a more detailed commit message as you
> > > > requested.
> > > > > Let
> > > > > > me know if you have any questions/problems...
> > > > > >
> > > > > > @David: As per this discussion (and a previous one [1]), I have
> > > > > > moved
> > > > > this
> > > > > > code from being built with the depreciated 'nonoss' flag to core
> > > > > > since it does not depend on any 3rd party libraries at build or
> > > > runtime.
> > > > > >
> > > > > > Cheers,
> > > > > >
> > > > > > Will
> > > > > >
> > > > > > [1]
> > > > > >
> > > > > >
> > > > >
> > http://markmail.org/message/fxphjkba7bonlesd?q=list:org%2Eapache%2Einc
> > > > > ubator%2Ecloudstack-%2A+Palo+Alto
> > > > > >
> > > > > >
> > > > > > On Tue, Nov 5, 2013 at 11:42 AM, Will Stevens
> > > > > > <ws...@cloudops.com>
> > > > > > wrote:
> > > > > >
> > > > > > > Thanks for that David. You are absolutely correct, this plugin
> > > > > > > has no dependencies on any 3rd party code at build or runtime.
> > > > > > > Everything the plugin requires is built into the plugin. I was
> > > > > > > unclear if its
> > > > > > dependance
> > > > > > > on a 3rd party API and appliance to be functional was relevant.
> > > > > > >
> > > > > > > I think you are right. I think it should probably be in the
> core
> > > > > build.
> > > > > > > I will make that change when I merge in the latest master for
> > > > > > > Sheng
> > > > > and
> > > > > > > rebuild the patch.
> > > > > > >
> > > > > > > Thanks,
> > > > > > >
> > > > > > > Will
> > > > > > >
> > > > > > >
> > > > > > > On Tue, Nov 5, 2013 at 10:19 AM, David Nalley <da...@gnsa.us>
> > > > wrote:
> > > > > > >
> > > > > > >> So perhaps a bit of history.
> > > > > > >>
> > > > > > >> nonoss/noredist is for targets that aren't built 'by default'
> > > > (e.g.
> > > > > > >> you must explicitly turn them on). We do this because the ASF
> > > > > > >> wants the default build to be truly unencumbered and where
> there
> > > > > > >> are dependencies on non-open source, or non-Apache compatible
> > > > > > >> code, we typically turn them off. In example: historically,
> > > > > > >> Netscaler libraries were not open source, and we had a
> > dependency
> > > > > > >> on those libraries, so we placed the netscaler plugin into the
> > > > > > >> nonoss. Since then the netscaler libraries have been open
> > > > > > >> sourced, and we could move those out of noredist.
> > > > > > >>
> > > > > > >> So - is there third party code that you have as a build or
> > > > > > >> runtime dependency? If so what is the license for that third
> > > > > > >> party code? (My really fast perusal didn't catch anything that
> > > > > > >> was immediately
> > > > > > >> troubling)
> > > > > > >>
> > > > > > >> --David
> > > > > > >>
> > > > > > >> On Tue, Nov 5, 2013 at 7:08 AM, Will Stevens
> > > > > > >> <ws...@cloudops.com>
> > > > > > >> wrote:
> > > > > > >> > Its dependence on a third party API and appliance, similar
> to
> > > > > > >> > the
> > > > > srx
> > > > > > >> and
> > > > > > >> > netscaler. I am not convinced it should be in noredist, but
> I
> > > > > > >> > was
> > > > > > >> following
> > > > > > >> > the same model as other similar plugins. Feedback on this
> > > > > > >> > would be helpful.
> > > > > > >> >
> > > > > > >> > Ws
> > > > > > >> >
> > > > > > >> > On Tuesday, November 5, 2013, David Nalley wrote:
> > > > > > >> >
> > > > > > >> >> On Mon, Nov 4, 2013 at 7:32 PM, Will Stevens <
> > > > > wstevens@cloudops.com
> > > > > > >> <javascript:;>>
> > > > > > >> >> wrote:
> > > > > > >> >> > Sheng, I will rebuild the patch for the latest master.
> The
> > > > > latest
> > > > > > >> master
> > > > > > >> >> > has depreciated the 'nonoss' flag in favour of
> 'noredist'.
> > I
> > > > > > >> >> > was
> > > > > > >> building
> > > > > > >> >> > in nonoss previously. I am guessing I should use the
> > > > > > >> >> > noredist
> > > > > flag
> > > > > > >> now?
> > > > > > >> >> >
> > > > > > >> >>
> > > > > > >> >> Will - what is causing this to be noredist/nonoss? My quick
> > > > > > >> >> perusal
> > > > > > of
> > > > > > >> >> your patch didn't surface anything that would push it into
> > > > > > >> >> that category.
> > > > > > >> >>
> > > > > > >> >> --David
> > > > > > >> >>
> > > > > > >>
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > >
> >
>
RE: [Merge] Palo Alto Networks firewall integration to master
Posted by Animesh Chaturvedi <an...@citrix.com>.
RAT is release audit tool and checks for missing license headers. You can run it as below
mvn --projects='org.apache.cloudstack:cloudstack' org.apache.rat:apache-rat-plugin:0.8:check
The build should FAIL if there are any non-compliant files that are not specifically excluded from the ASF license header requirement. You can optionally review the target/rat.txt file after the run completes.
> -----Original Message-----
> From: williamstevens@gmail.com [mailto:williamstevens@gmail.com] On
> Behalf Of Will Stevens
> Sent: Thursday, November 07, 2013 10:51 AM
> To: dev@cloudstack.apache.org
> Subject: Re: [Merge] Palo Alto Networks firewall integration to master
>
> Just so I know, can you explain what it means to 'Fail RAT'? Thx...
>
>
> On Thu, Nov 7, 2013 at 1:46 PM, Sheng Yang <sh...@yasker.org> wrote:
>
> > Fixed.
> >
> > --Sheng
> >
> >
> > On Thu, Nov 7, 2013 at 10:23 AM, Animesh Chaturvedi <
> > animesh.chaturvedi@citrix.com> wrote:
> >
> > > Fails RAT on
> > >
> > plugins/network-elements/palo-alto/src/com/cloud/network/utils/HttpCli
> > entWrapper.java
> > >
> > >
> > > > -----Original Message-----
> > > > From: williamstevens@gmail.com [mailto:williamstevens@gmail.com]
> > > > On Behalf Of Will Stevens
> > > > Sent: Wednesday, November 06, 2013 10:15 AM
> > > > To: dev@cloudstack.apache.org
> > > > Subject: Re: [Merge] Palo Alto Networks firewall integration to
> > > > master
> > > >
> > > > Great! Thank you Sheng...
> > > >
> > > >
> > > > On Wed, Nov 6, 2013 at 1:10 PM, Sheng Yang <sh...@yasker.org>
> wrote:
> > > >
> > > > > Looks good to me.
> > > > >
> > > > > Applied to MASTER branch. Thanks!
> > > > >
> > > > > --Sheng
> > > > >
> > > > >
> > > > > On Tue, Nov 5, 2013 at 7:51 PM, Will Stevens
> > > > > <ws...@cloudops.com>
> > > > > wrote:
> > > > >
> > > > > > @Sheng: This should be ready to go now. I built the patch
> > > > > > from
> > > > > tonight's
> > > > > > master and I included a more detailed commit message as you
> > > > requested.
> > > > > Let
> > > > > > me know if you have any questions/problems...
> > > > > >
> > > > > > @David: As per this discussion (and a previous one [1]), I
> > > > > > have moved
> > > > > this
> > > > > > code from being built with the depreciated 'nonoss' flag to
> > > > > > core since it does not depend on any 3rd party libraries at
> > > > > > build or
> > > > runtime.
> > > > > >
> > > > > > Cheers,
> > > > > >
> > > > > > Will
> > > > > >
> > > > > > [1]
> > > > > >
> > > > > >
> > > > >
> > http://markmail.org/message/fxphjkba7bonlesd?q=list:org%2Eapache%2Einc
> > > > > ubator%2Ecloudstack-%2A+Palo+Alto
> > > > > >
> > > > > >
> > > > > > On Tue, Nov 5, 2013 at 11:42 AM, Will Stevens
> > > > > > <ws...@cloudops.com>
> > > > > > wrote:
> > > > > >
> > > > > > > Thanks for that David. You are absolutely correct, this
> > > > > > > plugin has no dependencies on any 3rd party code at build or
> runtime.
> > > > > > > Everything the plugin requires is built into the plugin. I
> > > > > > > was unclear if its
> > > > > > dependance
> > > > > > > on a 3rd party API and appliance to be functional was
> relevant.
> > > > > > >
> > > > > > > I think you are right. I think it should probably be in the
> > > > > > > core
> > > > > build.
> > > > > > > I will make that change when I merge in the latest master
> > > > > > > for Sheng
> > > > > and
> > > > > > > rebuild the patch.
> > > > > > >
> > > > > > > Thanks,
> > > > > > >
> > > > > > > Will
> > > > > > >
> > > > > > >
> > > > > > > On Tue, Nov 5, 2013 at 10:19 AM, David Nalley
> > > > > > > <da...@gnsa.us>
> > > > wrote:
> > > > > > >
> > > > > > >> So perhaps a bit of history.
> > > > > > >>
> > > > > > >> nonoss/noredist is for targets that aren't built 'by
> default'
> > > > (e.g.
> > > > > > >> you must explicitly turn them on). We do this because the
> > > > > > >> ASF wants the default build to be truly unencumbered and
> > > > > > >> where there are dependencies on non-open source, or
> > > > > > >> non-Apache compatible code, we typically turn them off. In
> > > > > > >> example: historically, Netscaler libraries were not open
> > > > > > >> source, and we had a
> > dependency
> > > > > > >> on those libraries, so we placed the netscaler plugin into
> > > > > > >> the nonoss. Since then the netscaler libraries have been
> > > > > > >> open sourced, and we could move those out of noredist.
> > > > > > >>
> > > > > > >> So - is there third party code that you have as a build or
> > > > > > >> runtime dependency? If so what is the license for that
> > > > > > >> third party code? (My really fast perusal didn't catch
> > > > > > >> anything that was immediately
> > > > > > >> troubling)
> > > > > > >>
> > > > > > >> --David
> > > > > > >>
> > > > > > >> On Tue, Nov 5, 2013 at 7:08 AM, Will Stevens
> > > > > > >> <ws...@cloudops.com>
> > > > > > >> wrote:
> > > > > > >> > Its dependence on a third party API and appliance,
> > > > > > >> > similar to the
> > > > > srx
> > > > > > >> and
> > > > > > >> > netscaler. I am not convinced it should be in noredist,
> > > > > > >> > but I was
> > > > > > >> following
> > > > > > >> > the same model as other similar plugins. Feedback on
> > > > > > >> > this would be helpful.
> > > > > > >> >
> > > > > > >> > Ws
> > > > > > >> >
> > > > > > >> > On Tuesday, November 5, 2013, David Nalley wrote:
> > > > > > >> >
> > > > > > >> >> On Mon, Nov 4, 2013 at 7:32 PM, Will Stevens <
> > > > > wstevens@cloudops.com
> > > > > > >> <javascript:;>>
> > > > > > >> >> wrote:
> > > > > > >> >> > Sheng, I will rebuild the patch for the latest master.
> > > > > > >> >> > The
> > > > > latest
> > > > > > >> master
> > > > > > >> >> > has depreciated the 'nonoss' flag in favour of
> 'noredist'.
> > I
> > > > > > >> >> > was
> > > > > > >> building
> > > > > > >> >> > in nonoss previously. I am guessing I should use the
> > > > > > >> >> > noredist
> > > > > flag
> > > > > > >> now?
> > > > > > >> >> >
> > > > > > >> >>
> > > > > > >> >> Will - what is causing this to be noredist/nonoss? My
> > > > > > >> >> quick perusal
> > > > > > of
> > > > > > >> >> your patch didn't surface anything that would push it
> > > > > > >> >> into that category.
> > > > > > >> >>
> > > > > > >> >> --David
> > > > > > >> >>
> > > > > > >>
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > >
> >
Re: [Merge] Palo Alto Networks firewall integration to master
Posted by Will Stevens <ws...@cloudops.com>.
Just so I know, can you explain what it means to 'Fail RAT'? Thx...
On Thu, Nov 7, 2013 at 1:46 PM, Sheng Yang <sh...@yasker.org> wrote:
> Fixed.
>
> --Sheng
>
>
> On Thu, Nov 7, 2013 at 10:23 AM, Animesh Chaturvedi <
> animesh.chaturvedi@citrix.com> wrote:
>
> > Fails RAT on
> >
> plugins/network-elements/palo-alto/src/com/cloud/network/utils/HttpClientWrapper.java
> >
> >
> > > -----Original Message-----
> > > From: williamstevens@gmail.com [mailto:williamstevens@gmail.com] On
> > > Behalf Of Will Stevens
> > > Sent: Wednesday, November 06, 2013 10:15 AM
> > > To: dev@cloudstack.apache.org
> > > Subject: Re: [Merge] Palo Alto Networks firewall integration to master
> > >
> > > Great! Thank you Sheng...
> > >
> > >
> > > On Wed, Nov 6, 2013 at 1:10 PM, Sheng Yang <sh...@yasker.org> wrote:
> > >
> > > > Looks good to me.
> > > >
> > > > Applied to MASTER branch. Thanks!
> > > >
> > > > --Sheng
> > > >
> > > >
> > > > On Tue, Nov 5, 2013 at 7:51 PM, Will Stevens <ws...@cloudops.com>
> > > > wrote:
> > > >
> > > > > @Sheng: This should be ready to go now. I built the patch from
> > > > tonight's
> > > > > master and I included a more detailed commit message as you
> > > requested.
> > > > Let
> > > > > me know if you have any questions/problems...
> > > > >
> > > > > @David: As per this discussion (and a previous one [1]), I have
> > > > > moved
> > > > this
> > > > > code from being built with the depreciated 'nonoss' flag to core
> > > > > since it does not depend on any 3rd party libraries at build or
> > > runtime.
> > > > >
> > > > > Cheers,
> > > > >
> > > > > Will
> > > > >
> > > > > [1]
> > > > >
> > > > >
> > > >
> http://markmail.org/message/fxphjkba7bonlesd?q=list:org%2Eapache%2Einc
> > > > ubator%2Ecloudstack-%2A+Palo+Alto
> > > > >
> > > > >
> > > > > On Tue, Nov 5, 2013 at 11:42 AM, Will Stevens
> > > > > <ws...@cloudops.com>
> > > > > wrote:
> > > > >
> > > > > > Thanks for that David. You are absolutely correct, this plugin
> > > > > > has no dependencies on any 3rd party code at build or runtime.
> > > > > > Everything the plugin requires is built into the plugin. I was
> > > > > > unclear if its
> > > > > dependance
> > > > > > on a 3rd party API and appliance to be functional was relevant.
> > > > > >
> > > > > > I think you are right. I think it should probably be in the core
> > > > build.
> > > > > > I will make that change when I merge in the latest master for
> > > > > > Sheng
> > > > and
> > > > > > rebuild the patch.
> > > > > >
> > > > > > Thanks,
> > > > > >
> > > > > > Will
> > > > > >
> > > > > >
> > > > > > On Tue, Nov 5, 2013 at 10:19 AM, David Nalley <da...@gnsa.us>
> > > wrote:
> > > > > >
> > > > > >> So perhaps a bit of history.
> > > > > >>
> > > > > >> nonoss/noredist is for targets that aren't built 'by default'
> > > (e.g.
> > > > > >> you must explicitly turn them on). We do this because the ASF
> > > > > >> wants the default build to be truly unencumbered and where there
> > > > > >> are dependencies on non-open source, or non-Apache compatible
> > > > > >> code, we typically turn them off. In example: historically,
> > > > > >> Netscaler libraries were not open source, and we had a
> dependency
> > > > > >> on those libraries, so we placed the netscaler plugin into the
> > > > > >> nonoss. Since then the netscaler libraries have been open
> > > > > >> sourced, and we could move those out of noredist.
> > > > > >>
> > > > > >> So - is there third party code that you have as a build or
> > > > > >> runtime dependency? If so what is the license for that third
> > > > > >> party code? (My really fast perusal didn't catch anything that
> > > > > >> was immediately
> > > > > >> troubling)
> > > > > >>
> > > > > >> --David
> > > > > >>
> > > > > >> On Tue, Nov 5, 2013 at 7:08 AM, Will Stevens
> > > > > >> <ws...@cloudops.com>
> > > > > >> wrote:
> > > > > >> > Its dependence on a third party API and appliance, similar to
> > > > > >> > the
> > > > srx
> > > > > >> and
> > > > > >> > netscaler. I am not convinced it should be in noredist, but I
> > > > > >> > was
> > > > > >> following
> > > > > >> > the same model as other similar plugins. Feedback on this
> > > > > >> > would be helpful.
> > > > > >> >
> > > > > >> > Ws
> > > > > >> >
> > > > > >> > On Tuesday, November 5, 2013, David Nalley wrote:
> > > > > >> >
> > > > > >> >> On Mon, Nov 4, 2013 at 7:32 PM, Will Stevens <
> > > > wstevens@cloudops.com
> > > > > >> <javascript:;>>
> > > > > >> >> wrote:
> > > > > >> >> > Sheng, I will rebuild the patch for the latest master. The
> > > > latest
> > > > > >> master
> > > > > >> >> > has depreciated the 'nonoss' flag in favour of 'noredist'.
> I
> > > > > >> >> > was
> > > > > >> building
> > > > > >> >> > in nonoss previously. I am guessing I should use the
> > > > > >> >> > noredist
> > > > flag
> > > > > >> now?
> > > > > >> >> >
> > > > > >> >>
> > > > > >> >> Will - what is causing this to be noredist/nonoss? My quick
> > > > > >> >> perusal
> > > > > of
> > > > > >> >> your patch didn't surface anything that would push it into
> > > > > >> >> that category.
> > > > > >> >>
> > > > > >> >> --David
> > > > > >> >>
> > > > > >>
> > > > > >
> > > > > >
> > > > >
> > > >
> >
>
Re: [Merge] Palo Alto Networks firewall integration to master
Posted by Sheng Yang <sh...@yasker.org>.
Fixed.
--Sheng
On Thu, Nov 7, 2013 at 10:23 AM, Animesh Chaturvedi <
animesh.chaturvedi@citrix.com> wrote:
> Fails RAT on
> plugins/network-elements/palo-alto/src/com/cloud/network/utils/HttpClientWrapper.java
>
>
> > -----Original Message-----
> > From: williamstevens@gmail.com [mailto:williamstevens@gmail.com] On
> > Behalf Of Will Stevens
> > Sent: Wednesday, November 06, 2013 10:15 AM
> > To: dev@cloudstack.apache.org
> > Subject: Re: [Merge] Palo Alto Networks firewall integration to master
> >
> > Great! Thank you Sheng...
> >
> >
> > On Wed, Nov 6, 2013 at 1:10 PM, Sheng Yang <sh...@yasker.org> wrote:
> >
> > > Looks good to me.
> > >
> > > Applied to MASTER branch. Thanks!
> > >
> > > --Sheng
> > >
> > >
> > > On Tue, Nov 5, 2013 at 7:51 PM, Will Stevens <ws...@cloudops.com>
> > > wrote:
> > >
> > > > @Sheng: This should be ready to go now. I built the patch from
> > > tonight's
> > > > master and I included a more detailed commit message as you
> > requested.
> > > Let
> > > > me know if you have any questions/problems...
> > > >
> > > > @David: As per this discussion (and a previous one [1]), I have
> > > > moved
> > > this
> > > > code from being built with the depreciated 'nonoss' flag to core
> > > > since it does not depend on any 3rd party libraries at build or
> > runtime.
> > > >
> > > > Cheers,
> > > >
> > > > Will
> > > >
> > > > [1]
> > > >
> > > >
> > > http://markmail.org/message/fxphjkba7bonlesd?q=list:org%2Eapache%2Einc
> > > ubator%2Ecloudstack-%2A+Palo+Alto
> > > >
> > > >
> > > > On Tue, Nov 5, 2013 at 11:42 AM, Will Stevens
> > > > <ws...@cloudops.com>
> > > > wrote:
> > > >
> > > > > Thanks for that David. You are absolutely correct, this plugin
> > > > > has no dependencies on any 3rd party code at build or runtime.
> > > > > Everything the plugin requires is built into the plugin. I was
> > > > > unclear if its
> > > > dependance
> > > > > on a 3rd party API and appliance to be functional was relevant.
> > > > >
> > > > > I think you are right. I think it should probably be in the core
> > > build.
> > > > > I will make that change when I merge in the latest master for
> > > > > Sheng
> > > and
> > > > > rebuild the patch.
> > > > >
> > > > > Thanks,
> > > > >
> > > > > Will
> > > > >
> > > > >
> > > > > On Tue, Nov 5, 2013 at 10:19 AM, David Nalley <da...@gnsa.us>
> > wrote:
> > > > >
> > > > >> So perhaps a bit of history.
> > > > >>
> > > > >> nonoss/noredist is for targets that aren't built 'by default'
> > (e.g.
> > > > >> you must explicitly turn them on). We do this because the ASF
> > > > >> wants the default build to be truly unencumbered and where there
> > > > >> are dependencies on non-open source, or non-Apache compatible
> > > > >> code, we typically turn them off. In example: historically,
> > > > >> Netscaler libraries were not open source, and we had a dependency
> > > > >> on those libraries, so we placed the netscaler plugin into the
> > > > >> nonoss. Since then the netscaler libraries have been open
> > > > >> sourced, and we could move those out of noredist.
> > > > >>
> > > > >> So - is there third party code that you have as a build or
> > > > >> runtime dependency? If so what is the license for that third
> > > > >> party code? (My really fast perusal didn't catch anything that
> > > > >> was immediately
> > > > >> troubling)
> > > > >>
> > > > >> --David
> > > > >>
> > > > >> On Tue, Nov 5, 2013 at 7:08 AM, Will Stevens
> > > > >> <ws...@cloudops.com>
> > > > >> wrote:
> > > > >> > Its dependence on a third party API and appliance, similar to
> > > > >> > the
> > > srx
> > > > >> and
> > > > >> > netscaler. I am not convinced it should be in noredist, but I
> > > > >> > was
> > > > >> following
> > > > >> > the same model as other similar plugins. Feedback on this
> > > > >> > would be helpful.
> > > > >> >
> > > > >> > Ws
> > > > >> >
> > > > >> > On Tuesday, November 5, 2013, David Nalley wrote:
> > > > >> >
> > > > >> >> On Mon, Nov 4, 2013 at 7:32 PM, Will Stevens <
> > > wstevens@cloudops.com
> > > > >> <javascript:;>>
> > > > >> >> wrote:
> > > > >> >> > Sheng, I will rebuild the patch for the latest master. The
> > > latest
> > > > >> master
> > > > >> >> > has depreciated the 'nonoss' flag in favour of 'noredist'. I
> > > > >> >> > was
> > > > >> building
> > > > >> >> > in nonoss previously. I am guessing I should use the
> > > > >> >> > noredist
> > > flag
> > > > >> now?
> > > > >> >> >
> > > > >> >>
> > > > >> >> Will - what is causing this to be noredist/nonoss? My quick
> > > > >> >> perusal
> > > > of
> > > > >> >> your patch didn't surface anything that would push it into
> > > > >> >> that category.
> > > > >> >>
> > > > >> >> --David
> > > > >> >>
> > > > >>
> > > > >
> > > > >
> > > >
> > >
>
RE: [Merge] Palo Alto Networks firewall integration to master
Posted by Animesh Chaturvedi <an...@citrix.com>.
Fails RAT on plugins/network-elements/palo-alto/src/com/cloud/network/utils/HttpClientWrapper.java
> -----Original Message-----
> From: williamstevens@gmail.com [mailto:williamstevens@gmail.com] On
> Behalf Of Will Stevens
> Sent: Wednesday, November 06, 2013 10:15 AM
> To: dev@cloudstack.apache.org
> Subject: Re: [Merge] Palo Alto Networks firewall integration to master
>
> Great! Thank you Sheng...
>
>
> On Wed, Nov 6, 2013 at 1:10 PM, Sheng Yang <sh...@yasker.org> wrote:
>
> > Looks good to me.
> >
> > Applied to MASTER branch. Thanks!
> >
> > --Sheng
> >
> >
> > On Tue, Nov 5, 2013 at 7:51 PM, Will Stevens <ws...@cloudops.com>
> > wrote:
> >
> > > @Sheng: This should be ready to go now. I built the patch from
> > tonight's
> > > master and I included a more detailed commit message as you
> requested.
> > Let
> > > me know if you have any questions/problems...
> > >
> > > @David: As per this discussion (and a previous one [1]), I have
> > > moved
> > this
> > > code from being built with the depreciated 'nonoss' flag to core
> > > since it does not depend on any 3rd party libraries at build or
> runtime.
> > >
> > > Cheers,
> > >
> > > Will
> > >
> > > [1]
> > >
> > >
> > http://markmail.org/message/fxphjkba7bonlesd?q=list:org%2Eapache%2Einc
> > ubator%2Ecloudstack-%2A+Palo+Alto
> > >
> > >
> > > On Tue, Nov 5, 2013 at 11:42 AM, Will Stevens
> > > <ws...@cloudops.com>
> > > wrote:
> > >
> > > > Thanks for that David. You are absolutely correct, this plugin
> > > > has no dependencies on any 3rd party code at build or runtime.
> > > > Everything the plugin requires is built into the plugin. I was
> > > > unclear if its
> > > dependance
> > > > on a 3rd party API and appliance to be functional was relevant.
> > > >
> > > > I think you are right. I think it should probably be in the core
> > build.
> > > > I will make that change when I merge in the latest master for
> > > > Sheng
> > and
> > > > rebuild the patch.
> > > >
> > > > Thanks,
> > > >
> > > > Will
> > > >
> > > >
> > > > On Tue, Nov 5, 2013 at 10:19 AM, David Nalley <da...@gnsa.us>
> wrote:
> > > >
> > > >> So perhaps a bit of history.
> > > >>
> > > >> nonoss/noredist is for targets that aren't built 'by default'
> (e.g.
> > > >> you must explicitly turn them on). We do this because the ASF
> > > >> wants the default build to be truly unencumbered and where there
> > > >> are dependencies on non-open source, or non-Apache compatible
> > > >> code, we typically turn them off. In example: historically,
> > > >> Netscaler libraries were not open source, and we had a dependency
> > > >> on those libraries, so we placed the netscaler plugin into the
> > > >> nonoss. Since then the netscaler libraries have been open
> > > >> sourced, and we could move those out of noredist.
> > > >>
> > > >> So - is there third party code that you have as a build or
> > > >> runtime dependency? If so what is the license for that third
> > > >> party code? (My really fast perusal didn't catch anything that
> > > >> was immediately
> > > >> troubling)
> > > >>
> > > >> --David
> > > >>
> > > >> On Tue, Nov 5, 2013 at 7:08 AM, Will Stevens
> > > >> <ws...@cloudops.com>
> > > >> wrote:
> > > >> > Its dependence on a third party API and appliance, similar to
> > > >> > the
> > srx
> > > >> and
> > > >> > netscaler. I am not convinced it should be in noredist, but I
> > > >> > was
> > > >> following
> > > >> > the same model as other similar plugins. Feedback on this
> > > >> > would be helpful.
> > > >> >
> > > >> > Ws
> > > >> >
> > > >> > On Tuesday, November 5, 2013, David Nalley wrote:
> > > >> >
> > > >> >> On Mon, Nov 4, 2013 at 7:32 PM, Will Stevens <
> > wstevens@cloudops.com
> > > >> <javascript:;>>
> > > >> >> wrote:
> > > >> >> > Sheng, I will rebuild the patch for the latest master. The
> > latest
> > > >> master
> > > >> >> > has depreciated the 'nonoss' flag in favour of 'noredist'. I
> > > >> >> > was
> > > >> building
> > > >> >> > in nonoss previously. I am guessing I should use the
> > > >> >> > noredist
> > flag
> > > >> now?
> > > >> >> >
> > > >> >>
> > > >> >> Will - what is causing this to be noredist/nonoss? My quick
> > > >> >> perusal
> > > of
> > > >> >> your patch didn't surface anything that would push it into
> > > >> >> that category.
> > > >> >>
> > > >> >> --David
> > > >> >>
> > > >>
> > > >
> > > >
> > >
> >
Re: [Merge] Palo Alto Networks firewall integration to master
Posted by Will Stevens <ws...@cloudops.com>.
Great! Thank you Sheng...
On Wed, Nov 6, 2013 at 1:10 PM, Sheng Yang <sh...@yasker.org> wrote:
> Looks good to me.
>
> Applied to MASTER branch. Thanks!
>
> --Sheng
>
>
> On Tue, Nov 5, 2013 at 7:51 PM, Will Stevens <ws...@cloudops.com>
> wrote:
>
> > @Sheng: This should be ready to go now. I built the patch from
> tonight's
> > master and I included a more detailed commit message as you requested.
> Let
> > me know if you have any questions/problems...
> >
> > @David: As per this discussion (and a previous one [1]), I have moved
> this
> > code from being built with the depreciated 'nonoss' flag to core since it
> > does not depend on any 3rd party libraries at build or runtime.
> >
> > Cheers,
> >
> > Will
> >
> > [1]
> >
> >
> http://markmail.org/message/fxphjkba7bonlesd?q=list:org%2Eapache%2Eincubator%2Ecloudstack-%2A+Palo+Alto
> >
> >
> > On Tue, Nov 5, 2013 at 11:42 AM, Will Stevens <ws...@cloudops.com>
> > wrote:
> >
> > > Thanks for that David. You are absolutely correct, this plugin has no
> > > dependencies on any 3rd party code at build or runtime. Everything the
> > > plugin requires is built into the plugin. I was unclear if its
> > dependance
> > > on a 3rd party API and appliance to be functional was relevant.
> > >
> > > I think you are right. I think it should probably be in the core
> build.
> > > I will make that change when I merge in the latest master for Sheng
> and
> > > rebuild the patch.
> > >
> > > Thanks,
> > >
> > > Will
> > >
> > >
> > > On Tue, Nov 5, 2013 at 10:19 AM, David Nalley <da...@gnsa.us> wrote:
> > >
> > >> So perhaps a bit of history.
> > >>
> > >> nonoss/noredist is for targets that aren't built 'by default' (e.g.
> > >> you must explicitly turn them on). We do this because the ASF wants
> > >> the default build to be truly unencumbered and where there are
> > >> dependencies on non-open source, or non-Apache compatible code, we
> > >> typically turn them off. In example: historically, Netscaler libraries
> > >> were not open source, and we had a dependency on those libraries, so
> > >> we placed the netscaler plugin into the nonoss. Since then the
> > >> netscaler libraries have been open sourced, and we could move those
> > >> out of noredist.
> > >>
> > >> So - is there third party code that you have as a build or runtime
> > >> dependency? If so what is the license for that third party code? (My
> > >> really fast perusal didn't catch anything that was immediately
> > >> troubling)
> > >>
> > >> --David
> > >>
> > >> On Tue, Nov 5, 2013 at 7:08 AM, Will Stevens <ws...@cloudops.com>
> > >> wrote:
> > >> > Its dependence on a third party API and appliance, similar to the
> srx
> > >> and
> > >> > netscaler. I am not convinced it should be in noredist, but I was
> > >> following
> > >> > the same model as other similar plugins. Feedback on this would be
> > >> > helpful.
> > >> >
> > >> > Ws
> > >> >
> > >> > On Tuesday, November 5, 2013, David Nalley wrote:
> > >> >
> > >> >> On Mon, Nov 4, 2013 at 7:32 PM, Will Stevens <
> wstevens@cloudops.com
> > >> <javascript:;>>
> > >> >> wrote:
> > >> >> > Sheng, I will rebuild the patch for the latest master. The
> latest
> > >> master
> > >> >> > has depreciated the 'nonoss' flag in favour of 'noredist'. I was
> > >> building
> > >> >> > in nonoss previously. I am guessing I should use the noredist
> flag
> > >> now?
> > >> >> >
> > >> >>
> > >> >> Will - what is causing this to be noredist/nonoss? My quick perusal
> > of
> > >> >> your patch didn't surface anything that would push it into that
> > >> >> category.
> > >> >>
> > >> >> --David
> > >> >>
> > >>
> > >
> > >
> >
>
Re: [Merge] Palo Alto Networks firewall integration to master
Posted by Sheng Yang <sh...@yasker.org>.
Looks good to me.
Applied to MASTER branch. Thanks!
--Sheng
On Tue, Nov 5, 2013 at 7:51 PM, Will Stevens <ws...@cloudops.com> wrote:
> @Sheng: This should be ready to go now. I built the patch from tonight's
> master and I included a more detailed commit message as you requested. Let
> me know if you have any questions/problems...
>
> @David: As per this discussion (and a previous one [1]), I have moved this
> code from being built with the depreciated 'nonoss' flag to core since it
> does not depend on any 3rd party libraries at build or runtime.
>
> Cheers,
>
> Will
>
> [1]
>
> http://markmail.org/message/fxphjkba7bonlesd?q=list:org%2Eapache%2Eincubator%2Ecloudstack-%2A+Palo+Alto
>
>
> On Tue, Nov 5, 2013 at 11:42 AM, Will Stevens <ws...@cloudops.com>
> wrote:
>
> > Thanks for that David. You are absolutely correct, this plugin has no
> > dependencies on any 3rd party code at build or runtime. Everything the
> > plugin requires is built into the plugin. I was unclear if its
> dependance
> > on a 3rd party API and appliance to be functional was relevant.
> >
> > I think you are right. I think it should probably be in the core build.
> > I will make that change when I merge in the latest master for Sheng and
> > rebuild the patch.
> >
> > Thanks,
> >
> > Will
> >
> >
> > On Tue, Nov 5, 2013 at 10:19 AM, David Nalley <da...@gnsa.us> wrote:
> >
> >> So perhaps a bit of history.
> >>
> >> nonoss/noredist is for targets that aren't built 'by default' (e.g.
> >> you must explicitly turn them on). We do this because the ASF wants
> >> the default build to be truly unencumbered and where there are
> >> dependencies on non-open source, or non-Apache compatible code, we
> >> typically turn them off. In example: historically, Netscaler libraries
> >> were not open source, and we had a dependency on those libraries, so
> >> we placed the netscaler plugin into the nonoss. Since then the
> >> netscaler libraries have been open sourced, and we could move those
> >> out of noredist.
> >>
> >> So - is there third party code that you have as a build or runtime
> >> dependency? If so what is the license for that third party code? (My
> >> really fast perusal didn't catch anything that was immediately
> >> troubling)
> >>
> >> --David
> >>
> >> On Tue, Nov 5, 2013 at 7:08 AM, Will Stevens <ws...@cloudops.com>
> >> wrote:
> >> > Its dependence on a third party API and appliance, similar to the srx
> >> and
> >> > netscaler. I am not convinced it should be in noredist, but I was
> >> following
> >> > the same model as other similar plugins. Feedback on this would be
> >> > helpful.
> >> >
> >> > Ws
> >> >
> >> > On Tuesday, November 5, 2013, David Nalley wrote:
> >> >
> >> >> On Mon, Nov 4, 2013 at 7:32 PM, Will Stevens <wstevens@cloudops.com
> >> <javascript:;>>
> >> >> wrote:
> >> >> > Sheng, I will rebuild the patch for the latest master. The latest
> >> master
> >> >> > has depreciated the 'nonoss' flag in favour of 'noredist'. I was
> >> building
> >> >> > in nonoss previously. I am guessing I should use the noredist flag
> >> now?
> >> >> >
> >> >>
> >> >> Will - what is causing this to be noredist/nonoss? My quick perusal
> of
> >> >> your patch didn't surface anything that would push it into that
> >> >> category.
> >> >>
> >> >> --David
> >> >>
> >>
> >
> >
>
Re: [Merge] Palo Alto Networks firewall integration to master
Posted by Will Stevens <ws...@cloudops.com>.
@Sheng: This should be ready to go now. I built the patch from tonight's
master and I included a more detailed commit message as you requested. Let
me know if you have any questions/problems...
@David: As per this discussion (and a previous one [1]), I have moved this
code from being built with the depreciated 'nonoss' flag to core since it
does not depend on any 3rd party libraries at build or runtime.
Cheers,
Will
[1]
http://markmail.org/message/fxphjkba7bonlesd?q=list:org%2Eapache%2Eincubator%2Ecloudstack-%2A+Palo+Alto
On Tue, Nov 5, 2013 at 11:42 AM, Will Stevens <ws...@cloudops.com> wrote:
> Thanks for that David. You are absolutely correct, this plugin has no
> dependencies on any 3rd party code at build or runtime. Everything the
> plugin requires is built into the plugin. I was unclear if its dependance
> on a 3rd party API and appliance to be functional was relevant.
>
> I think you are right. I think it should probably be in the core build.
> I will make that change when I merge in the latest master for Sheng and
> rebuild the patch.
>
> Thanks,
>
> Will
>
>
> On Tue, Nov 5, 2013 at 10:19 AM, David Nalley <da...@gnsa.us> wrote:
>
>> So perhaps a bit of history.
>>
>> nonoss/noredist is for targets that aren't built 'by default' (e.g.
>> you must explicitly turn them on). We do this because the ASF wants
>> the default build to be truly unencumbered and where there are
>> dependencies on non-open source, or non-Apache compatible code, we
>> typically turn them off. In example: historically, Netscaler libraries
>> were not open source, and we had a dependency on those libraries, so
>> we placed the netscaler plugin into the nonoss. Since then the
>> netscaler libraries have been open sourced, and we could move those
>> out of noredist.
>>
>> So - is there third party code that you have as a build or runtime
>> dependency? If so what is the license for that third party code? (My
>> really fast perusal didn't catch anything that was immediately
>> troubling)
>>
>> --David
>>
>> On Tue, Nov 5, 2013 at 7:08 AM, Will Stevens <ws...@cloudops.com>
>> wrote:
>> > Its dependence on a third party API and appliance, similar to the srx
>> and
>> > netscaler. I am not convinced it should be in noredist, but I was
>> following
>> > the same model as other similar plugins. Feedback on this would be
>> > helpful.
>> >
>> > Ws
>> >
>> > On Tuesday, November 5, 2013, David Nalley wrote:
>> >
>> >> On Mon, Nov 4, 2013 at 7:32 PM, Will Stevens <wstevens@cloudops.com
>> <javascript:;>>
>> >> wrote:
>> >> > Sheng, I will rebuild the patch for the latest master. The latest
>> master
>> >> > has depreciated the 'nonoss' flag in favour of 'noredist'. I was
>> building
>> >> > in nonoss previously. I am guessing I should use the noredist flag
>> now?
>> >> >
>> >>
>> >> Will - what is causing this to be noredist/nonoss? My quick perusal of
>> >> your patch didn't surface anything that would push it into that
>> >> category.
>> >>
>> >> --David
>> >>
>>
>
>
Re: [Merge] Palo Alto Networks firewall integration to master
Posted by Will Stevens <ws...@cloudops.com>.
Thanks for that David. You are absolutely correct, this plugin has no
dependencies on any 3rd party code at build or runtime. Everything the
plugin requires is built into the plugin. I was unclear if its dependance
on a 3rd party API and appliance to be functional was relevant.
I think you are right. I think it should probably be in the core build. I
will make that change when I merge in the latest master for Sheng and
rebuild the patch.
Thanks,
Will
On Tue, Nov 5, 2013 at 10:19 AM, David Nalley <da...@gnsa.us> wrote:
> So perhaps a bit of history.
>
> nonoss/noredist is for targets that aren't built 'by default' (e.g.
> you must explicitly turn them on). We do this because the ASF wants
> the default build to be truly unencumbered and where there are
> dependencies on non-open source, or non-Apache compatible code, we
> typically turn them off. In example: historically, Netscaler libraries
> were not open source, and we had a dependency on those libraries, so
> we placed the netscaler plugin into the nonoss. Since then the
> netscaler libraries have been open sourced, and we could move those
> out of noredist.
>
> So - is there third party code that you have as a build or runtime
> dependency? If so what is the license for that third party code? (My
> really fast perusal didn't catch anything that was immediately
> troubling)
>
> --David
>
> On Tue, Nov 5, 2013 at 7:08 AM, Will Stevens <ws...@cloudops.com>
> wrote:
> > Its dependence on a third party API and appliance, similar to the srx and
> > netscaler. I am not convinced it should be in noredist, but I was
> following
> > the same model as other similar plugins. Feedback on this would be
> > helpful.
> >
> > Ws
> >
> > On Tuesday, November 5, 2013, David Nalley wrote:
> >
> >> On Mon, Nov 4, 2013 at 7:32 PM, Will Stevens <wstevens@cloudops.com
> <javascript:;>>
> >> wrote:
> >> > Sheng, I will rebuild the patch for the latest master. The latest
> master
> >> > has depreciated the 'nonoss' flag in favour of 'noredist'. I was
> building
> >> > in nonoss previously. I am guessing I should use the noredist flag
> now?
> >> >
> >>
> >> Will - what is causing this to be noredist/nonoss? My quick perusal of
> >> your patch didn't surface anything that would push it into that
> >> category.
> >>
> >> --David
> >>
>
Re: [Merge] Palo Alto Networks firewall integration to master
Posted by David Nalley <da...@gnsa.us>.
So perhaps a bit of history.
nonoss/noredist is for targets that aren't built 'by default' (e.g.
you must explicitly turn them on). We do this because the ASF wants
the default build to be truly unencumbered and where there are
dependencies on non-open source, or non-Apache compatible code, we
typically turn them off. In example: historically, Netscaler libraries
were not open source, and we had a dependency on those libraries, so
we placed the netscaler plugin into the nonoss. Since then the
netscaler libraries have been open sourced, and we could move those
out of noredist.
So - is there third party code that you have as a build or runtime
dependency? If so what is the license for that third party code? (My
really fast perusal didn't catch anything that was immediately
troubling)
--David
On Tue, Nov 5, 2013 at 7:08 AM, Will Stevens <ws...@cloudops.com> wrote:
> Its dependence on a third party API and appliance, similar to the srx and
> netscaler. I am not convinced it should be in noredist, but I was following
> the same model as other similar plugins. Feedback on this would be
> helpful.
>
> Ws
>
> On Tuesday, November 5, 2013, David Nalley wrote:
>
>> On Mon, Nov 4, 2013 at 7:32 PM, Will Stevens <wstevens@cloudops.com<javascript:;>>
>> wrote:
>> > Sheng, I will rebuild the patch for the latest master. The latest master
>> > has depreciated the 'nonoss' flag in favour of 'noredist'. I was building
>> > in nonoss previously. I am guessing I should use the noredist flag now?
>> >
>>
>> Will - what is causing this to be noredist/nonoss? My quick perusal of
>> your patch didn't surface anything that would push it into that
>> category.
>>
>> --David
>>
Re: [Merge] Palo Alto Networks firewall integration to master
Posted by Will Stevens <ws...@cloudops.com>.
Its dependence on a third party API and appliance, similar to the srx and
netscaler. I am not convinced it should be in noredist, but I was following
the same model as other similar plugins. Feedback on this would be
helpful.
Ws
On Tuesday, November 5, 2013, David Nalley wrote:
> On Mon, Nov 4, 2013 at 7:32 PM, Will Stevens <wstevens@cloudops.com<javascript:;>>
> wrote:
> > Sheng, I will rebuild the patch for the latest master. The latest master
> > has depreciated the 'nonoss' flag in favour of 'noredist'. I was building
> > in nonoss previously. I am guessing I should use the noredist flag now?
> >
>
> Will - what is causing this to be noredist/nonoss? My quick perusal of
> your patch didn't surface anything that would push it into that
> category.
>
> --David
>
Re: [Merge] Palo Alto Networks firewall integration to master
Posted by David Nalley <da...@gnsa.us>.
On Mon, Nov 4, 2013 at 7:32 PM, Will Stevens <ws...@cloudops.com> wrote:
> Sheng, I will rebuild the patch for the latest master. The latest master
> has depreciated the 'nonoss' flag in favour of 'noredist'. I was building
> in nonoss previously. I am guessing I should use the noredist flag now?
>
Will - what is causing this to be noredist/nonoss? My quick perusal of
your patch didn't surface anything that would push it into that
category.
--David
Re: [Merge] Palo Alto Networks firewall integration to master
Posted by Will Stevens <ws...@cloudops.com>.
Sheng, I will rebuild the patch for the latest master. The latest master
has depreciated the 'nonoss' flag in favour of 'noredist'. I was building
in nonoss previously. I am guessing I should use the noredist flag now?
Cheers,
Will
On Monday, November 4, 2013, Sheng Yang wrote:
> Sure, I would be glad to commit it for 4.3 release.
>
> --Sheng
>
>
> On Mon, Nov 4, 2013 at 8:19 AM, Chip Childers <chipchilders@apache.org<javascript:;>
> >wrote:
>
> > On Mon, Nov 04, 2013 at 10:59:30AM -0500, Will Stevens wrote:
> > > Well its not in master yet. That is the intent of this thread...
> > >
> > > I can definitely do some testing for the 4.3 test cycle.
> > >
> > > Will
> >
> > Shoot, I misread Sheng's email. Sorry about that. I thought he said
> > that he "Checked *in*" the code, not "Checked out".
> >
> > Duh... my bad.
> >
> > Sheng, as the reviewer, want to handle the commit?
> >
>
Re: [Merge] Palo Alto Networks firewall integration to master
Posted by Sheng Yang <sh...@yasker.org>.
Sure, I would be glad to commit it for 4.3 release.
--Sheng
On Mon, Nov 4, 2013 at 8:19 AM, Chip Childers <ch...@apache.org>wrote:
> On Mon, Nov 04, 2013 at 10:59:30AM -0500, Will Stevens wrote:
> > Well its not in master yet. That is the intent of this thread...
> >
> > I can definitely do some testing for the 4.3 test cycle.
> >
> > Will
>
> Shoot, I misread Sheng's email. Sorry about that. I thought he said
> that he "Checked *in*" the code, not "Checked out".
>
> Duh... my bad.
>
> Sheng, as the reviewer, want to handle the commit?
>
Re: [Merge] Palo Alto Networks firewall integration to master
Posted by Chip Childers <ch...@apache.org>.
On Mon, Nov 04, 2013 at 10:59:30AM -0500, Will Stevens wrote:
> Well its not in master yet. That is the intent of this thread...
>
> I can definitely do some testing for the 4.3 test cycle.
>
> Will
Shoot, I misread Sheng's email. Sorry about that. I thought he said
that he "Checked *in*" the code, not "Checked out".
Duh... my bad.
Sheng, as the reviewer, want to handle the commit?
Re: [Merge] Palo Alto Networks firewall integration to master
Posted by Will Stevens <ws...@cloudops.com>.
Well its not in master yet. That is the intent of this thread...
I can definitely do some testing for the 4.3 test cycle.
Will
On Mon, Nov 4, 2013 at 10:56 AM, Chip Childers <ch...@apache.org>wrote:
> On Mon, Nov 04, 2013 at 10:49:29AM -0500, Will Stevens wrote:
> > Anything I can do to help get this patch into 4.3.0?
> >
> > Thanks,
> >
> > Will
>
> If it's in master, it'll be in 4.3... so help by testing during the 4.3
> test cycle!
>
> -chip
>
Re: [Merge] Palo Alto Networks firewall integration to master
Posted by Chip Childers <ch...@apache.org>.
On Mon, Nov 04, 2013 at 10:49:29AM -0500, Will Stevens wrote:
> Anything I can do to help get this patch into 4.3.0?
>
> Thanks,
>
> Will
If it's in master, it'll be in 4.3... so help by testing during the 4.3
test cycle!
-chip
Re: [Merge] Palo Alto Networks firewall integration to master
Posted by Will Stevens <ws...@cloudops.com>.
Anything I can do to help get this patch into 4.3.0?
Thanks,
Will
On Fri, Nov 1, 2013 at 2:47 PM, Sheng Yang <sh...@yasker.org> wrote:
> Nice work Will!
>
> I've checked the code, it included the UI part and unit test as well.
> Really impressed!
>
> Just one comment: you can git-format-patch to generate the patch. It would
> includes author and description information automatically, which is easier
> for applying.
>
> +1!
>
> --Sheng
>
>
>
> On Thu, Oct 31, 2013 at 1:50 PM, Will Stevens <ws...@cloudops.com>
> wrote:
>
> > Hi,
> >
> > I would like to merge support for Palo Alto Network's firewall appliances
> > to the master branch. Development for this has been done by Will Stevens
> > at CloudOps on branch [1].
> >
> > There was an introduction [2], a proposal [3], and a discussion [4] on
> the
> > mailing list regarding this feature.
> >
> > Checklist:
> > Jira ticket for the feature is here [5].
> > The FS can be found at [6].
> > Unit tests for the feature are available at [7] and [8]. I have
> developed
> > the unit tests with a flag to output additional detail in the console
> [9].
> > Here is the result of the tests without detail [10] and here is the
> result
> > of the tests with detail [11].
> >
> > This plugin communicates to the Palo Alto Networks firewall appliances
> > through an API documented at [12] with a training manual [13].
> > This plugin depends on a modification to core to remove a limitation
> which
> > was discussed here [14], with this jira issue [15] and has been approved
> > here [16].
> > This plugin is being reviewed at [17] according to this patch [18].
> >
> > There are no 3rd party libraries needed for this plugin, however it does
> > depend on a 3rd party API [12][13] to orchestrate the configuration on
> the
> > appliance. The plugin is currently being built via the 'nonoss' flag.
> It
> > should be moved into either the 'noredist' or core because it appears
> that
> > 'nonoss' will be going away [19] and 'noredist' has been merged [20]. I
> > would appreciate input on which build this should be put into given its
> > interaction with an 3rd party appliance.
> >
> > Here are the slides for a presentation [21] given about this integration
> at
> > the CloudStack Collaboration Conference in Santa Clara, CA.
> >
> > [1] https://github.com/cloudops/cs_palo_alto/tree/palo_alto
> > [2]
> >
> >
> http://markmail.org/message/hukydzwkec3dwuxq?q=list:org%2Eapache%2Eincubator%2Ecloudstack-%2A+Palo+Alto
> > [3]
> >
> >
> http://markmail.org/message/odbg2icft7esj3ut?q=list:org%2Eapache%2Eincubator%2Ecloudstack-%2A+Palo+Alto
> > [4]
> >
> >
> http://markmail.org/message/n5276i4hfh7ek57o?q=list:org%2Eapache%2Eincubator%2Ecloudstack-%2A+Palo+Alto
> > [5] https://issues.apache.org/jira/browse/CLOUDSTACK-1275
> > [6]
> >
> >
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Palo+Alto+Firewall+Integration
> > [7]
> >
> >
> https://github.com/cloudops/cs_palo_alto/blob/palo_alto/plugins/network-elements/palo-alto/test/com/cloud/network/resource/PaloAltoResourceTest.java
> > [8]
> >
> >
> https://github.com/cloudops/cs_palo_alto/blob/palo_alto/plugins/network-elements/palo-alto/test/com/cloud/network/resource/MockablePaloAltoResource.java
> > [9]
> >
> >
> https://github.com/cloudops/cs_palo_alto/blob/palo_alto/plugins/network-elements/palo-alto/test/com/cloud/network/resource/PaloAltoResourceTest.java#L156
> > [10]
> >
> >
> https://cwiki.apache.org/confluence/download/attachments/30753712/palo_alto_tests_without_logging.txt?version=1&modificationDate=1383248404474
> > [11]
> >
> >
> https://cwiki.apache.org/confluence/download/attachments/30753712/palo_alto_tests_with_logging.txt?version=1&modificationDate=1383248432061
> > [12]
> >
> >
> https://cwiki.apache.org/confluence/download/attachments/30753712/XML-API-5-1.0-RevA.pdf?version=1&modificationDate=1366305634000
> > [13]
> >
> >
> https://cwiki.apache.org/confluence/download/attachments/30753712/XML_API_Training.pdf?version=1&modificationDate=1366305635000
> > [14]
> >
> >
> http://markmail.org/message/374hyn7ko6zrb2cf?q=list:org%2Eapache%2Eincubator%2Ecloudstack-%2A+supported+source+nat+types
> > [15] https://issues.apache.org/jira/browse/CLOUDSTACK-4991
> > [16] https://reviews.apache.org/r/15047/
> > [17] https://reviews.apache.org/r/15050/
> > [18] https://reviews.apache.org/r/15050/diff/
> > [19]
> >
> >
> http://markmail.org/message/37qcg4lgudmf57ws?q=DISCUSS%5D+rename+nonoss+to+noredist
> > [20]
> >
> >
> http://markmail.org/message/zqkiuod5qabcyra6?q=%5BMERGE%5D+changing+nonoss+to+noredist
> > [21]
> >
> >
> https://cwiki.apache.org/confluence/download/attachments/30753712/CS_PA_Integration.pptx?version=1&modificationDate=1383250830719
> >
> > Cheers,
> >
> > Will
> >
>
Re: [Merge] Palo Alto Networks firewall integration to master
Posted by Will Stevens <ws...@cloudops.com>.
Great, thank you Sheng...
I have updated the diff for the patch review with a new version which was
created using the 'git format-patch' format.
A note that may help others. I found this very helpful when squashing my
branch of changes to a patch for master:
http://stackoverflow.com/questions/616556/how-do-you-squash-commits-into-one-patch-with-git-format-patch?answertab=votes#tab-top
On Fri, Nov 1, 2013 at 2:47 PM, Sheng Yang <sh...@yasker.org> wrote:
> Nice work Will!
>
> I've checked the code, it included the UI part and unit test as well.
> Really impressed!
>
> Just one comment: you can git-format-patch to generate the patch. It would
> includes author and description information automatically, which is easier
> for applying.
>
> +1!
>
> --Sheng
>
>
>
> On Thu, Oct 31, 2013 at 1:50 PM, Will Stevens <ws...@cloudops.com>
> wrote:
>
> > Hi,
> >
> > I would like to merge support for Palo Alto Network's firewall appliances
> > to the master branch. Development for this has been done by Will Stevens
> > at CloudOps on branch [1].
> >
> > There was an introduction [2], a proposal [3], and a discussion [4] on
> the
> > mailing list regarding this feature.
> >
> > Checklist:
> > Jira ticket for the feature is here [5].
> > The FS can be found at [6].
> > Unit tests for the feature are available at [7] and [8]. I have
> developed
> > the unit tests with a flag to output additional detail in the console
> [9].
> > Here is the result of the tests without detail [10] and here is the
> result
> > of the tests with detail [11].
> >
> > This plugin communicates to the Palo Alto Networks firewall appliances
> > through an API documented at [12] with a training manual [13].
> > This plugin depends on a modification to core to remove a limitation
> which
> > was discussed here [14], with this jira issue [15] and has been approved
> > here [16].
> > This plugin is being reviewed at [17] according to this patch [18].
> >
> > There are no 3rd party libraries needed for this plugin, however it does
> > depend on a 3rd party API [12][13] to orchestrate the configuration on
> the
> > appliance. The plugin is currently being built via the 'nonoss' flag.
> It
> > should be moved into either the 'noredist' or core because it appears
> that
> > 'nonoss' will be going away [19] and 'noredist' has been merged [20]. I
> > would appreciate input on which build this should be put into given its
> > interaction with an 3rd party appliance.
> >
> > Here are the slides for a presentation [21] given about this integration
> at
> > the CloudStack Collaboration Conference in Santa Clara, CA.
> >
> > [1] https://github.com/cloudops/cs_palo_alto/tree/palo_alto
> > [2]
> >
> >
> http://markmail.org/message/hukydzwkec3dwuxq?q=list:org%2Eapache%2Eincubator%2Ecloudstack-%2A+Palo+Alto
> > [3]
> >
> >
> http://markmail.org/message/odbg2icft7esj3ut?q=list:org%2Eapache%2Eincubator%2Ecloudstack-%2A+Palo+Alto
> > [4]
> >
> >
> http://markmail.org/message/n5276i4hfh7ek57o?q=list:org%2Eapache%2Eincubator%2Ecloudstack-%2A+Palo+Alto
> > [5] https://issues.apache.org/jira/browse/CLOUDSTACK-1275
> > [6]
> >
> >
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Palo+Alto+Firewall+Integration
> > [7]
> >
> >
> https://github.com/cloudops/cs_palo_alto/blob/palo_alto/plugins/network-elements/palo-alto/test/com/cloud/network/resource/PaloAltoResourceTest.java
> > [8]
> >
> >
> https://github.com/cloudops/cs_palo_alto/blob/palo_alto/plugins/network-elements/palo-alto/test/com/cloud/network/resource/MockablePaloAltoResource.java
> > [9]
> >
> >
> https://github.com/cloudops/cs_palo_alto/blob/palo_alto/plugins/network-elements/palo-alto/test/com/cloud/network/resource/PaloAltoResourceTest.java#L156
> > [10]
> >
> >
> https://cwiki.apache.org/confluence/download/attachments/30753712/palo_alto_tests_without_logging.txt?version=1&modificationDate=1383248404474
> > [11]
> >
> >
> https://cwiki.apache.org/confluence/download/attachments/30753712/palo_alto_tests_with_logging.txt?version=1&modificationDate=1383248432061
> > [12]
> >
> >
> https://cwiki.apache.org/confluence/download/attachments/30753712/XML-API-5-1.0-RevA.pdf?version=1&modificationDate=1366305634000
> > [13]
> >
> >
> https://cwiki.apache.org/confluence/download/attachments/30753712/XML_API_Training.pdf?version=1&modificationDate=1366305635000
> > [14]
> >
> >
> http://markmail.org/message/374hyn7ko6zrb2cf?q=list:org%2Eapache%2Eincubator%2Ecloudstack-%2A+supported+source+nat+types
> > [15] https://issues.apache.org/jira/browse/CLOUDSTACK-4991
> > [16] https://reviews.apache.org/r/15047/
> > [17] https://reviews.apache.org/r/15050/
> > [18] https://reviews.apache.org/r/15050/diff/
> > [19]
> >
> >
> http://markmail.org/message/37qcg4lgudmf57ws?q=DISCUSS%5D+rename+nonoss+to+noredist
> > [20]
> >
> >
> http://markmail.org/message/zqkiuod5qabcyra6?q=%5BMERGE%5D+changing+nonoss+to+noredist
> > [21]
> >
> >
> https://cwiki.apache.org/confluence/download/attachments/30753712/CS_PA_Integration.pptx?version=1&modificationDate=1383250830719
> >
> > Cheers,
> >
> > Will
> >
>