You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Rohit Yadav <ro...@shapeblue.com> on 2018/01/14 18:41:15 UTC
Re: [DISCUSS] Freezing master for 4.11
All,
To give you update, all feature PRs have been reviewed, tested and merged towards the 4.11.0.0. I'll engage with Mike and others for any post-merge regressions (smoketest to be kicked shortly).
I see an outstanding PR that may be a critical/blocker PR, please advise and also review:
https://github.com/apache/cloudstack/pull/2402
If anyone has any blocker to report, please do so. Thanks.
I'll cut RC1 as planned by EOD today (Mon/15 Jan 2018).
- Rohit
<https://cloudstack.apache.org>
________________________________
From: Tutkowski, Mike <Mi...@netapp.com>
Sent: Saturday, January 13, 2018 3:23:40 AM
To: dev@cloudstack.apache.org
Subject: Re: [DISCUSS] Freezing master for 4.11
I’m investigating these now. I have found and fixed two of them so far.
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
> On Jan 12, 2018, at 2:49 PM, Rohit Yadav <ro...@shapeblue.com> wrote:
>
> Thanks Rafael and Daan.
>
>
>> From: Rafael Weingärtner <ra...@gmail.com>
>>
>> I believe there is no problem in merging Wido’s and Mike’s PRs, they have
>> been extensively discussed and improved (specially Mike’s one).
>
> Thanks, Mike's PR has several regression smoketest failures and can be accepted only when those failures are fixed.
>
> We'll cut 4.11 branch start rc1 on Monday that would be a hard freeze. If Mike wants, he can help fix them over the weekend, I can help run smoketests.
>
>> Having said that; I would be ok with it (no need to revert it), but we need
>> to be more careful with these things. If one wants to merge something,
>> there is no harm in waiting and calling for reviewers via Github, Slack, or
>> even email them directly.
>
> Additional review was requested, but mea culpa - thanks for your support, noted.
>
> - Rohit
>
> On Fri, Jan 12, 2018 at 3:57 PM, Rohit Yadav <ro...@shapeblue.com>
> wrote:
>
>> All,
>>
>>
>> We're down to one feature PR towards 4.11 milestone now:
>>
>> https://github.com/apache/cloudstack/pull/2298
>>
>>
>> The config drive PR from Frank (Nuage) has been accepted today after no
>> regression test failures seen from yesterday's smoketest run. We've also
>> tested, reviewed and merge Wido's (blocker fix) PR.
>>
>>
>> I've asked Mike to stabilize the branch; based on the smoketest results
>> from today we can see some failures caused by the PR. I'm willing to work
>> with Mike and others to get this PR tested, and merged over the weekends if
>> we can demonstrate that no regression is caused by it, i.e. no new
>> smoketest regressions. I'll also try to fix regression and test failures
>> over the weekend.
>>
>>
>> Lastly, I would like to discuss a mistake I made today with merging the
>> following PR which per our guideline lacks one code review lgtm/approval:
>>
>> https://github.com/apache/cloudstack/pull/2152
>>
>>
>> The changes in above (merged) PR are all localized to a xenserver-swift
>> file, that is not tested by Travis or Trillian, since no new regression
>> failures were seen I accepted and merge it on that discretion. The PR was
>> originally on the 4.11 milestone, however, due to it lacking a JIRA id and
>> no response from the author it was only recently removed from the milestone.
>>
>>
>> Please advise if I need to revert this, or we can review/lgtm it
>> post-merge? I'll also ping on the above PR.
>>
>>
>> - Rohit
>>
>> <https://cloudstack.apache.org>
> Apache CloudStack: Open Source Cloud Computing<https://cloudstack.apache.org/>
> cloudstack.apache.org
> CloudStack is open source cloud computing software for creating, managing, and deploying infrastructure cloud services
>
>
>
>>
>>
>>
>> ________________________________
>> From: Wido den Hollander <wi...@widodh.nl>
>> Sent: Thursday, January 11, 2018 9:17:26 PM
>> To: dev@cloudstack.apache.org
>> Subject: Re: [DISCUSS] Freezing master for 4.11
>>
>>
>>
>>> On 01/10/2018 07:26 PM, Daan Hoogland wrote:
>>> I hope we understand each other correctly: No-one running an earlier
>>> version then 4.11 should miss out on any functionality they are using
>> now.
>>>
>>> So if you use ipv6 and multiple cidrs now it must continue to work with
>> no
>>> loss of functionality. see my question below.
>>>
>>> On Wed, Jan 10, 2018 at 7:06 PM, Ivan Kudryavtsev <
>> kudryavtsev_ia@bw-sw.com>
>>> wrote:
>>>
>>>> Daan, yes this sounds reasonable, I suppose who would like to fix, could
>>>> do custom build for himself...
>>>>
>>>> But still it should be aknowledged somehow, if you use several cidrs for
>>>> network, don't use v6, or don't upgrade to 4.11 because things will stop
>>>> running well.
>>>>
>>> Does this mean that several cidrs in ipv6 works in 4.9 and not in 4.11?
>>>
>>
>> No, it doesn't. IPv6 was introduced in 4.10 and this broke in 4.10.
>>
>> You can't run with 4.10 with multiple IPv4 CIDRs as well when you have
>> IPv6 enabled.
>>
>> So this is broken in 4.10 and 4.11 in that case.
>>
>> Wido
>>
>>>
>>> if yes; it is a blocker
>>>
>>> if no; you might as well upgrade for other features as it doesn't work
>> now
>>> either.
>>>
>>
>> rohit.yadav@shapeblue.com
>> www.shapeblue.com<http://www.shapeblue.com>
> [http://www.shapeblue.com/wp-content/uploads/2017/06/logo.png]<http://www.shapeblue.com/>
>
> Shapeblue - The CloudStack Company<http://www.shapeblue.com/>
> www.shapeblue.com<http://www.shapeblue.com>
> Rapid deployment framework for Apache CloudStack IaaS Clouds. CSForge is a framework developed by ShapeBlue to deliver the rapid deployment of a standardised ...
>
>
>
>> 53 Chandos Place, Covent Garden, London WC2N 4HSUK
>> @shapeblue
>>
>>
>>
>>
>
>
> --
> Rafael Weingärtner
>
> rohit.yadav@shapeblue.com
> www.shapeblue.com<http://www.shapeblue.com>
> 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> @shapeblue
>
>
>
Re: [DISCUSS] Freezing master for 4.11
Posted by Rohit Yadav <ro...@shapeblue.com>.
Kristian,
You've not properly explained the issues you're facing post upgrade yet. Tell us what is working and not working for you, what is blocking you from using the mgmt server -- sharing snippets from logs are not useful.
For example, are you unable to see UI, are you seeing any ERRORs, for example upgrade failures? Did you see the 4.11 systemvmtemplate before upgrade etc. For example, follow http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/latest/upgrade/upgrade-4.10.html
If you're using a non-default ehcache configuration, copy those config files from old mgmt server's /etc/cloudstack/management to the test environment.
If you're unable to log in, based on logs it says the commands.properties file is missing. So you either copy the commands.properties file from prod env and use that or, migrate to dynamic roles: http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/latest/accounts.html#using-dynamic-roles
- Rohit
<https://cloudstack.apache.org>
________________________________
From: Kristian Liivak <kr...@wavecom.ee>
Sent: Wednesday, January 24, 2018 12:56:40 PM
To: users
Subject: Re: [DISCUSS] Freezing master for 4.11
Rohit,
In first cloned my old ACS 4.10 production server and upgraded.
Then i took new clean installed centos 7 server
Results are same.
i can see errors in management log.
2018-01-24 13:48:17,207 WARN [n.s.e.c.ConfigurationFactory] (main:null) (logid:) No configuration found. Configuring ehcache from ehcache-failsafe.xml found in the classpath: jar:file:/usr/share/cloudstack-management/lib/cloudstack-4.11.0.0.jar!/ehcache-failsafe.xml
2018-01-24 13:48:17,514 WARN [c.c.c.ConsoleProxyManagerImpl] (main:null) (logid:) Empty console proxy domain, explicitly disabling SSL
2018-01-24 13:48:17,553 WARN [c.c.s.d.DownloadMonitorImpl] (main:null) (logid:) Only realhostip.com ssl cert is supported, ignoring self-signed and other certs
2018-01-24 13:48:18,912 ERROR [c.c.u.PropertiesUtil] (main:null) (logid:) Unable to find properties file: commands.properties
2018-01-24 13:48:25,430 INFO [c.c.h.x.r.XenServerConnectionPool] (main:null) (logid:) XenServer Connection Pool Configs: sleep.interval.on.error=10000
Lugupidamisega / Regards
Kristian Liivak
Tegevjuht / Executive director
WaveCom As
Endla 16, 10142 Tallinn
Estonia
Tel: +3726850001
Gsm: +37256850001
E-mail: kris@wavecom.ee
Skype: kristian.liivak
http://www.wavecom.ee
http://www.facebook.com/wavecom.ee
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
----- Original Message -----
From: "rohit yadav" <ro...@shapeblue.com>
To: "users" <us...@cloudstack.apache.org>
Sent: Tuesday, January 23, 2018 4:37:44 PM
Subject: Re: [DISCUSS] Freezing master for 4.11
Kristian,
4.11+ has migrated to embedded Jetty. Can you share which environment you've upgraded your environment from, i.e. Java version, ACS version etc. The log you're seeing is not a failure.
If you wait for some time, the management server should run. Tail for the management server logs for details, or journalctl -f.
- Rohit
<https://cloudstack.apache.org>
________________________________
From: Kristian Liivak <kr...@wavecom.ee>
Sent: Monday, January 22, 2018 6:59:11 PM
To: users
Subject: Re: [DISCUSS] Freezing master for 4.11
Hello,
I just installed RC1 for testing from centos packages but there is problem starting it in centos7 enviroment
Clodustack won´t start and i can see in management log
[o.e.j.w.StandardDescriptorProcessor] (main:null) (logid:) NO JSP Support for /client, did not find org.eclipse.jetty.jsp.JettyJspServlet
Can anyone suggest a fix/workaround ?
Lugupidamisega / Regards
Kristian Liivak
CTO
WaveCom As
Endla 16, 10142 Tallinn
Estonia
Tel: +3726850001
Gsm: +37256850001
E-mail: kris@wavecom.ee
Skype: kristian.liivak
http://www.wavecom.ee
http://www.facebook.com/wavecom.ee
rohit.yadav@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
----- Original Message -----
From: "rohit yadav" <ro...@shapeblue.com>
To: "users" <us...@cloudstack.apache.org>
Cc: "dev" <de...@cloudstack.apache.org>
Sent: Friday, January 19, 2018 11:13:49 AM
Subject: Re: [DISCUSS] Freezing master for 4.11
Hi Kristian,
I looked at https://issues.apache.org/jira/browse/CLOUDSTACK-10141
If the new VM is deployed with a password and/or ssh-key enabled VM template, then VR should get new password and the user/account specific ssh-public key so the mentioned issues don't affect such new VMs. However, I agree VMs may have access to old VM's password (if not consumed) and ssh-public key if are not password/ssh-public-key enabled - but they may be useless/stale information and I feel they are more of a GC issue than a security issue.
Are you able to reproduce a case when a new VM deployed using old VM's IP and with a password and/or public-key enabled template is getting the password and/or ssh-public-key from old VM (and the old user/account)? I think if yes, then it's a security issue.
Thoughts, comments?
- Rohit
<https://cloudstack.apache.org>
________________________________
From: Kristian Liivak <kr...@wavecom.ee>
Sent: Monday, January 15, 2018 4:19:03 PM
To: users
Cc: dev@cloudstack.apache.org
Subject: Re: [DISCUSS] Freezing master for 4.11
Hello,
I have created issue in jira 2 month ago.
https://issues.apache.org/jira/browse/CLOUDSTACK-10141
In version 4.10 VR password and ssh key distribution don´t work on instance creation.
When instance is allreay excisting reset function is operational.
Also there is major security hole. When instance is destroyd and expunged and new instance is created with old IP all old data is unaffected in VR
New instance will get then old root password and ssh key if they were present in VR
In my knowledege cloudstack older versions are not affected.
Lugupidamisega / Regards
Kristian Liivak
CTO
WaveCom As
Endla 16, 10142 Tallinn
Estonia
Tel: +3726850001
Gsm: +37256850001
E-mail: kris@wavecom.ee
Skype: kristian.liivak
http://www.wavecom.ee
http://www.facebook.com/wavecom.ee
rohit.yadav@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
----- Original Message -----
From: "Rohit Yadav" <ro...@shapeblue.com>
To: dev@cloudstack.apache.org, "users" <us...@cloudstack.apache.org>
Sent: Sunday, January 14, 2018 8:41:15 PM
Subject: Re: [DISCUSS] Freezing master for 4.11
All,
To give you update, all feature PRs have been reviewed, tested and merged towards the 4.11.0.0. I'll engage with Mike and others for any post-merge regressions (smoketest to be kicked shortly).
I see an outstanding PR that may be a critical/blocker PR, please advise and also review:
https://github.com/apache/cloudstack/pull/2402
If anyone has any blocker to report, please do so. Thanks.
I'll cut RC1 as planned by EOD today (Mon/15 Jan 2018).
- Rohit
<https://cloudstack.apache.org>
________________________________
From: Tutkowski, Mike <Mi...@netapp.com>
Sent: Saturday, January 13, 2018 3:23:40 AM
To: dev@cloudstack.apache.org
Subject: Re: [DISCUSS] Freezing master for 4.11
I’m investigating these now. I have found and fixed two of them so far.
rohit.yadav@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
> On Jan 12, 2018, at 2:49 PM, Rohit Yadav <ro...@shapeblue.com> wrote:
>
> Thanks Rafael and Daan.
>
>
>> From: Rafael Weingärtner <ra...@gmail.com>
>>
>> I believe there is no problem in merging Wido’s and Mike’s PRs, they have
>> been extensively discussed and improved (specially Mike’s one).
>
> Thanks, Mike's PR has several regression smoketest failures and can be accepted only when those failures are fixed.
>
> We'll cut 4.11 branch start rc1 on Monday that would be a hard freeze. If Mike wants, he can help fix them over the weekend, I can help run smoketests.
>
>> Having said that; I would be ok with it (no need to revert it), but we need
>> to be more careful with these things. If one wants to merge something,
>> there is no harm in waiting and calling for reviewers via Github, Slack, or
>> even email them directly.
>
> Additional review was requested, but mea culpa - thanks for your support, noted.
>
> - Rohit
>
> On Fri, Jan 12, 2018 at 3:57 PM, Rohit Yadav <ro...@shapeblue.com>
> wrote:
>
>> All,
>>
>>
>> We're down to one feature PR towards 4.11 milestone now:
>>
>> https://github.com/apache/cloudstack/pull/2298
>>
>>
>> The config drive PR from Frank (Nuage) has been accepted today after no
>> regression test failures seen from yesterday's smoketest run. We've also
>> tested, reviewed and merge Wido's (blocker fix) PR.
>>
>>
>> I've asked Mike to stabilize the branch; based on the smoketest results
>> from today we can see some failures caused by the PR. I'm willing to work
>> with Mike and others to get this PR tested, and merged over the weekends if
>> we can demonstrate that no regression is caused by it, i.e. no new
>> smoketest regressions. I'll also try to fix regression and test failures
>> over the weekend.
>>
>>
>> Lastly, I would like to discuss a mistake I made today with merging the
>> following PR which per our guideline lacks one code review lgtm/approval:
>>
>> https://github.com/apache/cloudstack/pull/2152
>>
>>
>> The changes in above (merged) PR are all localized to a xenserver-swift
>> file, that is not tested by Travis or Trillian, since no new regression
>> failures were seen I accepted and merge it on that discretion. The PR was
>> originally on the 4.11 milestone, however, due to it lacking a JIRA id and
>> no response from the author it was only recently removed from the milestone.
>>
>>
>> Please advise if I need to revert this, or we can review/lgtm it
>> post-merge? I'll also ping on the above PR.
>>
>>
>> - Rohit
>>
>> <https://cloudstack.apache.org>
> Apache CloudStack: Open Source Cloud Computing<https://cloudstack.apache.org/>
> cloudstack.apache.org
> CloudStack is open source cloud computing software for creating, managing, and deploying infrastructure cloud services
>
>
>
>>
>>
>>
>> ________________________________
>> From: Wido den Hollander <wi...@widodh.nl>
>> Sent: Thursday, January 11, 2018 9:17:26 PM
>> To: dev@cloudstack.apache.org
>> Subject: Re: [DISCUSS] Freezing master for 4.11
>>
>>
>>
>>> On 01/10/2018 07:26 PM, Daan Hoogland wrote:
>>> I hope we understand each other correctly: No-one running an earlier
>>> version then 4.11 should miss out on any functionality they are using
>> now.
>>>
>>> So if you use ipv6 and multiple cidrs now it must continue to work with
>> no
>>> loss of functionality. see my question below.
>>>
>>> On Wed, Jan 10, 2018 at 7:06 PM, Ivan Kudryavtsev <
>> kudryavtsev_ia@bw-sw.com>
>>> wrote:
>>>
>>>> Daan, yes this sounds reasonable, I suppose who would like to fix, could
>>>> do custom build for himself...
>>>>
>>>> But still it should be aknowledged somehow, if you use several cidrs for
>>>> network, don't use v6, or don't upgrade to 4.11 because things will stop
>>>> running well.
>>>>
>>> Does this mean that several cidrs in ipv6 works in 4.9 and not in 4.11?
>>>
>>
>> No, it doesn't. IPv6 was introduced in 4.10 and this broke in 4.10.
>>
>> You can't run with 4.10 with multiple IPv4 CIDRs as well when you have
>> IPv6 enabled.
>>
>> So this is broken in 4.10 and 4.11 in that case.
>>
>> Wido
>>
>>>
>>> if yes; it is a blocker
>>>
>>> if no; you might as well upgrade for other features as it doesn't work
>> now
>>> either.
>>>
>>
>> rohit.yadav@shapeblue.com
>> www.shapeblue.com<http://www.shapeblue.com>
> [http://www.shapeblue.com/wp-content/uploads/2017/06/logo.png]<http://www.shapeblue.com/>
>
> Shapeblue - The CloudStack Company<http://www.shapeblue.com/>
> www.shapeblue.com<http://www.shapeblue.com>
> Rapid deployment framework for Apache CloudStack IaaS Clouds. CSForge is a framework developed by ShapeBlue to deliver the rapid deployment of a standardised ...
>
>
>
>> 53 Chandos Place, Covent Garden, London WC2N 4HSUK
>> @shapeblue
>>
>>
>>
>>
>
>
> --
> Rafael Weingärtner
>
> rohit.yadav@shapeblue.com
> www.shapeblue.com<http://www.shapeblue.com>
> 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> @shapeblue
>
>
>
Re: [DISCUSS] Freezing master for 4.11
Posted by Kristian Liivak <kr...@wavecom.ee>.
Rohit,
In first cloned my old ACS 4.10 production server and upgraded.
Then i took new clean installed centos 7 server
Results are same.
i can see errors in management log.
2018-01-24 13:48:17,207 WARN [n.s.e.c.ConfigurationFactory] (main:null) (logid:) No configuration found. Configuring ehcache from ehcache-failsafe.xml found in the classpath: jar:file:/usr/share/cloudstack-management/lib/cloudstack-4.11.0.0.jar!/ehcache-failsafe.xml
2018-01-24 13:48:17,514 WARN [c.c.c.ConsoleProxyManagerImpl] (main:null) (logid:) Empty console proxy domain, explicitly disabling SSL
2018-01-24 13:48:17,553 WARN [c.c.s.d.DownloadMonitorImpl] (main:null) (logid:) Only realhostip.com ssl cert is supported, ignoring self-signed and other certs
2018-01-24 13:48:18,912 ERROR [c.c.u.PropertiesUtil] (main:null) (logid:) Unable to find properties file: commands.properties
2018-01-24 13:48:25,430 INFO [c.c.h.x.r.XenServerConnectionPool] (main:null) (logid:) XenServer Connection Pool Configs: sleep.interval.on.error=10000
Lugupidamisega / Regards
Kristian Liivak
Tegevjuht / Executive director
WaveCom As
Endla 16, 10142 Tallinn
Estonia
Tel: +3726850001
Gsm: +37256850001
E-mail: kris@wavecom.ee
Skype: kristian.liivak
http://www.wavecom.ee
http://www.facebook.com/wavecom.ee
----- Original Message -----
From: "rohit yadav" <ro...@shapeblue.com>
To: "users" <us...@cloudstack.apache.org>
Sent: Tuesday, January 23, 2018 4:37:44 PM
Subject: Re: [DISCUSS] Freezing master for 4.11
Kristian,
4.11+ has migrated to embedded Jetty. Can you share which environment you've upgraded your environment from, i.e. Java version, ACS version etc. The log you're seeing is not a failure.
If you wait for some time, the management server should run. Tail for the management server logs for details, or journalctl -f.
- Rohit
<https://cloudstack.apache.org>
________________________________
From: Kristian Liivak <kr...@wavecom.ee>
Sent: Monday, January 22, 2018 6:59:11 PM
To: users
Subject: Re: [DISCUSS] Freezing master for 4.11
Hello,
I just installed RC1 for testing from centos packages but there is problem starting it in centos7 enviroment
Clodustack won´t start and i can see in management log
[o.e.j.w.StandardDescriptorProcessor] (main:null) (logid:) NO JSP Support for /client, did not find org.eclipse.jetty.jsp.JettyJspServlet
Can anyone suggest a fix/workaround ?
Lugupidamisega / Regards
Kristian Liivak
CTO
WaveCom As
Endla 16, 10142 Tallinn
Estonia
Tel: +3726850001
Gsm: +37256850001
E-mail: kris@wavecom.ee
Skype: kristian.liivak
http://www.wavecom.ee
http://www.facebook.com/wavecom.ee
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
----- Original Message -----
From: "rohit yadav" <ro...@shapeblue.com>
To: "users" <us...@cloudstack.apache.org>
Cc: "dev" <de...@cloudstack.apache.org>
Sent: Friday, January 19, 2018 11:13:49 AM
Subject: Re: [DISCUSS] Freezing master for 4.11
Hi Kristian,
I looked at https://issues.apache.org/jira/browse/CLOUDSTACK-10141
If the new VM is deployed with a password and/or ssh-key enabled VM template, then VR should get new password and the user/account specific ssh-public key so the mentioned issues don't affect such new VMs. However, I agree VMs may have access to old VM's password (if not consumed) and ssh-public key if are not password/ssh-public-key enabled - but they may be useless/stale information and I feel they are more of a GC issue than a security issue.
Are you able to reproduce a case when a new VM deployed using old VM's IP and with a password and/or public-key enabled template is getting the password and/or ssh-public-key from old VM (and the old user/account)? I think if yes, then it's a security issue.
Thoughts, comments?
- Rohit
<https://cloudstack.apache.org>
________________________________
From: Kristian Liivak <kr...@wavecom.ee>
Sent: Monday, January 15, 2018 4:19:03 PM
To: users
Cc: dev@cloudstack.apache.org
Subject: Re: [DISCUSS] Freezing master for 4.11
Hello,
I have created issue in jira 2 month ago.
https://issues.apache.org/jira/browse/CLOUDSTACK-10141
In version 4.10 VR password and ssh key distribution don´t work on instance creation.
When instance is allreay excisting reset function is operational.
Also there is major security hole. When instance is destroyd and expunged and new instance is created with old IP all old data is unaffected in VR
New instance will get then old root password and ssh key if they were present in VR
In my knowledege cloudstack older versions are not affected.
Lugupidamisega / Regards
Kristian Liivak
CTO
WaveCom As
Endla 16, 10142 Tallinn
Estonia
Tel: +3726850001
Gsm: +37256850001
E-mail: kris@wavecom.ee
Skype: kristian.liivak
http://www.wavecom.ee
http://www.facebook.com/wavecom.ee
rohit.yadav@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
----- Original Message -----
From: "Rohit Yadav" <ro...@shapeblue.com>
To: dev@cloudstack.apache.org, "users" <us...@cloudstack.apache.org>
Sent: Sunday, January 14, 2018 8:41:15 PM
Subject: Re: [DISCUSS] Freezing master for 4.11
All,
To give you update, all feature PRs have been reviewed, tested and merged towards the 4.11.0.0. I'll engage with Mike and others for any post-merge regressions (smoketest to be kicked shortly).
I see an outstanding PR that may be a critical/blocker PR, please advise and also review:
https://github.com/apache/cloudstack/pull/2402
If anyone has any blocker to report, please do so. Thanks.
I'll cut RC1 as planned by EOD today (Mon/15 Jan 2018).
- Rohit
<https://cloudstack.apache.org>
________________________________
From: Tutkowski, Mike <Mi...@netapp.com>
Sent: Saturday, January 13, 2018 3:23:40 AM
To: dev@cloudstack.apache.org
Subject: Re: [DISCUSS] Freezing master for 4.11
I’m investigating these now. I have found and fixed two of them so far.
rohit.yadav@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
> On Jan 12, 2018, at 2:49 PM, Rohit Yadav <ro...@shapeblue.com> wrote:
>
> Thanks Rafael and Daan.
>
>
>> From: Rafael Weingärtner <ra...@gmail.com>
>>
>> I believe there is no problem in merging Wido’s and Mike’s PRs, they have
>> been extensively discussed and improved (specially Mike’s one).
>
> Thanks, Mike's PR has several regression smoketest failures and can be accepted only when those failures are fixed.
>
> We'll cut 4.11 branch start rc1 on Monday that would be a hard freeze. If Mike wants, he can help fix them over the weekend, I can help run smoketests.
>
>> Having said that; I would be ok with it (no need to revert it), but we need
>> to be more careful with these things. If one wants to merge something,
>> there is no harm in waiting and calling for reviewers via Github, Slack, or
>> even email them directly.
>
> Additional review was requested, but mea culpa - thanks for your support, noted.
>
> - Rohit
>
> On Fri, Jan 12, 2018 at 3:57 PM, Rohit Yadav <ro...@shapeblue.com>
> wrote:
>
>> All,
>>
>>
>> We're down to one feature PR towards 4.11 milestone now:
>>
>> https://github.com/apache/cloudstack/pull/2298
>>
>>
>> The config drive PR from Frank (Nuage) has been accepted today after no
>> regression test failures seen from yesterday's smoketest run. We've also
>> tested, reviewed and merge Wido's (blocker fix) PR.
>>
>>
>> I've asked Mike to stabilize the branch; based on the smoketest results
>> from today we can see some failures caused by the PR. I'm willing to work
>> with Mike and others to get this PR tested, and merged over the weekends if
>> we can demonstrate that no regression is caused by it, i.e. no new
>> smoketest regressions. I'll also try to fix regression and test failures
>> over the weekend.
>>
>>
>> Lastly, I would like to discuss a mistake I made today with merging the
>> following PR which per our guideline lacks one code review lgtm/approval:
>>
>> https://github.com/apache/cloudstack/pull/2152
>>
>>
>> The changes in above (merged) PR are all localized to a xenserver-swift
>> file, that is not tested by Travis or Trillian, since no new regression
>> failures were seen I accepted and merge it on that discretion. The PR was
>> originally on the 4.11 milestone, however, due to it lacking a JIRA id and
>> no response from the author it was only recently removed from the milestone.
>>
>>
>> Please advise if I need to revert this, or we can review/lgtm it
>> post-merge? I'll also ping on the above PR.
>>
>>
>> - Rohit
>>
>> <https://cloudstack.apache.org>
> Apache CloudStack: Open Source Cloud Computing<https://cloudstack.apache.org/>
> cloudstack.apache.org
> CloudStack is open source cloud computing software for creating, managing, and deploying infrastructure cloud services
>
>
>
>>
>>
>>
>> ________________________________
>> From: Wido den Hollander <wi...@widodh.nl>
>> Sent: Thursday, January 11, 2018 9:17:26 PM
>> To: dev@cloudstack.apache.org
>> Subject: Re: [DISCUSS] Freezing master for 4.11
>>
>>
>>
>>> On 01/10/2018 07:26 PM, Daan Hoogland wrote:
>>> I hope we understand each other correctly: No-one running an earlier
>>> version then 4.11 should miss out on any functionality they are using
>> now.
>>>
>>> So if you use ipv6 and multiple cidrs now it must continue to work with
>> no
>>> loss of functionality. see my question below.
>>>
>>> On Wed, Jan 10, 2018 at 7:06 PM, Ivan Kudryavtsev <
>> kudryavtsev_ia@bw-sw.com>
>>> wrote:
>>>
>>>> Daan, yes this sounds reasonable, I suppose who would like to fix, could
>>>> do custom build for himself...
>>>>
>>>> But still it should be aknowledged somehow, if you use several cidrs for
>>>> network, don't use v6, or don't upgrade to 4.11 because things will stop
>>>> running well.
>>>>
>>> Does this mean that several cidrs in ipv6 works in 4.9 and not in 4.11?
>>>
>>
>> No, it doesn't. IPv6 was introduced in 4.10 and this broke in 4.10.
>>
>> You can't run with 4.10 with multiple IPv4 CIDRs as well when you have
>> IPv6 enabled.
>>
>> So this is broken in 4.10 and 4.11 in that case.
>>
>> Wido
>>
>>>
>>> if yes; it is a blocker
>>>
>>> if no; you might as well upgrade for other features as it doesn't work
>> now
>>> either.
>>>
>>
>> rohit.yadav@shapeblue.com
>> www.shapeblue.com<http://www.shapeblue.com>
> [http://www.shapeblue.com/wp-content/uploads/2017/06/logo.png]<http://www.shapeblue.com/>
>
> Shapeblue - The CloudStack Company<http://www.shapeblue.com/>
> www.shapeblue.com<http://www.shapeblue.com>
> Rapid deployment framework for Apache CloudStack IaaS Clouds. CSForge is a framework developed by ShapeBlue to deliver the rapid deployment of a standardised ...
>
>
>
>> 53 Chandos Place, Covent Garden, London WC2N 4HSUK
>> @shapeblue
>>
>>
>>
>>
>
>
> --
> Rafael Weingärtner
>
> rohit.yadav@shapeblue.com
> www.shapeblue.com<http://www.shapeblue.com>
> 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> @shapeblue
>
>
>
RE: [DISCUSS] Freezing master for 4.11
Posted by Paul Angus <pa...@shapeblue.com>.
Hi Ivan,
Here's email from Rohit, systemvm template path is at the bottom
I've created a 4.11.0.0 release, with the following artifacts up for testing and a vote:
Git Branch and Commit SH:
https://gitbox.apache.org/repos/asf?p=cloudstack.git;a=shortlog;h=refs/heads/4.11.0.0-RC20180115T1603
Commit: 1b8a532ba52127f388847690df70e65c6b46f4d4
Source release (checksums and signatures are available at the same
location):
https://dist.apache.org/repos/dist/dev/cloudstack/4.11.0.0/
PGP release keys (signed using 5ED1E1122DC5E8A4A45112C2484248210EE3D884):
https://dist.apache.org/repos/dist/release/cloudstack/KEYS
The vote will be open for 72 hours.
For sanity in tallying the vote, can PMC members please be sure to indicate "(binding)" with their vote?
[ ] +1 approve
[ ] +0 no opinion
[ ] -1 disapprove (and reason why)
Additional information:
For users' convenience, I've built packages from
1b8a532ba52127f388847690df70e65c6b46f4d4 and published RC1 repository here:
http://cloudstack.apt-get.eu/testing/4.11-rc1
The release notes are still work-in-progress, but the systemvmtemplate upgrade section has been updated. You may refer the following for systemvmtemplate upgrade testing:
http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/latest/index.html
4.11 systemvmtemplates are available from here:
https://download.cloudstack.org/systemvm/4.11/
Regards,
Rohit Yadav
Kind regards,
Paul Angus
paul.angus@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
-----Original Message-----
From: Ivan Kudryavtsev [mailto:kudryavtsev_ia@bw-sw.com]
Sent: 15 January 2018 17:34
To: users@cloudstack.apache.org
Subject: Re: [DISCUSS] Freezing master for 4.11
Hello,all. Do we already have systemvm and packages for RC? I would like to upgrade my dev to help testing it.
15 янв. 2018 г. 18:51 пользователь "Daan Hoogland" <da...@gmail.com>
написал:
> I suggest you discuss it on the vote thread for RC1 Kristian.
>
> On Mon, Jan 15, 2018 at 12:47 PM, Kristian Liivak <kr...@wavecom.ee> wrote:
>
> >
> > This fix is only for smaller part of password management..
> > Is´t possible that someone have look VR password distribution with
> > instance creation ?
>
>
> --
> Daan
>
Re: [DISCUSS] Freezing master for 4.11
Posted by Ivan Kudryavtsev <ku...@bw-sw.com>.
Hello,all. Do we already have systemvm and packages for RC? I would like to
upgrade my dev to help testing it.
15 янв. 2018 г. 18:51 пользователь "Daan Hoogland" <da...@gmail.com>
написал:
> I suggest you discuss it on the vote thread for RC1 Kristian.
>
> On Mon, Jan 15, 2018 at 12:47 PM, Kristian Liivak <kr...@wavecom.ee> wrote:
>
> >
> > This fix is only for smaller part of password management..
> > Is´t possible that someone have look VR password distribution with
> > instance creation ?
>
>
> --
> Daan
>
Re: [DISCUSS] Freezing master for 4.11
Posted by Daan Hoogland <da...@gmail.com>.
I suggest you discuss it on the vote thread for RC1 Kristian.
On Mon, Jan 15, 2018 at 12:47 PM, Kristian Liivak <kr...@wavecom.ee> wrote:
>
> This fix is only for smaller part of password management..
> Is´t possible that someone have look VR password distribution with
> instance creation ?
--
Daan
Re: [DISCUSS] Freezing master for 4.11
Posted by Daan Hoogland <da...@gmail.com>.
I suggest you discuss it on the vote thread for RC1 Kristian.
On Mon, Jan 15, 2018 at 12:47 PM, Kristian Liivak <kr...@wavecom.ee> wrote:
>
> This fix is only for smaller part of password management..
> Is´t possible that someone have look VR password distribution with
> instance creation ?
--
Daan
Re: [DISCUSS] Freezing master for 4.11
Posted by Kristian Liivak <kr...@wavecom.ee>.
This fix is only for smaller part of password management..
Is´t possible that someone have look VR password distribution with instance creation ?
Lugupidamisega / Regards
Kristian Liivak
Tegevjuht / Executive director
WaveCom As
Endla 16, 10142 Tallinn
Estonia
Tel: +3726850001
Gsm: +37256850001
E-mail: kris@wavecom.ee
Skype: kristian.liivak
http://www.wavecom.ee
http://www.facebook.com/wavecom.ee
----- Original Message -----
From: "Daan Hoogland" <da...@gmail.com>
To: "users" <us...@cloudstack.apache.org>
Cc: "dev" <de...@cloudstack.apache.org>
Sent: Monday, January 15, 2018 1:42:00 PM
Subject: Re: [DISCUSS] Freezing master for 4.11
Yes, I know. I made that that's why i asked. This fix isn't in 4.10 but is
in 4.11.
On Mon, Jan 15, 2018 at 12:37 PM, Kristian Liivak <kr...@wavecom.ee> wrote:
>
> We made lot testing but did´nt had time to dig code this time.
> There was similar VR password management related and fixed issue
> https://issues.apache.org/jira/browse/CLOUDSTACK-10113
>
>
>
> Lugupidamisega / Regards
>
> Kristian Liivak
>
> CTO
> WaveCom As
> Endla 16, 10142 Tallinn
> Estonia
> Tel: +3726850001
> Gsm: +37256850001
> E-mail: kris@wavecom.ee
> Skype: kristian.liivak
> http://www.wavecom.ee
> http://www.facebook.com/wavecom.ee
>
> ----- Original Message -----
> From: "Daan Hoogland" <da...@gmail.com>
> To: "users" <us...@cloudstack.apache.org>
> Cc: "dev" <de...@cloudstack.apache.org>
> Sent: Monday, January 15, 2018 1:22:23 PM
> Subject: Re: [DISCUSS] Freezing master for 4.11
>
> kristian,
>
> these sound like serious regressions. Do you have a fix or did you analyse
> the code yet?
>
> On Mon, Jan 15, 2018 at 11:49 AM, Kristian Liivak <kr...@wavecom.ee> wrote:
>
> > Hello,
> >
> > I have created issue in jira 2 month ago.
> > https://issues.apache.org/jira/browse/CLOUDSTACK-10141
> >
> > In version 4.10 VR password and ssh key distribution don´t work on
> > instance creation.
> > When instance is allreay excisting reset function is operational.
> >
> > Also there is major security hole. When instance is destroyd and expunged
> > and new instance is created with old IP all old data is unaffected in VR
> > New instance will get then old root password and ssh key if they were
> > present in VR
> >
> > In my knowledege cloudstack older versions are not affected.
> >
> > Lugupidamisega / Regards
> >
> > Kristian Liivak
> >
> > CTO
> >
> > WaveCom As
> > Endla 16, 10142 Tallinn
> > Estonia
> > Tel: +3726850001
> > Gsm: +37256850001
> > E-mail: kris@wavecom.ee
> > Skype: kristian.liivak
> > http://www.wavecom.ee
> > http://www.facebook.com/wavecom.ee
> >
> > ----- Original Message -----
> > From: "Rohit Yadav" <ro...@shapeblue.com>
> > To: dev@cloudstack.apache.org, "users" <us...@cloudstack.apache.org>
> > Sent: Sunday, January 14, 2018 8:41:15 PM
> > Subject: Re: [DISCUSS] Freezing master for 4.11
> >
> > All,
> >
> >
> > To give you update, all feature PRs have been reviewed, tested and merged
> > towards the 4.11.0.0. I'll engage with Mike and others for any post-merge
> > regressions (smoketest to be kicked shortly).
> >
> >
> > I see an outstanding PR that may be a critical/blocker PR, please advise
> > and also review:
> >
> > https://github.com/apache/cloudstack/pull/2402
> >
> >
> > If anyone has any blocker to report, please do so. Thanks.
> >
> >
> > I'll cut RC1 as planned by EOD today (Mon/15 Jan 2018).
> >
> >
> > - Rohit
> >
> > <https://cloudstack.apache.org>
> >
> >
> >
> > ________________________________
> > From: Tutkowski, Mike <Mi...@netapp.com>
> > Sent: Saturday, January 13, 2018 3:23:40 AM
> > To: dev@cloudstack.apache.org
> > Subject: Re: [DISCUSS] Freezing master for 4.11
> >
> > I’m investigating these now. I have found and fixed two of them so far.
> >
> >
> > rohit.yadav@shapeblue.com
> > www.shapeblue.com
> > 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> > @shapeblue
> >
> >
> >
> > > On Jan 12, 2018, at 2:49 PM, Rohit Yadav <ro...@shapeblue.com>
> > wrote:
> > >
> > > Thanks Rafael and Daan.
> > >
> > >
> > >> From: Rafael Weingärtner <ra...@gmail.com>
> > >>
> > >> I believe there is no problem in merging Wido’s and Mike’s PRs, they
> > have
> > >> been extensively discussed and improved (specially Mike’s one).
> > >
> > > Thanks, Mike's PR has several regression smoketest failures and can be
> > accepted only when those failures are fixed.
> > >
> > > We'll cut 4.11 branch start rc1 on Monday that would be a hard freeze.
> > If Mike wants, he can help fix them over the weekend, I can help run
> > smoketests.
> > >
> > >> Having said that; I would be ok with it (no need to revert it), but we
> > need
> > >> to be more careful with these things. If one wants to merge something,
> > >> there is no harm in waiting and calling for reviewers via Github,
> > Slack, or
> > >> even email them directly.
> > >
> > > Additional review was requested, but mea culpa - thanks for your
> > support, noted.
> > >
> > > - Rohit
> > >
> > > On Fri, Jan 12, 2018 at 3:57 PM, Rohit Yadav <
> rohit.yadav@shapeblue.com>
> > > wrote:
> > >
> > >> All,
> > >>
> > >>
> > >> We're down to one feature PR towards 4.11 milestone now:
> > >>
> > >> https://github.com/apache/cloudstack/pull/2298
> > >>
> > >>
> > >> The config drive PR from Frank (Nuage) has been accepted today after
> no
> > >> regression test failures seen from yesterday's smoketest run. We've
> also
> > >> tested, reviewed and merge Wido's (blocker fix) PR.
> > >>
> > >>
> > >> I've asked Mike to stabilize the branch; based on the smoketest
> results
> > >> from today we can see some failures caused by the PR. I'm willing to
> > work
> > >> with Mike and others to get this PR tested, and merged over the
> > weekends if
> > >> we can demonstrate that no regression is caused by it, i.e. no new
> > >> smoketest regressions. I'll also try to fix regression and test
> failures
> > >> over the weekend.
> > >>
> > >>
> > >> Lastly, I would like to discuss a mistake I made today with merging
> the
> > >> following PR which per our guideline lacks one code review
> > lgtm/approval:
> > >>
> > >> https://github.com/apache/cloudstack/pull/2152
> > >>
> > >>
> > >> The changes in above (merged) PR are all localized to a
> xenserver-swift
> > >> file, that is not tested by Travis or Trillian, since no new
> regression
> > >> failures were seen I accepted and merge it on that discretion. The PR
> > was
> > >> originally on the 4.11 milestone, however, due to it lacking a JIRA id
> > and
> > >> no response from the author it was only recently removed from the
> > milestone.
> > >>
> > >>
> > >> Please advise if I need to revert this, or we can review/lgtm it
> > >> post-merge? I'll also ping on the above PR.
> > >>
> > >>
> > >> - Rohit
> > >>
> > >> <https://cloudstack.apache.org>
> > > Apache CloudStack: Open Source Cloud Computing<https://cloudstack.
> > apache.org/>
> > > cloudstack.apache.org
> > > CloudStack is open source cloud computing software for creating,
> > managing, and deploying infrastructure cloud services
> > >
> > >
> > >
> > >>
> > >>
> > >>
> > >> ________________________________
> > >> From: Wido den Hollander <wi...@widodh.nl>
> > >> Sent: Thursday, January 11, 2018 9:17:26 PM
> > >> To: dev@cloudstack.apache.org
> > >> Subject: Re: [DISCUSS] Freezing master for 4.11
> > >>
> > >>
> > >>
> > >>> On 01/10/2018 07:26 PM, Daan Hoogland wrote:
> > >>> I hope we understand each other correctly: No-one running an earlier
> > >>> version then 4.11 should miss out on any functionality they are using
> > >> now.
> > >>>
> > >>> So if you use ipv6 and multiple cidrs now it must continue to work
> with
> > >> no
> > >>> loss of functionality. see my question below.
> > >>>
> > >>> On Wed, Jan 10, 2018 at 7:06 PM, Ivan Kudryavtsev <
> > >> kudryavtsev_ia@bw-sw.com>
> > >>> wrote:
> > >>>
> > >>>> Daan, yes this sounds reasonable, I suppose who would like to fix,
> > could
> > >>>> do custom build for himself...
> > >>>>
> > >>>> But still it should be aknowledged somehow, if you use several cidrs
> > for
> > >>>> network, don't use v6, or don't upgrade to 4.11 because things will
> > stop
> > >>>> running well.
> > >>>>
> > >>> Does this mean that several cidrs in ipv6 works in 4.9 and not in
> 4.11?
> > >>>
> > >>
> > >> No, it doesn't. IPv6 was introduced in 4.10 and this broke in 4.10.
> > >>
> > >> You can't run with 4.10 with multiple IPv4 CIDRs as well when you have
> > >> IPv6 enabled.
> > >>
> > >> So this is broken in 4.10 and 4.11 in that case.
> > >>
> > >> Wido
> > >>
> > >>>
> > >>> if yes; it is a blocker
> > >>>
> > >>> if no; you might as well upgrade for other features as it doesn't
> work
> > >> now
> > >>> either.
> > >>>
> > >>
> > >> rohit.yadav@shapeblue.com
> > >> www.shapeblue.com<http://www.shapeblue.com>
> > > [http://www.shapeblue.com/wp-content/uploads/2017/06/logo.png]<
> > http://www.shapeblue.com/>
> > >
> > > Shapeblue - The CloudStack Company<http://www.shapeblue.com/>
> > > www.shapeblue.com<http://www.shapeblue.com>
> > > Rapid deployment framework for Apache CloudStack IaaS Clouds. CSForge
> is
> > a framework developed by ShapeBlue to deliver the rapid deployment of a
> > standardised ...
> > >
> > >
> > >
> > >> 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> > >> @shapeblue
> > >>
> > >>
> > >>
> > >>
> > >
> > >
> > > --
> > > Rafael Weingärtner
> > >
> > > rohit.yadav@shapeblue.com
> > > www.shapeblue.com<http://www.shapeblue.com>
> > > 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> > > @shapeblue
> > >
> > >
> > >
> >
>
>
>
> --
> Daan
>
--
Daan
Re: [DISCUSS] Freezing master for 4.11
Posted by Rohit Yadav <ro...@shapeblue.com>.
Kristian,
4.11+ has migrated to embedded Jetty. Can you share which environment you've upgraded your environment from, i.e. Java version, ACS version etc. The log you're seeing is not a failure.
If you wait for some time, the management server should run. Tail for the management server logs for details, or journalctl -f.
- Rohit
<https://cloudstack.apache.org>
________________________________
From: Kristian Liivak <kr...@wavecom.ee>
Sent: Monday, January 22, 2018 6:59:11 PM
To: users
Subject: Re: [DISCUSS] Freezing master for 4.11
Hello,
I just installed RC1 for testing from centos packages but there is problem starting it in centos7 enviroment
Clodustack won´t start and i can see in management log
[o.e.j.w.StandardDescriptorProcessor] (main:null) (logid:) NO JSP Support for /client, did not find org.eclipse.jetty.jsp.JettyJspServlet
Can anyone suggest a fix/workaround ?
Lugupidamisega / Regards
Kristian Liivak
CTO
WaveCom As
Endla 16, 10142 Tallinn
Estonia
Tel: +3726850001
Gsm: +37256850001
E-mail: kris@wavecom.ee
Skype: kristian.liivak
http://www.wavecom.ee
http://www.facebook.com/wavecom.ee
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
----- Original Message -----
From: "rohit yadav" <ro...@shapeblue.com>
To: "users" <us...@cloudstack.apache.org>
Cc: "dev" <de...@cloudstack.apache.org>
Sent: Friday, January 19, 2018 11:13:49 AM
Subject: Re: [DISCUSS] Freezing master for 4.11
Hi Kristian,
I looked at https://issues.apache.org/jira/browse/CLOUDSTACK-10141
If the new VM is deployed with a password and/or ssh-key enabled VM template, then VR should get new password and the user/account specific ssh-public key so the mentioned issues don't affect such new VMs. However, I agree VMs may have access to old VM's password (if not consumed) and ssh-public key if are not password/ssh-public-key enabled - but they may be useless/stale information and I feel they are more of a GC issue than a security issue.
Are you able to reproduce a case when a new VM deployed using old VM's IP and with a password and/or public-key enabled template is getting the password and/or ssh-public-key from old VM (and the old user/account)? I think if yes, then it's a security issue.
Thoughts, comments?
- Rohit
<https://cloudstack.apache.org>
________________________________
From: Kristian Liivak <kr...@wavecom.ee>
Sent: Monday, January 15, 2018 4:19:03 PM
To: users
Cc: dev@cloudstack.apache.org
Subject: Re: [DISCUSS] Freezing master for 4.11
Hello,
I have created issue in jira 2 month ago.
https://issues.apache.org/jira/browse/CLOUDSTACK-10141
In version 4.10 VR password and ssh key distribution don´t work on instance creation.
When instance is allreay excisting reset function is operational.
Also there is major security hole. When instance is destroyd and expunged and new instance is created with old IP all old data is unaffected in VR
New instance will get then old root password and ssh key if they were present in VR
In my knowledege cloudstack older versions are not affected.
Lugupidamisega / Regards
Kristian Liivak
CTO
WaveCom As
Endla 16, 10142 Tallinn
Estonia
Tel: +3726850001
Gsm: +37256850001
E-mail: kris@wavecom.ee
Skype: kristian.liivak
http://www.wavecom.ee
http://www.facebook.com/wavecom.ee
rohit.yadav@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
----- Original Message -----
From: "Rohit Yadav" <ro...@shapeblue.com>
To: dev@cloudstack.apache.org, "users" <us...@cloudstack.apache.org>
Sent: Sunday, January 14, 2018 8:41:15 PM
Subject: Re: [DISCUSS] Freezing master for 4.11
All,
To give you update, all feature PRs have been reviewed, tested and merged towards the 4.11.0.0. I'll engage with Mike and others for any post-merge regressions (smoketest to be kicked shortly).
I see an outstanding PR that may be a critical/blocker PR, please advise and also review:
https://github.com/apache/cloudstack/pull/2402
If anyone has any blocker to report, please do so. Thanks.
I'll cut RC1 as planned by EOD today (Mon/15 Jan 2018).
- Rohit
<https://cloudstack.apache.org>
________________________________
From: Tutkowski, Mike <Mi...@netapp.com>
Sent: Saturday, January 13, 2018 3:23:40 AM
To: dev@cloudstack.apache.org
Subject: Re: [DISCUSS] Freezing master for 4.11
I’m investigating these now. I have found and fixed two of them so far.
rohit.yadav@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
> On Jan 12, 2018, at 2:49 PM, Rohit Yadav <ro...@shapeblue.com> wrote:
>
> Thanks Rafael and Daan.
>
>
>> From: Rafael Weingärtner <ra...@gmail.com>
>>
>> I believe there is no problem in merging Wido’s and Mike’s PRs, they have
>> been extensively discussed and improved (specially Mike’s one).
>
> Thanks, Mike's PR has several regression smoketest failures and can be accepted only when those failures are fixed.
>
> We'll cut 4.11 branch start rc1 on Monday that would be a hard freeze. If Mike wants, he can help fix them over the weekend, I can help run smoketests.
>
>> Having said that; I would be ok with it (no need to revert it), but we need
>> to be more careful with these things. If one wants to merge something,
>> there is no harm in waiting and calling for reviewers via Github, Slack, or
>> even email them directly.
>
> Additional review was requested, but mea culpa - thanks for your support, noted.
>
> - Rohit
>
> On Fri, Jan 12, 2018 at 3:57 PM, Rohit Yadav <ro...@shapeblue.com>
> wrote:
>
>> All,
>>
>>
>> We're down to one feature PR towards 4.11 milestone now:
>>
>> https://github.com/apache/cloudstack/pull/2298
>>
>>
>> The config drive PR from Frank (Nuage) has been accepted today after no
>> regression test failures seen from yesterday's smoketest run. We've also
>> tested, reviewed and merge Wido's (blocker fix) PR.
>>
>>
>> I've asked Mike to stabilize the branch; based on the smoketest results
>> from today we can see some failures caused by the PR. I'm willing to work
>> with Mike and others to get this PR tested, and merged over the weekends if
>> we can demonstrate that no regression is caused by it, i.e. no new
>> smoketest regressions. I'll also try to fix regression and test failures
>> over the weekend.
>>
>>
>> Lastly, I would like to discuss a mistake I made today with merging the
>> following PR which per our guideline lacks one code review lgtm/approval:
>>
>> https://github.com/apache/cloudstack/pull/2152
>>
>>
>> The changes in above (merged) PR are all localized to a xenserver-swift
>> file, that is not tested by Travis or Trillian, since no new regression
>> failures were seen I accepted and merge it on that discretion. The PR was
>> originally on the 4.11 milestone, however, due to it lacking a JIRA id and
>> no response from the author it was only recently removed from the milestone.
>>
>>
>> Please advise if I need to revert this, or we can review/lgtm it
>> post-merge? I'll also ping on the above PR.
>>
>>
>> - Rohit
>>
>> <https://cloudstack.apache.org>
> Apache CloudStack: Open Source Cloud Computing<https://cloudstack.apache.org/>
> cloudstack.apache.org
> CloudStack is open source cloud computing software for creating, managing, and deploying infrastructure cloud services
>
>
>
>>
>>
>>
>> ________________________________
>> From: Wido den Hollander <wi...@widodh.nl>
>> Sent: Thursday, January 11, 2018 9:17:26 PM
>> To: dev@cloudstack.apache.org
>> Subject: Re: [DISCUSS] Freezing master for 4.11
>>
>>
>>
>>> On 01/10/2018 07:26 PM, Daan Hoogland wrote:
>>> I hope we understand each other correctly: No-one running an earlier
>>> version then 4.11 should miss out on any functionality they are using
>> now.
>>>
>>> So if you use ipv6 and multiple cidrs now it must continue to work with
>> no
>>> loss of functionality. see my question below.
>>>
>>> On Wed, Jan 10, 2018 at 7:06 PM, Ivan Kudryavtsev <
>> kudryavtsev_ia@bw-sw.com>
>>> wrote:
>>>
>>>> Daan, yes this sounds reasonable, I suppose who would like to fix, could
>>>> do custom build for himself...
>>>>
>>>> But still it should be aknowledged somehow, if you use several cidrs for
>>>> network, don't use v6, or don't upgrade to 4.11 because things will stop
>>>> running well.
>>>>
>>> Does this mean that several cidrs in ipv6 works in 4.9 and not in 4.11?
>>>
>>
>> No, it doesn't. IPv6 was introduced in 4.10 and this broke in 4.10.
>>
>> You can't run with 4.10 with multiple IPv4 CIDRs as well when you have
>> IPv6 enabled.
>>
>> So this is broken in 4.10 and 4.11 in that case.
>>
>> Wido
>>
>>>
>>> if yes; it is a blocker
>>>
>>> if no; you might as well upgrade for other features as it doesn't work
>> now
>>> either.
>>>
>>
>> rohit.yadav@shapeblue.com
>> www.shapeblue.com<http://www.shapeblue.com>
> [http://www.shapeblue.com/wp-content/uploads/2017/06/logo.png]<http://www.shapeblue.com/>
>
> Shapeblue - The CloudStack Company<http://www.shapeblue.com/>
> www.shapeblue.com<http://www.shapeblue.com>
> Rapid deployment framework for Apache CloudStack IaaS Clouds. CSForge is a framework developed by ShapeBlue to deliver the rapid deployment of a standardised ...
>
>
>
>> 53 Chandos Place, Covent Garden, London WC2N 4HSUK
>> @shapeblue
>>
>>
>>
>>
>
>
> --
> Rafael Weingärtner
>
> rohit.yadav@shapeblue.com
> www.shapeblue.com<http://www.shapeblue.com>
> 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> @shapeblue
>
>
>
Re: [DISCUSS] Freezing master for 4.11
Posted by Kristian Liivak <kr...@wavecom.ee>.
Hello,
I just installed RC1 for testing from centos packages but there is problem starting it in centos7 enviroment
Clodustack won´t start and i can see in management log
[o.e.j.w.StandardDescriptorProcessor] (main:null) (logid:) NO JSP Support for /client, did not find org.eclipse.jetty.jsp.JettyJspServlet
Can anyone suggest a fix/workaround ?
Lugupidamisega / Regards
Kristian Liivak
CTO
WaveCom As
Endla 16, 10142 Tallinn
Estonia
Tel: +3726850001
Gsm: +37256850001
E-mail: kris@wavecom.ee
Skype: kristian.liivak
http://www.wavecom.ee
http://www.facebook.com/wavecom.ee
----- Original Message -----
From: "rohit yadav" <ro...@shapeblue.com>
To: "users" <us...@cloudstack.apache.org>
Cc: "dev" <de...@cloudstack.apache.org>
Sent: Friday, January 19, 2018 11:13:49 AM
Subject: Re: [DISCUSS] Freezing master for 4.11
Hi Kristian,
I looked at https://issues.apache.org/jira/browse/CLOUDSTACK-10141
If the new VM is deployed with a password and/or ssh-key enabled VM template, then VR should get new password and the user/account specific ssh-public key so the mentioned issues don't affect such new VMs. However, I agree VMs may have access to old VM's password (if not consumed) and ssh-public key if are not password/ssh-public-key enabled - but they may be useless/stale information and I feel they are more of a GC issue than a security issue.
Are you able to reproduce a case when a new VM deployed using old VM's IP and with a password and/or public-key enabled template is getting the password and/or ssh-public-key from old VM (and the old user/account)? I think if yes, then it's a security issue.
Thoughts, comments?
- Rohit
<https://cloudstack.apache.org>
________________________________
From: Kristian Liivak <kr...@wavecom.ee>
Sent: Monday, January 15, 2018 4:19:03 PM
To: users
Cc: dev@cloudstack.apache.org
Subject: Re: [DISCUSS] Freezing master for 4.11
Hello,
I have created issue in jira 2 month ago.
https://issues.apache.org/jira/browse/CLOUDSTACK-10141
In version 4.10 VR password and ssh key distribution don´t work on instance creation.
When instance is allreay excisting reset function is operational.
Also there is major security hole. When instance is destroyd and expunged and new instance is created with old IP all old data is unaffected in VR
New instance will get then old root password and ssh key if they were present in VR
In my knowledege cloudstack older versions are not affected.
Lugupidamisega / Regards
Kristian Liivak
CTO
WaveCom As
Endla 16, 10142 Tallinn
Estonia
Tel: +3726850001
Gsm: +37256850001
E-mail: kris@wavecom.ee
Skype: kristian.liivak
http://www.wavecom.ee
http://www.facebook.com/wavecom.ee
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
----- Original Message -----
From: "Rohit Yadav" <ro...@shapeblue.com>
To: dev@cloudstack.apache.org, "users" <us...@cloudstack.apache.org>
Sent: Sunday, January 14, 2018 8:41:15 PM
Subject: Re: [DISCUSS] Freezing master for 4.11
All,
To give you update, all feature PRs have been reviewed, tested and merged towards the 4.11.0.0. I'll engage with Mike and others for any post-merge regressions (smoketest to be kicked shortly).
I see an outstanding PR that may be a critical/blocker PR, please advise and also review:
https://github.com/apache/cloudstack/pull/2402
If anyone has any blocker to report, please do so. Thanks.
I'll cut RC1 as planned by EOD today (Mon/15 Jan 2018).
- Rohit
<https://cloudstack.apache.org>
________________________________
From: Tutkowski, Mike <Mi...@netapp.com>
Sent: Saturday, January 13, 2018 3:23:40 AM
To: dev@cloudstack.apache.org
Subject: Re: [DISCUSS] Freezing master for 4.11
I’m investigating these now. I have found and fixed two of them so far.
rohit.yadav@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
> On Jan 12, 2018, at 2:49 PM, Rohit Yadav <ro...@shapeblue.com> wrote:
>
> Thanks Rafael and Daan.
>
>
>> From: Rafael Weingärtner <ra...@gmail.com>
>>
>> I believe there is no problem in merging Wido’s and Mike’s PRs, they have
>> been extensively discussed and improved (specially Mike’s one).
>
> Thanks, Mike's PR has several regression smoketest failures and can be accepted only when those failures are fixed.
>
> We'll cut 4.11 branch start rc1 on Monday that would be a hard freeze. If Mike wants, he can help fix them over the weekend, I can help run smoketests.
>
>> Having said that; I would be ok with it (no need to revert it), but we need
>> to be more careful with these things. If one wants to merge something,
>> there is no harm in waiting and calling for reviewers via Github, Slack, or
>> even email them directly.
>
> Additional review was requested, but mea culpa - thanks for your support, noted.
>
> - Rohit
>
> On Fri, Jan 12, 2018 at 3:57 PM, Rohit Yadav <ro...@shapeblue.com>
> wrote:
>
>> All,
>>
>>
>> We're down to one feature PR towards 4.11 milestone now:
>>
>> https://github.com/apache/cloudstack/pull/2298
>>
>>
>> The config drive PR from Frank (Nuage) has been accepted today after no
>> regression test failures seen from yesterday's smoketest run. We've also
>> tested, reviewed and merge Wido's (blocker fix) PR.
>>
>>
>> I've asked Mike to stabilize the branch; based on the smoketest results
>> from today we can see some failures caused by the PR. I'm willing to work
>> with Mike and others to get this PR tested, and merged over the weekends if
>> we can demonstrate that no regression is caused by it, i.e. no new
>> smoketest regressions. I'll also try to fix regression and test failures
>> over the weekend.
>>
>>
>> Lastly, I would like to discuss a mistake I made today with merging the
>> following PR which per our guideline lacks one code review lgtm/approval:
>>
>> https://github.com/apache/cloudstack/pull/2152
>>
>>
>> The changes in above (merged) PR are all localized to a xenserver-swift
>> file, that is not tested by Travis or Trillian, since no new regression
>> failures were seen I accepted and merge it on that discretion. The PR was
>> originally on the 4.11 milestone, however, due to it lacking a JIRA id and
>> no response from the author it was only recently removed from the milestone.
>>
>>
>> Please advise if I need to revert this, or we can review/lgtm it
>> post-merge? I'll also ping on the above PR.
>>
>>
>> - Rohit
>>
>> <https://cloudstack.apache.org>
> Apache CloudStack: Open Source Cloud Computing<https://cloudstack.apache.org/>
> cloudstack.apache.org
> CloudStack is open source cloud computing software for creating, managing, and deploying infrastructure cloud services
>
>
>
>>
>>
>>
>> ________________________________
>> From: Wido den Hollander <wi...@widodh.nl>
>> Sent: Thursday, January 11, 2018 9:17:26 PM
>> To: dev@cloudstack.apache.org
>> Subject: Re: [DISCUSS] Freezing master for 4.11
>>
>>
>>
>>> On 01/10/2018 07:26 PM, Daan Hoogland wrote:
>>> I hope we understand each other correctly: No-one running an earlier
>>> version then 4.11 should miss out on any functionality they are using
>> now.
>>>
>>> So if you use ipv6 and multiple cidrs now it must continue to work with
>> no
>>> loss of functionality. see my question below.
>>>
>>> On Wed, Jan 10, 2018 at 7:06 PM, Ivan Kudryavtsev <
>> kudryavtsev_ia@bw-sw.com>
>>> wrote:
>>>
>>>> Daan, yes this sounds reasonable, I suppose who would like to fix, could
>>>> do custom build for himself...
>>>>
>>>> But still it should be aknowledged somehow, if you use several cidrs for
>>>> network, don't use v6, or don't upgrade to 4.11 because things will stop
>>>> running well.
>>>>
>>> Does this mean that several cidrs in ipv6 works in 4.9 and not in 4.11?
>>>
>>
>> No, it doesn't. IPv6 was introduced in 4.10 and this broke in 4.10.
>>
>> You can't run with 4.10 with multiple IPv4 CIDRs as well when you have
>> IPv6 enabled.
>>
>> So this is broken in 4.10 and 4.11 in that case.
>>
>> Wido
>>
>>>
>>> if yes; it is a blocker
>>>
>>> if no; you might as well upgrade for other features as it doesn't work
>> now
>>> either.
>>>
>>
>> rohit.yadav@shapeblue.com
>> www.shapeblue.com<http://www.shapeblue.com>
> [http://www.shapeblue.com/wp-content/uploads/2017/06/logo.png]<http://www.shapeblue.com/>
>
> Shapeblue - The CloudStack Company<http://www.shapeblue.com/>
> www.shapeblue.com<http://www.shapeblue.com>
> Rapid deployment framework for Apache CloudStack IaaS Clouds. CSForge is a framework developed by ShapeBlue to deliver the rapid deployment of a standardised ...
>
>
>
>> 53 Chandos Place, Covent Garden, London WC2N 4HSUK
>> @shapeblue
>>
>>
>>
>>
>
>
> --
> Rafael Weingärtner
>
> rohit.yadav@shapeblue.com
> www.shapeblue.com<http://www.shapeblue.com>
> 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> @shapeblue
>
>
>
Re: [DISCUSS] Freezing master for 4.11
Posted by Kristian Liivak <kr...@wavecom.ee>.
Hi Rohit,
Im currenlty moving our office to new location and therefore busy at least week. After that i can set up test enviroment and make all tests.
Lugupidamisega / Regards
Kristian Liivak
WaveCom As
Endla 16, 10142 Tallinn
Estonia
Tel: +3726850001
Gsm: +37256850001
E-mail: kris@wavecom.ee
Skype: kristian.liivak
http://www.wavecom.ee
http://www.facebook.com/wavecom.ee
----- Original Message -----
From: "Rohit Yadav" <ro...@shapeblue.com>
To: "users" <us...@cloudstack.apache.org>
Cc: "dev" <de...@cloudstack.apache.org>
Sent: Tuesday, January 16, 2018 1:17:20 PM
Subject: Re: [DISCUSS] Freezing master for 4.11
Hi Kristian,
Can you test and confirm that you can reproduce the issue with 4.11.0.0-rc1?
- Rohit
<https://cloudstack.apache.org>
________________________________
From: Kristian Liivak <kr...@wavecom.ee>
Sent: Tuesday, January 16, 2018 4:10:17 PM
To: users
Cc: dev
Subject: Re: [DISCUSS] Freezing master for 4.11
Daan,
For us and i guess for many others public cloud and vps providers its very big hole.
Imagine that 10-20 chinese guys have made fraud orders and 10-20 vps are provisioned.
We dealing with fradulent orders daily basis.
Some time later abusers will get catch in the act and vpses will be terminated.
If your customer increase is considerable, most probably one or more ips will be given to new customers during same day.
Newly created instances get then abusers keys and root passwords.
If new instance uses only keys, root password will be never changed.
Abusers need just log in with them old passwords and bitcoin mining or spamming will be started again.
Some of smarter customers are able to connect dots and serviceprovider reputation will be damaged seriously.
Lugupidamisega / Regards
Kristian Liivak
Tegevjuht / Executive director
WaveCom As
Endla 16, 10142 Tallinn
Estonia
Tel: +3726850001
Gsm: +37256850001
E-mail: kris@wavecom.ee
Skype: kristian.liivak
http://www.wavecom.ee
http://www.facebook.com/wavecom.ee
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
----- Original Message -----
From: "Daan Hoogland" <da...@gmail.com>
To: "users" <us...@cloudstack.apache.org>
Cc: "dev" <de...@cloudstack.apache.org>
Sent: Monday, January 15, 2018 1:49:04 PM
Subject: Re: [DISCUSS] Freezing master for 4.11
Kristian,
On Mon, Jan 15, 2018 at 11:49 AM, Kristian Liivak <kr...@wavecom.ee> wrote:
>>
> ...
As for this one:
> Also there is major security hole. When instance is destroyd and expunged
>> > and new instance is created with old IP all old data is unaffected in VR
>> > New instance will get then old root password and ssh key if they were
>> > present in VR
>>
> I don't see how this is a security issue. The user won't get in and
update the key and password to get in. No harm done or am I overlooking
something?
--
Daan
Re: [DISCUSS] Freezing master for 4.11
Posted by Daan Hoogland <da...@gmail.com>.
please discuss on the VOTE thread Kristian. Give your -1 with explanation
there.
On Tue, Jan 16, 2018 at 11:40 AM, Kristian Liivak <kr...@wavecom.ee> wrote:
> Daan,
>
> For us and i guess for many others public cloud and vps providers its very
> big hole.
> Imagine that 10-20 chinese guys have made fraud orders and 10-20 vps are
> provisioned.
> We dealing with fradulent orders daily basis.
> Some time later abusers will get catch in the act and vpses will be
> terminated.
> If your customer increase is considerable, most probably one or more ips
> will be given to new customers during same day.
> Newly created instances get then abusers keys and root passwords.
> If new instance uses only keys, root password will be never changed.
> Abusers need just log in with them old passwords and bitcoin mining or
> spamming will be started again.
> Some of smarter customers are able to connect dots and serviceprovider
> reputation will be damaged seriously.
>
>
> Lugupidamisega / Regards
>
> Kristian Liivak
>
> Tegevjuht / Executive director
>
> WaveCom As
> Endla 16, 10142 Tallinn
> Estonia
> Tel: +3726850001
> Gsm: +37256850001
> E-mail: kris@wavecom.ee
> Skype: kristian.liivak
> http://www.wavecom.ee
> http://www.facebook.com/wavecom.ee
>
> ----- Original Message -----
> From: "Daan Hoogland" <da...@gmail.com>
> To: "users" <us...@cloudstack.apache.org>
> Cc: "dev" <de...@cloudstack.apache.org>
> Sent: Monday, January 15, 2018 1:49:04 PM
> Subject: Re: [DISCUSS] Freezing master for 4.11
>
> Kristian,
>
>
>
> On Mon, Jan 15, 2018 at 11:49 AM, Kristian Liivak <kr...@wavecom.ee> wrote:
> >>
> > ...
>
>
>
> As for this one:
>
> > Also there is major security hole. When instance is destroyd and expunged
> >> > and new instance is created with old IP all old data is unaffected in
> VR
> >> > New instance will get then old root password and ssh key if they were
> >> > present in VR
> >>
> > I don't see how this is a security issue. The user won't get in and
> update the key and password to get in. No harm done or am I overlooking
> something?
>
>
> --
> Daan
>
--
Daan
Re: [DISCUSS] Freezing master for 4.11
Posted by Daan Hoogland <da...@gmail.com>.
please discuss on the VOTE thread Kristian. Give your -1 with explanation
there.
On Tue, Jan 16, 2018 at 11:40 AM, Kristian Liivak <kr...@wavecom.ee> wrote:
> Daan,
>
> For us and i guess for many others public cloud and vps providers its very
> big hole.
> Imagine that 10-20 chinese guys have made fraud orders and 10-20 vps are
> provisioned.
> We dealing with fradulent orders daily basis.
> Some time later abusers will get catch in the act and vpses will be
> terminated.
> If your customer increase is considerable, most probably one or more ips
> will be given to new customers during same day.
> Newly created instances get then abusers keys and root passwords.
> If new instance uses only keys, root password will be never changed.
> Abusers need just log in with them old passwords and bitcoin mining or
> spamming will be started again.
> Some of smarter customers are able to connect dots and serviceprovider
> reputation will be damaged seriously.
>
>
> Lugupidamisega / Regards
>
> Kristian Liivak
>
> Tegevjuht / Executive director
>
> WaveCom As
> Endla 16, 10142 Tallinn
> Estonia
> Tel: +3726850001
> Gsm: +37256850001
> E-mail: kris@wavecom.ee
> Skype: kristian.liivak
> http://www.wavecom.ee
> http://www.facebook.com/wavecom.ee
>
> ----- Original Message -----
> From: "Daan Hoogland" <da...@gmail.com>
> To: "users" <us...@cloudstack.apache.org>
> Cc: "dev" <de...@cloudstack.apache.org>
> Sent: Monday, January 15, 2018 1:49:04 PM
> Subject: Re: [DISCUSS] Freezing master for 4.11
>
> Kristian,
>
>
>
> On Mon, Jan 15, 2018 at 11:49 AM, Kristian Liivak <kr...@wavecom.ee> wrote:
> >>
> > ...
>
>
>
> As for this one:
>
> > Also there is major security hole. When instance is destroyd and expunged
> >> > and new instance is created with old IP all old data is unaffected in
> VR
> >> > New instance will get then old root password and ssh key if they were
> >> > present in VR
> >>
> > I don't see how this is a security issue. The user won't get in and
> update the key and password to get in. No harm done or am I overlooking
> something?
>
>
> --
> Daan
>
--
Daan
Re: [DISCUSS] Freezing master for 4.11
Posted by Rohit Yadav <ro...@shapeblue.com>.
Hi Kristian,
Can you test and confirm that you can reproduce the issue with 4.11.0.0-rc1?
- Rohit
<https://cloudstack.apache.org>
________________________________
From: Kristian Liivak <kr...@wavecom.ee>
Sent: Tuesday, January 16, 2018 4:10:17 PM
To: users
Cc: dev
Subject: Re: [DISCUSS] Freezing master for 4.11
Daan,
For us and i guess for many others public cloud and vps providers its very big hole.
Imagine that 10-20 chinese guys have made fraud orders and 10-20 vps are provisioned.
We dealing with fradulent orders daily basis.
Some time later abusers will get catch in the act and vpses will be terminated.
If your customer increase is considerable, most probably one or more ips will be given to new customers during same day.
Newly created instances get then abusers keys and root passwords.
If new instance uses only keys, root password will be never changed.
Abusers need just log in with them old passwords and bitcoin mining or spamming will be started again.
Some of smarter customers are able to connect dots and serviceprovider reputation will be damaged seriously.
Lugupidamisega / Regards
Kristian Liivak
Tegevjuht / Executive director
WaveCom As
Endla 16, 10142 Tallinn
Estonia
Tel: +3726850001
Gsm: +37256850001
E-mail: kris@wavecom.ee
Skype: kristian.liivak
http://www.wavecom.ee
http://www.facebook.com/wavecom.ee
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
----- Original Message -----
From: "Daan Hoogland" <da...@gmail.com>
To: "users" <us...@cloudstack.apache.org>
Cc: "dev" <de...@cloudstack.apache.org>
Sent: Monday, January 15, 2018 1:49:04 PM
Subject: Re: [DISCUSS] Freezing master for 4.11
Kristian,
On Mon, Jan 15, 2018 at 11:49 AM, Kristian Liivak <kr...@wavecom.ee> wrote:
>>
> ...
As for this one:
> Also there is major security hole. When instance is destroyd and expunged
>> > and new instance is created with old IP all old data is unaffected in VR
>> > New instance will get then old root password and ssh key if they were
>> > present in VR
>>
> I don't see how this is a security issue. The user won't get in and
update the key and password to get in. No harm done or am I overlooking
something?
--
Daan
Re: [DISCUSS] Freezing master for 4.11
Posted by Rohit Yadav <ro...@shapeblue.com>.
Hi Kristian,
Can you test and confirm that you can reproduce the issue with 4.11.0.0-rc1?
- Rohit
<https://cloudstack.apache.org>
________________________________
From: Kristian Liivak <kr...@wavecom.ee>
Sent: Tuesday, January 16, 2018 4:10:17 PM
To: users
Cc: dev
Subject: Re: [DISCUSS] Freezing master for 4.11
Daan,
For us and i guess for many others public cloud and vps providers its very big hole.
Imagine that 10-20 chinese guys have made fraud orders and 10-20 vps are provisioned.
We dealing with fradulent orders daily basis.
Some time later abusers will get catch in the act and vpses will be terminated.
If your customer increase is considerable, most probably one or more ips will be given to new customers during same day.
Newly created instances get then abusers keys and root passwords.
If new instance uses only keys, root password will be never changed.
Abusers need just log in with them old passwords and bitcoin mining or spamming will be started again.
Some of smarter customers are able to connect dots and serviceprovider reputation will be damaged seriously.
Lugupidamisega / Regards
Kristian Liivak
Tegevjuht / Executive director
WaveCom As
Endla 16, 10142 Tallinn
Estonia
Tel: +3726850001
Gsm: +37256850001
E-mail: kris@wavecom.ee
Skype: kristian.liivak
http://www.wavecom.ee
http://www.facebook.com/wavecom.ee
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
----- Original Message -----
From: "Daan Hoogland" <da...@gmail.com>
To: "users" <us...@cloudstack.apache.org>
Cc: "dev" <de...@cloudstack.apache.org>
Sent: Monday, January 15, 2018 1:49:04 PM
Subject: Re: [DISCUSS] Freezing master for 4.11
Kristian,
On Mon, Jan 15, 2018 at 11:49 AM, Kristian Liivak <kr...@wavecom.ee> wrote:
>>
> ...
As for this one:
> Also there is major security hole. When instance is destroyd and expunged
>> > and new instance is created with old IP all old data is unaffected in VR
>> > New instance will get then old root password and ssh key if they were
>> > present in VR
>>
> I don't see how this is a security issue. The user won't get in and
update the key and password to get in. No harm done or am I overlooking
something?
--
Daan
Re: [DISCUSS] Freezing master for 4.11
Posted by Kristian Liivak <kr...@wavecom.ee>.
Daan,
For us and i guess for many others public cloud and vps providers its very big hole.
Imagine that 10-20 chinese guys have made fraud orders and 10-20 vps are provisioned.
We dealing with fradulent orders daily basis.
Some time later abusers will get catch in the act and vpses will be terminated.
If your customer increase is considerable, most probably one or more ips will be given to new customers during same day.
Newly created instances get then abusers keys and root passwords.
If new instance uses only keys, root password will be never changed.
Abusers need just log in with them old passwords and bitcoin mining or spamming will be started again.
Some of smarter customers are able to connect dots and serviceprovider reputation will be damaged seriously.
Lugupidamisega / Regards
Kristian Liivak
Tegevjuht / Executive director
WaveCom As
Endla 16, 10142 Tallinn
Estonia
Tel: +3726850001
Gsm: +37256850001
E-mail: kris@wavecom.ee
Skype: kristian.liivak
http://www.wavecom.ee
http://www.facebook.com/wavecom.ee
----- Original Message -----
From: "Daan Hoogland" <da...@gmail.com>
To: "users" <us...@cloudstack.apache.org>
Cc: "dev" <de...@cloudstack.apache.org>
Sent: Monday, January 15, 2018 1:49:04 PM
Subject: Re: [DISCUSS] Freezing master for 4.11
Kristian,
On Mon, Jan 15, 2018 at 11:49 AM, Kristian Liivak <kr...@wavecom.ee> wrote:
>>
> ...
As for this one:
> Also there is major security hole. When instance is destroyd and expunged
>> > and new instance is created with old IP all old data is unaffected in VR
>> > New instance will get then old root password and ssh key if they were
>> > present in VR
>>
> I don't see how this is a security issue. The user won't get in and
update the key and password to get in. No harm done or am I overlooking
something?
--
Daan
Re: [DISCUSS] Freezing master for 4.11
Posted by Daan Hoogland <da...@gmail.com>.
Kristian,
On Mon, Jan 15, 2018 at 11:49 AM, Kristian Liivak <kr...@wavecom.ee> wrote:
>>
> ...
As for this one:
> Also there is major security hole. When instance is destroyd and expunged
>> > and new instance is created with old IP all old data is unaffected in VR
>> > New instance will get then old root password and ssh key if they were
>> > present in VR
>>
> I don't see how this is a security issue. The user won't get in and
update the key and password to get in. No harm done or am I overlooking
something?
--
Daan
Re: [DISCUSS] Freezing master for 4.11
Posted by Daan Hoogland <da...@gmail.com>.
Kristian,
On Mon, Jan 15, 2018 at 11:49 AM, Kristian Liivak <kr...@wavecom.ee> wrote:
>>
> ...
As for this one:
> Also there is major security hole. When instance is destroyd and expunged
>> > and new instance is created with old IP all old data is unaffected in VR
>> > New instance will get then old root password and ssh key if they were
>> > present in VR
>>
> I don't see how this is a security issue. The user won't get in and
update the key and password to get in. No harm done or am I overlooking
something?
--
Daan
Re: [DISCUSS] Freezing master for 4.11
Posted by Daan Hoogland <da...@gmail.com>.
Yes, I know. I made that that's why i asked. This fix isn't in 4.10 but is
in 4.11.
On Mon, Jan 15, 2018 at 12:37 PM, Kristian Liivak <kr...@wavecom.ee> wrote:
>
> We made lot testing but did´nt had time to dig code this time.
> There was similar VR password management related and fixed issue
> https://issues.apache.org/jira/browse/CLOUDSTACK-10113
>
>
>
> Lugupidamisega / Regards
>
> Kristian Liivak
>
> CTO
> WaveCom As
> Endla 16, 10142 Tallinn
> Estonia
> Tel: +3726850001
> Gsm: +37256850001
> E-mail: kris@wavecom.ee
> Skype: kristian.liivak
> http://www.wavecom.ee
> http://www.facebook.com/wavecom.ee
>
> ----- Original Message -----
> From: "Daan Hoogland" <da...@gmail.com>
> To: "users" <us...@cloudstack.apache.org>
> Cc: "dev" <de...@cloudstack.apache.org>
> Sent: Monday, January 15, 2018 1:22:23 PM
> Subject: Re: [DISCUSS] Freezing master for 4.11
>
> kristian,
>
> these sound like serious regressions. Do you have a fix or did you analyse
> the code yet?
>
> On Mon, Jan 15, 2018 at 11:49 AM, Kristian Liivak <kr...@wavecom.ee> wrote:
>
> > Hello,
> >
> > I have created issue in jira 2 month ago.
> > https://issues.apache.org/jira/browse/CLOUDSTACK-10141
> >
> > In version 4.10 VR password and ssh key distribution don´t work on
> > instance creation.
> > When instance is allreay excisting reset function is operational.
> >
> > Also there is major security hole. When instance is destroyd and expunged
> > and new instance is created with old IP all old data is unaffected in VR
> > New instance will get then old root password and ssh key if they were
> > present in VR
> >
> > In my knowledege cloudstack older versions are not affected.
> >
> > Lugupidamisega / Regards
> >
> > Kristian Liivak
> >
> > CTO
> >
> > WaveCom As
> > Endla 16, 10142 Tallinn
> > Estonia
> > Tel: +3726850001
> > Gsm: +37256850001
> > E-mail: kris@wavecom.ee
> > Skype: kristian.liivak
> > http://www.wavecom.ee
> > http://www.facebook.com/wavecom.ee
> >
> > ----- Original Message -----
> > From: "Rohit Yadav" <ro...@shapeblue.com>
> > To: dev@cloudstack.apache.org, "users" <us...@cloudstack.apache.org>
> > Sent: Sunday, January 14, 2018 8:41:15 PM
> > Subject: Re: [DISCUSS] Freezing master for 4.11
> >
> > All,
> >
> >
> > To give you update, all feature PRs have been reviewed, tested and merged
> > towards the 4.11.0.0. I'll engage with Mike and others for any post-merge
> > regressions (smoketest to be kicked shortly).
> >
> >
> > I see an outstanding PR that may be a critical/blocker PR, please advise
> > and also review:
> >
> > https://github.com/apache/cloudstack/pull/2402
> >
> >
> > If anyone has any blocker to report, please do so. Thanks.
> >
> >
> > I'll cut RC1 as planned by EOD today (Mon/15 Jan 2018).
> >
> >
> > - Rohit
> >
> > <https://cloudstack.apache.org>
> >
> >
> >
> > ________________________________
> > From: Tutkowski, Mike <Mi...@netapp.com>
> > Sent: Saturday, January 13, 2018 3:23:40 AM
> > To: dev@cloudstack.apache.org
> > Subject: Re: [DISCUSS] Freezing master for 4.11
> >
> > I’m investigating these now. I have found and fixed two of them so far.
> >
> >
> > rohit.yadav@shapeblue.com
> > www.shapeblue.com
> > 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> > @shapeblue
> >
> >
> >
> > > On Jan 12, 2018, at 2:49 PM, Rohit Yadav <ro...@shapeblue.com>
> > wrote:
> > >
> > > Thanks Rafael and Daan.
> > >
> > >
> > >> From: Rafael Weingärtner <ra...@gmail.com>
> > >>
> > >> I believe there is no problem in merging Wido’s and Mike’s PRs, they
> > have
> > >> been extensively discussed and improved (specially Mike’s one).
> > >
> > > Thanks, Mike's PR has several regression smoketest failures and can be
> > accepted only when those failures are fixed.
> > >
> > > We'll cut 4.11 branch start rc1 on Monday that would be a hard freeze.
> > If Mike wants, he can help fix them over the weekend, I can help run
> > smoketests.
> > >
> > >> Having said that; I would be ok with it (no need to revert it), but we
> > need
> > >> to be more careful with these things. If one wants to merge something,
> > >> there is no harm in waiting and calling for reviewers via Github,
> > Slack, or
> > >> even email them directly.
> > >
> > > Additional review was requested, but mea culpa - thanks for your
> > support, noted.
> > >
> > > - Rohit
> > >
> > > On Fri, Jan 12, 2018 at 3:57 PM, Rohit Yadav <
> rohit.yadav@shapeblue.com>
> > > wrote:
> > >
> > >> All,
> > >>
> > >>
> > >> We're down to one feature PR towards 4.11 milestone now:
> > >>
> > >> https://github.com/apache/cloudstack/pull/2298
> > >>
> > >>
> > >> The config drive PR from Frank (Nuage) has been accepted today after
> no
> > >> regression test failures seen from yesterday's smoketest run. We've
> also
> > >> tested, reviewed and merge Wido's (blocker fix) PR.
> > >>
> > >>
> > >> I've asked Mike to stabilize the branch; based on the smoketest
> results
> > >> from today we can see some failures caused by the PR. I'm willing to
> > work
> > >> with Mike and others to get this PR tested, and merged over the
> > weekends if
> > >> we can demonstrate that no regression is caused by it, i.e. no new
> > >> smoketest regressions. I'll also try to fix regression and test
> failures
> > >> over the weekend.
> > >>
> > >>
> > >> Lastly, I would like to discuss a mistake I made today with merging
> the
> > >> following PR which per our guideline lacks one code review
> > lgtm/approval:
> > >>
> > >> https://github.com/apache/cloudstack/pull/2152
> > >>
> > >>
> > >> The changes in above (merged) PR are all localized to a
> xenserver-swift
> > >> file, that is not tested by Travis or Trillian, since no new
> regression
> > >> failures were seen I accepted and merge it on that discretion. The PR
> > was
> > >> originally on the 4.11 milestone, however, due to it lacking a JIRA id
> > and
> > >> no response from the author it was only recently removed from the
> > milestone.
> > >>
> > >>
> > >> Please advise if I need to revert this, or we can review/lgtm it
> > >> post-merge? I'll also ping on the above PR.
> > >>
> > >>
> > >> - Rohit
> > >>
> > >> <https://cloudstack.apache.org>
> > > Apache CloudStack: Open Source Cloud Computing<https://cloudstack.
> > apache.org/>
> > > cloudstack.apache.org
> > > CloudStack is open source cloud computing software for creating,
> > managing, and deploying infrastructure cloud services
> > >
> > >
> > >
> > >>
> > >>
> > >>
> > >> ________________________________
> > >> From: Wido den Hollander <wi...@widodh.nl>
> > >> Sent: Thursday, January 11, 2018 9:17:26 PM
> > >> To: dev@cloudstack.apache.org
> > >> Subject: Re: [DISCUSS] Freezing master for 4.11
> > >>
> > >>
> > >>
> > >>> On 01/10/2018 07:26 PM, Daan Hoogland wrote:
> > >>> I hope we understand each other correctly: No-one running an earlier
> > >>> version then 4.11 should miss out on any functionality they are using
> > >> now.
> > >>>
> > >>> So if you use ipv6 and multiple cidrs now it must continue to work
> with
> > >> no
> > >>> loss of functionality. see my question below.
> > >>>
> > >>> On Wed, Jan 10, 2018 at 7:06 PM, Ivan Kudryavtsev <
> > >> kudryavtsev_ia@bw-sw.com>
> > >>> wrote:
> > >>>
> > >>>> Daan, yes this sounds reasonable, I suppose who would like to fix,
> > could
> > >>>> do custom build for himself...
> > >>>>
> > >>>> But still it should be aknowledged somehow, if you use several cidrs
> > for
> > >>>> network, don't use v6, or don't upgrade to 4.11 because things will
> > stop
> > >>>> running well.
> > >>>>
> > >>> Does this mean that several cidrs in ipv6 works in 4.9 and not in
> 4.11?
> > >>>
> > >>
> > >> No, it doesn't. IPv6 was introduced in 4.10 and this broke in 4.10.
> > >>
> > >> You can't run with 4.10 with multiple IPv4 CIDRs as well when you have
> > >> IPv6 enabled.
> > >>
> > >> So this is broken in 4.10 and 4.11 in that case.
> > >>
> > >> Wido
> > >>
> > >>>
> > >>> if yes; it is a blocker
> > >>>
> > >>> if no; you might as well upgrade for other features as it doesn't
> work
> > >> now
> > >>> either.
> > >>>
> > >>
> > >> rohit.yadav@shapeblue.com
> > >> www.shapeblue.com<http://www.shapeblue.com>
> > > [http://www.shapeblue.com/wp-content/uploads/2017/06/logo.png]<
> > http://www.shapeblue.com/>
> > >
> > > Shapeblue - The CloudStack Company<http://www.shapeblue.com/>
> > > www.shapeblue.com<http://www.shapeblue.com>
> > > Rapid deployment framework for Apache CloudStack IaaS Clouds. CSForge
> is
> > a framework developed by ShapeBlue to deliver the rapid deployment of a
> > standardised ...
> > >
> > >
> > >
> > >> 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> > >> @shapeblue
> > >>
> > >>
> > >>
> > >>
> > >
> > >
> > > --
> > > Rafael Weingärtner
> > >
> > > rohit.yadav@shapeblue.com
> > > www.shapeblue.com<http://www.shapeblue.com>
> > > 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> > > @shapeblue
> > >
> > >
> > >
> >
>
>
>
> --
> Daan
>
--
Daan
Re: [DISCUSS] Freezing master for 4.11
Posted by Daan Hoogland <da...@gmail.com>.
Yes, I know. I made that that's why i asked. This fix isn't in 4.10 but is
in 4.11.
On Mon, Jan 15, 2018 at 12:37 PM, Kristian Liivak <kr...@wavecom.ee> wrote:
>
> We made lot testing but did´nt had time to dig code this time.
> There was similar VR password management related and fixed issue
> https://issues.apache.org/jira/browse/CLOUDSTACK-10113
>
>
>
> Lugupidamisega / Regards
>
> Kristian Liivak
>
> CTO
> WaveCom As
> Endla 16, 10142 Tallinn
> Estonia
> Tel: +3726850001
> Gsm: +37256850001
> E-mail: kris@wavecom.ee
> Skype: kristian.liivak
> http://www.wavecom.ee
> http://www.facebook.com/wavecom.ee
>
> ----- Original Message -----
> From: "Daan Hoogland" <da...@gmail.com>
> To: "users" <us...@cloudstack.apache.org>
> Cc: "dev" <de...@cloudstack.apache.org>
> Sent: Monday, January 15, 2018 1:22:23 PM
> Subject: Re: [DISCUSS] Freezing master for 4.11
>
> kristian,
>
> these sound like serious regressions. Do you have a fix or did you analyse
> the code yet?
>
> On Mon, Jan 15, 2018 at 11:49 AM, Kristian Liivak <kr...@wavecom.ee> wrote:
>
> > Hello,
> >
> > I have created issue in jira 2 month ago.
> > https://issues.apache.org/jira/browse/CLOUDSTACK-10141
> >
> > In version 4.10 VR password and ssh key distribution don´t work on
> > instance creation.
> > When instance is allreay excisting reset function is operational.
> >
> > Also there is major security hole. When instance is destroyd and expunged
> > and new instance is created with old IP all old data is unaffected in VR
> > New instance will get then old root password and ssh key if they were
> > present in VR
> >
> > In my knowledege cloudstack older versions are not affected.
> >
> > Lugupidamisega / Regards
> >
> > Kristian Liivak
> >
> > CTO
> >
> > WaveCom As
> > Endla 16, 10142 Tallinn
> > Estonia
> > Tel: +3726850001
> > Gsm: +37256850001
> > E-mail: kris@wavecom.ee
> > Skype: kristian.liivak
> > http://www.wavecom.ee
> > http://www.facebook.com/wavecom.ee
> >
> > ----- Original Message -----
> > From: "Rohit Yadav" <ro...@shapeblue.com>
> > To: dev@cloudstack.apache.org, "users" <us...@cloudstack.apache.org>
> > Sent: Sunday, January 14, 2018 8:41:15 PM
> > Subject: Re: [DISCUSS] Freezing master for 4.11
> >
> > All,
> >
> >
> > To give you update, all feature PRs have been reviewed, tested and merged
> > towards the 4.11.0.0. I'll engage with Mike and others for any post-merge
> > regressions (smoketest to be kicked shortly).
> >
> >
> > I see an outstanding PR that may be a critical/blocker PR, please advise
> > and also review:
> >
> > https://github.com/apache/cloudstack/pull/2402
> >
> >
> > If anyone has any blocker to report, please do so. Thanks.
> >
> >
> > I'll cut RC1 as planned by EOD today (Mon/15 Jan 2018).
> >
> >
> > - Rohit
> >
> > <https://cloudstack.apache.org>
> >
> >
> >
> > ________________________________
> > From: Tutkowski, Mike <Mi...@netapp.com>
> > Sent: Saturday, January 13, 2018 3:23:40 AM
> > To: dev@cloudstack.apache.org
> > Subject: Re: [DISCUSS] Freezing master for 4.11
> >
> > I’m investigating these now. I have found and fixed two of them so far.
> >
> >
> > rohit.yadav@shapeblue.com
> > www.shapeblue.com
> > 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> > @shapeblue
> >
> >
> >
> > > On Jan 12, 2018, at 2:49 PM, Rohit Yadav <ro...@shapeblue.com>
> > wrote:
> > >
> > > Thanks Rafael and Daan.
> > >
> > >
> > >> From: Rafael Weingärtner <ra...@gmail.com>
> > >>
> > >> I believe there is no problem in merging Wido’s and Mike’s PRs, they
> > have
> > >> been extensively discussed and improved (specially Mike’s one).
> > >
> > > Thanks, Mike's PR has several regression smoketest failures and can be
> > accepted only when those failures are fixed.
> > >
> > > We'll cut 4.11 branch start rc1 on Monday that would be a hard freeze.
> > If Mike wants, he can help fix them over the weekend, I can help run
> > smoketests.
> > >
> > >> Having said that; I would be ok with it (no need to revert it), but we
> > need
> > >> to be more careful with these things. If one wants to merge something,
> > >> there is no harm in waiting and calling for reviewers via Github,
> > Slack, or
> > >> even email them directly.
> > >
> > > Additional review was requested, but mea culpa - thanks for your
> > support, noted.
> > >
> > > - Rohit
> > >
> > > On Fri, Jan 12, 2018 at 3:57 PM, Rohit Yadav <
> rohit.yadav@shapeblue.com>
> > > wrote:
> > >
> > >> All,
> > >>
> > >>
> > >> We're down to one feature PR towards 4.11 milestone now:
> > >>
> > >> https://github.com/apache/cloudstack/pull/2298
> > >>
> > >>
> > >> The config drive PR from Frank (Nuage) has been accepted today after
> no
> > >> regression test failures seen from yesterday's smoketest run. We've
> also
> > >> tested, reviewed and merge Wido's (blocker fix) PR.
> > >>
> > >>
> > >> I've asked Mike to stabilize the branch; based on the smoketest
> results
> > >> from today we can see some failures caused by the PR. I'm willing to
> > work
> > >> with Mike and others to get this PR tested, and merged over the
> > weekends if
> > >> we can demonstrate that no regression is caused by it, i.e. no new
> > >> smoketest regressions. I'll also try to fix regression and test
> failures
> > >> over the weekend.
> > >>
> > >>
> > >> Lastly, I would like to discuss a mistake I made today with merging
> the
> > >> following PR which per our guideline lacks one code review
> > lgtm/approval:
> > >>
> > >> https://github.com/apache/cloudstack/pull/2152
> > >>
> > >>
> > >> The changes in above (merged) PR are all localized to a
> xenserver-swift
> > >> file, that is not tested by Travis or Trillian, since no new
> regression
> > >> failures were seen I accepted and merge it on that discretion. The PR
> > was
> > >> originally on the 4.11 milestone, however, due to it lacking a JIRA id
> > and
> > >> no response from the author it was only recently removed from the
> > milestone.
> > >>
> > >>
> > >> Please advise if I need to revert this, or we can review/lgtm it
> > >> post-merge? I'll also ping on the above PR.
> > >>
> > >>
> > >> - Rohit
> > >>
> > >> <https://cloudstack.apache.org>
> > > Apache CloudStack: Open Source Cloud Computing<https://cloudstack.
> > apache.org/>
> > > cloudstack.apache.org
> > > CloudStack is open source cloud computing software for creating,
> > managing, and deploying infrastructure cloud services
> > >
> > >
> > >
> > >>
> > >>
> > >>
> > >> ________________________________
> > >> From: Wido den Hollander <wi...@widodh.nl>
> > >> Sent: Thursday, January 11, 2018 9:17:26 PM
> > >> To: dev@cloudstack.apache.org
> > >> Subject: Re: [DISCUSS] Freezing master for 4.11
> > >>
> > >>
> > >>
> > >>> On 01/10/2018 07:26 PM, Daan Hoogland wrote:
> > >>> I hope we understand each other correctly: No-one running an earlier
> > >>> version then 4.11 should miss out on any functionality they are using
> > >> now.
> > >>>
> > >>> So if you use ipv6 and multiple cidrs now it must continue to work
> with
> > >> no
> > >>> loss of functionality. see my question below.
> > >>>
> > >>> On Wed, Jan 10, 2018 at 7:06 PM, Ivan Kudryavtsev <
> > >> kudryavtsev_ia@bw-sw.com>
> > >>> wrote:
> > >>>
> > >>>> Daan, yes this sounds reasonable, I suppose who would like to fix,
> > could
> > >>>> do custom build for himself...
> > >>>>
> > >>>> But still it should be aknowledged somehow, if you use several cidrs
> > for
> > >>>> network, don't use v6, or don't upgrade to 4.11 because things will
> > stop
> > >>>> running well.
> > >>>>
> > >>> Does this mean that several cidrs in ipv6 works in 4.9 and not in
> 4.11?
> > >>>
> > >>
> > >> No, it doesn't. IPv6 was introduced in 4.10 and this broke in 4.10.
> > >>
> > >> You can't run with 4.10 with multiple IPv4 CIDRs as well when you have
> > >> IPv6 enabled.
> > >>
> > >> So this is broken in 4.10 and 4.11 in that case.
> > >>
> > >> Wido
> > >>
> > >>>
> > >>> if yes; it is a blocker
> > >>>
> > >>> if no; you might as well upgrade for other features as it doesn't
> work
> > >> now
> > >>> either.
> > >>>
> > >>
> > >> rohit.yadav@shapeblue.com
> > >> www.shapeblue.com<http://www.shapeblue.com>
> > > [http://www.shapeblue.com/wp-content/uploads/2017/06/logo.png]<
> > http://www.shapeblue.com/>
> > >
> > > Shapeblue - The CloudStack Company<http://www.shapeblue.com/>
> > > www.shapeblue.com<http://www.shapeblue.com>
> > > Rapid deployment framework for Apache CloudStack IaaS Clouds. CSForge
> is
> > a framework developed by ShapeBlue to deliver the rapid deployment of a
> > standardised ...
> > >
> > >
> > >
> > >> 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> > >> @shapeblue
> > >>
> > >>
> > >>
> > >>
> > >
> > >
> > > --
> > > Rafael Weingärtner
> > >
> > > rohit.yadav@shapeblue.com
> > > www.shapeblue.com<http://www.shapeblue.com>
> > > 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> > > @shapeblue
> > >
> > >
> > >
> >
>
>
>
> --
> Daan
>
--
Daan
Re: [DISCUSS] Freezing master for 4.11
Posted by Kristian Liivak <kr...@wavecom.ee>.
We made lot testing but did´nt had time to dig code this time.
There was similar VR password management related and fixed issue https://issues.apache.org/jira/browse/CLOUDSTACK-10113
Lugupidamisega / Regards
Kristian Liivak
CTO
WaveCom As
Endla 16, 10142 Tallinn
Estonia
Tel: +3726850001
Gsm: +37256850001
E-mail: kris@wavecom.ee
Skype: kristian.liivak
http://www.wavecom.ee
http://www.facebook.com/wavecom.ee
----- Original Message -----
From: "Daan Hoogland" <da...@gmail.com>
To: "users" <us...@cloudstack.apache.org>
Cc: "dev" <de...@cloudstack.apache.org>
Sent: Monday, January 15, 2018 1:22:23 PM
Subject: Re: [DISCUSS] Freezing master for 4.11
kristian,
these sound like serious regressions. Do you have a fix or did you analyse
the code yet?
On Mon, Jan 15, 2018 at 11:49 AM, Kristian Liivak <kr...@wavecom.ee> wrote:
> Hello,
>
> I have created issue in jira 2 month ago.
> https://issues.apache.org/jira/browse/CLOUDSTACK-10141
>
> In version 4.10 VR password and ssh key distribution don´t work on
> instance creation.
> When instance is allreay excisting reset function is operational.
>
> Also there is major security hole. When instance is destroyd and expunged
> and new instance is created with old IP all old data is unaffected in VR
> New instance will get then old root password and ssh key if they were
> present in VR
>
> In my knowledege cloudstack older versions are not affected.
>
> Lugupidamisega / Regards
>
> Kristian Liivak
>
> CTO
>
> WaveCom As
> Endla 16, 10142 Tallinn
> Estonia
> Tel: +3726850001
> Gsm: +37256850001
> E-mail: kris@wavecom.ee
> Skype: kristian.liivak
> http://www.wavecom.ee
> http://www.facebook.com/wavecom.ee
>
> ----- Original Message -----
> From: "Rohit Yadav" <ro...@shapeblue.com>
> To: dev@cloudstack.apache.org, "users" <us...@cloudstack.apache.org>
> Sent: Sunday, January 14, 2018 8:41:15 PM
> Subject: Re: [DISCUSS] Freezing master for 4.11
>
> All,
>
>
> To give you update, all feature PRs have been reviewed, tested and merged
> towards the 4.11.0.0. I'll engage with Mike and others for any post-merge
> regressions (smoketest to be kicked shortly).
>
>
> I see an outstanding PR that may be a critical/blocker PR, please advise
> and also review:
>
> https://github.com/apache/cloudstack/pull/2402
>
>
> If anyone has any blocker to report, please do so. Thanks.
>
>
> I'll cut RC1 as planned by EOD today (Mon/15 Jan 2018).
>
>
> - Rohit
>
> <https://cloudstack.apache.org>
>
>
>
> ________________________________
> From: Tutkowski, Mike <Mi...@netapp.com>
> Sent: Saturday, January 13, 2018 3:23:40 AM
> To: dev@cloudstack.apache.org
> Subject: Re: [DISCUSS] Freezing master for 4.11
>
> I’m investigating these now. I have found and fixed two of them so far.
>
>
> rohit.yadav@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> @shapeblue
>
>
>
> > On Jan 12, 2018, at 2:49 PM, Rohit Yadav <ro...@shapeblue.com>
> wrote:
> >
> > Thanks Rafael and Daan.
> >
> >
> >> From: Rafael Weingärtner <ra...@gmail.com>
> >>
> >> I believe there is no problem in merging Wido’s and Mike’s PRs, they
> have
> >> been extensively discussed and improved (specially Mike’s one).
> >
> > Thanks, Mike's PR has several regression smoketest failures and can be
> accepted only when those failures are fixed.
> >
> > We'll cut 4.11 branch start rc1 on Monday that would be a hard freeze.
> If Mike wants, he can help fix them over the weekend, I can help run
> smoketests.
> >
> >> Having said that; I would be ok with it (no need to revert it), but we
> need
> >> to be more careful with these things. If one wants to merge something,
> >> there is no harm in waiting and calling for reviewers via Github,
> Slack, or
> >> even email them directly.
> >
> > Additional review was requested, but mea culpa - thanks for your
> support, noted.
> >
> > - Rohit
> >
> > On Fri, Jan 12, 2018 at 3:57 PM, Rohit Yadav <ro...@shapeblue.com>
> > wrote:
> >
> >> All,
> >>
> >>
> >> We're down to one feature PR towards 4.11 milestone now:
> >>
> >> https://github.com/apache/cloudstack/pull/2298
> >>
> >>
> >> The config drive PR from Frank (Nuage) has been accepted today after no
> >> regression test failures seen from yesterday's smoketest run. We've also
> >> tested, reviewed and merge Wido's (blocker fix) PR.
> >>
> >>
> >> I've asked Mike to stabilize the branch; based on the smoketest results
> >> from today we can see some failures caused by the PR. I'm willing to
> work
> >> with Mike and others to get this PR tested, and merged over the
> weekends if
> >> we can demonstrate that no regression is caused by it, i.e. no new
> >> smoketest regressions. I'll also try to fix regression and test failures
> >> over the weekend.
> >>
> >>
> >> Lastly, I would like to discuss a mistake I made today with merging the
> >> following PR which per our guideline lacks one code review
> lgtm/approval:
> >>
> >> https://github.com/apache/cloudstack/pull/2152
> >>
> >>
> >> The changes in above (merged) PR are all localized to a xenserver-swift
> >> file, that is not tested by Travis or Trillian, since no new regression
> >> failures were seen I accepted and merge it on that discretion. The PR
> was
> >> originally on the 4.11 milestone, however, due to it lacking a JIRA id
> and
> >> no response from the author it was only recently removed from the
> milestone.
> >>
> >>
> >> Please advise if I need to revert this, or we can review/lgtm it
> >> post-merge? I'll also ping on the above PR.
> >>
> >>
> >> - Rohit
> >>
> >> <https://cloudstack.apache.org>
> > Apache CloudStack: Open Source Cloud Computing<https://cloudstack.
> apache.org/>
> > cloudstack.apache.org
> > CloudStack is open source cloud computing software for creating,
> managing, and deploying infrastructure cloud services
> >
> >
> >
> >>
> >>
> >>
> >> ________________________________
> >> From: Wido den Hollander <wi...@widodh.nl>
> >> Sent: Thursday, January 11, 2018 9:17:26 PM
> >> To: dev@cloudstack.apache.org
> >> Subject: Re: [DISCUSS] Freezing master for 4.11
> >>
> >>
> >>
> >>> On 01/10/2018 07:26 PM, Daan Hoogland wrote:
> >>> I hope we understand each other correctly: No-one running an earlier
> >>> version then 4.11 should miss out on any functionality they are using
> >> now.
> >>>
> >>> So if you use ipv6 and multiple cidrs now it must continue to work with
> >> no
> >>> loss of functionality. see my question below.
> >>>
> >>> On Wed, Jan 10, 2018 at 7:06 PM, Ivan Kudryavtsev <
> >> kudryavtsev_ia@bw-sw.com>
> >>> wrote:
> >>>
> >>>> Daan, yes this sounds reasonable, I suppose who would like to fix,
> could
> >>>> do custom build for himself...
> >>>>
> >>>> But still it should be aknowledged somehow, if you use several cidrs
> for
> >>>> network, don't use v6, or don't upgrade to 4.11 because things will
> stop
> >>>> running well.
> >>>>
> >>> Does this mean that several cidrs in ipv6 works in 4.9 and not in 4.11?
> >>>
> >>
> >> No, it doesn't. IPv6 was introduced in 4.10 and this broke in 4.10.
> >>
> >> You can't run with 4.10 with multiple IPv4 CIDRs as well when you have
> >> IPv6 enabled.
> >>
> >> So this is broken in 4.10 and 4.11 in that case.
> >>
> >> Wido
> >>
> >>>
> >>> if yes; it is a blocker
> >>>
> >>> if no; you might as well upgrade for other features as it doesn't work
> >> now
> >>> either.
> >>>
> >>
> >> rohit.yadav@shapeblue.com
> >> www.shapeblue.com<http://www.shapeblue.com>
> > [http://www.shapeblue.com/wp-content/uploads/2017/06/logo.png]<
> http://www.shapeblue.com/>
> >
> > Shapeblue - The CloudStack Company<http://www.shapeblue.com/>
> > www.shapeblue.com<http://www.shapeblue.com>
> > Rapid deployment framework for Apache CloudStack IaaS Clouds. CSForge is
> a framework developed by ShapeBlue to deliver the rapid deployment of a
> standardised ...
> >
> >
> >
> >> 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> >> @shapeblue
> >>
> >>
> >>
> >>
> >
> >
> > --
> > Rafael Weingärtner
> >
> > rohit.yadav@shapeblue.com
> > www.shapeblue.com<http://www.shapeblue.com>
> > 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> > @shapeblue
> >
> >
> >
>
--
Daan
Re: [DISCUSS] Freezing master for 4.11
Posted by Daan Hoogland <da...@gmail.com>.
kristian,
these sound like serious regressions. Do you have a fix or did you analyse
the code yet?
On Mon, Jan 15, 2018 at 11:49 AM, Kristian Liivak <kr...@wavecom.ee> wrote:
> Hello,
>
> I have created issue in jira 2 month ago.
> https://issues.apache.org/jira/browse/CLOUDSTACK-10141
>
> In version 4.10 VR password and ssh key distribution don´t work on
> instance creation.
> When instance is allreay excisting reset function is operational.
>
> Also there is major security hole. When instance is destroyd and expunged
> and new instance is created with old IP all old data is unaffected in VR
> New instance will get then old root password and ssh key if they were
> present in VR
>
> In my knowledege cloudstack older versions are not affected.
>
> Lugupidamisega / Regards
>
> Kristian Liivak
>
> CTO
>
> WaveCom As
> Endla 16, 10142 Tallinn
> Estonia
> Tel: +3726850001
> Gsm: +37256850001
> E-mail: kris@wavecom.ee
> Skype: kristian.liivak
> http://www.wavecom.ee
> http://www.facebook.com/wavecom.ee
>
> ----- Original Message -----
> From: "Rohit Yadav" <ro...@shapeblue.com>
> To: dev@cloudstack.apache.org, "users" <us...@cloudstack.apache.org>
> Sent: Sunday, January 14, 2018 8:41:15 PM
> Subject: Re: [DISCUSS] Freezing master for 4.11
>
> All,
>
>
> To give you update, all feature PRs have been reviewed, tested and merged
> towards the 4.11.0.0. I'll engage with Mike and others for any post-merge
> regressions (smoketest to be kicked shortly).
>
>
> I see an outstanding PR that may be a critical/blocker PR, please advise
> and also review:
>
> https://github.com/apache/cloudstack/pull/2402
>
>
> If anyone has any blocker to report, please do so. Thanks.
>
>
> I'll cut RC1 as planned by EOD today (Mon/15 Jan 2018).
>
>
> - Rohit
>
> <https://cloudstack.apache.org>
>
>
>
> ________________________________
> From: Tutkowski, Mike <Mi...@netapp.com>
> Sent: Saturday, January 13, 2018 3:23:40 AM
> To: dev@cloudstack.apache.org
> Subject: Re: [DISCUSS] Freezing master for 4.11
>
> I’m investigating these now. I have found and fixed two of them so far.
>
>
> rohit.yadav@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> @shapeblue
>
>
>
> > On Jan 12, 2018, at 2:49 PM, Rohit Yadav <ro...@shapeblue.com>
> wrote:
> >
> > Thanks Rafael and Daan.
> >
> >
> >> From: Rafael Weingärtner <ra...@gmail.com>
> >>
> >> I believe there is no problem in merging Wido’s and Mike’s PRs, they
> have
> >> been extensively discussed and improved (specially Mike’s one).
> >
> > Thanks, Mike's PR has several regression smoketest failures and can be
> accepted only when those failures are fixed.
> >
> > We'll cut 4.11 branch start rc1 on Monday that would be a hard freeze.
> If Mike wants, he can help fix them over the weekend, I can help run
> smoketests.
> >
> >> Having said that; I would be ok with it (no need to revert it), but we
> need
> >> to be more careful with these things. If one wants to merge something,
> >> there is no harm in waiting and calling for reviewers via Github,
> Slack, or
> >> even email them directly.
> >
> > Additional review was requested, but mea culpa - thanks for your
> support, noted.
> >
> > - Rohit
> >
> > On Fri, Jan 12, 2018 at 3:57 PM, Rohit Yadav <ro...@shapeblue.com>
> > wrote:
> >
> >> All,
> >>
> >>
> >> We're down to one feature PR towards 4.11 milestone now:
> >>
> >> https://github.com/apache/cloudstack/pull/2298
> >>
> >>
> >> The config drive PR from Frank (Nuage) has been accepted today after no
> >> regression test failures seen from yesterday's smoketest run. We've also
> >> tested, reviewed and merge Wido's (blocker fix) PR.
> >>
> >>
> >> I've asked Mike to stabilize the branch; based on the smoketest results
> >> from today we can see some failures caused by the PR. I'm willing to
> work
> >> with Mike and others to get this PR tested, and merged over the
> weekends if
> >> we can demonstrate that no regression is caused by it, i.e. no new
> >> smoketest regressions. I'll also try to fix regression and test failures
> >> over the weekend.
> >>
> >>
> >> Lastly, I would like to discuss a mistake I made today with merging the
> >> following PR which per our guideline lacks one code review
> lgtm/approval:
> >>
> >> https://github.com/apache/cloudstack/pull/2152
> >>
> >>
> >> The changes in above (merged) PR are all localized to a xenserver-swift
> >> file, that is not tested by Travis or Trillian, since no new regression
> >> failures were seen I accepted and merge it on that discretion. The PR
> was
> >> originally on the 4.11 milestone, however, due to it lacking a JIRA id
> and
> >> no response from the author it was only recently removed from the
> milestone.
> >>
> >>
> >> Please advise if I need to revert this, or we can review/lgtm it
> >> post-merge? I'll also ping on the above PR.
> >>
> >>
> >> - Rohit
> >>
> >> <https://cloudstack.apache.org>
> > Apache CloudStack: Open Source Cloud Computing<https://cloudstack.
> apache.org/>
> > cloudstack.apache.org
> > CloudStack is open source cloud computing software for creating,
> managing, and deploying infrastructure cloud services
> >
> >
> >
> >>
> >>
> >>
> >> ________________________________
> >> From: Wido den Hollander <wi...@widodh.nl>
> >> Sent: Thursday, January 11, 2018 9:17:26 PM
> >> To: dev@cloudstack.apache.org
> >> Subject: Re: [DISCUSS] Freezing master for 4.11
> >>
> >>
> >>
> >>> On 01/10/2018 07:26 PM, Daan Hoogland wrote:
> >>> I hope we understand each other correctly: No-one running an earlier
> >>> version then 4.11 should miss out on any functionality they are using
> >> now.
> >>>
> >>> So if you use ipv6 and multiple cidrs now it must continue to work with
> >> no
> >>> loss of functionality. see my question below.
> >>>
> >>> On Wed, Jan 10, 2018 at 7:06 PM, Ivan Kudryavtsev <
> >> kudryavtsev_ia@bw-sw.com>
> >>> wrote:
> >>>
> >>>> Daan, yes this sounds reasonable, I suppose who would like to fix,
> could
> >>>> do custom build for himself...
> >>>>
> >>>> But still it should be aknowledged somehow, if you use several cidrs
> for
> >>>> network, don't use v6, or don't upgrade to 4.11 because things will
> stop
> >>>> running well.
> >>>>
> >>> Does this mean that several cidrs in ipv6 works in 4.9 and not in 4.11?
> >>>
> >>
> >> No, it doesn't. IPv6 was introduced in 4.10 and this broke in 4.10.
> >>
> >> You can't run with 4.10 with multiple IPv4 CIDRs as well when you have
> >> IPv6 enabled.
> >>
> >> So this is broken in 4.10 and 4.11 in that case.
> >>
> >> Wido
> >>
> >>>
> >>> if yes; it is a blocker
> >>>
> >>> if no; you might as well upgrade for other features as it doesn't work
> >> now
> >>> either.
> >>>
> >>
> >> rohit.yadav@shapeblue.com
> >> www.shapeblue.com<http://www.shapeblue.com>
> > [http://www.shapeblue.com/wp-content/uploads/2017/06/logo.png]<
> http://www.shapeblue.com/>
> >
> > Shapeblue - The CloudStack Company<http://www.shapeblue.com/>
> > www.shapeblue.com<http://www.shapeblue.com>
> > Rapid deployment framework for Apache CloudStack IaaS Clouds. CSForge is
> a framework developed by ShapeBlue to deliver the rapid deployment of a
> standardised ...
> >
> >
> >
> >> 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> >> @shapeblue
> >>
> >>
> >>
> >>
> >
> >
> > --
> > Rafael Weingärtner
> >
> > rohit.yadav@shapeblue.com
> > www.shapeblue.com<http://www.shapeblue.com>
> > 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> > @shapeblue
> >
> >
> >
>
--
Daan
Re: [DISCUSS] Freezing master for 4.11
Posted by Rohit Yadav <ro...@shapeblue.com>.
Hi Kristian,
I looked at https://issues.apache.org/jira/browse/CLOUDSTACK-10141
If the new VM is deployed with a password and/or ssh-key enabled VM template, then VR should get new password and the user/account specific ssh-public key so the mentioned issues don't affect such new VMs. However, I agree VMs may have access to old VM's password (if not consumed) and ssh-public key if are not password/ssh-public-key enabled - but they may be useless/stale information and I feel they are more of a GC issue than a security issue.
Are you able to reproduce a case when a new VM deployed using old VM's IP and with a password and/or public-key enabled template is getting the password and/or ssh-public-key from old VM (and the old user/account)? I think if yes, then it's a security issue.
Thoughts, comments?
- Rohit
<https://cloudstack.apache.org>
________________________________
From: Kristian Liivak <kr...@wavecom.ee>
Sent: Monday, January 15, 2018 4:19:03 PM
To: users
Cc: dev@cloudstack.apache.org
Subject: Re: [DISCUSS] Freezing master for 4.11
Hello,
I have created issue in jira 2 month ago.
https://issues.apache.org/jira/browse/CLOUDSTACK-10141
In version 4.10 VR password and ssh key distribution don´t work on instance creation.
When instance is allreay excisting reset function is operational.
Also there is major security hole. When instance is destroyd and expunged and new instance is created with old IP all old data is unaffected in VR
New instance will get then old root password and ssh key if they were present in VR
In my knowledege cloudstack older versions are not affected.
Lugupidamisega / Regards
Kristian Liivak
CTO
WaveCom As
Endla 16, 10142 Tallinn
Estonia
Tel: +3726850001
Gsm: +37256850001
E-mail: kris@wavecom.ee
Skype: kristian.liivak
http://www.wavecom.ee
http://www.facebook.com/wavecom.ee
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
----- Original Message -----
From: "Rohit Yadav" <ro...@shapeblue.com>
To: dev@cloudstack.apache.org, "users" <us...@cloudstack.apache.org>
Sent: Sunday, January 14, 2018 8:41:15 PM
Subject: Re: [DISCUSS] Freezing master for 4.11
All,
To give you update, all feature PRs have been reviewed, tested and merged towards the 4.11.0.0. I'll engage with Mike and others for any post-merge regressions (smoketest to be kicked shortly).
I see an outstanding PR that may be a critical/blocker PR, please advise and also review:
https://github.com/apache/cloudstack/pull/2402
If anyone has any blocker to report, please do so. Thanks.
I'll cut RC1 as planned by EOD today (Mon/15 Jan 2018).
- Rohit
<https://cloudstack.apache.org>
________________________________
From: Tutkowski, Mike <Mi...@netapp.com>
Sent: Saturday, January 13, 2018 3:23:40 AM
To: dev@cloudstack.apache.org
Subject: Re: [DISCUSS] Freezing master for 4.11
I’m investigating these now. I have found and fixed two of them so far.
rohit.yadav@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
> On Jan 12, 2018, at 2:49 PM, Rohit Yadav <ro...@shapeblue.com> wrote:
>
> Thanks Rafael and Daan.
>
>
>> From: Rafael Weingärtner <ra...@gmail.com>
>>
>> I believe there is no problem in merging Wido’s and Mike’s PRs, they have
>> been extensively discussed and improved (specially Mike’s one).
>
> Thanks, Mike's PR has several regression smoketest failures and can be accepted only when those failures are fixed.
>
> We'll cut 4.11 branch start rc1 on Monday that would be a hard freeze. If Mike wants, he can help fix them over the weekend, I can help run smoketests.
>
>> Having said that; I would be ok with it (no need to revert it), but we need
>> to be more careful with these things. If one wants to merge something,
>> there is no harm in waiting and calling for reviewers via Github, Slack, or
>> even email them directly.
>
> Additional review was requested, but mea culpa - thanks for your support, noted.
>
> - Rohit
>
> On Fri, Jan 12, 2018 at 3:57 PM, Rohit Yadav <ro...@shapeblue.com>
> wrote:
>
>> All,
>>
>>
>> We're down to one feature PR towards 4.11 milestone now:
>>
>> https://github.com/apache/cloudstack/pull/2298
>>
>>
>> The config drive PR from Frank (Nuage) has been accepted today after no
>> regression test failures seen from yesterday's smoketest run. We've also
>> tested, reviewed and merge Wido's (blocker fix) PR.
>>
>>
>> I've asked Mike to stabilize the branch; based on the smoketest results
>> from today we can see some failures caused by the PR. I'm willing to work
>> with Mike and others to get this PR tested, and merged over the weekends if
>> we can demonstrate that no regression is caused by it, i.e. no new
>> smoketest regressions. I'll also try to fix regression and test failures
>> over the weekend.
>>
>>
>> Lastly, I would like to discuss a mistake I made today with merging the
>> following PR which per our guideline lacks one code review lgtm/approval:
>>
>> https://github.com/apache/cloudstack/pull/2152
>>
>>
>> The changes in above (merged) PR are all localized to a xenserver-swift
>> file, that is not tested by Travis or Trillian, since no new regression
>> failures were seen I accepted and merge it on that discretion. The PR was
>> originally on the 4.11 milestone, however, due to it lacking a JIRA id and
>> no response from the author it was only recently removed from the milestone.
>>
>>
>> Please advise if I need to revert this, or we can review/lgtm it
>> post-merge? I'll also ping on the above PR.
>>
>>
>> - Rohit
>>
>> <https://cloudstack.apache.org>
> Apache CloudStack: Open Source Cloud Computing<https://cloudstack.apache.org/>
> cloudstack.apache.org
> CloudStack is open source cloud computing software for creating, managing, and deploying infrastructure cloud services
>
>
>
>>
>>
>>
>> ________________________________
>> From: Wido den Hollander <wi...@widodh.nl>
>> Sent: Thursday, January 11, 2018 9:17:26 PM
>> To: dev@cloudstack.apache.org
>> Subject: Re: [DISCUSS] Freezing master for 4.11
>>
>>
>>
>>> On 01/10/2018 07:26 PM, Daan Hoogland wrote:
>>> I hope we understand each other correctly: No-one running an earlier
>>> version then 4.11 should miss out on any functionality they are using
>> now.
>>>
>>> So if you use ipv6 and multiple cidrs now it must continue to work with
>> no
>>> loss of functionality. see my question below.
>>>
>>> On Wed, Jan 10, 2018 at 7:06 PM, Ivan Kudryavtsev <
>> kudryavtsev_ia@bw-sw.com>
>>> wrote:
>>>
>>>> Daan, yes this sounds reasonable, I suppose who would like to fix, could
>>>> do custom build for himself...
>>>>
>>>> But still it should be aknowledged somehow, if you use several cidrs for
>>>> network, don't use v6, or don't upgrade to 4.11 because things will stop
>>>> running well.
>>>>
>>> Does this mean that several cidrs in ipv6 works in 4.9 and not in 4.11?
>>>
>>
>> No, it doesn't. IPv6 was introduced in 4.10 and this broke in 4.10.
>>
>> You can't run with 4.10 with multiple IPv4 CIDRs as well when you have
>> IPv6 enabled.
>>
>> So this is broken in 4.10 and 4.11 in that case.
>>
>> Wido
>>
>>>
>>> if yes; it is a blocker
>>>
>>> if no; you might as well upgrade for other features as it doesn't work
>> now
>>> either.
>>>
>>
>> rohit.yadav@shapeblue.com
>> www.shapeblue.com<http://www.shapeblue.com>
> [http://www.shapeblue.com/wp-content/uploads/2017/06/logo.png]<http://www.shapeblue.com/>
>
> Shapeblue - The CloudStack Company<http://www.shapeblue.com/>
> www.shapeblue.com<http://www.shapeblue.com>
> Rapid deployment framework for Apache CloudStack IaaS Clouds. CSForge is a framework developed by ShapeBlue to deliver the rapid deployment of a standardised ...
>
>
>
>> 53 Chandos Place, Covent Garden, London WC2N 4HSUK
>> @shapeblue
>>
>>
>>
>>
>
>
> --
> Rafael Weingärtner
>
> rohit.yadav@shapeblue.com
> www.shapeblue.com<http://www.shapeblue.com>
> 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> @shapeblue
>
>
>
Re: [DISCUSS] Freezing master for 4.11
Posted by Rohit Yadav <ro...@shapeblue.com>.
Hi Kristian,
I looked at https://issues.apache.org/jira/browse/CLOUDSTACK-10141
If the new VM is deployed with a password and/or ssh-key enabled VM template, then VR should get new password and the user/account specific ssh-public key so the mentioned issues don't affect such new VMs. However, I agree VMs may have access to old VM's password (if not consumed) and ssh-public key if are not password/ssh-public-key enabled - but they may be useless/stale information and I feel they are more of a GC issue than a security issue.
Are you able to reproduce a case when a new VM deployed using old VM's IP and with a password and/or public-key enabled template is getting the password and/or ssh-public-key from old VM (and the old user/account)? I think if yes, then it's a security issue.
Thoughts, comments?
- Rohit
<https://cloudstack.apache.org>
________________________________
From: Kristian Liivak <kr...@wavecom.ee>
Sent: Monday, January 15, 2018 4:19:03 PM
To: users
Cc: dev@cloudstack.apache.org
Subject: Re: [DISCUSS] Freezing master for 4.11
Hello,
I have created issue in jira 2 month ago.
https://issues.apache.org/jira/browse/CLOUDSTACK-10141
In version 4.10 VR password and ssh key distribution don´t work on instance creation.
When instance is allreay excisting reset function is operational.
Also there is major security hole. When instance is destroyd and expunged and new instance is created with old IP all old data is unaffected in VR
New instance will get then old root password and ssh key if they were present in VR
In my knowledege cloudstack older versions are not affected.
Lugupidamisega / Regards
Kristian Liivak
CTO
WaveCom As
Endla 16, 10142 Tallinn
Estonia
Tel: +3726850001
Gsm: +37256850001
E-mail: kris@wavecom.ee
Skype: kristian.liivak
http://www.wavecom.ee
http://www.facebook.com/wavecom.ee
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
----- Original Message -----
From: "Rohit Yadav" <ro...@shapeblue.com>
To: dev@cloudstack.apache.org, "users" <us...@cloudstack.apache.org>
Sent: Sunday, January 14, 2018 8:41:15 PM
Subject: Re: [DISCUSS] Freezing master for 4.11
All,
To give you update, all feature PRs have been reviewed, tested and merged towards the 4.11.0.0. I'll engage with Mike and others for any post-merge regressions (smoketest to be kicked shortly).
I see an outstanding PR that may be a critical/blocker PR, please advise and also review:
https://github.com/apache/cloudstack/pull/2402
If anyone has any blocker to report, please do so. Thanks.
I'll cut RC1 as planned by EOD today (Mon/15 Jan 2018).
- Rohit
<https://cloudstack.apache.org>
________________________________
From: Tutkowski, Mike <Mi...@netapp.com>
Sent: Saturday, January 13, 2018 3:23:40 AM
To: dev@cloudstack.apache.org
Subject: Re: [DISCUSS] Freezing master for 4.11
I’m investigating these now. I have found and fixed two of them so far.
rohit.yadav@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
> On Jan 12, 2018, at 2:49 PM, Rohit Yadav <ro...@shapeblue.com> wrote:
>
> Thanks Rafael and Daan.
>
>
>> From: Rafael Weingärtner <ra...@gmail.com>
>>
>> I believe there is no problem in merging Wido’s and Mike’s PRs, they have
>> been extensively discussed and improved (specially Mike’s one).
>
> Thanks, Mike's PR has several regression smoketest failures and can be accepted only when those failures are fixed.
>
> We'll cut 4.11 branch start rc1 on Monday that would be a hard freeze. If Mike wants, he can help fix them over the weekend, I can help run smoketests.
>
>> Having said that; I would be ok with it (no need to revert it), but we need
>> to be more careful with these things. If one wants to merge something,
>> there is no harm in waiting and calling for reviewers via Github, Slack, or
>> even email them directly.
>
> Additional review was requested, but mea culpa - thanks for your support, noted.
>
> - Rohit
>
> On Fri, Jan 12, 2018 at 3:57 PM, Rohit Yadav <ro...@shapeblue.com>
> wrote:
>
>> All,
>>
>>
>> We're down to one feature PR towards 4.11 milestone now:
>>
>> https://github.com/apache/cloudstack/pull/2298
>>
>>
>> The config drive PR from Frank (Nuage) has been accepted today after no
>> regression test failures seen from yesterday's smoketest run. We've also
>> tested, reviewed and merge Wido's (blocker fix) PR.
>>
>>
>> I've asked Mike to stabilize the branch; based on the smoketest results
>> from today we can see some failures caused by the PR. I'm willing to work
>> with Mike and others to get this PR tested, and merged over the weekends if
>> we can demonstrate that no regression is caused by it, i.e. no new
>> smoketest regressions. I'll also try to fix regression and test failures
>> over the weekend.
>>
>>
>> Lastly, I would like to discuss a mistake I made today with merging the
>> following PR which per our guideline lacks one code review lgtm/approval:
>>
>> https://github.com/apache/cloudstack/pull/2152
>>
>>
>> The changes in above (merged) PR are all localized to a xenserver-swift
>> file, that is not tested by Travis or Trillian, since no new regression
>> failures were seen I accepted and merge it on that discretion. The PR was
>> originally on the 4.11 milestone, however, due to it lacking a JIRA id and
>> no response from the author it was only recently removed from the milestone.
>>
>>
>> Please advise if I need to revert this, or we can review/lgtm it
>> post-merge? I'll also ping on the above PR.
>>
>>
>> - Rohit
>>
>> <https://cloudstack.apache.org>
> Apache CloudStack: Open Source Cloud Computing<https://cloudstack.apache.org/>
> cloudstack.apache.org
> CloudStack is open source cloud computing software for creating, managing, and deploying infrastructure cloud services
>
>
>
>>
>>
>>
>> ________________________________
>> From: Wido den Hollander <wi...@widodh.nl>
>> Sent: Thursday, January 11, 2018 9:17:26 PM
>> To: dev@cloudstack.apache.org
>> Subject: Re: [DISCUSS] Freezing master for 4.11
>>
>>
>>
>>> On 01/10/2018 07:26 PM, Daan Hoogland wrote:
>>> I hope we understand each other correctly: No-one running an earlier
>>> version then 4.11 should miss out on any functionality they are using
>> now.
>>>
>>> So if you use ipv6 and multiple cidrs now it must continue to work with
>> no
>>> loss of functionality. see my question below.
>>>
>>> On Wed, Jan 10, 2018 at 7:06 PM, Ivan Kudryavtsev <
>> kudryavtsev_ia@bw-sw.com>
>>> wrote:
>>>
>>>> Daan, yes this sounds reasonable, I suppose who would like to fix, could
>>>> do custom build for himself...
>>>>
>>>> But still it should be aknowledged somehow, if you use several cidrs for
>>>> network, don't use v6, or don't upgrade to 4.11 because things will stop
>>>> running well.
>>>>
>>> Does this mean that several cidrs in ipv6 works in 4.9 and not in 4.11?
>>>
>>
>> No, it doesn't. IPv6 was introduced in 4.10 and this broke in 4.10.
>>
>> You can't run with 4.10 with multiple IPv4 CIDRs as well when you have
>> IPv6 enabled.
>>
>> So this is broken in 4.10 and 4.11 in that case.
>>
>> Wido
>>
>>>
>>> if yes; it is a blocker
>>>
>>> if no; you might as well upgrade for other features as it doesn't work
>> now
>>> either.
>>>
>>
>> rohit.yadav@shapeblue.com
>> www.shapeblue.com<http://www.shapeblue.com>
> [http://www.shapeblue.com/wp-content/uploads/2017/06/logo.png]<http://www.shapeblue.com/>
>
> Shapeblue - The CloudStack Company<http://www.shapeblue.com/>
> www.shapeblue.com<http://www.shapeblue.com>
> Rapid deployment framework for Apache CloudStack IaaS Clouds. CSForge is a framework developed by ShapeBlue to deliver the rapid deployment of a standardised ...
>
>
>
>> 53 Chandos Place, Covent Garden, London WC2N 4HSUK
>> @shapeblue
>>
>>
>>
>>
>
>
> --
> Rafael Weingärtner
>
> rohit.yadav@shapeblue.com
> www.shapeblue.com<http://www.shapeblue.com>
> 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> @shapeblue
>
>
>
Re: [DISCUSS] Freezing master for 4.11
Posted by Daan Hoogland <da...@gmail.com>.
kristian,
these sound like serious regressions. Do you have a fix or did you analyse
the code yet?
On Mon, Jan 15, 2018 at 11:49 AM, Kristian Liivak <kr...@wavecom.ee> wrote:
> Hello,
>
> I have created issue in jira 2 month ago.
> https://issues.apache.org/jira/browse/CLOUDSTACK-10141
>
> In version 4.10 VR password and ssh key distribution don´t work on
> instance creation.
> When instance is allreay excisting reset function is operational.
>
> Also there is major security hole. When instance is destroyd and expunged
> and new instance is created with old IP all old data is unaffected in VR
> New instance will get then old root password and ssh key if they were
> present in VR
>
> In my knowledege cloudstack older versions are not affected.
>
> Lugupidamisega / Regards
>
> Kristian Liivak
>
> CTO
>
> WaveCom As
> Endla 16, 10142 Tallinn
> Estonia
> Tel: +3726850001
> Gsm: +37256850001
> E-mail: kris@wavecom.ee
> Skype: kristian.liivak
> http://www.wavecom.ee
> http://www.facebook.com/wavecom.ee
>
> ----- Original Message -----
> From: "Rohit Yadav" <ro...@shapeblue.com>
> To: dev@cloudstack.apache.org, "users" <us...@cloudstack.apache.org>
> Sent: Sunday, January 14, 2018 8:41:15 PM
> Subject: Re: [DISCUSS] Freezing master for 4.11
>
> All,
>
>
> To give you update, all feature PRs have been reviewed, tested and merged
> towards the 4.11.0.0. I'll engage with Mike and others for any post-merge
> regressions (smoketest to be kicked shortly).
>
>
> I see an outstanding PR that may be a critical/blocker PR, please advise
> and also review:
>
> https://github.com/apache/cloudstack/pull/2402
>
>
> If anyone has any blocker to report, please do so. Thanks.
>
>
> I'll cut RC1 as planned by EOD today (Mon/15 Jan 2018).
>
>
> - Rohit
>
> <https://cloudstack.apache.org>
>
>
>
> ________________________________
> From: Tutkowski, Mike <Mi...@netapp.com>
> Sent: Saturday, January 13, 2018 3:23:40 AM
> To: dev@cloudstack.apache.org
> Subject: Re: [DISCUSS] Freezing master for 4.11
>
> I’m investigating these now. I have found and fixed two of them so far.
>
>
> rohit.yadav@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> @shapeblue
>
>
>
> > On Jan 12, 2018, at 2:49 PM, Rohit Yadav <ro...@shapeblue.com>
> wrote:
> >
> > Thanks Rafael and Daan.
> >
> >
> >> From: Rafael Weingärtner <ra...@gmail.com>
> >>
> >> I believe there is no problem in merging Wido’s and Mike’s PRs, they
> have
> >> been extensively discussed and improved (specially Mike’s one).
> >
> > Thanks, Mike's PR has several regression smoketest failures and can be
> accepted only when those failures are fixed.
> >
> > We'll cut 4.11 branch start rc1 on Monday that would be a hard freeze.
> If Mike wants, he can help fix them over the weekend, I can help run
> smoketests.
> >
> >> Having said that; I would be ok with it (no need to revert it), but we
> need
> >> to be more careful with these things. If one wants to merge something,
> >> there is no harm in waiting and calling for reviewers via Github,
> Slack, or
> >> even email them directly.
> >
> > Additional review was requested, but mea culpa - thanks for your
> support, noted.
> >
> > - Rohit
> >
> > On Fri, Jan 12, 2018 at 3:57 PM, Rohit Yadav <ro...@shapeblue.com>
> > wrote:
> >
> >> All,
> >>
> >>
> >> We're down to one feature PR towards 4.11 milestone now:
> >>
> >> https://github.com/apache/cloudstack/pull/2298
> >>
> >>
> >> The config drive PR from Frank (Nuage) has been accepted today after no
> >> regression test failures seen from yesterday's smoketest run. We've also
> >> tested, reviewed and merge Wido's (blocker fix) PR.
> >>
> >>
> >> I've asked Mike to stabilize the branch; based on the smoketest results
> >> from today we can see some failures caused by the PR. I'm willing to
> work
> >> with Mike and others to get this PR tested, and merged over the
> weekends if
> >> we can demonstrate that no regression is caused by it, i.e. no new
> >> smoketest regressions. I'll also try to fix regression and test failures
> >> over the weekend.
> >>
> >>
> >> Lastly, I would like to discuss a mistake I made today with merging the
> >> following PR which per our guideline lacks one code review
> lgtm/approval:
> >>
> >> https://github.com/apache/cloudstack/pull/2152
> >>
> >>
> >> The changes in above (merged) PR are all localized to a xenserver-swift
> >> file, that is not tested by Travis or Trillian, since no new regression
> >> failures were seen I accepted and merge it on that discretion. The PR
> was
> >> originally on the 4.11 milestone, however, due to it lacking a JIRA id
> and
> >> no response from the author it was only recently removed from the
> milestone.
> >>
> >>
> >> Please advise if I need to revert this, or we can review/lgtm it
> >> post-merge? I'll also ping on the above PR.
> >>
> >>
> >> - Rohit
> >>
> >> <https://cloudstack.apache.org>
> > Apache CloudStack: Open Source Cloud Computing<https://cloudstack.
> apache.org/>
> > cloudstack.apache.org
> > CloudStack is open source cloud computing software for creating,
> managing, and deploying infrastructure cloud services
> >
> >
> >
> >>
> >>
> >>
> >> ________________________________
> >> From: Wido den Hollander <wi...@widodh.nl>
> >> Sent: Thursday, January 11, 2018 9:17:26 PM
> >> To: dev@cloudstack.apache.org
> >> Subject: Re: [DISCUSS] Freezing master for 4.11
> >>
> >>
> >>
> >>> On 01/10/2018 07:26 PM, Daan Hoogland wrote:
> >>> I hope we understand each other correctly: No-one running an earlier
> >>> version then 4.11 should miss out on any functionality they are using
> >> now.
> >>>
> >>> So if you use ipv6 and multiple cidrs now it must continue to work with
> >> no
> >>> loss of functionality. see my question below.
> >>>
> >>> On Wed, Jan 10, 2018 at 7:06 PM, Ivan Kudryavtsev <
> >> kudryavtsev_ia@bw-sw.com>
> >>> wrote:
> >>>
> >>>> Daan, yes this sounds reasonable, I suppose who would like to fix,
> could
> >>>> do custom build for himself...
> >>>>
> >>>> But still it should be aknowledged somehow, if you use several cidrs
> for
> >>>> network, don't use v6, or don't upgrade to 4.11 because things will
> stop
> >>>> running well.
> >>>>
> >>> Does this mean that several cidrs in ipv6 works in 4.9 and not in 4.11?
> >>>
> >>
> >> No, it doesn't. IPv6 was introduced in 4.10 and this broke in 4.10.
> >>
> >> You can't run with 4.10 with multiple IPv4 CIDRs as well when you have
> >> IPv6 enabled.
> >>
> >> So this is broken in 4.10 and 4.11 in that case.
> >>
> >> Wido
> >>
> >>>
> >>> if yes; it is a blocker
> >>>
> >>> if no; you might as well upgrade for other features as it doesn't work
> >> now
> >>> either.
> >>>
> >>
> >> rohit.yadav@shapeblue.com
> >> www.shapeblue.com<http://www.shapeblue.com>
> > [http://www.shapeblue.com/wp-content/uploads/2017/06/logo.png]<
> http://www.shapeblue.com/>
> >
> > Shapeblue - The CloudStack Company<http://www.shapeblue.com/>
> > www.shapeblue.com<http://www.shapeblue.com>
> > Rapid deployment framework for Apache CloudStack IaaS Clouds. CSForge is
> a framework developed by ShapeBlue to deliver the rapid deployment of a
> standardised ...
> >
> >
> >
> >> 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> >> @shapeblue
> >>
> >>
> >>
> >>
> >
> >
> > --
> > Rafael Weingärtner
> >
> > rohit.yadav@shapeblue.com
> > www.shapeblue.com<http://www.shapeblue.com>
> > 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> > @shapeblue
> >
> >
> >
>
--
Daan
Re: [DISCUSS] Freezing master for 4.11
Posted by Kristian Liivak <kr...@wavecom.ee>.
Hello,
I have created issue in jira 2 month ago.
https://issues.apache.org/jira/browse/CLOUDSTACK-10141
In version 4.10 VR password and ssh key distribution don´t work on instance creation.
When instance is allreay excisting reset function is operational.
Also there is major security hole. When instance is destroyd and expunged and new instance is created with old IP all old data is unaffected in VR
New instance will get then old root password and ssh key if they were present in VR
In my knowledege cloudstack older versions are not affected.
Lugupidamisega / Regards
Kristian Liivak
CTO
WaveCom As
Endla 16, 10142 Tallinn
Estonia
Tel: +3726850001
Gsm: +37256850001
E-mail: kris@wavecom.ee
Skype: kristian.liivak
http://www.wavecom.ee
http://www.facebook.com/wavecom.ee
----- Original Message -----
From: "Rohit Yadav" <ro...@shapeblue.com>
To: dev@cloudstack.apache.org, "users" <us...@cloudstack.apache.org>
Sent: Sunday, January 14, 2018 8:41:15 PM
Subject: Re: [DISCUSS] Freezing master for 4.11
All,
To give you update, all feature PRs have been reviewed, tested and merged towards the 4.11.0.0. I'll engage with Mike and others for any post-merge regressions (smoketest to be kicked shortly).
I see an outstanding PR that may be a critical/blocker PR, please advise and also review:
https://github.com/apache/cloudstack/pull/2402
If anyone has any blocker to report, please do so. Thanks.
I'll cut RC1 as planned by EOD today (Mon/15 Jan 2018).
- Rohit
<https://cloudstack.apache.org>
________________________________
From: Tutkowski, Mike <Mi...@netapp.com>
Sent: Saturday, January 13, 2018 3:23:40 AM
To: dev@cloudstack.apache.org
Subject: Re: [DISCUSS] Freezing master for 4.11
I’m investigating these now. I have found and fixed two of them so far.
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
> On Jan 12, 2018, at 2:49 PM, Rohit Yadav <ro...@shapeblue.com> wrote:
>
> Thanks Rafael and Daan.
>
>
>> From: Rafael Weingärtner <ra...@gmail.com>
>>
>> I believe there is no problem in merging Wido’s and Mike’s PRs, they have
>> been extensively discussed and improved (specially Mike’s one).
>
> Thanks, Mike's PR has several regression smoketest failures and can be accepted only when those failures are fixed.
>
> We'll cut 4.11 branch start rc1 on Monday that would be a hard freeze. If Mike wants, he can help fix them over the weekend, I can help run smoketests.
>
>> Having said that; I would be ok with it (no need to revert it), but we need
>> to be more careful with these things. If one wants to merge something,
>> there is no harm in waiting and calling for reviewers via Github, Slack, or
>> even email them directly.
>
> Additional review was requested, but mea culpa - thanks for your support, noted.
>
> - Rohit
>
> On Fri, Jan 12, 2018 at 3:57 PM, Rohit Yadav <ro...@shapeblue.com>
> wrote:
>
>> All,
>>
>>
>> We're down to one feature PR towards 4.11 milestone now:
>>
>> https://github.com/apache/cloudstack/pull/2298
>>
>>
>> The config drive PR from Frank (Nuage) has been accepted today after no
>> regression test failures seen from yesterday's smoketest run. We've also
>> tested, reviewed and merge Wido's (blocker fix) PR.
>>
>>
>> I've asked Mike to stabilize the branch; based on the smoketest results
>> from today we can see some failures caused by the PR. I'm willing to work
>> with Mike and others to get this PR tested, and merged over the weekends if
>> we can demonstrate that no regression is caused by it, i.e. no new
>> smoketest regressions. I'll also try to fix regression and test failures
>> over the weekend.
>>
>>
>> Lastly, I would like to discuss a mistake I made today with merging the
>> following PR which per our guideline lacks one code review lgtm/approval:
>>
>> https://github.com/apache/cloudstack/pull/2152
>>
>>
>> The changes in above (merged) PR are all localized to a xenserver-swift
>> file, that is not tested by Travis or Trillian, since no new regression
>> failures were seen I accepted and merge it on that discretion. The PR was
>> originally on the 4.11 milestone, however, due to it lacking a JIRA id and
>> no response from the author it was only recently removed from the milestone.
>>
>>
>> Please advise if I need to revert this, or we can review/lgtm it
>> post-merge? I'll also ping on the above PR.
>>
>>
>> - Rohit
>>
>> <https://cloudstack.apache.org>
> Apache CloudStack: Open Source Cloud Computing<https://cloudstack.apache.org/>
> cloudstack.apache.org
> CloudStack is open source cloud computing software for creating, managing, and deploying infrastructure cloud services
>
>
>
>>
>>
>>
>> ________________________________
>> From: Wido den Hollander <wi...@widodh.nl>
>> Sent: Thursday, January 11, 2018 9:17:26 PM
>> To: dev@cloudstack.apache.org
>> Subject: Re: [DISCUSS] Freezing master for 4.11
>>
>>
>>
>>> On 01/10/2018 07:26 PM, Daan Hoogland wrote:
>>> I hope we understand each other correctly: No-one running an earlier
>>> version then 4.11 should miss out on any functionality they are using
>> now.
>>>
>>> So if you use ipv6 and multiple cidrs now it must continue to work with
>> no
>>> loss of functionality. see my question below.
>>>
>>> On Wed, Jan 10, 2018 at 7:06 PM, Ivan Kudryavtsev <
>> kudryavtsev_ia@bw-sw.com>
>>> wrote:
>>>
>>>> Daan, yes this sounds reasonable, I suppose who would like to fix, could
>>>> do custom build for himself...
>>>>
>>>> But still it should be aknowledged somehow, if you use several cidrs for
>>>> network, don't use v6, or don't upgrade to 4.11 because things will stop
>>>> running well.
>>>>
>>> Does this mean that several cidrs in ipv6 works in 4.9 and not in 4.11?
>>>
>>
>> No, it doesn't. IPv6 was introduced in 4.10 and this broke in 4.10.
>>
>> You can't run with 4.10 with multiple IPv4 CIDRs as well when you have
>> IPv6 enabled.
>>
>> So this is broken in 4.10 and 4.11 in that case.
>>
>> Wido
>>
>>>
>>> if yes; it is a blocker
>>>
>>> if no; you might as well upgrade for other features as it doesn't work
>> now
>>> either.
>>>
>>
>> rohit.yadav@shapeblue.com
>> www.shapeblue.com<http://www.shapeblue.com>
> [http://www.shapeblue.com/wp-content/uploads/2017/06/logo.png]<http://www.shapeblue.com/>
>
> Shapeblue - The CloudStack Company<http://www.shapeblue.com/>
> www.shapeblue.com<http://www.shapeblue.com>
> Rapid deployment framework for Apache CloudStack IaaS Clouds. CSForge is a framework developed by ShapeBlue to deliver the rapid deployment of a standardised ...
>
>
>
>> 53 Chandos Place, Covent Garden, London WC2N 4HSUK
>> @shapeblue
>>
>>
>>
>>
>
>
> --
> Rafael Weingärtner
>
> rohit.yadav@shapeblue.com
> www.shapeblue.com<http://www.shapeblue.com>
> 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> @shapeblue
>
>
>