You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by wilderrodrigues <gi...@git.apache.org> on 2015/08/31 14:12:37 UTC
[GitHub] cloudstack pull request: CLOUDSTACK-8688 - default policies for IN...
GitHub user wilderrodrigues opened a pull request:
https://github.com/apache/cloudstack/pull/765
CLOUDSTACK-8688 - default policies for INPUT and FORWARD should be se…
…t to DROP instead of ACCEPT
- In order to be able to access the routers via the link local interface, we have to add a rules with NEW and ESTABLISHED state
Tests:
* Deployed 2 zones, basic and advanced, using KVM as hypervisor
* On the basic zone, created 1 security group, added ingress rules to open port 22 and deployed 1 VM
* SSH into the router and checked that the INPUT/FORWARD policies were set to DROP
* SSH to the VM
* On the advanced zone, created 1 single VPC (with 2 tiers, 2 puc IPs, 2 VMs and 1 ACL), 1 redundant VPC ((with 2 tiers, 2 puc IPs, 2 VMs and 1 ACL)), 1 isolated network (with 1 VM and 1 pub IP), 1 redundant network (with 1 VM and 1 pub IP)
* SSH into all routers to check that the INPUT/FORWARD policies were set to DROP
* SSH into all VMs to test the communication
sbpltk1zffh04:asf_cloudstack wrodrigues$ ssh root@192.168.23.26
The authenticity of host '192.168.23.26 (192.168.23.26)' can't be established.
RSA key fingerprint is cb:42:81:d0:05:97:f4:be:9e:3b:dd:3f:c6:d2:48:e7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.23.26' (RSA) to the list of known hosts.
root@192.168.23.26's password:
# ls /
bin boot dev etc home lib lib64 linuxrc lost+found media mnt opt proc root run sbin sys tmp usr var
# exit
Connection to 192.168.23.26 closed.
sbpltk1zffh04:asf_cloudstack wrodrigues$ ssh root@192.168.22.63
The authenticity of host '192.168.22.63 (192.168.22.63)' can't be established.
RSA key fingerprint is a2:20:d6:e2:fb:c5:89:94:57:f5:89:b1:a1:6d:63:99.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.22.63' (RSA) to the list of known hosts.
root@192.168.22.63's password:
# ls /
bin boot dev etc home lib lib64 linuxrc lost+found media mnt opt proc root run sbin sys tmp usr var
# exit
Connection to 192.168.22.63 closed.
sbpltk1zffh04:asf_cloudstack wrodrigues$ ssh root@192.168.23.27
The authenticity of host '192.168.23.27 (192.168.23.27)' can't be established.
RSA key fingerprint is 20:f1:6d:9b:74:c5:7b:53:10:5c:a0:0c:bc:9f:2a:29.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.23.27' (RSA) to the list of known hosts.
root@192.168.23.27's password:
# ls /
bin boot dev etc home lib lib64 linuxrc lost+found media mnt opt proc root run sbin sys tmp usr var
# exitConnection to 192.168.23.27 closed.
sbpltk1zffh04:asf_cloudstack wrodrigues$ ssh root@192.168.23.28
The authenticity of host '192.168.23.28 (192.168.23.28)' can't be established.
RSA key fingerprint is f7:ae:49:46:ba:02:c1:25:5a:50:87:0e:6f:a4:43:a3.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.23.28' (RSA) to the list of known hosts.
root@192.168.23.28's password:
# ls /
bin boot dev etc home lib lib64 linuxrc lost+found media mnt opt proc root run sbin sys tmp usr var
# exitConnection to 192.168.23.28 closed.
sbpltk1zffh04:asf_cloudstack wrodrigues$ ssh root@192.168.23.29
The authenticity of host '192.168.23.29 (192.168.23.29)' can't be established.
RSA key fingerprint is 09:0c:f2:41:a3:74:3d:ee:04:2b:78:ff:a9:91:0d:79.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.23.29' (RSA) to the list of known hosts.
root@192.168.23.29's password:
# ls /
bin boot dev etc home lib lib64 linuxrc lost+found media mnt opt proc root run sbin sys tmp usr var
# exit
Connection to 192.168.23.29 closed.
sbpltk1zffh04:asf_cloudstack wrodrigues$ ssh root@192.168.23.30
The authenticity of host '192.168.23.30 (192.168.23.30)' can't be established.
RSA key fingerprint is 2c:a6:10:f5:6d:4b:d1:70:e2:47:07:19:0b:86:c1:b0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.23.30' (RSA) to the list of known hosts.
root@192.168.23.30's password:
# ls /
bin boot dev etc home lib lib64 linuxrc lost+found media mnt opt proc root run sbin sys tmp usr var
# exitConnection to 192.168.23.30 closed.
sbpltk1zffh04:asf_cloudstack wrodrigues$
sbpltk1zffh04:asf_cloudstack wrodrigues$ ssh root@192.168.23.32
The authenticity of host '192.168.23.32 (192.168.23.32)' can't be established.
RSA key fingerprint is 6b:85:1e:c7:2e:aa:01:a2:d4:19:e3:ec:a7:69:a1:71.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.23.32' (RSA) to the list of known hosts.
root@192.168.23.32's password:
# ls /
bin boot dev etc home lib lib64 linuxrc lost+found media mnt opt proc root run sbin sys tmp usr var
# exitConnection to 192.168.23.32 closed.
sbpltk1zffh04:asf_cloudstack wrodrigues$
I'm now running some automated tests, will post the results here once they are complete.
@remibergsma @DaanHoogland @bhaisaab @miguelaferreira @wido @karuturi , could you guys please have a look?
Cheers,
Wilder
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/schubergphilis/cloudstack fix/default_policies
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/cloudstack/pull/765.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #765
----
commit f5e5f4d0026f8ffd6f3aa7e8e4c7be0cd809d6c9
Author: wilderrodrigues <wr...@schubergphilis.com>
Date: 2015-08-27T13:21:30Z
CLOUDSTACK-8688 - default policies for INPUT and FORWARD should be set to DROP instead of ACCEPT
- In order to be able to access the routers via the link local interface, we have to add a rules with NEW and ESTABLISHED state
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: CLOUDSTACK-8688 - default policies for IN...
Posted by wilderrodrigues <gi...@git.apache.org>.
Github user wilderrodrigues commented on the pull request:
https://github.com/apache/cloudstack/pull/765#issuecomment-138321248
@miguelaferreira @remibergsma @karuturi @DaanHoogland
The test is done!
Results:
Test iptables default INPUT/FORWARD policy on RouterVM ... === TestName: test_02_routervm_iptables_policies | Status : SUCCESS ===
ok
Test iptables default INPUT/FORWARD policies on VPC router ... === TestName: test_01_single_VPC_iptables_policies | Status : SUCCESS ===
ok
----------------------------------------------------------------------
Ran 2 tests in 663.540s
OK
/tmp//MarvinLogs/test_routers_iptables_default_policy_RC3AMZ/results.txt (END)
The tests were done only for single VPC and Isolated Network because the python code executed is also used by Redundant VPC and Shared Network. We can come back to this test later and add more cases, I already added some service for the above mentioned networks in the test.
You can run this test by doing so:
```
nosetests --with-marvin --marvin-config=/data/shared/marvin/mct-zone2-kvm2-ISOLATED.cfg -s -a tags=advanced,required_hardware=true component/test_routers_iptables_default_policy.py
```
Make sure you do the following before running the test agains a KVM hypervisor:
* Copy the systemvm.iso:
* cloudstack/client/target/cloud-client-ui-4.6.0-SNAPSHOT/WEB-INF/classes/vms/systemvm.iso
* To:
* /usr/share/cloudstack-common/vms/systemvm.iso
Cheers,
Wilder
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: CLOUDSTACK-8688 - default policies for IN...
Posted by miguelaferreira <gi...@git.apache.org>.
Github user miguelaferreira commented on the pull request:
https://github.com/apache/cloudstack/pull/765#issuecomment-136625019
@wilderrodrigues wouldn't it be better to have a Marvin test that check the policy?
Now that I think of it, also a Python unit-test?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: CLOUDSTACK-8688 - default policies for IN...
Posted by wilderrodrigues <gi...@git.apache.org>.
Github user wilderrodrigues commented on the pull request:
https://github.com/apache/cloudstack/pull/765#issuecomment-138529499
Thanks, @bhaisaab !
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: CLOUDSTACK-8688 - default policies for IN...
Posted by karuturi <gi...@git.apache.org>.
Github user karuturi commented on the pull request:
https://github.com/apache/cloudstack/pull/765#issuecomment-136962555
tested this on Xen 6.5 advanced zone with isolated and VPC. verified that the default policies are set to drop.
I am not sure if its related to this. But, I found the below issue
in case of vm launched in vpc, outgoing public traffic worked (I was able to ping google.com)
But, in case of default isolated network(DefaultIsolatedNetworkOfferingWithSourceNatService) vm, outgoing public traffic was blocked even after adding egress rule.
It only worked after running the following on isolated VR
```
iptables -I FW_OUTBOUND -j FIREWALL_EGRESS_RULES
```
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: CLOUDSTACK-8688 - default policies for IN...
Posted by wilderrodrigues <gi...@git.apache.org>.
Github user wilderrodrigues commented on the pull request:
https://github.com/apache/cloudstack/pull/765#issuecomment-136601269
@karuturi @bhaisaab @DaanHoogland @koushik-das
Anyone with some time to have a look at this PR?
Thanks in advance.
Cheers,
Wilder
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: CLOUDSTACK-8688 - default policies for IN...
Posted by miguelaferreira <gi...@git.apache.org>.
Github user miguelaferreira commented on the pull request:
https://github.com/apache/cloudstack/pull/765#issuecomment-136621918
ok, that's what I thought.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: CLOUDSTACK-8688 - default policies for IN...
Posted by miguelaferreira <gi...@git.apache.org>.
Github user miguelaferreira commented on the pull request:
https://github.com/apache/cloudstack/pull/765#issuecomment-136620086
@wilderrodrigues I'm now testing your PR, but I have a question: how is SSHing into the VMs testing the default policy is set to DROP?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: CLOUDSTACK-8688 - default policies for IN...
Posted by wilderrodrigues <gi...@git.apache.org>.
Github user wilderrodrigues commented on the pull request:
https://github.com/apache/cloudstack/pull/765#issuecomment-137040420
Thanks for testing it, @karuturi, much appreciated!
I'm writing marvin tests for this PR and the other issue (CLOUDSTACK-8759). Once done, I will have a look at the problem you reported.
In order to keep things separate and move quicker with the PRs, could you please a separate issue with the details above?
Thanks in advance.
Cheers,
Wilder
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: CLOUDSTACK-8688 - default policies for IN...
Posted by miguelaferreira <gi...@git.apache.org>.
Github user miguelaferreira commented on the pull request:
https://github.com/apache/cloudstack/pull/765#issuecomment-136667361
@wilderrodrigues ok for the python unit tests, but I would really like a marvin test, or al least some way to automate setting up the environment you described. I'm trying to test this, and clicking around in the UI is just too inefficient.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: CLOUDSTACK-8688 - default policies for IN...
Posted by bhaisaab <gi...@git.apache.org>.
Github user bhaisaab commented on the pull request:
https://github.com/apache/cloudstack/pull/765#issuecomment-138522855
LGTM
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: CLOUDSTACK-8688 - default policies for IN...
Posted by miguelaferreira <gi...@git.apache.org>.
Github user miguelaferreira commented on the pull request:
https://github.com/apache/cloudstack/pull/765#issuecomment-138250804
@karuturi Wilder will add marvin test for this PR, I will run that and post the results
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: CLOUDSTACK-8688 - default policies for IN...
Posted by wilderrodrigues <gi...@git.apache.org>.
Github user wilderrodrigues commented on the pull request:
https://github.com/apache/cloudstack/pull/765#issuecomment-136354474
Some screenshots:
VMs:
Infra:
Routers:
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: CLOUDSTACK-8688 - default policies for IN...
Posted by wilderrodrigues <gi...@git.apache.org>.
Github user wilderrodrigues commented on the pull request:
https://github.com/apache/cloudstack/pull/765#issuecomment-136664670
Hi @miguelaferreira
Okay for the Marvin test, but then it will make the thing wait for another day, at least. Which is fine, but I hope people LGTM it afterwards. I'm worried about the lack of reviews/tests by reviewers on PRs.
Concerning the unit test, I won't add it because I want to refactor the code as a project and have it done in a way that we can add tests and refactor, as it was done with other components. I know it could be done in a way where I could refactor just 1 method, add a tests and push it. However, I do not want to mix styles in the Python code.
By styles I mean: the way it was developed and the way I would have developed it. So, mixing styles by refactoring 1 method to add 1 test will not really improve it. Once we release 4.6, and if that okay with the team, I, we, will work on the python refactor.
Cheers,
Wilder
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: CLOUDSTACK-8688 - default policies for IN...
Posted by asfgit <gi...@git.apache.org>.
Github user asfgit closed the pull request at:
https://github.com/apache/cloudstack/pull/765
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: CLOUDSTACK-8688 - default policies for IN...
Posted by DaanHoogland <gi...@git.apache.org>.
Github user DaanHoogland commented on a diff in the pull request:
https://github.com/apache/cloudstack/pull/765#discussion_r38396363
--- Diff: systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py ---
@@ -414,7 +426,7 @@ def fw_router(self):
self.fw.append(['', '', '-A NETWORK_STATS -i eth2 -o eth0'])
self.fw.append(['', '', '-A NETWORK_STATS -o eth2 ! -i eth0 -p tcp'])
self.fw.append(['', '', '-A NETWORK_STATS -i eth2 ! -o eth0 -p tcp'])
-
+
--- End diff --
trailing white space?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: CLOUDSTACK-8688 - default policies for IN...
Posted by wilderrodrigues <gi...@git.apache.org>.
Github user wilderrodrigues commented on the pull request:
https://github.com/apache/cloudstack/pull/765#issuecomment-136621356
SSH doesn't test it... I just did to make sure all works as before.
To check the policies to iptables -L --verbose (you will see DROP for INPUT and FORWARD chains on all routers)
You can also try connecting to a port that doesn't have a PF setup.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: CLOUDSTACK-8688 - default policies for IN...
Posted by wilderrodrigues <gi...@git.apache.org>.
Github user wilderrodrigues commented on the pull request:
https://github.com/apache/cloudstack/pull/765#issuecomment-137379240
Thanks for the LGTM and for the new issue, @karuturi. :)
I will push the test today and merge the PR after @miguelaferreira tests it.
Cheers,
Wilder
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: CLOUDSTACK-8688 - default policies for IN...
Posted by karuturi <gi...@git.apache.org>.
Github user karuturi commented on the pull request:
https://github.com/apache/cloudstack/pull/765#issuecomment-138238373
@miguelaferreira @wilderrodrigues waiting for the PR merge :)
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: CLOUDSTACK-8688 - default policies for IN...
Posted by wilderrodrigues <gi...@git.apache.org>.
Github user wilderrodrigues commented on a diff in the pull request:
https://github.com/apache/cloudstack/pull/765#discussion_r38404211
--- Diff: systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py ---
@@ -414,7 +426,7 @@ def fw_router(self):
self.fw.append(['', '', '-A NETWORK_STATS -i eth2 -o eth0'])
self.fw.append(['', '', '-A NETWORK_STATS -o eth2 ! -i eth0 -p tcp'])
self.fw.append(['', '', '-A NETWORK_STATS -i eth2 ! -o eth0 -p tcp'])
-
+
--- End diff --
3 days of work to find the cause of the bugs and the thing goes with trailing spaces... crap.
Will remove it once I add a marvin test.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: CLOUDSTACK-8688 - default policies for IN...
Posted by wilderrodrigues <gi...@git.apache.org>.
Github user wilderrodrigues commented on the pull request:
https://github.com/apache/cloudstack/pull/765#issuecomment-138521217
@wido @borisroman @bhaisaab
Could one of you have a look at this PR, please? :)
Cheers,
Wilder
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: CLOUDSTACK-8688 - default policies for IN...
Posted by wilderrodrigues <gi...@git.apache.org>.
Github user wilderrodrigues commented on the pull request:
https://github.com/apache/cloudstack/pull/765#issuecomment-136363043
VM Life Cycle tests (Advanced Zone)
```
[root@cs1 integration]# nosetests --with-marvin --marvin-config=/data/shared/marvin/mct-zone2-kvm2-ISOLATED.cfg -s -a tags=advanced,required_hardware=false smoke/test_vm_life_cycle.py
==== Marvin Init Started ====
=== Marvin Parse Config Successful ===
=== Marvin Setting TestData Successful===
==== Log Folder Path: /tmp//MarvinLogs//Aug_31_2015_12_14_38_JN3PBD. All logs will be available here ====
=== Marvin Init Logging Successful===
==== Marvin Init Successful ====
=== TestName: test_advZoneVirtualRouter | Status : SUCCESS ===
=== TestName: test_deploy_vm | Status : SUCCESS ===
=== TestName: test_deploy_vm_multiple | Status : SUCCESS ===
=== TestName: test_01_stop_vm | Status : SUCCESS ===
=== TestName: test_02_start_vm | Status : SUCCESS ===
=== TestName: test_03_reboot_vm | Status : SUCCESS ===
=== TestName: test_06_destroy_vm | Status : SUCCESS ===
=== TestName: test_07_restore_vm | Status : SUCCESS ===
=== TestName: test_09_expunge_vm | Status : SUCCESS ===
===final results are now copied to: /tmp//MarvinLogs/test_vm_life_cycle_L0WK32===
[root@cs1 integration]#
```
VM Life Cycle tests (Basic Zone)
```
[root@cs1 integration]# nosetests --with-marvin --marvin-config=/data/shared/marvin/mct-zone1-kvm1-basic.cfg -s -a tags=basic,required_hardware=false smoke/test_vm_life_cycle.py
==== Marvin Init Started ====
=== Marvin Parse Config Successful ===
=== Marvin Setting TestData Successful===
==== Log Folder Path: /tmp//MarvinLogs//Aug_31_2015_12_41_40_5VQUD2. All logs will be available here ====
=== Marvin Init Logging Successful===
==== Marvin Init Successful ====
=== TestName: test_deploy_vm | Status : SUCCESS ===
=== TestName: test_deploy_vm_multiple | Status : SUCCESS ===
=== TestName: test_01_stop_vm | Status : SUCCESS ===
=== TestName: test_02_start_vm | Status : SUCCESS ===
=== TestName: test_03_reboot_vm | Status : SUCCESS ===
=== TestName: test_06_destroy_vm | Status : SUCCESS ===
=== TestName: test_07_restore_vm | Status : SUCCESS ===
=== TestName: test_09_expunge_vm | Status : SUCCESS ===
===final results are now copied to: /tmp//MarvinLogs/test_vm_life_cycle_8F4UL3===
[root@cs1 integration]#
```
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: CLOUDSTACK-8688 - default policies for IN...
Posted by borisroman <gi...@git.apache.org>.
Github user borisroman commented on a diff in the pull request:
https://github.com/apache/cloudstack/pull/765#discussion_r39765711
--- Diff: systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py ---
@@ -414,7 +426,7 @@ def fw_router(self):
self.fw.append(['', '', '-A NETWORK_STATS -i eth2 -o eth0'])
self.fw.append(['', '', '-A NETWORK_STATS -o eth2 ! -i eth0 -p tcp'])
self.fw.append(['', '', '-A NETWORK_STATS -i eth2 ! -o eth0 -p tcp'])
-
+
--- End diff --
@wilderrodrigues Seems like you hadn't removed the trailing white spaces. Maybe a good time to remove them when PRing CLOUDSTACK-8878 or CLOUDSTACK-8795? :)
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: CLOUDSTACK-8688 - default policies for IN...
Posted by wilderrodrigues <gi...@git.apache.org>.
Github user wilderrodrigues commented on the pull request:
https://github.com/apache/cloudstack/pull/765#issuecomment-136951585
I will push a test today to cover the iptables default policies.
Do you need help finding the options on the UI whilst the test gets cooked?
Cheers,
Wilder
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: CLOUDSTACK-8688 - default policies for IN...
Posted by karuturi <gi...@git.apache.org>.
Github user karuturi commented on the pull request:
https://github.com/apache/cloudstack/pull/765#issuecomment-137048186
Ok. Here is the new issue https://issues.apache.org/jira/browse/CLOUDSTACK-8795
:+1: for this PR
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: CLOUDSTACK-8688 - default policies for IN...
Posted by DaanHoogland <gi...@git.apache.org>.
Github user DaanHoogland commented on the pull request:
https://github.com/apache/cloudstack/pull/765#issuecomment-136636331
changes look reasonable. have not tested, so I am going to trust @wilderrodrigues on this but @miguelaferreira his point on an automation sounds very promising to me.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---