You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cloudstack.apache.org by GitBox <gi...@apache.org> on 2021/11/05 18:36:28 UTC

[GitHub] [cloudstack] joseflauzino opened a new pull request #5668: Allow large IPSec key (PSK) when creating VPN

joseflauzino opened a new pull request #5668:
URL: https://github.com/apache/cloudstack/pull/5668


   ### Description
   
   The global parameter `remote.access.vpn.psk.length` sets the length of the IPSec key (a PSK). The `ipsec_psk` field (which is a _varchar(256)_ in the `remote_access_vpn` table) stores the PSK in encrypted form - it has an `@Encrypt` annotation. When the value defined in `remote.access.vpn.psk.length` generates a PSK that, when encrypted, has more than 256 characters, ACS throws a database exception when trying to persist the data, preventing the creation of the VPN. 
   
   This PR changes the `ipsec_psk` field from _varchar(256)_ to _text_ in order to allow the creation of large PSKs.
   
   ### Types of changes
   
   - [ ] Breaking change (fix or feature that would cause existing functionality to change)
   - [ ] New feature (non-breaking change which adds functionality)
   - [x] Bug fix (non-breaking change which fixes an issue)
   - [ ] Enhancement (improves an existing feature and functionality)
   - [ ] Cleanup (Code refactoring and cleanup, that may add test cases)
   
   ### Feature/Enhancement Scale or Bug Severity
   
   #### Feature/Enhancement Scale
   
   - [ ] Major
   - [x] Minor
   
   #### Bug Severity
   
   - [ ] BLOCKER
   - [ ] Critical
   - [ ] Major
   - [x] Minor
   - [ ] Trivial
   
   ### How Has This Been Tested?
   
   In a local lab, I performed the following steps:
   - I changed the `ipsec_psk` field from `varchar(256)` to the type `text`;
   - I set `remote.access.vpn.psk.length` to 224 (which generates an encrypted PSK with 320 characters - more than the previous limit, 256);
   - I restarted ACS Management Server to apply the configuration;
   - And then I tried to create a new VPN;
   - The VPN has been successfully created.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] blueorangutan commented on pull request #5668: Allow large IPSec key (PSK) when creating VPN

Posted by GitBox <gi...@apache.org>.

blueorangutan commented on pull request #5668:
URL: https://github.com/apache/cloudstack/pull/5668#issuecomment-968774455


   Packaging result: :heavy_multiplication_x: el7 :heavy_multiplication_x: el8 :heavy_multiplication_x: debian :heavy_multiplication_x: suse15. SL-JID 1708


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] blueorangutan commented on pull request #5668: Allow large IPSec key (PSK) when creating VPN

Posted by GitBox <gi...@apache.org>.

blueorangutan commented on pull request #5668:
URL: https://github.com/apache/cloudstack/pull/5668#issuecomment-963585624


   Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 1689


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] blueorangutan commented on pull request #5668: Allow large IPSec key (PSK) when creating VPN

Posted by GitBox <gi...@apache.org>.

blueorangutan commented on pull request #5668:
URL: https://github.com/apache/cloudstack/pull/5668#issuecomment-972633911


   @rhtyd a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] rhtyd commented on pull request #5668: Allow large IPSec key (PSK) when creating VPN

Posted by GitBox <gi...@apache.org>.

rhtyd commented on pull request #5668:
URL: https://github.com/apache/cloudstack/pull/5668#issuecomment-972633576


   @blueorangutan test


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] blueorangutan commented on pull request #5668: Allow large IPSec key (PSK) when creating VPN

Posted by GitBox <gi...@apache.org>.

blueorangutan commented on pull request #5668:
URL: https://github.com/apache/cloudstack/pull/5668#issuecomment-973062747


   <b>Trillian test result (tid-2558)</b>
   Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
   Total time taken: 30275 seconds
   Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr5668-t2558-kvm-centos7.zip
   Smoke tests completed. 91 look OK, 0 have errors
   Only failed tests results shown below:
   
   
   Test | Result | Time (s) | Test File
   --- | --- | --- | ---
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] GutoVeronezi commented on pull request #5668: Allow large IPSec key (PSK) when creating VPN

Posted by GitBox <gi...@apache.org>.

GutoVeronezi commented on pull request #5668:
URL: https://github.com/apache/cloudstack/pull/5668#issuecomment-963555052


   @blueorangutan package


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] rhtyd merged pull request #5668: Allow large IPSec key (PSK) when creating VPN

Posted by GitBox <gi...@apache.org>.

rhtyd merged pull request #5668:
URL: https://github.com/apache/cloudstack/pull/5668


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] blueorangutan commented on pull request #5668: Allow large IPSec key (PSK) when creating VPN

Posted by GitBox <gi...@apache.org>.

blueorangutan commented on pull request #5668:
URL: https://github.com/apache/cloudstack/pull/5668#issuecomment-971770367


   @GutoVeronezi a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] GutoVeronezi commented on a change in pull request #5668: Allow large IPSec key (PSK) when creating VPN

Posted by GitBox <gi...@apache.org>.

GutoVeronezi commented on a change in pull request #5668:
URL: https://github.com/apache/cloudstack/pull/5668#discussion_r745076141



##########
File path: engine/schema/src/main/resources/META-INF/db/schema-41600to41610.sql
##########
@@ -0,0 +1,23 @@
+-- Licensed to the Apache Software Foundation (ASF) under one
+-- or more contributor license agreements.  See the NOTICE file
+-- distributed with this work for additional information
+-- regarding copyright ownership.  The ASF licenses this file
+-- to you under the Apache License, Version 2.0 (the
+-- "License"); you may not use this file except in compliance
+-- with the License.  You may obtain a copy of the License at
+--
+--   http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing,
+-- software distributed under the License is distributed on an
+-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+-- KIND, either express or implied.  See the License for the
+-- specific language governing permissions and limitations
+-- under the License.
+
+--;
+-- Schema upgrade from 4.16.0.0 to 4.16.1.0
+--;
+
+-- Change the type of the 'ipsec_psk' field to allow large PSK.

Review comment:
       CLGTM,
   
   Just one point to raise, I think it would be good to inform the PR number here.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] blueorangutan commented on pull request #5668: Allow large IPSec key (PSK) when creating VPN

Posted by GitBox <gi...@apache.org>.

blueorangutan commented on pull request #5668:
URL: https://github.com/apache/cloudstack/pull/5668#issuecomment-963555219


   @GutoVeronezi a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] blueorangutan commented on pull request #5668: Allow large IPSec key (PSK) when creating VPN

Posted by GitBox <gi...@apache.org>.

blueorangutan commented on pull request #5668:
URL: https://github.com/apache/cloudstack/pull/5668#issuecomment-968738468


   @rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] rhtyd commented on pull request #5668: Allow large IPSec key (PSK) when creating VPN

Posted by GitBox <gi...@apache.org>.

rhtyd commented on pull request #5668:
URL: https://github.com/apache/cloudstack/pull/5668#issuecomment-968737494


   LGTM
   @blueorangutan package
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] GutoVeronezi commented on pull request #5668: Allow large IPSec key (PSK) when creating VPN

Posted by GitBox <gi...@apache.org>.

GutoVeronezi commented on pull request #5668:
URL: https://github.com/apache/cloudstack/pull/5668#issuecomment-971769226


   @blueorangutan package
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] joseflauzino commented on a change in pull request #5668: Allow large IPSec key (PSK) when creating VPN

Posted by GitBox <gi...@apache.org>.

joseflauzino commented on a change in pull request #5668:
URL: https://github.com/apache/cloudstack/pull/5668#discussion_r745527316



##########
File path: engine/schema/src/main/resources/META-INF/db/schema-41600to41610.sql
##########
@@ -0,0 +1,23 @@
+-- Licensed to the Apache Software Foundation (ASF) under one
+-- or more contributor license agreements.  See the NOTICE file
+-- distributed with this work for additional information
+-- regarding copyright ownership.  The ASF licenses this file
+-- to you under the Apache License, Version 2.0 (the
+-- "License"); you may not use this file except in compliance
+-- with the License.  You may obtain a copy of the License at
+--
+--   http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing,
+-- software distributed under the License is distributed on an
+-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+-- KIND, either express or implied.  See the License for the
+-- specific language governing permissions and limitations
+-- under the License.
+
+--;
+-- Schema upgrade from 4.16.0.0 to 4.16.1.0
+--;
+
+-- Change the type of the 'ipsec_psk' field to allow large PSK.

Review comment:
       Done.
   Thanks for the suggestion @GutoVeronezi 
   




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] blueorangutan commented on pull request #5668: Allow large IPSec key (PSK) when creating VPN

Posted by GitBox <gi...@apache.org>.

blueorangutan commented on pull request #5668:
URL: https://github.com/apache/cloudstack/pull/5668#issuecomment-971805875


   Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 1720


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org