From 6025f25840e6e27b3088258a4e7f10b5230f4274 Mon Sep 17 00:00:00 2001
From: David Passante <david.passante@orange.com>
Date: Thu, 7 Jun 2018 21:56:42 +0200
Subject: [PATCH 1/3] Fixes #2685: broken SXM support (#2686)

---
 .../storage/motion/XenServerStorageMotionStrategy.java          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/hypervisors/xenserver/src/org/apache/cloudstack/storage/motion/XenServerStorageMotionStrategy.java b/plugins/hypervisors/xenserver/src/org/apache/cloudstack/storage/motion/XenServerStorageMotionStrategy.java
index 106fd9ea3fd..ee56f699bda 100644
--- a/plugins/hypervisors/xenserver/src/org/apache/cloudstack/storage/motion/XenServerStorageMotionStrategy.java
+++ b/plugins/hypervisors/xenserver/src/org/apache/cloudstack/storage/motion/XenServerStorageMotionStrategy.java
@@ -326,7 +326,7 @@ public class XenServerStorageMotionStrategy implements DataMotionStrategy {
                     volumeToStorageUuid.add(new Pair<>(volumeTo, iqn));
                 }
                 else {
-                    volumeToStorageUuid.add(new Pair<>(volumeTo, ((StoragePool)entry.getValue()).getPath()));
+                    volumeToStorageUuid.add(new Pair<>(volumeTo, ((StoragePool)entry.getValue()).getUuid()));
                 }
             }
 

From 779649f5ee7ed296c4ad8f2986bd89569bb4af18 Mon Sep 17 00:00:00 2001
From: Rohit Yadav <rohit@apache.org>
Date: Fri, 8 Jun 2018 13:07:34 +0530
Subject: [PATCH 2/3] agent: Avoid sudo, renew certificates assuming root
 (#2697)

In some environments running the keystore cert renewal (as root user)
over an already connected agent connection may cause exception
such as: `sudo: sorry, you must have a tty to run sudo`. Since, all
agents - KVM, CPVM and SSVM run as root user, we don't need to run
the renewal scripts with sudo.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
---
 agent/src/com/cloud/agent/Agent.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/agent/src/com/cloud/agent/Agent.java b/agent/src/com/cloud/agent/Agent.java
index 8a6c24b8ed4..67115e649a1 100644
--- a/agent/src/com/cloud/agent/Agent.java
+++ b/agent/src/com/cloud/agent/Agent.java
@@ -728,7 +728,7 @@ public class Agent implements HandlerFactory, IAgentControl {
             _shell.setPersistentProperty(null, KeyStoreUtils.KS_PASSPHRASE_PROPERTY, storedPassword);
         }
 
-        Script script = new Script(true, _keystoreSetupPath, 60000, s_logger);
+        Script script = new Script(_keystoreSetupPath, 60000, s_logger);
         script.add(agentFile.getAbsolutePath());
         script.add(keyStoreFile);
         script.add(storedPassword);
@@ -772,7 +772,7 @@ public class Agent implements HandlerFactory, IAgentControl {
             throw new CloudRuntimeException("Unable to save received agent client and ca certificates", e);
         }
 
-        Script script = new Script(true, _keystoreCertImportPath, 60000, s_logger);
+        Script script = new Script(_keystoreCertImportPath, 60000, s_logger);
         script.add(agentFile.getAbsolutePath());
         script.add(keyStoreFile);
         script.add(KeyStoreUtils.AGENT_MODE);

From a5856a6447b8704deaa79b5506fdd6c34f207c24 Mon Sep 17 00:00:00 2001
From: Nicolas Vazquez <nicovazquez90@gmail.com>
Date: Fri, 8 Jun 2018 04:43:25 -0300
Subject: [PATCH 3/3] network: allow advanced zones with security groups and
 VXLAN isolation type (#2693)

Not possible to deploy an Advanced zone with Security Groups, and VXLAN isolation method on KVM. Exception: "Unable to convert network offering with specified id to network profile" is logged.
---
 .../com/cloud/network/guru/DirectNetworkGuru.java   | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/server/src/com/cloud/network/guru/DirectNetworkGuru.java b/server/src/com/cloud/network/guru/DirectNetworkGuru.java
index c92bb45dfef..3edc8d217d1 100644
--- a/server/src/com/cloud/network/guru/DirectNetworkGuru.java
+++ b/server/src/com/cloud/network/guru/DirectNetworkGuru.java
@@ -133,9 +133,20 @@ public class DirectNetworkGuru extends AdapterBase implements NetworkGuru {
         return TrafficTypes;
     }
 
+    /**
+     * True for Advanced zones, with VXLAN isolation method and Security Groups enabled
+     */
+    private boolean isMyIsolationMethodVxlanWithSecurityGroups(NetworkOffering offering, DataCenter dc, PhysicalNetwork physnet) {
+        return dc.getNetworkType().equals(NetworkType.Advanced) &&
+                _networkModel.areServicesSupportedByNetworkOffering(offering.getId(), Service.SecurityGroup) &&
+                physnet.getIsolationMethods().contains("VXLAN");
+    }
+
     protected boolean canHandle(NetworkOffering offering, DataCenter dc, PhysicalNetwork physnet) {
         // this guru handles only Guest networks in Advance zone with source nat service disabled
-        if (dc.getNetworkType() == NetworkType.Advanced && isMyTrafficType(offering.getTrafficType()) && isMyIsolationMethod(physnet) && offering.getGuestType() == GuestType.Shared
+        boolean vxlanWithSecurityGroups = isMyIsolationMethodVxlanWithSecurityGroups(offering, dc, physnet);
+        if (dc.getNetworkType() == NetworkType.Advanced && isMyTrafficType(offering.getTrafficType()) &&
+                (isMyIsolationMethod(physnet) || vxlanWithSecurityGroups) && offering.getGuestType() == GuestType.Shared
                 && !_ntwkOfferingSrvcDao.isProviderForNetworkOffering(offering.getId(), Network.Provider.NuageVsp)
                 && !_ntwkOfferingSrvcDao.isProviderForNetworkOffering(offering.getId(), Network.Provider.NiciraNvp)) {
             return true;