diff --git a/framework/jobs/src/main/java/org/apache/cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java b/framework/jobs/src/main/java/org/apache/cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java index b85780508f8..cb04d22d9e0 100644 --- a/framework/jobs/src/main/java/org/apache/cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java +++ b/framework/jobs/src/main/java/org/apache/cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java @@ -104,6 +104,7 @@ public class AsyncJobManagerImpl extends ManagerBase implements AsyncJobManager, private static final ConfigKey VmJobLockTimeout = new ConfigKey("Advanced", Integer.class, "vm.job.lock.timeout", "1800", "Time in seconds to wait in acquiring lock to submit a vm worker job", false); + private static final ConfigKey HidePassword = new ConfigKey("Advanced", Boolean.class, "log.hide.password", "true", "If set to true, the password is hidden", true, ConfigKey.Scope.Global); private static final Logger s_logger = Logger.getLogger(AsyncJobManagerImpl.class); @@ -159,7 +160,7 @@ public class AsyncJobManagerImpl extends ManagerBase implements AsyncJobManager, @Override public ConfigKey[] getConfigKeys() { - return new ConfigKey[] {JobExpireMinutes, JobCancelThresholdMinutes, VmJobLockTimeout}; + return new ConfigKey[] {JobExpireMinutes, JobCancelThresholdMinutes, VmJobLockTimeout, HidePassword}; } @Override @@ -255,9 +256,11 @@ public class AsyncJobManagerImpl extends ManagerBase implements AsyncJobManager, @DB public void completeAsyncJob(final long jobId, final Status jobStatus, final int resultCode, final String resultObject) { if (s_logger.isDebugEnabled()) { - s_logger.debug("Complete async job-" + jobId + ", jobStatus: " + jobStatus + ", resultCode: " + resultCode + ", result: " + resultObject); + String resultObj = obfuscatePassword(resultObject, HidePassword.value()); + s_logger.debug("Complete async job-" + jobId + ", jobStatus: " + jobStatus + ", resultCode: " + resultCode + ", result: " + resultObj); } + final AsyncJobVO job = _jobDao.findById(jobId); if (job == null) { if (s_logger.isDebugEnabled()) { @@ -460,6 +463,20 @@ public class AsyncJobManagerImpl extends ManagerBase implements AsyncJobManager, return job; } + private String obfuscatePassword(String result, boolean hidePassword) { + if (hidePassword) { + String pattern = "\"password\":"; + if (result != null) { + if (result.contains(pattern)) { + String[] resp = result.split(pattern); + String psswd = resp[1].toString().split(",")[0]; + result = resp[0] + pattern + psswd.replace(psswd.substring(2, psswd.length() - 1), "*****") + "," + resp[1].split(",", 2)[1]; + } + } + } + return result; + } + private void scheduleExecution(final AsyncJobVO job) { scheduleExecution(job, false); } diff --git a/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtDeleteVMSnapshotCommandWrapper.java b/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtDeleteVMSnapshotCommandWrapper.java index 9efec950af3..a0faa37ac12 100644 --- a/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtDeleteVMSnapshotCommandWrapper.java +++ b/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtDeleteVMSnapshotCommandWrapper.java @@ -24,6 +24,7 @@ import org.apache.cloudstack.storage.to.VolumeObjectTO; import org.apache.log4j.Logger; import org.libvirt.Connect; import org.libvirt.Domain; +import org.libvirt.DomainInfo.DomainState; import org.libvirt.DomainSnapshot; import org.libvirt.LibvirtException; @@ -58,6 +59,9 @@ public final class LibvirtDeleteVMSnapshotCommandWrapper extends CommandWrapper< snapshot = dm.snapshotLookupByName(cmd.getTarget().getSnapshotName()); + s_logger.debug("Suspending domain " + vmName); + dm.suspend(); // suspend the vm to avoid image corruption + snapshot.delete(0); // only remove this snapshot, not children return new DeleteVMSnapshotAnswer(cmd, cmd.getVolumeTOs()); @@ -100,6 +104,10 @@ public final class LibvirtDeleteVMSnapshotCommandWrapper extends CommandWrapper< } finally { if (dm != null) { try { + if (dm.getInfo().state == DomainState.VIR_DOMAIN_PAUSED) { + s_logger.debug("Resuming domain " + vmName); + dm.resume(); + } dm.free(); } catch (LibvirtException l) { s_logger.trace("Ignoring libvirt error.", l); diff --git a/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManager.java b/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManager.java index eba23f3fe3d..6edbb4400b1 100644 --- a/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManager.java +++ b/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManager.java @@ -71,6 +71,8 @@ public interface VirtualNetworkApplianceManager extends Manager, VirtualNetworkA "If true, router minimum required version is checked before sending command", false); static final ConfigKey UseExternalDnsServers = new ConfigKey(Boolean.class, "use.external.dns", "Advanced", "false", "Bypass internal dns, use external dns1 and dns2", true, ConfigKey.Scope.Zone, null); + static final ConfigKey ExposeDnsAndBootpServer = new ConfigKey(Boolean.class, "expose.dns.externally", "Advanced", "true", + "open dns, dhcp and bootp on the public interface", true, ConfigKey.Scope.Zone, null); // Health checks static final ConfigKey RouterHealthChecksEnabled = new ConfigKey(Boolean.class, "router.health.checks.enabled", "Advanced", "true", diff --git a/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java index 8f1f70bcf2b..c895307b95e 100644 --- a/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java +++ b/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java @@ -2125,6 +2125,10 @@ Configurable, StateListener acntq = QueryBuilder.create(UserVO.class); acntq.and(acntq.entity().getUsername(), SearchCriteria.Op.EQ, "baremetal-system-account"); @@ -3251,7 +3255,8 @@ Configurable, StateListener', methods=['GET']) def notify_provisioning_done(mac): try: + if not is_a_mac(mac): + raise "there is an issue with that '%s'. Not a mac?" % mac return server.notify_provisioning_done(mac) except: logger.warn(traceback.format_exc()) return '' +def is_a_mac(mac): + if re.match("[0-9a-f]{2}([-:]?)[0-9a-f]{2}(\\1[0-9a-f]{2}){4}$", mac.lower()): + return True + else: + return False if __name__ == '__main__': server = Server() diff --git a/systemvm/debian/opt/cloud/bin/cs/CsAddress.py b/systemvm/debian/opt/cloud/bin/cs/CsAddress.py index 3eca4a78b43..3340a5527cd 100755 --- a/systemvm/debian/opt/cloud/bin/cs/CsAddress.py +++ b/systemvm/debian/opt/cloud/bin/cs/CsAddress.py @@ -566,9 +566,12 @@ class CsIP: logging.error( "Not able to setup source-nat for a regular router yet") - if self.config.has_dns() or self.config.is_dhcp(): + if (self.config.has_dns() or self.config.is_dhcp()) and self.config.expose_dns(): + logging.info("Making dns publicly available") dns = CsDnsmasq(self) dns.add_firewall_rules() + else: + logging.info("Not making dns publicly available") if self.config.has_metadata(): app = CsApache(self) diff --git a/systemvm/debian/opt/cloud/bin/cs/CsConfig.py b/systemvm/debian/opt/cloud/bin/cs/CsConfig.py index e242a8fc32e..390f563c243 100755 --- a/systemvm/debian/opt/cloud/bin/cs/CsConfig.py +++ b/systemvm/debian/opt/cloud/bin/cs/CsConfig.py @@ -78,6 +78,9 @@ class CsConfig(object): def use_extdns(self): return self.cmdline().idata().get('useextdns', 'false') == 'true' + def expose_dns(self): + return self.cmdline().idata().get('exposedns', 'false') == 'true' + def get_dns(self): conf = self.cmdline().idata() dns = []