The authenticators now have an encode function that cloudstack will use to encode the user supplied password before storing it in the database. This makes it easier to add other authenticators with other hashing algorithms. The requires a two step approach to creating the admin account at first start as the authenticators are only present in the management-server component locator.
The SHA256 salted authenticator make use of this new system and adds a hashing algorithm based on SHA256 with a salt. This type of hash is far less susceptible to rainbow table attacks.
To make use of these new features the users password will be sent over the wire just as he typed it and it will be transformed into a hash on the server and compared with the stored password. This means that the hash will not go over the wire anymore.
The default authenticator in components.xml is still set to md5 for backwards compatibility. For new installations the sha256 could be enabled.
Detail: There was a regression in functionality introduced by
915babd970a9b4f209deceb3c4973b7d1c9c0c12 where the public
bridge could not also be the private bridge. This had several
additional consequences, this patch should revert the behavior
back while keeping the functionality enhancements introduced by that
commit.
BUG-ID : NONE
Reviewed-by: Dave Cahill
Reported-by: Dave Cahill via cloudstack-dev
Signed-off-by: Marcus Sorensen <shadowsor@gmail.com> 1351574006 -0600
called.
VifDriver.unplug must be called in MigrateCommand which hooks VM
migration in source host, because plug will be called in
PrepareForMigration in destination host. But that operation is missing
in current LibvirtComputingResources.
Signed-off-by: Edison Su <sudison@gmail.com>
On kvm computing host, vifdriver.unplug will always fails (throws
LibvirtException) and network cleanup will not be called. This was
because the code first undefine the computing domain, and then tries to
query the destroyed machine definition to fetch NIC information. IMHO,
kvm plugin code rounds LibvirtException too much.
Signed-off-by: Edison Su <sudison@gmail.com>
The vmware modules should be listed as provided so they are never
packaged. However this also means that you have to put them in the
web-inf/lib directory by hand.
Set the version of the api in the central pom for easy reference.
Add wsdl4j as a runtime requirement. It is actually required by the
vmware implementation but it is easier to list it as a requirements for
the component here as vmware is not in any maven repo
put the dependency on vim back in the dependencies. It is not required
for compile, but is required as runtime by apputils.
vmware-lib-jaxrpc is now provided by axis-jaxrpc-1.4.jar, the former is
the same as latter (bit by bit) and only difference is the file name.
- Fix dependency in vmware-base's pom.xml
- Fix dependency in hypervisor-plugin-vmware's pom.xml
- Fix install-non-oss.sh by reverting commit:
2e6ddc6c36f4ce79e67ad223647071bccfc41c52.
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
This commit merges the nicira-l3support branch with master. This
effectively adds nicira nvp l3 support to master. The NiciraNVP Provider
can support the following services with this modification: Connectivity,
SourceNat, StaticNat and PortForwarding
Testing done:
Create, Delete network offerings with Nicira Element
Use Gui to add, modify, remove Nicira Element and Provider
Provision, deprovision SourceNat networks
Provision, deprovision Portforwarding and StaticNat rules
Tested with Nicira NVP release 2.1.0, 2.2.0 and 2.2.1 (2.2.x recommended)
Since only the cephx user like 'admin' was passed we couldn't define two RBD storage pools
using the cephx user admin, even if they were running on different Ceph clusters.
By adding the monitor hostname and poolname to the secret's usage (which we don't even use) it becomes
unique.
Fixes the hard coded path in the vmware plugin.
The systemvm.iso file would copy the script only to /opt/cloud/bin.
Same is the path used for vpc_netusage.sh
Signed-off-by: Rohit Yadav <rohit.yadav@citrix.com>
work)
Cloudstack seems to let you create guest traffic types on multiple
physical networks. However, when I try this with KVM I end up always
bridging to whatever device is used for guest.network.device. This pulls
the traffic label (NicTO.getName()) and uses that bridge to ensure that
we get on the correct physical network, rather than just always using
the guest.network.device.
This also changes the bridge naming scheme from cloudVirBr + vlanid to
br + physicalinterface + "-" + vlanid. This is because we should be able
to support the same vlan numbers per physical network, and the previous
bridge name would not support this and collide.
Signed-off-by: Edison Su <sudison@gmail.com>
create
The code is unable to detect an existing pool, because we use a random
UUID each time. New Libvirt doesn't allow multiple pools to be defined
to the same storage. This patch generates a UUID based on the storage
path, so that it can be detected as existing and reused. It also cleans
up no-op code and adjusts the naming of a few things to clean up any
confusion.
Signed-off-by: Edison Su <sudison@gmail.com>
Since /root is r-x permissions, Java fails to mkdir /root/.ssh (even
though the agent is running as root) because it looks for the writable
permission. This patch modifies the 'chmod 700 /root/.ssh' shell command
that we already use into 'mkdir -m 700 /root/.ssh', to be able to create
the directory as root even though write permissions are not set on
/root. This seemed cleaner/safer than adding writable to /root.
Signed-off-by: Edison Su <sudison@gmail.com>
