cloudstack

apache/cloudstack

Fork 0

mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00

Commit Graph

Author	SHA1	Message	Date
Rohit Yadav	facc5945f0	CLOUDSTACK-10193: Fix smoke tests failures with new systemvmtemplate - Several systemvmtemplate optimizations - Uses new macchinina template for running smoke tests - Switch to latest Debian 9.3.0 release for systemvmtemplate - Introduce a new `get_test_template` that uses tiny test template such as macchinina as defined test_data.py - rVR related fixes and improvements Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>	2017-12-23 09:22:44 +05:30
Rohit Yadav	bb965649d9	CLOUDSTACK-10013: Debian9 SystemVM appliance improvements - Refactor cloud-early-config and make appliance specific scripts - Make patching work without requiring restart of appliance and remove postinit script - Migrate to systemd, speedup booting/loading - Takes about 5-15s to boot on KVM, and 10-30seconds for VMware and XenServer - Appliance boots and works on KVM, VMware, XenServer and HyperV - Update Debian9 ISO url with sha512 checksum - Speedup console proxy service launch - Enable additional kernel modules - Remove unknown ssh key - Update vhd-util URL as previous URL was down - Enable sshd by default - Use hostnamectl to add hostname - Disable services by default - Use existing log4j xml, patching not necessary by cloud-early-config - Several minor fixes and file refactorings, removed dead code/files - Removes inserv - Fix dnsmasq config syntax - Fix haproxy config syntax - Fix smoke tests and improve performance - Fix apache pid file path in cloud.monitoring per the new template Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>	2017-12-23 09:22:44 +05:30
Rohit Yadav	14504dc7e3	CLOUDSTACK-6432: Prevent DNS reflection attacks DNS on VR should not be publically accessible as it may be prone to DNS amplification/reflection attacks. This fixes the issue by only allowing VR DNS (port 53) to be accessible from guest network cidr, as per the fix in: https://issues.apache.org/jira/browse/CLOUDSTACK-6432 - Only allows guest network cidrs to query VR DNS on port 53. - Includes marvin smoke test that checks the VR DNS accessibility checks from guest and non-guest network. - Fixes Marvin sshClient to avoid using ssh agent when password is provided, previous some environments may have seen 'No existing session' exception without this fix. - Adds a new dnspython dependency that is used to perform dns resolutions in the tests. Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>	2016-08-30 22:39:33 +05:30

Author

SHA1

Message

Date

Rohit Yadav

facc5945f0

CLOUDSTACK-10193: Fix smoke tests failures with new systemvmtemplate

- Several systemvmtemplate optimizations
- Uses new macchinina template for running smoke tests
- Switch to latest Debian 9.3.0 release for systemvmtemplate
- Introduce a new `get_test_template` that uses tiny test template
  such as macchinina as defined test_data.py
- rVR related fixes and improvements

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>

2017-12-23 09:22:44 +05:30

Rohit Yadav

bb965649d9

CLOUDSTACK-10013: Debian9 SystemVM appliance improvements

- Refactor cloud-early-config and make appliance specific scripts
- Make patching work without requiring restart of appliance and remove
  postinit script
- Migrate to systemd, speedup booting/loading
- Takes about 5-15s to boot on KVM, and 10-30seconds for VMware and XenServer
- Appliance boots and works on KVM, VMware, XenServer and HyperV
- Update Debian9 ISO url with sha512 checksum
- Speedup console proxy service launch
- Enable additional kernel modules
- Remove unknown ssh key
- Update vhd-util URL as previous URL was down
- Enable sshd by default
- Use hostnamectl to add hostname
- Disable services by default
- Use existing log4j xml, patching not necessary by cloud-early-config
- Several minor fixes and file refactorings, removed dead code/files
- Removes inserv
- Fix dnsmasq config syntax
- Fix haproxy config syntax
- Fix smoke tests and improve performance
- Fix apache pid file path in cloud.monitoring per the new template

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>

2017-12-23 09:22:44 +05:30

Rohit Yadav

14504dc7e3

CLOUDSTACK-6432: Prevent DNS reflection attacks

DNS on VR should not be publically accessible as it may be prone to DNS
amplification/reflection attacks. This fixes the issue by only allowing VR
DNS (port 53) to be accessible from guest network cidr, as per the fix in:
https://issues.apache.org/jira/browse/CLOUDSTACK-6432

- Only allows guest network cidrs to query VR DNS on port 53.
- Includes marvin smoke test that checks the VR DNS accessibility checks from
  guest and non-guest network.
- Fixes Marvin sshClient to avoid using ssh agent when password is provided,
  previous some environments may have seen 'No existing session' exception without
  this fix.
- Adds a new dnspython dependency that is used to perform dns resolutions in the
  tests.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>

2016-08-30 22:39:33 +05:30

3 Commits