apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity
10,110 Commits 304 Branches 324 Tags
Commit Graph

81 Commits

Author SHA1 Message Date
Naredula Janardhana Reddy
6aa0560d37 bug 12917: security groups - icmp type/code validations. 2012-01-06 19:33:07 +05:30
Chiradeep Vittal
5aba3913bb bug 12854: arp requests can also be used to poison arp caches 2012-01-05 18:01:19 -08:00
Chiradeep Vittal
f138d15efb bug 12854: arp and ip antispoof independent of the order of vm start 2012-01-05 18:01:10 -08:00
Chiradeep Vittal
24894e2354 bug 11302: dont allow stuff like BPDUS, don't allow vms to connect to hypervisor 2011-12-29 17:35:24 -08:00
Chiradeep Vittal
4718f194ef bug 12772: typo 2011-12-29 16:01:41 -08:00
Chiradeep Vittal
a51ee064ee bug 11302: more efficient caching of keyword 2011-12-29 16:01:41 -08:00
Chiradeep Vittal
c05903b2d0 bug 11302: support new CSP for SP2. 
conditional check : --match-set vs --set
forgot to merge this in from 2.2.y
 2011-12-29 16:01:40 -08:00
frank
363aea4aee Bug 12731 - Ebtable rules are blocking all traffic going out of VMs in basic zone 
status 12731: resolved fixed

reviewed-by: edison
 2011-12-22 15:04:15 -08:00
anthony
61eab674d2 bug 12328: XenServer 6.0 changes vnc-port path in xenstore 
status 12328: resolved fixed
 2011-12-21 12:00:27 -08:00
Chiradeep Vittal
2278477737 add stronger security to defend against attacks originating in the vm 2011-12-19 10:56:52 -08:00
Chiradeep Vittal
5393a44c56 bug 12290: improve antispoofing lgic 
handle reboot within vm correctly
iptables -S missing in csp
 2011-12-19 10:56:52 -08:00
Naredula Janardhana Reddy
0c1e21ab80 bug 10617: vmops related changes. 2011-12-01 19:32:57 +05:30
Naredula Janardhana Reddy
09905b641b bug 10617: merge code from branch bug10617. 2011-12-01 14:17:52 +05:30
Naredula Janardhana Reddy
f1b99f4f07 Revert "bug 10617: merging code from branch bug10617" 
This reverts commit 8bc33448b9220534ba0ddc6c642ffb1e69d5844e.

Conflicts:

	server/src/com/cloud/api/ApiResponseHelper.java
 2011-11-11 20:23:26 +05:30
Naredula Janardhana Reddy
02adbd4bd3 bug 10617: merging code from branch bug10617 2011-11-10 15:23:48 +05:30
Chiradeep Vittal
1c5adc7714 bug 11336: compression to allow number of cidrs to scale beyond 8k 2011-10-06 17:56:59 -07:00
Chiradeep Vittal
1b3372e1de bug 11625: separate out error paths to enable fine grained error handling and cleanup 
status 11625: resolved fixed
 2011-10-06 17:55:29 -07:00
Chiradeep Vittal
61fa7d8675 bug 11420: reduce duration of disruption 2011-10-06 17:55:21 -07:00
Sheng Yang
89e45bd671 bug 11130: Add GetDomRVersionCmd 2011-09-29 14:50:11 -07:00
Sheng Yang
3549067d55 bug 11307: Add BumpUpPriorityCommand 2011-09-14 16:22:19 -07:00
Chiradeep Vittal
fae5e84699 if the xenserver host cannot do bridge firewalling do not attempt to retry the security rule updat 
change some logs to debug level
 2011-09-12 18:20:24 -07:00
Chiradeep Vittal
65fb83035f Enable monitoring over JMX 
Add the ability to disable some vms from being scheduled

Add ability to trigger ruleset updates from JMX

added a few more dangerous JMX operations
 2011-09-12 18:20:24 -07:00
Chiradeep Vittal
0aeb45fafc if sequence number increases but signature does not change, do not reprogram, but rewrite the rule log 2011-09-12 18:20:23 -07:00
Chiradeep Vittal
53970c89dc Revert "bug 10617: blocking between security groups for egress rules fixed." 
revert pending review

This reverts commit 7d30dfd79e3c4b01492f606333c26e36bcdc5d13.
 2011-09-12 14:45:58 -07:00
Chiradeep Vittal
e216686029 Revert "bug 10617: Intermediate checking" 
revert pending review

This reverts commit 561b27565512d438db3d8896df6f97b644b0b498.
 2011-09-12 14:45:58 -07:00
Naredula Janardhana Reddy
f9b0962ad9 bug 10617: Intermediate checking 
Changes :
         - Fixing API doc +response name + errorMessage
         - Adding seperate events to Egress rules
         - Egress rules Using the same database table as that of ingress with new column type.

   Pending Tasks:
         - db upgrade
         - database table rename from security_ingress_rule to generic name, renaming some of the jave class from ingress to generic name.
         - Retesting on kvm
 2011-09-09 18:14:19 +05:30
Naredula Janardhana Reddy
10d2ca8d0a bug 10617: blocking between security groups for egress rules fixed. 2011-09-02 16:17:08 +05:30
Edison Su
7621dea575 Fix the regression on security group cleanup: 
In pre-2.2.10, the cleanup doens't work at all.
In 2.2.10, it works but make a mistake to delete all the rules for vmname ending with "-untagged"
 2011-08-31 10:45:52 -07:00
alena
8a7feb8ec1 Merge branch '2.2.y' 
Conflicts:
	agent/src/com/cloud/agent/resource/computing/LibvirtComputingResource.java
	api/src/com/cloud/agent/api/routing/LoadBalancerConfigCommand.java
	api/src/com/cloud/agent/api/to/FirewallRuleTO.java
	api/src/com/cloud/agent/api/to/IpAddressTO.java
	api/src/com/cloud/agent/api/to/PortForwardingRuleTO.java
	api/src/com/cloud/api/ApiConstants.java
	api/src/com/cloud/api/BaseCmd.java
	api/src/com/cloud/api/ResponseGenerator.java
	api/src/com/cloud/api/commands/CreateFirewallRuleCmd.java
	api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java
	api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java
	api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java
	api/src/com/cloud/api/commands/DeleteLoadBalancerRuleCmd.java
	api/src/com/cloud/api/commands/ListCapabilitiesCmd.java
	api/src/com/cloud/api/commands/UpdateNetworkCmd.java
	api/src/com/cloud/api/response/CapabilitiesResponse.java
	api/src/com/cloud/network/Network.java
	api/src/com/cloud/network/NetworkService.java
	api/src/com/cloud/network/firewall/FirewallService.java
	api/src/com/cloud/network/lb/LoadBalancingRule.java
	api/src/com/cloud/network/lb/LoadBalancingRulesService.java
	api/src/com/cloud/network/rules/FirewallRule.java
	api/src/com/cloud/network/rules/RulesService.java
	api/src/com/cloud/offering/NetworkOffering.java
	client/tomcatconf/commands.properties.in
	cloud.spec
	core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java
	core/src/com/cloud/hypervisor/xen/resource/CitrixHelper.java
	core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
	core/src/com/cloud/storage/template/DownloadManagerImpl.java
	core/src/com/cloud/vm/DomainRouterVO.java
	debian/cloud-deps.install
	patches/systemvm/debian/config/etc/init.d/cloud-early-config
	patches/systemvm/debian/config/root/ipassoc.sh
	patches/systemvm/debian/config/root/loadbalancer.sh
	scripts/vm/hypervisor/kvm/rundomrpre.sh
	scripts/vm/hypervisor/xenserver/vmops
	server/src/com/cloud/agent/manager/AgentAttache.java
	server/src/com/cloud/agent/manager/AgentManagerImpl.java
	server/src/com/cloud/agent/manager/AgentMonitor.java
	server/src/com/cloud/agent/manager/ClusteredAgentManagerImpl.java
	server/src/com/cloud/alert/ClusterAlertAdapter.java
	server/src/com/cloud/api/ApiResponseHelper.java
	server/src/com/cloud/api/ApiServer.java
	server/src/com/cloud/cluster/ClusterManagerImpl.java
	server/src/com/cloud/configuration/Config.java
	server/src/com/cloud/configuration/ConfigurationManager.java
	server/src/com/cloud/configuration/ConfigurationManagerImpl.java
	server/src/com/cloud/configuration/DefaultComponentLibrary.java
	server/src/com/cloud/deploy/FirstFitPlanner.java
	server/src/com/cloud/ha/HighAvailabilityManagerImpl.java
	server/src/com/cloud/host/dao/HostDaoImpl.java
	server/src/com/cloud/hypervisor/xen/discoverer/XcpServerDiscoverer.java
	server/src/com/cloud/network/LoadBalancerVO.java
	server/src/com/cloud/network/NetworkManager.java
	server/src/com/cloud/network/NetworkManagerImpl.java
	server/src/com/cloud/network/dao/FirewallRulesDao.java
	server/src/com/cloud/network/dao/FirewallRulesDaoImpl.java
	server/src/com/cloud/network/element/DhcpElement.java
	server/src/com/cloud/network/element/VirtualRouterElement.java
	server/src/com/cloud/network/firewall/FirewallManagerImpl.java
	server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
	server/src/com/cloud/network/router/VirtualNetworkApplianceManager.java
	server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
	server/src/com/cloud/network/rules/FirewallManager.java
	server/src/com/cloud/network/rules/FirewallRuleVO.java
	server/src/com/cloud/network/rules/PortForwardingRuleVO.java
	server/src/com/cloud/network/rules/RulesManagerImpl.java
	server/src/com/cloud/network/rules/StaticNatRuleImpl.java
	server/src/com/cloud/network/security/SecurityGroupListener.java
	server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
	server/src/com/cloud/offerings/NetworkOfferingVO.java
	server/src/com/cloud/server/ConfigurationServerImpl.java
	server/src/com/cloud/server/ManagementServerImpl.java
	server/src/com/cloud/storage/StorageManager.java
	server/src/com/cloud/storage/StorageManagerImpl.java
	server/src/com/cloud/storage/dao/VMTemplateHostDaoImpl.java
	server/src/com/cloud/storage/download/DownloadMonitorImpl.java
	server/src/com/cloud/upgrade/DatabaseUpgradeChecker.java
	server/src/com/cloud/upgrade/dao/Upgrade228to229.java
	server/src/com/cloud/upgrade/dao/Upgrade229to2210.java
	server/src/com/cloud/user/AccountManagerImpl.java
	server/src/com/cloud/vm/UserVmManagerImpl.java
	server/src/com/cloud/vm/VirtualMachineManagerImpl.java
	server/src/com/cloud/vm/dao/DomainRouterDao.java
	server/src/com/cloud/vm/dao/DomainRouterDaoImpl.java
	setup/db/create-index-fk.sql
	setup/db/create-schema.sql
	setup/db/db/schema-222to224.sql
	setup/db/db/schema-227to228.sql
	setup/db/db/schema-228to229.sql
	setup/db/db/schema-229to2210.sql
	tools/testClient/README
	ui/scripts/cloud.core.instance.js
	utils/src/com/cloud/utils/SerialVersionUID.java
	utils/src/com/cloud/utils/db/ConnectionConcierge.java
	utils/src/com/cloud/utils/db/Merovingian2.java
	utils/src/com/cloud/utils/db/Transaction.java
	utils/src/com/cloud/utils/nio/Link.java
	utils/src/com/cloud/utils/nio/NioConnection.java
	utils/src/com/cloud/utils/time/InaccurateClock.java
 2011-08-22 20:28:30 -07:00
Naredula Janardhana Reddy
4369b0ba96 bug 1067: 
- covered basic impelementation for xen, need to test corner cases.
      - Not implemneted: kvm, vmware , listing of egress rules.
 2011-08-19 11:10:16 +05:30
Chiradeep Vittal
8277584b8a merge ELB / nectarine branch 2011-08-08 15:20:56 -07:00
Chiradeep Vittal
736b6cf98e properly clean up rules for nonexistent vms 2011-08-04 22:58:42 -07:00
Chiradeep Vittal
0c408d8da5 handle elb vm restart 2011-08-04 22:05:48 -07:00
alena
8d47c53735 Revert "bug 10435: removed vpn feature" 
This reverts commit ea9e1b5d138950e8de49fce7ffdbb12a1c72c560.

Conflicts:

	api/src/com/cloud/api/ResponseGenerator.java
	scripts/vm/hypervisor/xenserver/vmops
	server/src/com/cloud/configuration/Config.java
	server/src/com/cloud/network/router/VirtualNetworkApplianceManager.java
	server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
 2011-08-02 18:12:57 -07:00
Chiradeep Vittal
29c88787e1 from eip feature: 
1. fix ordering of ingress and egress rules so that vms are protected from other vms on the same host in all cases
2. remove dependency on cloud-guest
 2011-07-28 16:08:51 -07:00
Sheng Yang
44d4113ae6 bug 10429: backport redundant router 
Part 2

commit 797839360c65cd348d2eb20630521177ab0919de
    bug 9154: redundant virtual router

commit 8ff7f230204d4d3a7a4adee75523a9a84f4276fe
    bug 9154: Replace domain_router.is_master with domain_router.redundant_state in DB

commit 230b99e9e0b152648f1dd2a5eab6f22315b8e7b4
    bug 9154: Add redundant state to DomainRouterResponse

commit ccefb5ff5e83d713798a347c99bce1a0d04b4317
    bug 9154: Add router fault state report

commit 7a3090378f9785caecf741b70554f6ea17c41764
    bug 9154: Send alert if found two virtual routers in master state

commit 66831056e4bf27665871bccd24e6159071564847
    bug 9154: Code clean up

commit bf3f58a85741fa7118bd848a42d8b21baa4478d4
    bug 9154: Add isRedundantRouter to DomainRouterResponse
 2011-07-18 18:30:02 -07:00
Chiradeep Vittal
7d95efb7c6 fix ipset problem introduced by 58e92bbe84c2a61ef72913dcb4a88cd761c89604 2011-07-10 12:44:15 -07:00
Edison Su
81475c256b fix user/meta data: if data is empty, return a blank file, not 404 2011-07-08 13:50:27 -07:00
Edison Su
56bc4f27a9 fix user/meta data: if data is empty, return a blank file, not 404 2011-07-01 12:58:14 -07:00
alena
74f34a0e0c bug 10435: removed vpn feature 
status 10435: resolved fixed
 2011-06-24 09:18:46 -07:00
Sheng Yang
a492c07e4c bug 9154: redundant virtual router 
Add CheckRouterCommand for XenServer

Now VMware/Xen/KVM all support redundant virtual router.
 2011-06-14 15:45:29 -07:00
alena
c2afcdec52 bug 9873: always add default security group to the SG list when deploy vm in 1) Basic zone 2) Advance zone using SG enabled network 
status 9873: resolved fixed

Following fixes were made as a part of the checkin:

* When deploy user vm and SG doesn't exist in the DB, create it automatically.
* SecurityGroup enabled use vm start: if map to default group is not present in security_group_vm_map table, create one.
* Added "name" (securityGroupName) parameter back to deleteSecurityGroup/authorizeSecurityGroupIngress/deployVm. Mutually exclusive with security group id parameter.

Conflicts:

	api/src/com/cloud/api/commands/AuthorizeSecurityGroupIngressCmd.java
	api/src/com/cloud/api/commands/DeleteSecurityGroupCmd.java
	api/src/com/cloud/api/commands/DeployVMCmd.java
	server/src/com/cloud/api/ApiDBUtils.java
	server/src/com/cloud/vm/UserVmManagerImpl.java
 2011-05-17 15:08:13 -07:00
Chiradeep Vittal
46e40cab3f ebtables not programmed in some cases 2011-05-13 14:41:37 -07:00
Chiradeep Vittal
4ab68bd44a bug 9689: handle old style vm names 2011-05-04 14:21:49 -07:00
Chiradeep Vittal
aecd64e51c bug 9092: consistent naming 2011-05-04 14:21:49 -07:00
anthony
054f6b0199 bug 9472: when get vnc port for a vm, check if the port is really used by this vm for security 
status 9472: resolved fixed
 2011-04-15 12:47:12 -07:00
anthony
44678b60bc add VERSION into to scripts 2011-03-23 14:54:31 -07:00
Chiradeep Vittal
697b4f60db bug 8380: use instance name status 8380: resolved fixed 2011-03-01 14:07:30 -08:00
Chiradeep Vittal
4f1342a4dd bug 8380: default chains weren't getting deleted 2011-02-04 12:04:53 -08:00
Chiradeep Vittal
58e92bbe84 bug 8347: skip ebtables if kernel doesn't support it 2011-02-03 11:57:31 -08:00