Atomatic addition of Apache license header broke lots of mysql files
fix DB upgrade cleanup script not get executed issue.
add "#" as comment signature in ScriptRunner.java
Description:
Adding overloaded addProxyObject() function to CloudException
and RuntimeCloudException classes and using this function
to stuff exceptions with IDs, to reduce code footprint.
Description:
Adding a new class AnnotationHelper, that provides routines
to read annotations from a VO class.
Cloudstack does the mapping between cloudstack java VO objects
and the database tables using cglib. cglib creates proxy objects
as the maps between VO objects and the database. A VO (value
object) class is populated after querying from the MYSQL database.
Ideally, a getAnnotation() issued on a cglib proxy object should
get a list of all the annotations in all classes in the inheritence
chain. However, this functionality seems to be currently broken
in cglib. Hence, when querying for annotations given the object
of a VO class, we need to get to the corresponding VO class of that
cglib proxy class and issue a getAnnotation() on that class. To get
the VO class, we simply need to get the super class of the proxy
object. Also, we need to recurse to the root VO class in case the
VO class extends another VO class.
Note that the cache used by CS is ehcache.
Bug 13127: API error text refer to database ids instead of uuids
Code-Reviewers: Ewan Mellor, Kelven Yang
Description:
1. A new class CSExceptionErrorCode has been added to utils.
It contains a list of error codes for each type of
Exception class. Use fully qualified package paths for
Exceptions in CSExceptionErrorCode. We log any exception
name not found in the list of error codes for exceptions.
2. Whenever we throw an exception exobj anywhere in the
CS code, the CSErrorCode is set in the base class
constructor.
3. We add a new field csErrorCode in classes CloudException,
RuntimeCloudException, ExecutionException and
ExceptionResponse.
4. Two places in ApiServer.java were wrongly modified when
putting in changes for bug 13127 to not throw an exception.
This has been corrected in this commit.
Description:
Modify Exception handling to enable addition of multiple
uuids in a single exception thrown by API functions. Both
XML and JSON outputs will store all uuids and Fieldnames.
This will make it easier to provide more information when
an exception occurs - for example, a zone id, a cluster id,
host id, and then a specific property id.
Description:
Added a field name for the db id in the IdentityProxy class, and
modified setProxyObject() to take an additional id name parameter.
This will let us know the name of the uuid that we are returning.
E.g.- domainId, zoneId, etc. The client can view this field in
the json/xml output. Modified the JSON/XML serialization routines
to append this new parameter to the serialized output for Exception
Responses.
Description:
1) Added a setProxyObject() method to CloudException and RuntimeCloudException
2) Modified a bunch of throw exceptions in NetworkManagerImpl.java to call setProxyObject() before throwing an exception.
3) Changed scope of ProxyIdentity attribute to protected.
4) Added routines to ServerApiException to get/set IdentityProxy object, and
routine in RuntimeCloudException to get the Idproxy object.
5) Modified the exception handling around the dispatcher and handlerequest()
to copy over the IdentityProxy information before rethrowing an exception
eventually back to handle().
6) Removed duplicate IdentityProxy object in ServerApiException.
It was extending RuntimeCloudException which already had an
IdentityProxy object.
Description:
1) Moved RuntimeCloudException from api/ to utils/.
Added simple constructor to RuntimeCloudException.
Modified all classes that extended RuntimeException
to extend RuntimeCloudException. These classes
are listed below:
ServerApiException
CloudAuthenticationException
CloudExecutionException
AsyncCommandQueued
HypervisorVersionChangedException
RuntimeCloudException
2) Added overloaded constructed to CloudException.
Modified all classes that extend Exception to extend CloudException instead.
These classes are listed below:
ConcurrentOperationException
ConflictingNetworkSettingsException
ConnectionException
DiscoveryException
InsufficientCapacityException
ManagementServerException
ResourceUnavailableException
VirtualMachineMigrationException
AgentControlChannelException
OperationTimedoutException.java
UnsupportedVersionException.java
UsageServerException.java
UnableDeleteHostException.java
AgentAuthnException.java
HttpCallException.java
ActiveFencingException.java
ClusterInvalidSessionException.java
GreTunnelException.java
OvsVlanExhaustedException.java
Description:
1) Adding two new classes, CloudException and RunTimeCloudException.
The former extends Exception and the latter RunTimeException.
These will be used by classes that formerly directly extended
Exception and RuntimeException. These two classes have an attribute
of type IdentityProxy to enable exceptions fill in db ids in separate
attribute fields rather than in a string. Doing so will allow the
serialization module (GSON for JSON and other for XML) to kick in
and convert this db id to a uuid in ApiServer.java just before the
JSON/XML responses are sent out.
2) Moving IdentityProxy.java from api/ to utils/ since
both CloudException and RuntimeCloudException refer to it.
3) Changing references to IdentityProxy class from api/ to utils/.
4) While rebasing to master, a new file was added, merging
api/src/com/cloud/api/response/IsoVmResponse.java to this diff.
using a flag instead of calculating timeout value. The monitor thread may have inaccurate execution time which
may cause script forever hang
status 13962: resolved fixed
reviewed-by: Alex, Edison
Changes for Script.java:
1. Even the script is non-timeout one, set default timeout to one hour. This avoid a wrongn script forever hang
2. When InterruptedException happens, check if timeout is really reached, if not, continue
status 13962: resolved fixed
reviewed-by: Alex, Edison
It’s due to an security fix of OpenJDK 1.6.0 added by Redhat. Here is excerpt
of [RHSA-2011:1380-01] Critical: java-1.6.0-openjdk security update(
https://www.redhat.com/archives/rhsa-announce/2011-October/msg00011.html)
A flaw was found in the way the SSL 3 and TLS 1.0 protocols used block
ciphers in cipher-block chaining (CBC) mode. An attacker able to perform a
chosen plain text attack against a connection mixing trusted and untrusted
data could use this flaw to recover portions of the trusted data sent over
the connection. (CVE-2011-3389)
Note: This update mitigates the CVE-2011-3389 issue by splitting the first
application data record byte to a separate SSL/TLS protocol record. This
mitigation may cause compatibility issues with some SSL/TLS implementations
and can be disabled using the jsse.enableCBCProtection boolean property.
This can be done on the command line by appending the flag
"-Djsse.enableCBCProtection=false" to the java command.
To our knowledge, there are two condition need to be met to trigger this bug:
1. Using old keystore generated by mgmt. server 2.2.8, which is signed with
SHA1withDSA. Any version later than 2.2.8 would generate keystore signed with
SHA1withRSA. RSA one seems fine with us so far.
2. Use OpenJDK >=1.6.0.
The reason is, due to the security fix above, the assumption that one packet
would contain only one SSL record is broken. The decrypted data maybe only
contained the first byte of original application data. Then result in buffer
underflow when mgmt server want to read more from it.
To workaround it, according to the message above, add
"-Djsse.enableCBCProtection=false" to tomcat6.conf JAVA_OPTS line would work.
Notice the parameter would only work with latest version of OpenJDK, so simply
add it to the all setup would not work.
This patch provided a fix for it.
status 11904: resolved fixed
Changes:
- Added a new interface 'PluggableService'
- Any component that can be packaged separately from cloudstack, can implement this interface and provide its own property file listing the API commands the component supports
- As an example have made VirtualNetworkApplianceService pluggable and a new configureRouter command is added
- ComponentLocator reads all the pluggable service from componentLibrary or from components.xml and instantiates the services.
- As an example, DefaultComponentLibrary adds the pluggable service 'VirtualNetworkApplianceService'
- Also components.xml.in has an entry to show how a pluggable service can be added, but it is commented out.
- APIServer now reads the commands for each pluggable service and when a command for such a service is called, APIServer sets the required instance of the pluggable service in the coomand.
- To do this a new annotation '@PlugService' is added that is processed by APIServer. This eliminates the dependency on the BaseCmd to instantiate the service instances.
move all listxxx interface from HostDao to managers(ResourceManager, SecondaryStorageVmManager etc) with decent name using SearchCriteria2
or direct call SearchCriteria2 on demand
