Change in vdsm[master]: privatevlan: Added debian packaging
by Jenkins CI RO
oVirt Jenkins CI Server has posted comments on this change.
Change subject: privatevlan: Added debian packaging
......................................................................
Patch Set 1:
No Builds Executed
http://jenkins.ovirt.org/job/vdsm_unit_tests_gerrit_el/6251/ : To avoid overloading the infrastructure, a whitelist for running gerrit triggered jobs has been set in place, if you feel like you should be in it, please contact infra at ovirt dot org.
http://jenkins.ovirt.org/job/vdsm_master_pep8_gerrit/7030/ : To avoid overloading the infrastructure, a whitelist for running gerrit triggered jobs has been set in place, if you feel like you should be in it, please contact infra at ovirt dot org.
http://jenkins.ovirt.org/job/vdsm_unit_tests_gerrit/7141/ : To avoid overloading the infrastructure, a whitelist for running gerrit triggered jobs has been set in place, if you feel like you should be in it, please contact infra at ovirt dot org.
--
To view, visit http://gerrit.ovirt.org/24219
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: I9d7ff676ced467b98f5d4ca42c7896748637e55b
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Michael Samuel <mik(a)miknet.net>
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: No
10 years, 3 months
Change in vdsm[master]: Added private vlan before_device_create/before_nic_hotplug hook
by asegurap@redhat.com
Antoni Segura Puimedon has posted comments on this change.
Change subject: Added private vlan before_device_create/before_nic_hotplug hook
......................................................................
Patch Set 1:
(1 comment)
http://gerrit.ovirt.org/#/c/24195/1/vdsm_hooks/privatevlan/README
File vdsm_hooks/privatevlan/README:
Line 43: to be specified per-guest.
Line 44:
Line 45: NOTE:
Line 46: the filter will be applied only after restart of libvirtd on the host system.
Line 47: # initctl restart libvirtd
> on el6. on Fedora, use `systemctl restart libvirtd`
Actually it is better to refer to:
service libvirtd restart
Since it is redirected in both el6 and Fedora.
Line 48:
Line 49: to see libvirt filters use:
--
To view, visit http://gerrit.ovirt.org/24195
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Idda6f193c0095241bc1540a0241d49426c000fb3
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Michael Samuel <mik(a)miknet.net>
Gerrit-Reviewer: Antoni Segura Puimedon <asegurap(a)redhat.com>
Gerrit-Reviewer: Dan Kenigsberg <danken(a)redhat.com>
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: Yes
10 years, 3 months
Change in vdsm[master]: Added private vlan before_device_create/before_nic_hotplug hook
by Jenkins CI RO
oVirt Jenkins CI Server has posted comments on this change.
Change subject: Added private vlan before_device_create/before_nic_hotplug hook
......................................................................
Patch Set 1:
No Builds Executed
http://jenkins.ovirt.org/job/vdsm_unit_tests_gerrit_el/6248/ : To avoid overloading the infrastructure, a whitelist for running gerrit triggered jobs has been set in place, if you feel like you should be in it, please contact infra at ovirt dot org.
http://jenkins.ovirt.org/job/vdsm_master_install_rpm_sanity_gerrit/332/ : To avoid overloading the infrastructure, a whitelist for running gerrit triggered jobs has been set in place, if you feel like you should be in it, please contact infra at ovirt dot org.
http://jenkins.ovirt.org/job/vdsm_unit_tests_gerrit/7138/ : To avoid overloading the infrastructure, a whitelist for running gerrit triggered jobs has been set in place, if you feel like you should be in it, please contact infra at ovirt dot org.
http://jenkins.ovirt.org/job/vdsm_master_pep8_gerrit/7027/ : To avoid overloading the infrastructure, a whitelist for running gerrit triggered jobs has been set in place, if you feel like you should be in it, please contact infra at ovirt dot org.
--
To view, visit http://gerrit.ovirt.org/24195
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Idda6f193c0095241bc1540a0241d49426c000fb3
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Michael Samuel <mik(a)miknet.net>
Gerrit-Reviewer: Dan Kenigsberg <danken(a)redhat.com>
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: No
10 years, 3 months
Change in vdsm[master]: Added private vlan before_device_create/before_nic_hotplug hook
by Dan Kenigsberg
Dan Kenigsberg has posted comments on this change.
Change subject: Added private vlan before_device_create/before_nic_hotplug hook
......................................................................
Patch Set 1: Code-Review-1
(12 comments)
Thanks Michael for your contribution. Would please respond to my comments? I believe that this patch requires some more work.
http://gerrit.ovirt.org/#/c/24195/1//COMMIT_MSG
Commit Message:
Line 3: AuthorDate: 2014-02-07 21:48:20 +1100
Line 4: Commit: Michael Samuel <mik(a)miknet.net>
Line 5: CommitDate: 2014-02-07 21:48:20 +1100
Line 6:
Line 7: Added private vlan before_device_create/before_nic_hotplug hook
It might seems repetitious, but please include here a short introduction to your hook, telling what it does and where it can become useful.
Line 8:
Line 9: Change-Id: Idda6f193c0095241bc1540a0241d49426c000fb3
http://gerrit.ovirt.org/#/c/24195/1/vdsm.spec.in
File vdsm.spec.in:
Line 499: %description hook-pincpu
Line 500: pincpu is hook for VDSM.
Line 501: pincpu enable to pin virtual machine to a specific CPUs.
Line 502:
Line 503: %package hook-privatevlan
similar changes should be done to debian (Cf. http://gerrit.ovirt.org/22124 )
Line 504: Summary: Hook to only allow traffic to/from the gateway
Line 505: BuildArch: noarch
Line 506:
Line 507: %description hook-privatevlan
http://gerrit.ovirt.org/#/c/24195/1/vdsm_hooks/privatevlan/README
File vdsm_hooks/privatevlan/README:
Line 1: privatevlan vdsm hook (based off isolatedprivatevlan)
You hook is quite different (being a per-device hook). It would be better to credit isolatedprivatevlan in the commit message, and here.
Line 2: =====================================================
Line 3: limit VM traffic to a specific gateway by its mac address,
Line 4: hook prevents VM from spoofing its mac or ip address
Line 5: by using <filterref filter='clean-traffic'/> libvirt filter
Line 14: </interface>
Line 15:
Line 16: syntax:
Line 17: privatevlan_gw_macs=aa:bb:cc:dd:ee:ff,ff:aa:bb:cc:dd:ee
Line 18: The MAC address of the gateway(s), this should include
address->addresses
Line 19: virtual MAC addresses for HSRP/VRRP if necessary.
Line 20:
Line 21: privatevlan_guest_ip=1.2.3.4,2.3.4.5
Line 22: The IP address/addresses of guests. If not specified,
Line 33: will be allowed at all.
Line 34: Note that if you don't specify the IP, the filter doesn't apply at all
Line 35: until you send some traffic. This is a libvirt limitation, so secure
Line 36: installations should consider specifying a static IP.
Line 37: This URL documents all the caveats, of which there are many, especially
This -> the following
Line 38: with regards to migration!
Line 39: http://libvirt.org/formatnwfilter.html#nwfelemsRulesAdvIPAddrDetection
Line 40:
Line 41: Generally speaking, privatevlan_gw_macs and privatevlan_guest_learn would
Line 39: http://libvirt.org/formatnwfilter.html#nwfelemsRulesAdvIPAddrDetection
Line 40:
Line 41: Generally speaking, privatevlan_gw_macs and privatevlan_guest_learn would
Line 42: be supplied in the VM interface profile, while privatevlan_guest_ip needs
Line 43: to be specified per-guest.
why? I'd suppose that a gues with multiple interfaces would generally have different IP addresses for each interface (with the exception of in-guest bonds).
Line 44:
Line 45: NOTE:
Line 46: the filter will be applied only after restart of libvirtd on the host system.
Line 47: # initctl restart libvirtd
Line 43: to be specified per-guest.
Line 44:
Line 45: NOTE:
Line 46: the filter will be applied only after restart of libvirtd on the host system.
Line 47: # initctl restart libvirtd
on el6. on Fedora, use `systemctl restart libvirtd`
Line 48:
Line 49: to see libvirt filters use:
http://gerrit.ovirt.org/#/c/24195/1/vdsm_hooks/privatevlan/before_device_...
File vdsm_hooks/privatevlan/before_device_create.py:
Line 1: #!/usr/bin/python
Could you add the GPL boiler plate, please? Lawyers love it.
Line 2:
Line 3: import os
Line 4: import sys
Line 5: import hooking
Line 4: import sys
Line 5: import hooking
Line 6: import traceback
Line 7:
Line 8: filtername = 'privatevlan-vdsm'
it's nicer to have CONSTANTS in all caps.
Line 9:
Line 10:
Line 11: def addInterfaceFilter(devicexml, interface, gateways, ipaddresses, learn):
Line 12: """Add or replace filters in the interface description"""
Line 50:
Line 51: if gateways is None and ipaddresses is None and learn is None:
Line 52: sys.exit(0)
Line 53:
Line 54: domxml = hooking.read_domxml()
actually, it is an interface xml, isn't it?
Line 55: interfaces = domxml.getElementsByTagName('interface')
Line 56:
Line 57: # interfaces may be an empty list - this is fine
Line 58: for interface in interfaces:
Line 53:
Line 54: domxml = hooking.read_domxml()
Line 55: interfaces = domxml.getElementsByTagName('interface')
Line 56:
Line 57: # interfaces may be an empty list - this is fine
how is that fine? before_device_create should receive exactly one interface xml.
Line 58: for interface in interfaces:
Line 59: addInterfaceFilter(domxml, interface, gateways, ipaddresses, learn)
Line 60:
Line 61: hooking.write_domxml(domxml)
Line 59: addInterfaceFilter(domxml, interface, gateways, ipaddresses, learn)
Line 60:
Line 61: hooking.write_domxml(domxml)
Line 62:
Line 63: except Exception:
We try to make new hooks nicer (see extnet for an example):
* define main() and test() functions
* use hooking.exit_hook()
a test() is priceless, as it provides users and reviewers an understanding of what the hook is doing.
Line 64: sys.stderr.write('privatevlan: [unexpected error]: %s\n' %
Line 65: traceback.format_exc())
--
To view, visit http://gerrit.ovirt.org/24195
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Idda6f193c0095241bc1540a0241d49426c000fb3
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Michael Samuel <mik(a)miknet.net>
Gerrit-Reviewer: Dan Kenigsberg <danken(a)redhat.com>
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: Yes
10 years, 3 months
Change in vdsm[master]: Added private vlan before_device_create/before_nic_hotplug hook
by Jenkins CI RO
oVirt Jenkins CI Server has posted comments on this change.
Change subject: Added private vlan before_device_create/before_nic_hotplug hook
......................................................................
Patch Set 1:
No Builds Executed
http://jenkins.ovirt.org/job/vdsm_unit_tests_gerrit_el/6243/ : To avoid overloading the infrastructure, a whitelist for running gerrit triggered jobs has been set in place, if you feel like you should be in it, please contact infra at ovirt dot org.
http://jenkins.ovirt.org/job/vdsm_master_install_rpm_sanity_gerrit/331/ : To avoid overloading the infrastructure, a whitelist for running gerrit triggered jobs has been set in place, if you feel like you should be in it, please contact infra at ovirt dot org.
http://jenkins.ovirt.org/job/vdsm_unit_tests_gerrit/7133/ : To avoid overloading the infrastructure, a whitelist for running gerrit triggered jobs has been set in place, if you feel like you should be in it, please contact infra at ovirt dot org.
http://jenkins.ovirt.org/job/vdsm_master_pep8_gerrit/7022/ : To avoid overloading the infrastructure, a whitelist for running gerrit triggered jobs has been set in place, if you feel like you should be in it, please contact infra at ovirt dot org.
--
To view, visit http://gerrit.ovirt.org/24195
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Idda6f193c0095241bc1540a0241d49426c000fb3
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Michael Samuel <mik(a)miknet.net>
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: No
10 years, 3 months
Change in vdsm[ovirt-3.3]: spec: replace requires vdsm-python-cpopen
by Douglas Schilling Landgraf
Douglas Schilling Landgraf has uploaded a new change for review.
Change subject: spec: replace requires vdsm-python-cpopen
......................................................................
spec: replace requires vdsm-python-cpopen
python-cpopen obsoletes vdsm-python-cpopen
Change-Id: Iee2c64d489745db5d0e4a8491d7d8b16dfb1d21b
Signed-off-by: Douglas Schilling Landgraf <dougsland(a)redhat.com>
---
M vdsm.spec.in
1 file changed, 2 insertions(+), 2 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/42/23942/1
diff --git a/vdsm.spec.in b/vdsm.spec.in
index a1fa38c..1435e0a 100644
--- a/vdsm.spec.in
+++ b/vdsm.spec.in
@@ -242,7 +242,7 @@
Requires: %{name}-python = %{version}-%{release}
Requires: %{name}-xmlrpc = %{version}-%{release}
-Requires: %{name}-python-cpopen
+Requires: python-cpopen
%description cli
Call VDSM commands from the command line. Used for testing and debugging.
@@ -252,7 +252,7 @@
BuildArch: noarch
Requires: %{name}-python = %{version}-%{release}
-Requires: %{name}-python-cpopen
+Requires: python-cpopen
%description xmlrpc
--
To view, visit http://gerrit.ovirt.org/23942
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Iee2c64d489745db5d0e4a8491d7d8b16dfb1d21b
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: ovirt-3.3
Gerrit-Owner: Douglas Schilling Landgraf <dougsland(a)redhat.com>
10 years, 3 months
Change in vdsm[master]: Report sanlock not configured when sanlock is down
by ybronhei@redhat.com
Yaniv Bronhaim has uploaded a new change for review.
Change subject: Report sanlock not configured when sanlock is down
......................................................................
Report sanlock not configured when sanlock is down
If sanlock is down we cannot assume that sanlock process is already
related to the supplementary group. Configure verb won't configure
sanlock if isconfigure return True. Therefore, this patch change the
return to False so 'vdsm-tool configure' will perform the usermod
action.
Change-Id: I0bb3125e64cf02e55738f5978fd81d605dd84d38
Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1057225
Signed-off-by: Yaniv Bronhaim <ybronhei(a)redhat.com>
---
M lib/vdsm/tool/configurator.py
1 file changed, 7 insertions(+), 1 deletion(-)
git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/07/24007/1
diff --git a/lib/vdsm/tool/configurator.py b/lib/vdsm/tool/configurator.py
index dfc4115..fc893ea 100644
--- a/lib/vdsm/tool/configurator.py
+++ b/lib/vdsm/tool/configurator.py
@@ -163,7 +163,13 @@
except IOError as e:
if e.errno == os.errno.ENOENT:
sys.stdout.write("sanlock service is not running\n")
- configured = True
+ # if sanlock service is not running we cannot check if
+ # sanlock process is related to the desired
+ # supplementary groups.
+ # Therefore, we return False to run the sanlock configure which
+ # performs the usermod action. Running it even if configured
+ # already won't harm, but not running it will.
+ configured = False
else:
raise
--
To view, visit http://gerrit.ovirt.org/24007
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I0bb3125e64cf02e55738f5978fd81d605dd84d38
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Yaniv Bronhaim <ybronhei(a)redhat.com>
10 years, 3 months
Change in vdsm[master]: nettests: remove most of connectivity checks
by asegurap@redhat.com
Antoni Segura Puimedon has posted comments on this change.
Change subject: nettests: remove most of connectivity checks
......................................................................
Patch Set 1: Code-Review+1
--
To view, visit http://gerrit.ovirt.org/24167
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: I1895d266dfb2d7f8ca7dcff860e0d96b1fc07e14
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Dan Kenigsberg <danken(a)redhat.com>
Gerrit-Reviewer: Antoni Segura Puimedon <asegurap(a)redhat.com>
Gerrit-Reviewer: Assaf Muller <amuller(a)redhat.com>
Gerrit-Reviewer: Dan Kenigsberg <danken(a)redhat.com>
Gerrit-Reviewer: Ondřej Svoboda <osvoboda(a)redhat.com>
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: No
10 years, 3 months
Change in vdsm[ovirt-3.4]: Adding configure sanlock on force
by ybronhei@redhat.com
Hello Sandro Bonazzola, Dan Kenigsberg,
I'd like you to do a code review. Please visit
http://gerrit.ovirt.org/24153
to review the following change.
Change subject: Adding configure sanlock on force
......................................................................
Adding configure sanlock on force
If sanlock is down we cannot check sanlock process, so isconfigure return that
sanlock process is already related to the supplementary group.
Configure verb won't configure sanlock if isconfigure return True currently.
Therefore, this patch change the ConfigureOnForce to True so
'vdsm-tool configure --force' will perform the usermod action as the
user expected.
Change-Id: I0bb3125e64cf02e55738f5978fd81d605dd84d38
Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1057225
Signed-off-by: Yaniv Bronhaim <ybronhei(a)redhat.com>
Reviewed-on: http://gerrit.ovirt.org/24007
Reviewed-by: Sandro Bonazzola <sbonazzo(a)redhat.com>
Reviewed-by: Dan Kenigsberg <danken(a)redhat.com>
---
M lib/vdsm/tool/configurator.py
1 file changed, 4 insertions(+), 1 deletion(-)
git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/53/24153/1
diff --git a/lib/vdsm/tool/configurator.py b/lib/vdsm/tool/configurator.py
index dfc4115..29172e4 100644
--- a/lib/vdsm/tool/configurator.py
+++ b/lib/vdsm/tool/configurator.py
@@ -175,7 +175,10 @@
return configured
def reconfigureOnForce(self):
- return False
+ # If sanlock is down isconfigure returns True and configure will skip
+ # sanlock configure. on force users expected to run configure even if
+ # isconfigure returned True.
+ return True
__configurers = (
--
To view, visit http://gerrit.ovirt.org/24153
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I0bb3125e64cf02e55738f5978fd81d605dd84d38
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: ovirt-3.4
Gerrit-Owner: Yaniv Bronhaim <ybronhei(a)redhat.com>
Gerrit-Reviewer: Dan Kenigsberg <danken(a)redhat.com>
Gerrit-Reviewer: Sandro Bonazzola <sbonazzo(a)redhat.com>
10 years, 3 months