Merge branch '4.13'

Author: DaanHoogland

framework/jobs/src/main/java/org/apache/cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java

@@ -104,6 +104,7 @@ public class AsyncJobManagerImpl extends ManagerBase implements AsyncJobManager,
     private static final ConfigKey<Integer> VmJobLockTimeout = new ConfigKey<Integer>("Advanced",
             Integer.class, "vm.job.lock.timeout", "1800",
             "Time in seconds to wait in acquiring lock to submit a vm worker job", false);
+    private static final ConfigKey<Boolean> HidePassword = new ConfigKey<Boolean>("Advanced", Boolean.class, "log.hide.password", "true", "If set to true, the password is hidden", true, ConfigKey.Scope.Global);
 
     private static final Logger s_logger = Logger.getLogger(AsyncJobManagerImpl.class);
 
@@ -159,7 +160,7 @@ public String getConfigComponentName() {
 
     @Override
     public ConfigKey<?>[] getConfigKeys() {
-        return new ConfigKey<?>[] {JobExpireMinutes, JobCancelThresholdMinutes, VmJobLockTimeout};
+        return new ConfigKey<?>[] {JobExpireMinutes, JobCancelThresholdMinutes, VmJobLockTimeout, HidePassword};
     }
 
     @Override
@@ -255,9 +256,11 @@ public Long doInTransaction(TransactionStatus status) {
     @DB
     public void completeAsyncJob(final long jobId, final Status jobStatus, final int resultCode, final String resultObject) {
         if (s_logger.isDebugEnabled()) {
-            s_logger.debug("Complete async job-" + jobId + ", jobStatus: " + jobStatus + ", resultCode: " + resultCode + ", result: " + resultObject);
+            String resultObj = obfuscatePassword(resultObject, HidePassword.value());
+            s_logger.debug("Complete async job-" + jobId + ", jobStatus: " + jobStatus + ", resultCode: " + resultCode + ", result: " + resultObj);
         }
 
+
         final AsyncJobVO job = _jobDao.findById(jobId);
         if (job == null) {
             if (s_logger.isDebugEnabled()) {
@@ -460,6 +463,20 @@ public AsyncJob queryJob(final long jobId, final boolean updatePollTime) {
         return job;
     }
 
+    private String obfuscatePassword(String result, boolean hidePassword) {
+        if (hidePassword) {
+            String pattern = "\"password\":";
+            if (result != null) {
+                if (result.contains(pattern)) {
+                    String[] resp = result.split(pattern);
+                    String psswd = resp[1].toString().split(",")[0];
+                    result = resp[0] + pattern + psswd.replace(psswd.substring(2, psswd.length() - 1), "*****") + "," + resp[1].split(",", 2)[1];
+                }
+            }
+        }
+        return result;
+    }
+
     private void scheduleExecution(final AsyncJobVO job) {
         scheduleExecution(job, false);
     }

plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtDeleteVMSnapshotCommandWrapper.java

@@ -24,6 +24,7 @@
 import org.apache.log4j.Logger;
 import org.libvirt.Connect;
 import org.libvirt.Domain;
+import org.libvirt.DomainInfo.DomainState;
 import org.libvirt.DomainSnapshot;
 import org.libvirt.LibvirtException;
 
@@ -58,6 +59,9 @@ public Answer execute(final DeleteVMSnapshotCommand cmd, final LibvirtComputingR
 
             snapshot = dm.snapshotLookupByName(cmd.getTarget().getSnapshotName());
 
+            s_logger.debug("Suspending domain " + vmName);
+            dm.suspend(); // suspend the vm to avoid image corruption
+
             snapshot.delete(0); // only remove this snapshot, not children
 
             return new DeleteVMSnapshotAnswer(cmd, cmd.getVolumeTOs());
@@ -100,6 +104,10 @@ public Answer execute(final DeleteVMSnapshotCommand cmd, final LibvirtComputingR
         } finally {
             if (dm != null) {
                 try {
+                    if (dm.getInfo().state == DomainState.VIR_DOMAIN_PAUSED) {
+                        s_logger.debug("Resuming domain " + vmName);
+                        dm.resume();
+                    }
                     dm.free();
                 } catch (LibvirtException l) {
                     s_logger.trace("Ignoring libvirt error.", l);

server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManager.java

@@ -71,6 +71,8 @@ public interface VirtualNetworkApplianceManager extends Manager, VirtualNetworkA
             "If true, router minimum required version is checked before sending command", false);
     static final ConfigKey<Boolean> UseExternalDnsServers = new ConfigKey<Boolean>(Boolean.class, "use.external.dns", "Advanced", "false",
             "Bypass internal dns, use external dns1 and dns2", true, ConfigKey.Scope.Zone, null);
+    static final ConfigKey<Boolean> ExposeDnsAndBootpServer = new ConfigKey<Boolean>(Boolean.class, "expose.dns.externally", "Advanced", "true",
+            "open dns, dhcp and bootp on the public interface", true, ConfigKey.Scope.Zone, null);
 
     // Health checks
     static final ConfigKey<Boolean> RouterHealthChecksEnabled = new ConfigKey<Boolean>(Boolean.class, "router.health.checks.enabled", "Advanced", "true",

server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java

@@ -2125,6 +2125,10 @@ public boolean finalizeVirtualMachineProfile(final VirtualMachineProfile profile
             }
         }
 
+        if (Boolean.TRUE.equals(ExposeDnsAndBootpServer.valueIn(dc.getId()))) {
+            buf.append(" exposedns=true");
+        }
+
         if (Boolean.valueOf(_configDao.getValue(Config.BaremetalProvisionDoneNotificationEnabled.key()))) {
             final QueryBuilder<UserVO> acntq = QueryBuilder.create(UserVO.class);
             acntq.and(acntq.entity().getUsername(), SearchCriteria.Op.EQ, "baremetal-system-account");
@@ -3251,7 +3255,8 @@ public ConfigKey<?>[] getConfigKeys() {
                 RouterHealthChecksToExclude,
                 RouterHealthChecksFreeDiskSpaceThreshold,
                 RouterHealthChecksMaxCpuUsageThreshold,
-                RouterHealthChecksMaxMemoryUsageThreshold
+                RouterHealthChecksMaxMemoryUsageThreshold,
+                ExposeDnsAndBootpServer
         };
     }
 

systemvm/debian/opt/cloud/bin/baremetal-vr.py

@@ -22,6 +22,7 @@
 import base64
 import traceback
 import logging
+import re
 
 from flask import Flask
 
@@ -147,11 +148,18 @@ def notify_provisioning_done(self, mac):
 @app.route('/baremetal/provisiondone/<mac>', methods=['GET'])
 def notify_provisioning_done(mac):
     try:
+        if not is_a_mac(mac):
+            raise "there is an issue with that '%s'. Not a mac?" % mac
         return server.notify_provisioning_done(mac)
     except:
         logger.warn(traceback.format_exc())
         return ''
 
+def is_a_mac(mac):
+    if re.match("[0-9a-f]{2}([-:]?)[0-9a-f]{2}(\\1[0-9a-f]{2}){4}$", mac.lower()):
+        return True
+    else:
+        return False
 
 if __name__ == '__main__':
     server = Server()

systemvm/debian/opt/cloud/bin/cs/CsAddress.py

@@ -566,9 +566,12 @@ def post_config_change(self, method):
                 logging.error(
                     "Not able to setup source-nat for a regular router yet")
 
-            if self.config.has_dns() or self.config.is_dhcp():
+            if (self.config.has_dns() or self.config.is_dhcp()) and self.config.expose_dns():
+                logging.info("Making dns publicly available")
                 dns = CsDnsmasq(self)
                 dns.add_firewall_rules()
+            else:
+                logging.info("Not making dns publicly available")
 
             if self.config.has_metadata():
                 app = CsApache(self)

systemvm/debian/opt/cloud/bin/cs/CsConfig.py

@@ -78,6 +78,9 @@ def get_domain(self):
     def use_extdns(self):
         return self.cmdline().idata().get('useextdns', 'false') == 'true'
 
+    def expose_dns(self):
+        return self.cmdline().idata().get('exposedns', 'false') == 'true'
+
     def get_dns(self):
         conf = self.cmdline().idata()
         dns = []