Remove file 76e14caa77edfd6cc871abb0896962b79b755416 #8680
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The correct approach for this issue is to allow specification of sysctl options generally and then parse/apply them in the container. This change is made because: a. it's extremely quick to do b. it impacts a common workload (elastic search) c. after consultation with Photon kernel team there's no known negative impact to changing the default given cVM model.
Adds a recursion property to skip encode or decode of a field. If skipping both the depth=0 should be used. Splits DefaultGuestInfoPrefix. It should have only contained the vSphere mandatory guestinfo prefix but also contained the default VIC "vice" namespace prefix. As part of this it extracts most string constants used in the package and turns them into actual constants, and moves those constants that should be modifiable to be variables. Future work should extend this to be a defined config structure that Encode and Decode can operate from. Updates extraconfig to have a CalculateKey function in addition to the CalculateKeys function that returns an array. This has been done because of an observation that by far the most common usage was CalculateKeys(...)[0], sometimes with length checking of the return but frequently without. The new method panics if the structure pattern for the field cannot be found.
Use default encoding settings when reading syslog data over SSH to avoid errors when attempting to read some latin1-encoded characters (e.g., mu or u with umlaut) as utf-8. This reverts cc9b308 (vmware#7977). Additionally, remove retry of the cat operation; it seems like one of the least likely steps of this process to fail, and code history does not reveal any reason it was added. This reverts 329255c (vmware#6841).
Makes use of extraconfig update for suppressing decode of fields into existing structures to prevent overwriting of in-memory state updates during a reload. This is necessary because there's no test-and-set guarantees between API and guest side updates with guestinfo. namespacedb would address this at an infrastructure level. Adds mapping of InvalidState that we can receive when multiple guest operations collide to a concurrent modification so that a retry can be attempted by the caller. Handling of guest operations does not trigger TaskInProgress or ConcurrentModification as we'd expected from the infrastructure. Updates the unit tests to use the structure without the suppression of decoding - the differentiation wasn't important previously but now the structure handling is asymmetric depending on whether it's tether or API so the correct pacakge reference is now important.
There are outstanding issues to address with concurrent exec. This work is palliative rather than an actual fix. Removes checking for "started" in the status string - we reliably see this field not propagating to the property collector despite being logged as set in the tether. This _only_ applies to execs at this time as that is the only path calling task.State (via InspectTask). Adds locking around dispatch of execs, with a timeout, to serialize that initial dispatch path against a single container. If the timeout expires it reverts to current behaviour and relies on concurrent modification and retry.
Allow for id-based specification of compute resources other than resource pools via the VCH management API. Refactor the lookup-by-id logic to iterate through possible type options as generic type-less lookup is not supported. Enhance related unit tests to allow for negative testing and build on that functionality to test the type fallback behavior.
This updates the build numbers used for scenario test setup to the latest update relases of the respective vSphere versions for 6.0, 6.5, and 6.7 Adds perma-links to the version/build mappings for future convenience.
The scenario tests depend on a testbed definition that references nimbus test modules. Those do not have an implementation available for 6.0u3e. This corrects a mistake in commit ba5af07
This adds basic support for switching between different versions of vic for the vic-xxx helper functions. This very simply adds a VIC_VERSION component as the last directory in the path before invoking vic-machine. Also is injected into ISO paths during install & upgrade. This will download releases or builds if specified and not already present locally, but with little intelligence. It does NOT allow downloading of a build for a specific commit.
Busybox ping exhibited intermittent failures some time back so we had switched to using the debian image for ping testing, however in the recent past we are now seeing intermittent failures in the busybox nslookup results as well. This appears to be dependent on the order in which A and AAAA record query results are returned as those queries appear to be issued in parallel. The debian nslookup does not issue an AAAA query by default and does not exhibit this problem however nslookup is also not available in the base image. As such we're pinning the busybox version to one with a functioning nslookup until https://bugs.busybox.net/show_bug.cgi?id=11161 is addressed.
Much of the documentation about contributing to the project was out- of-date, incomplete, or inaccurate. Update it to reflect current best practices. Begin to update process documentation for issue management.
The fvt testware was not available for the 65u2b build so this reverts to the 6.5u2 GA build.
This ensures that we do not get an integer overflow after 64 contiguous failures to renew a DHCP lease. That was resulting in a divide-by-zero and, depending on how the runtime handling went, a silent exit or a panic.
This adds explicit deletion of the volume store associated with the test VCH after the test case completes. This is necessary given the test is explicitly NOT deleting the volume store along with the VCH.
This change always caches the Go dependencies when they are generated, and the VIC_CACHE_DEPS variable is then used solely to control whether the cache is used or whether dependencies are regenerated. This is done so that the cache is available for accelerating make targets even without having had the environment variable set previously. This change is targeted at local development productivity.
Enable downloading artifacts from a given url so we can run nightly tests against a specific build. Also enable constructing the url according to bucket, branch folder and build number.
…mware#8156) Fixes vmware#8061 Testing done: 1.run local-integration-test.sh with limit the lowerVLAN/upperVLAN to 217/220, by creating portgroup VCH-0-218,VCH-0-220 in vCenter before the tests. check debug.log to make sure the retry logic performs correctly. 2.run full regression in CI system to make sure no regression from the change.
Refactor the Group23-VIC-Machine-Service test resource to extract keywords related to the handling of HTTP status codes into a dedicated resource for that purpose.
Previously, it was necessary to retry Get Version due to the potential for a race between server initialization and test execution. Now that the Start VIC Machine Server keyword waits for the server to start (2c3bc65), this race is no longer possible. Simplify the test code accordingly. Additionally, eliminate duplicaton of the service name between setup and diagnostic keywords by defining a variable.
To reduce the likelihood of developers accidentally commiting files, add *.env, *.debug, and *.secrets to .gitignore.
Due to the potential for attacks like sslstrip, redirection from HTTP to HTTPS may be as insecure as allowing HTTP traffic in the absence of HSTS. Remove support for redirection until HSTS is supported by VIC. Ref: https://tools.ietf.org/html/rfc6797#section-2.3.1 This reverts commit b5a13ce.
In order to protect the vicadmin page from being embedded in a page controlled by an attacker, set the Content-Security-Policy header to disallow rendering of the page within an iframe.
The element is named `<details>`, not `<detail>`.
This ensures that each vmomi client has a unique user-agent string so it is possible to link vmomi sessions back to the originating component within a VCH. The only user-agent that needed updating was the one used to pull project specific configuration from admiral/harbor. This follows on from PR vmware#7887
This restores use of the mechanisms allowing us to run tether tests as non-root. In this case it's simply ensuring we are checking whether there is a directory prefix that should be prepended.
In VC 7.0, datastore path changes, so we need to add a new condition.
A vic ci test env is not picked, so modified test case for picked the test env.
Some test cases are not supported in the vsphere7.0, so set a tag named vsphere70-not-support order to skip some test cases.
when running postgresql using docker, POSTGRES_PASSWORD environment variable have to be set, otherwise postgresql container run failed.
Old vdnet launcher host is not response, so need to set up a new vdnet launcher host. at the same time, update nsxt version to 2.4.3.
Moving out 1 vic ci testbed for other tests
after the remote photon repo was migrated, we do not see some latest rpm package on the browser, so we do not download these rpm package to local photon repo, so we have to replace local repo to remote repo.
When vcenter is unaccessible, we cannot always return nil which indicates the container VM does not exist anymore so get removed from cache. Manual tests for container vm start/stop/exec/delete passed after power off vcenter and enable vcenter again.
…machine-server (vmware#8658) Since the docker hub limits rate, we need to pull this image from gcr.
For more detail, please view the url: https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param/
1. Update images for CI pipeline due to docker hub limit 2. Update test cases due to update test images
we need to remove github.com/GoASTScanner/gas, in order to fix Dependency Confusion Attack issue.
xuelichao
requested review from
hickeng,
stuclem,
alextopuzov and
a team
as code owners
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #