On SUSE, the “-f” force option is not available for groupadd,
so `groupadd -f wheel` returns exit code 9 if the group already
exists. To avoid this, first check if the group exists.
In normal usage, this doesn’t matter: the script continues with the
next command anyway.
However, if the statements generated by UserAdd or AdminAccess are
used outside of that context (e.g. by code external to jclouds), then
this can cause them to fail.
- Adding env_reset to the default configuration in /etc/sudoers
- Adding secure_path to the default configuration in /etc/sudoers
- secure_path value is
"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
deprecated hardware types in EC2 are flagged using this, according to latest AWS advice,
to fix situations where deprecated hardware types would be chosen when a non-deprecated alternative exists.
we also deprecate T2 because it requires a VPC.
also fixes semantics of ImagesToRegionAndIdMap to match the logic used in the TemplateBuilderImpl;
RegionAndName should contain the ID not the ProviderID. this is only really used in tests so no external impact.
(previously the cache only worked if provider ID matched the non-location segment of the image ID.)
however this does now assert that image id's are in the right format for AWS, as suggested by @nacx.
Certain hardened images will have "umask 0077" set for the root user, making the newly created /home/users folder inaccessible to non-root. This results in a failure when trying to ssh with the new account. Explicitly set permissions to be independent of default umask.
Add the fqdn to /etc/hosts file becouse if you only add the hostname then it is posible to lose the fqdn
changed expected script adding "`hostname -f` "
Added "-s" option to ensure to get the short name
Added "-s" option to ensure search using the short name
- Some users get a DependencyVioloation, rather than InvalidGroup.InUse,
when attempting to delete the security group. This caused
cleanupIncidentalResources to propagate an exception.
- Fixes it by converting this to an IllegalStateException (in same
way as is done for “InUse”)
- Adds tests (using MockWebServer) for happy-path and for failing
to delete the security group with each of InUse and DependencyViolation
responses.
- Adds Timeouts.cleanupIncidentalResources
- Use that timeout in EC2, when retrying the deletion of security group
on VM deletion (previously hard-coded as 3 seconds).
- Configure that timeout in the tests, so deterministic number of retries
This avoids unneeded garbage, especially during XML parsing. Replaced
with:
find -name \*.java | xargs sed -i 's/^\( *[^ ]*\) = new StringBuilder();$/\1.setLength(0);/'
Images were cached in memory using a memoized supplier. To allow growing
this cache with the discovered images, the ImageCacheSupplier class has
been created. It provides an in-memory cache with all discovered images
and acts as a view over the image cache that also provides access to
them.
The in-memory cache for the discovered images expires with the session,
just as the image cache does.
The default memoized image supplier has been changed to the
ImageCacheSupplier, to make sure all providers get injected the right
instance, and the old supplier has been qualified with the 'imageCache'
name, in case a provider needs the basic image cache.
Replaced hard-coded Strings in toString methods of static predicates with their enum.toString counterparts
Added test 'testNodeRunningFailsOnSuspended'
Revert "Added test 'testNodeRunningFailsOnSuspended'"
This reverts commit 2a543bfe20540bb4f10ef4f86e845a63bdbe90e3.
Removed test 'testNodeRunningFailsOnSuspended'. Added test 'testNodeSuspendedReturnsTrueWhenSuspended'.
Renamed '
Revert "Renamed '"
This reverts commit 061e9292a812066562ab47ba5eea15337fc13c3d.
Renamed 'AtomicNodeSuspended.nodeRunning' to 'AtomicNodeSuspended.nodeSuspended'.\nWhere applicable combined all calls to 'replay(Object...)' instead of the old 'replay(node);replay(computeService);'
If the TemplateBuilderImpl is given an imageId but the image can not be
found in the image cache, fallback to the GetImageStrategy to perform a
call to the provider to try to get it.
We've seen that in some cases images are not returned in the image list
but they actually exist in the provider. This fix won't make them
available when filtering by other properties such as the operating system,
etc, but at least will make them available if their id is known.
- Adds networks field/methods to TemplateOptions.
- Adds them to children as well for legacy reasons.
- Deprecates CloudStackTemplateOptions#networkIds methods in favor of #networks.
- TODO: Modify compute abstraction layer for provisioning for nova,
EC2, et al to take advantage of this.
So there were a few problems, but the core ugly one is that what you
pass in for creating a rule allowing groups' access is not the same
thing you get back from a group with such a rule, which makes mapping
between the arguments and the output insanely painful. So now, well,
we do some insanely painful stuff.
Involves some non-trivial reworking of EC2 security group
translation/binding, but it was necessary.
Still problems with a number of tests:
- org.jclouds.aws.ec2.compute.AWSEC2TemplateBuilderLiveTest#testTemplateBuilderWithLessRegions
- org.jclouds.ec2.compute.EC2TemplateBuilderLiveTest#testTemplateBuilderCanUseImageIdWithoutFetchingAllImages
Those seem to be failing because there's caching going on that they're
not expecting, but I could be wrong.
Also failing:
- org.jclouds.aws.ec2.features.PlacementGroupApiLiveTest in general
- org.jclouds.aws.ec2.features.SpotInstanceApiLiveTest - a couple tests
This removes
org.jclouds.ec2.compute.functions.PasswordCredentialsFromWindowsInstanceLiveTest
due to there not being an easily detectable valid AMI for it to run,
and low interest in actually running it in the first place.
- Adds the SecurityGroupExtension to compute, with tests and stub
support.
- Gets everything else to actually build against this.
- Unifies on compute's IpPermission/IpProtocol, eliminating EC2's.
- Converters from EC2/Nova/CloudStack SecurityGroup (and rules, for
the latter two) to the compute SecurityGroup (and rules, etc).
- EC2SecurityGroupExtension and tests.
- AWSEC2SecurityGroupExtension and tests - depends on JCLOUDS-99.
- Added AWSEC2CreateSecurityGroupIfNeeded, using
AWSSecurityGroupClient's ability to call
authorizeSecurityGroupInRegion with Iterable<IpPermission>
- Added a utility method,
ComputeServiceUtils.getPortRangesInList(int... ports), to get pairs of
start/end ports covering all ranges in a list of ports. Used above.