Versions Compared

Old Version 12

changes.mady.by.user Dingane Hlaluku

Saved on

compared with

New Version 13

changes.mady.by.user Dingane Hlaluku

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

A configurable global config 'allow.additional.vm.configuration.black.list.kvm' is available for Root admin to specify a list options that are disallowed allowed with this feature.

  • Default values are; 'name, uuid, memory, currentMemorymemoryBacking'

The keys in the blacklisted allowed list of commands are used to validate the tags from the user passed XML as extraconfig data. Any tag/element that is not found with the name in the blacklist allowed list of commands will result to an Exception.e.g. <name>my vm </name> or <memory unit="KiB">262144</memory> or <currentMemory unit="KiB">262144</currentMemory> will throw an exception by default because this type of XML tags have been blacklistedin a successful addition as extra configuration, otherwise an Exception will be thrown.


  • XenServer

xe vm-param-set manual page

...

  • A configurable global config 'allow.additional.vm.configuration.black.list.xenserver' is available for Root admin to specify a list of 'vm-param-set' options that are disallowed with this feature.

    • Default values are; 'isHVM-aboot-templatepolicy,   memory-static-max,  memory-dynamic-max, memory-dynamic-min, memory-static-minPV-bootloader, PV-args'

The algorithm for XenServer does the following checks;

  1. Is the command option passed a valid key/value pair 'key1=value1\nkey2=value2' and so on. Throws an Exception if user input is not valid key/value pair.
  2. The next algorithm checks if passed command contains any keys from the blacklisted allowed list of keys keys and throws a CloudRountimeException if truefalse. This check is case insensitive. (e.x. is-a-template=true will throw an Exception since 'is-a-template' is blacklisted by default). 
  • VMware

Similar for this hypervisor, the primary configuration file of the guest VM is built by CloudStack, therefor, the additional metadata will also be parsed and append to the VMX file builder.

...

  • A configurable global config 'allow.additional.vm.configuration.black.list.vmware' is available for Root admin to specify a list options that are disallowed allowed with this feature.
    • Default values are; 'guestOS, displayName, virtualHW.version, migrate.hostLog, nvrammemoryBacking, hugepages'

The configuration passed is parsed as key/value pair and every key is validated against against the blacklisted allowed list of commands set by Root admin. An Exception is thrown if an invalid key is found.

...

  • 3 new settings with a list of options that are not allowed to passed as additional data. The admin user will populate this setting with a list of tags/commands that will be used for validating against user supplied additional configuration. All this settings are dynamic and should not requires a restart of the CloudStack management server in order for changes to take effect. Please note that this are only available as global settings for the Root admin only.
    • 'allow.additional.vm.configuration.black.list.kvm'
    • 'allow.additional.vm.configuration.black.list.xenserver'
    • 'allow.additional.vm.configuration.black.list.vmware'


UserVmManageImpl class is refactored to include the new Boolean configuration setting to allow/disallow passing of additional data during VM deployment/updating,  and stores the data in the 'user_vm_details' table.

...