using forked version of trilead-ssh2 (from org.jenkins-ci)#4099
Conversation
- upgrade to support newer algorithms
|
@DaanHoogland |
|
@miklosbarabas, I suppose you could call |
|
@blueorangutan package |
|
@rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. |
|
Packaging result: ✔centos7 ✔debian. JID-1245 |
|
@blueorangutan test |
|
@rhtyd a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests |
|
Trillian test result (tid-1570)
|
DaanHoogland
left a comment
There was a problem hiding this comment.
I see no problem with this code and tests passed, but
- this is a fork that has abandoned its original governance
- we may need to take ownership and maintain our selves if the new governance/maintenance is abandoned
- not a real worry atm, but how do we guarantee compatibility?
none of this should should stop this merge as for now it is easily reversible. Just points of attention.
| <cs.servlet.version>4.0.1</cs.servlet.version> | ||
| <cs.tomcat-embed-core.version>8.5.47</cs.tomcat-embed-core.version> | ||
| <cs.trilead.version>1.0.0-build222</cs.trilead.version> | ||
| <cs.trilead.version>trilead-ssh2-build-217-jenkins-17</cs.trilead.version> |
There was a problem hiding this comment.
One issue it seems Jenkins forked the build-217 than latest build-222
|
@rhtyd do you consider that a blocker? (or..?) |
|
@blueorangutan package |
|
@blueorangutan package |
|
@rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. |
|
@miklosbarabas I've updated the jar dependency to latest version, can you check and test if it works for your env? |
yadvr
left a comment
There was a problem hiding this comment.
Let's merge if it passes a round of tests
|
@blueorangutan package |
|
@rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. |
|
Packaging result: ✔️ centos7 ✔️ centos8 ✔️ debian. SL-JID 334 |
|
@blueorangutan test matrix |
|
@rhtyd a Trillian-Jenkins matrix job (centos7 mgmt + xs71, centos7 mgmt + vmware65, centos7 mgmt + kvmcentos7) has been kicked to run smoke tests |
|
Trillian test result (tid-361)
|
|
Trillian test result (tid-360)
|
|
Trillian test result (tid-359)
|
|
Comparing against baseline 4.15 health check PR, don't see any new failures. LGTM. |
|
hey folks, after this merge i'm facing troubles to build my own branches.
|
|
Same as above, I checked the error when building in centOS 8.4 environment. [ERROR] Failed to execute goal on project cloud-utils: Could not resolve dependencies for project org.apache.cloudstack:cloud-utils:jar:4.16.0.0-SNAPSHOT: Failed to collect dependencies at org.jenkins-ci:trilead-ssh2:jar:build-217-jenkins-27: Failed to read artifact descriptor for org.jenkins-ci:trilead-ssh2:jar:build-217-jenkins-27: Could not transfer artifact org.jenkins-ci:trilead-ssh2:pom:build-217-jenkins-27 from/to repo.jenkins-ci.org.releases (http://repo.jenkins-ci.org/releases/): Transfer failed for http://repo.jenkins-ci.org/releases/org/jenkins-ci/trilead-ssh2/build-217-jenkins-27/trilead-ssh2-build-217-jenkins-27.pom 308 Permanent Redirect -> [Help 1] |
|
@RodrigoDLopez @Dajeong-Park are you using 4.15 or master branch? Can you try updating the jenkins repo url to use https, as in f1c83a0 |
|
It is being used as a forked source by reflecting the merged sources in real time, and the build was successful by changing to https. Thank you. |
|
Alright @Dajeong-Park I'll cherry-pick the fix from master and get it on 4.15. |
I tried one of my own branches, and then i tried with 4.15. same error into both branches. I'm using the last maven version
@rhtyd as @Dajeong-Park said. Can I do a small PR to fix this in 4.15? |
|
@RodrigoDLopez the issue was recently fixed in 4.15,I've backported the commit to 4.15. Pl try using latest 4.15, if still hit the issue raise a PR thnx. |
Description
CloudStack is using the trilead-ssh2 library for ssh communications, but doesn't have support for the latest MAC algorithms, which can be a blocker of adopting Cloudstack for certain companies with more strict security requirements.
The issue with the current version of trilead-ssh2 is that it is only supporting older MAC algorithms, so if one would like to add a hypervisor host to a cluster and the host runs a sshd with old algos excluded, it will be unable to add the host.
There's a forked version of trilead-ssh2 which is still being maintained.
Upgrade to this fork/version of trilead-ssh2 would provide the possibility to use newer algorithms for SSH without the need to touch actual business logic.
Resolves #3255
Types of changes
Screenshots (if appropriate):
How Has This Been Tested?