cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Min Chen (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-1676) basic zone security groups enabled with 'DefaultSharedNetworkOffering'
Date Wed, 20 Mar 2013 01:13:15 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-1676?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13607148#comment-13607148
] 

Min Chen commented on CLOUDSTACK-1676:
--------------------------------------

Currently from UI, in creating Zone, no matter whether user is selecting DefaultSharedNetworkOffering
or DefaultSharedNetworkOfferingWithSGEnabled, UI will always send the following command:

http://localhost:8080/client/api?command=createZone&networktype=Basic&name=testZone&localstorageenabled=true&dns1=192.168.56.1&internaldns1=192.168.56.1&response=json&sessionkey=euSMxEUMNvPcXp8ym2N4ttT7vmo%3D&_=1363741656545

that is, missing securitygroupenabled flag. That is why, in backend api code, for Basic Zone,
it is always set securitygroupenabled flag to true. To fix backend, UI has to be fixed first
to pass the correct flag based on network offering selected. Otherwise, my checkin will break
common usecases. So assign to Pranav to fix UI first.
                
> basic zone security groups enabled with 'DefaultSharedNetworkOffering'
> ----------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-1676
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1676
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Hypervisor Controller
>    Affects Versions: 4.1.0
>         Environment: KVM Hosts
>            Reporter: Marcus Sorensen
>            Assignee: Min Chen
>             Fix For: 4.2.0
>
>
> I deployed a basic zone with a management bridge and a guest bridge, selecting 'DefaultSharedNetworkOffering'
as the network offering.
> I launched an instance
> I could not ssh into instance, but instance could ping gateway, google, etc.
> I ran 'ebtables -t nat -L' and saw that there were rules for this instance.
> I ran 'ebtables -t nat -F i-2-3-VM-in', and could now SSH into server.
> It was as though firewall/security groups were enabled, but without any way to edit.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message