cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-10242) Problem Using Ingress/Egress SG Rules over 4.11 rc Tests
Date Tue, 23 Jan 2018 19:22:00 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-10242?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16336275#comment-16336275
] 

ASF subversion and git services commented on CLOUDSTACK-10242:
--------------------------------------------------------------

Commit f80f00ebcb6c626a004c2b528b4026710f01e794 in cloudstack's branch refs/heads/4.11 from
[~widodh]
[ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=f80f00e ]

CLOUDSTACK-10242: Properly parse incoming rules to Sec Group (#2418)

With merge of PR #2028 the separator for lines to the Security Group
Python script changed from : to ; to support IPv6 addresses.

This broke certain situations where rules were parsed improperly. This
commit fixes the issue.

Signed-off-by: Wido den Hollander <wido@widodh.nl>
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>

> Problem Using Ingress/Egress SG Rules over 4.11 rc Tests
> --------------------------------------------------------
>
>                 Key: CLOUDSTACK-10242
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10242
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: KVM, Management Server
>    Affects Versions: 4.11.0.0
>         Environment: KVM Host Ubuntu 16.04.3, Management Server Ubuntu 14.04.5
>            Reporter: Özhan Rüzgar Karaman
>            Assignee: Wido den Hollander
>            Priority: Blocker
>
> We noticed that Cloudstack-9853 fix generates some problems on applying SG rules on security_group.py
script. We compare the commands which send to script between 4.9.3 and 4.11 versions and we
noticed that SG rule delimiter and nicsecips values changed on 4.11 release its examples are
below:
> 4.9.3
> /usr/share/cloudstack-common/scripts/vm/network/security_group.py default_network_rules
--vmname i-2-573-VM --vmid 573 --vmip 192.168.2.56 --vmmac 06:31:56:00:04:09 --vif vnet15
--brname brenp4s0f0-23 --nicsecips 0:
>  
> /usr/share/cloudstack-common/scripts/vm/network/security_group.py add_network_rules --vmname
i-2-573-VM --vmid 573 --vmip 192.168.2.56 --sig d60255deb618b7be9f477eed10d65234 --seq 2 --vmmac
06:31:56:00:04:09 --vif vnet15 --brname brenp4s0f0-23 --nicsecips 0: --rules "I:icmp:-1:-1:0.0.0.0/0,NEXT;I:tcp:1:65535:0.0.0.0/0,NEXT;I:udp:1:65535:0.0.0.0/0,NEXT;E:icmp:-1:-1:0.0.0.0/0,NEXT;E:tcp:1:65535:0.0.0.0/0,NEXT;E:udp:1:65535:0.0.0.0/0,NEXT;"
>  
> 4.11.0
> /usr/share/cloudstack-common/scripts/vm/network/security_group.py default_network_rules
--vmname i-2-3-VM --vmid 3 --vmip 192.168.18.189 --vmmac 1e:00:50:00:00:bc --vif vnet10 --brname
breth0-23 --nicsecips 0;
> /usr/share/cloudstack-common/scripts/vm/network/security_group.py add_network_rules --vmname
"i-2-3-VM" --vmid "3" --vmip "192.168.18.189" --sig "9b1c4aa31c811204e1dae5310d7711b5" --seq
"12" --vmmac "1e:00:50:00:00:bc" --vif "vnet10" --brname "breth0-23" --nicsecips "0:" --rules
"I:icmp;-1;-1;0.0.0.0/0,NEXT;I:tcp;1;65535;0.0.0.0/0,NEXT;I:udp;1;65535;0.0.0.0/0,NEXT;E:icmp;-1;-1;0.0.0.0/0,NEXT;E:tcp;1;65535;0.0.0.0/0,NEXT;E:udp;1;65535;0.0.0.0/0,NEXT;"
>  
> This change creates problem on parse_network_rules function in security_group.py. We
made this test only on ipv4 enabled environment. So this need to be fixed to make SG operational
for 4.11 release.
>  
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message