On 3/11/13 10:01 AM, "David Nalley" <da...@gnsa.us> wrote: >On Mon, Mar 11, 2013 at 12:52 PM, George Reese ><george.re...@enstratius.com> wrote: >> From listZones -> >> >> <?xml version="1.0" encoding="ISO-8859-1"?><listzonesresponse >>cloud-stack-version="3.0.5.20120904142539"><count>1</count><zone><id>f9a1 >>d2eb-c49e-4b87-ac9b-9c47e2d912a3</id><name>australia-canberra-2</name><ne >>tworktype>Advanced</networktype><securitygroupsenabled>false</securitygro >>upsenabled><allocationstate>Enabled</allocationstate><zonetoken>257b387d- >>3d9d-3585-8c65-cc26d38a3a97</zonetoken><dhcpprovider>VirtualRouter</dhcpp >>rovider><localstorageenabled>false</localstorageenabled></zone></listzone >>sresponse> >> >> And then I create a Security Group -> >> >> GET >>http://cloudplatform.cloudcentral.com.au/client/api/api?command=createSec >>urityGroup&name=dsnfw5821&description=Dasein%20Cloud%20Integration%20Test >>%20Firewall&apiKey=Stuff&signature=OtherStuff HTTP/1.1 >> Content-Type: application/x-www-form-urlencoded; charset=utf-8 >> >> HTTP/1.1 200 OK >> HTTP/1.1 200 OK >> Server: Apache-Coyote/1.1 >> Content-Type: text/xml;charset=UTF-8 >> Content-Length: 440 >> Date: Mon, 11 Mar 2013 15:30:54 GMT >> >> <?xml version="1.0" encoding="ISO-8859-1"?><createsecuritygroupresponse >>cloud-stack-version="3.0.5.20120904142539"><securitygroup><id>ab4d0c90-c5 >>d9-4b5a-acfe-aaa0040f7a6a</id><name>dsnfw5821</name><description>Dasein >>Cloud Integration Test >>Firewall</description><account>george.re...@enstratus.com</account><domai >>nid>ae79df08-18ce-4933-87f6-31c1686bd4ea</domainid><domain>enstratus.com< >>/domain></securitygroup></createsecuritygroupresponse> >> >> -George >> > >Interesting - and I just verified that I could create a SG on 4.0.1 >when my deployment doesn't really support them. (Advanced zone, before >we added SG-in-advanced zones support) > >Alena - do you have any thoughts? > >--David >
Dave, Security group is global across zones, its being created for account. And the account can attach it to the vm when vm is deployed in SG enabled zone(s). So we don't block from adding SG even if there is no SG enabled zones in the system. But we prohibit to deploy a vm with this SG if the destination zone doesn't support it. -Alena.
