[jira] [Commented] (CLOUDSTACK-1676) basic zone security groups enabled with 'DefaultSharedNetworkOffering'

Tue, 19 Mar 2013 18:13:17 -0700 

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-1676?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13607148#comment-13607148
 ] 

Min Chen commented on CLOUDSTACK-1676:
--------------------------------------

Currently from UI, in creating Zone, no matter whether user is selecting 
DefaultSharedNetworkOffering or DefaultSharedNetworkOfferingWithSGEnabled, UI 
will always send the following command:

http://localhost:8080/client/api?command=createZone&networktype=Basic&name=testZone&localstorageenabled=true&dns1=192.168.56.1&internaldns1=192.168.56.1&response=json&sessionkey=euSMxEUMNvPcXp8ym2N4ttT7vmo%3D&_=1363741656545

that is, missing securitygroupenabled flag. That is why, in backend api code, 
for Basic Zone, it is always set securitygroupenabled flag to true. To fix 
backend, UI has to be fixed first to pass the correct flag based on network 
offering selected. Otherwise, my checkin will break common usecases. So assign 
to Pranav to fix UI first.
                
> basic zone security groups enabled with 'DefaultSharedNetworkOffering'
> ----------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-1676
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1676
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: Hypervisor Controller
>    Affects Versions: 4.1.0
>         Environment: KVM Hosts
>            Reporter: Marcus Sorensen
>            Assignee: Min Chen
>             Fix For: 4.2.0
>
>
> I deployed a basic zone with a management bridge and a guest bridge, 
> selecting 'DefaultSharedNetworkOffering' as the network offering.
> I launched an instance
> I could not ssh into instance, but instance could ping gateway, google, etc.
> I ran 'ebtables -t nat -L' and saw that there were rules for this instance.
> I ran 'ebtables -t nat -F i-2-3-VM-in', and could now SSH into server.
> It was as though firewall/security groups were enabled, but without any way 
> to edit.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to