Can people review this PR https://github.com/apache/cloudstack-www/pull/43. It has to do with the mailing list search mechanism
On Wed, Mar 7, 2018 at 11:30 AM, Andrija Panic <andrija.pa...@gmail.com> wrote: > root@r-5015-VM:~# grep -ir "10.128.0.0/18" /etc/ ### this is VPC CIDR > > /etc/iptables/router_rules.v4:-A INPUT -s 10.128.64.0/18 -d 10.128.0.0/18 > -j MARK --set-xmark 0x524/0xffffffff > /etc/iptables/router_rules.v4:-A FORWARD -s 10.128.64.0/18 -d > 10.128.0.0/18 > -j MARK --set-xmark 0x524/0xffffffff > /etc/iptables/router_rules.v4:-A FORWARD -s 10.128.0.0/18 -d > 10.128.64.0/18 > -j MARK --set-xmark 0x525/0xffffffff > /etc/iptables/router_rules.v4:-A OUTPUT -s 10.128.0.0/18 -d 10.128.64.0/18 > -j MARK --set-xmark 0x525/0xffffffff > /etc/iptables/router_rules.v4:-A FORWARD -s 10.128.0.0/18 ! -d > 10.128.0.0/18 > -j ACCEPT > /etc/ipsec.d/ipsec.vpn-185.39.XXX.YYY.conf: leftsubnet=10.128.0.0/18 > /etc/cloudstack/cmdline.json: "vpccidr": "10.128.0.0/18" > /etc/cloudstack/site2sitevpn.json: "local_guest_cidr": " > 10.128.0.0/18 > ", > > So just restart VPC and be safe better than sorry :) > > Cheers > > On 7 March 2018 at 14:21, <daniel.herrm...@zv.fraunhofer.de> wrote: > > > Hi, > > > > As far as I know, when creating a site 2 site VPN, you can only specify > > the remote networks. The local network is always set to the whole VPC > CIDR. > > Or am I wrong? > > > > Regards > > Daniel > > > > On 07.03.18, 12:39, "Rafael Weingärtner" <rafaelweingart...@gmail.com> > > wrote: > > > > I agree with you. I was not aware of that link in ACS website. I > > already > > created a task for myself to fix that. > > > > I thought the VPC CIDR was used only as a logical value internally in > > ACS. > > However, as you pointed out, you can create a VPN to the whole VPC. > > Then, > > yes, a restart would be required. > > > > > > On Wed, Mar 7, 2018 at 8:33 AM, <daniel.herrm...@zv.fraunhofer.de> > > wrote: > > > > > Hi, > > > > > > Maybe we could link to the Apache search system at the page listing > > the > > > Cloudstack Mailing-Lists: https://cloudstack.apache.org/ > > mailing-lists.html > > > > > > If you click on the list there, you get to > > http://mail-archives.apache. > > > org/mod_mbox/cloudstack-users/. Then there is markmail linked and > > the > > > https://lists.apache.org/list.html?users@cloudstack.apache.org > link > > you > > > shared (which btw looks best to me, thanks). > > > > > > The tiers are going to stay as they are currently. I guess the CIDR > > is > > > used in the Strongswan VPN configuration as local network, so I > > guess a > > > restart might be required. > > > > > > Other thoughts? > > > > > > Thanks > > > Daniel > > > > > > On 07.03.18, 12:25, "Rafael Weingärtner" < > > rafaelweingart...@gmail.com> > > > wrote: > > > > > > MarkMail is not an Apache's system. If you want an Apache's > > system to > > > search mailing lists you can use: > > > https://lists.apache.org/list.html?d...@cloudstack.apache.org. > > > > > > Do you intend on changing the Tiers CIDR as well? If it is only > > the > > > VPC, > > > you might not even need to restart with a cleanup. Of course, > it > > is > > > always > > > a good practice to test before applying in production. > > > > > > On Wed, Mar 7, 2018 at 8:07 AM, <daniel.herrmann@zv. > > fraunhofer.de> > > > wrote: > > > > > > > Hi all, > > > > > > > > > > > > > > > > First of all: when trying to search the lists on MarkMail ( > > > > https://cloudstack.apache.org/mailing-lists.html) I get a > > warning > > > that > > > > the entered information will be transmitted insecurely (no > > HTTPs). > > > If I > > > > accept that, MarkMail redirects back to HTTPs but does not > > present a > > > valid > > > > certificate (unknown issuer, Firefox 58.0.2 > > > > > > > > > > > > > > > > Now, to the question: > > > > > > > > > > > > > > > > We have a VPC with a pretty large CIDR (172.19.0.0/16), > which > > > however > > > > only has tiers in the upper half (172.19.128.0/17). We now > > would > > > like to > > > > reduce the VPC CIDR. Is it safe to edit this in the database > > and > > > then do a > > > > VPC restart with cleanup? Anything else to consider? > > > > > > > > > > > > > > > > We use VPN s2s tunnel, so I guess we need to change the > remote > > > subnet on > > > > the other VPN endpoints, but other than that? > > > > > > > > > > > > > > > > Is it possible like that, any problems to expect? > > > > > > > > > > > > > > > > Thanks and regards > > > > > > > > Daniel > > > > > > > > > > > > -- > > Rafael Weingärtner > > > > > > > -- > > Andrija Panić > -- Rafael Weingärtner
