Re: [PR] enable to create VPC portfowarding rules with source cidr [cloudstack]

via GitHub Thu, 31 Oct 2024 14:16:00 -0700


winterhazel commented on PR #7081:
URL: https://github.com/apache/cloudstack/pull/7081#issuecomment-2450828651


   Everything seems to be working as intended now. Below are the tests I did.
   
   ## Tests
   
   For each test, I created/updated/deleted port forwarding rules via the UI, 
and verified that the VR had the expected iptables rules. I also tried to 
access the public ports via different CIDRs to ensure that the packets were 
being routed as intended.
   
   ### 1. Create PF rule with no source CIDR:
   
   ![Screenshot from 2024-10-25 
17-03-50](https://github.com/user-attachments/assets/0e5d1017-cd6f-4923-a008-a4c3c3a22ca8)
   
   ```sh
   root@r-36-VM:~# iptables -t nat -L
   Chain PREROUTING (policy ACCEPT)
   target     prot opt source               destination         
   DNAT       tcp  --  anywhere             192.168.122.18       tcp dpt:24 
to:10.0.0.199:22
   
   Chain INPUT (policy ACCEPT)
   target     prot opt source               destination         
   
   Chain OUTPUT (policy ACCEPT)
   target     prot opt source               destination         
   DNAT       tcp  --  anywhere             192.168.122.18       tcp dpt:24 
to:10.0.0.199:22
   
   Chain POSTROUTING (policy ACCEPT)
   target     prot opt source               destination         
   SNAT       all  --  anywhere             anywhere             
to:192.168.122.17
   SNAT       tcp  --  10.0.0.0/24          test-vm              tcp dpt:ssh 
to:10.0.0.1
   ```
   
   ### 2. Delete PF rule with no source CIDR:
   
   I deleted the previously created rule.
   
   ```sh
   root@r-36-VM:~# iptables -t nat -L
   Chain PREROUTING (policy ACCEPT)
   target     prot opt source               destination         
   
   Chain INPUT (policy ACCEPT)
   target     prot opt source               destination         
   
   Chain OUTPUT (policy ACCEPT)
   target     prot opt source               destination         
   
   Chain POSTROUTING (policy ACCEPT)
   target     prot opt source               destination         
   SNAT       all  --  anywhere             anywhere             
to:192.168.122.17
   ```
   
   ### 3. Create PF rule with a single source CIDR:
   
   ![Screenshot from 2024-10-30 
11-15-21](https://github.com/user-attachments/assets/8808e5a4-5ed9-4996-8bd3-1f515a8f4be3)
   
   ```sh
   Chain PREROUTING (policy ACCEPT)
   target     prot opt source               destination         
   DNAT       tcp  --  192.168.200.0/24     192.168.122.18       tcp dpt:telnet 
to:10.0.0.199:22
   
   Chain INPUT (policy ACCEPT)
   target     prot opt source               destination         
   
   Chain OUTPUT (policy ACCEPT)
   target     prot opt source               destination         
   DNAT       tcp  --  192.168.200.0/24     192.168.122.18       tcp dpt:telnet 
to:10.0.0.199:22
   
   Chain POSTROUTING (policy ACCEPT)
   target     prot opt source               destination         
   SNAT       all  --  anywhere             anywhere             
to:192.168.122.17
   SNAT       tcp  --  10.0.0.0/24          test-vm              tcp dpt:ssh 
to:10.0.0.1
   ```
   
   ### 4. Delete PF rule with a single source CIDR:
   
   I deleted the previously created rule.
   
   ```sh
   root@r-36-VM:~# iptables -t nat -L
   Chain PREROUTING (policy ACCEPT)
   target     prot opt source               destination         
   
   Chain INPUT (policy ACCEPT)
   target     prot opt source               destination         
   
   Chain OUTPUT (policy ACCEPT)
   target     prot opt source               destination         
   
   Chain POSTROUTING (policy ACCEPT)
   target     prot opt source               destination         
   SNAT       all  --  anywhere             anywhere             
to:192.168.122.17
   ```
   
   ### 5. Create PF rule with a list of source CIDRs:
   
   ![Screenshot from 2024-10-31 
16-03-54](https://github.com/user-attachments/assets/e5120919-bc38-46a6-882b-76b31a5ea6fd)
   
   ```sh
   root@r-36-VM:~# iptables -t nat -L
   Chain PREROUTING (policy ACCEPT)
   target     prot opt source               destination         
   DNAT       tcp  --  192.168.122.1        192.168.122.18       tcp dpt:telnet 
to:10.0.0.199:22
   DNAT       tcp  --  192.168.201.0/24     192.168.122.18       tcp dpt:telnet 
to:10.0.0.199:22
   DNAT       tcp  --  192.168.202.0/24     192.168.122.18       tcp dpt:telnet 
to:10.0.0.199:22
   
   Chain INPUT (policy ACCEPT)
   target     prot opt source               destination         
   
   Chain OUTPUT (policy ACCEPT)
   target     prot opt source               destination         
   DNAT       tcp  --  192.168.122.1        192.168.122.18       tcp dpt:telnet 
to:10.0.0.199:22
   DNAT       tcp  --  192.168.201.0/24     192.168.122.18       tcp dpt:telnet 
to:10.0.0.199:22
   DNAT       tcp  --  192.168.202.0/24     192.168.122.18       tcp dpt:telnet 
to:10.0.0.199:22
   
   Chain POSTROUTING (policy ACCEPT)
   target     prot opt source               destination         
   SNAT       all  --  anywhere             anywhere             
to:192.168.122.17
   SNAT       tcp  --  10.0.0.0/24          test-vm              tcp dpt:ssh 
to:10.0.0.1
   ```
   
   ### 6. Update source CIDR list of PF rule to another list:
   
   ```sh
   (admin) 🐢 > update portforwardingrule 
id=650ec01f-9e5e-4b70-9ff2-ab8c9cff2051  
cidrlist="192.168.202.0/24,192.168.203.0/24,192.168.204.10/32"
   {
     "portforwardingrule": {
       "cidrlist": "192.168.202.0/24,192.168.203.0/24,192.168.204.10/32",
       "fordisplay": true,
       "id": "650ec01f-9e5e-4b70-9ff2-ab8c9cff2051",
       "ipaddress": "192.168.122.18",
       "ipaddressid": "7118532f-a6be-4943-bc06-037ea00ef4d0",
       "networkid": "49a35e15-ea93-4434-a158-0ffbd3743de1",
       "privateendport": "22",
       "privateport": "22",
       "protocol": "tcp",
       "publicendport": "23",
       "publicport": "23",
       "state": "Active",
       "tags": [],
       "virtualmachinedisplayname": "test-vm",
       "virtualmachineid": "8584e8a2-0759-4aba-885d-8c0b903fdfc2",
       "virtualmachinename": "test-vm",
       "vmguestip": "10.0.0.199"
     }
   }
   ```
   
   ```sh
   root@r-36-VM:~# iptables -t nat -L
   Chain PREROUTING (policy ACCEPT)
   target     prot opt source               destination         
   DNAT       tcp  --  192.168.202.0/24     192.168.122.18       tcp dpt:telnet 
to:10.0.0.199:22
   DNAT       tcp  --  192.168.203.0/24     192.168.122.18       tcp dpt:telnet 
to:10.0.0.199:22
   DNAT       tcp  --  192.168.204.10       192.168.122.18       tcp dpt:telnet 
to:10.0.0.199:22
   
   Chain INPUT (policy ACCEPT)
   target     prot opt source               destination         
   
   Chain OUTPUT (policy ACCEPT)
   target     prot opt source               destination         
   DNAT       tcp  --  192.168.202.0/24     192.168.122.18       tcp dpt:telnet 
to:10.0.0.199:22
   DNAT       tcp  --  192.168.203.0/24     192.168.122.18       tcp dpt:telnet 
to:10.0.0.199:22
   DNAT       tcp  --  192.168.204.10       192.168.122.18       tcp dpt:telnet 
to:10.0.0.199:22
   
   Chain POSTROUTING (policy ACCEPT)
   target     prot opt source               destination         
   SNAT       all  --  anywhere             anywhere             
to:192.168.122.17
   SNAT       tcp  --  10.0.0.0/24          test-vm              tcp dpt:ssh 
to:10.0.0.1
   ```
   
   ### 7. Delete PF rule with a list of source CIDRs:
   
   I deleted the updated rule.
   
   ```sh
   root@r-36-VM:~# iptables -t nat -L
   Chain PREROUTING (policy ACCEPT)
   target     prot opt source               destination         
   
   Chain INPUT (policy ACCEPT)
   target     prot opt source               destination         
   
   Chain OUTPUT (policy ACCEPT)
   target     prot opt source               destination         
   
   Chain POSTROUTING (policy ACCEPT)
   target     prot opt source               destination         
   SNAT       all  --  anywhere             anywhere             
to:192.168.122.17
   ```
   
   ### 8. Update source CIDR of PF rule to empty
   
   Before the update:
   
   ![Screenshot from 2024-10-31 
18-02-07](https://github.com/user-attachments/assets/0c7a5a96-b411-4430-af1a-694dad674e11)
   
   ```sh
   root@r-39-VM:~# iptables -t nat -L
   Chain PREROUTING (policy ACCEPT)
   target     prot opt source               destination         
   DNAT       tcp  --  192.168.200.0/24     192.168.122.18       tcp dpt:ssh 
to:10.0.0.199:23
   
   Chain INPUT (policy ACCEPT)
   target     prot opt source               destination         
   
   Chain OUTPUT (policy ACCEPT)
   target     prot opt source               destination         
   DNAT       tcp  --  192.168.200.0/24     192.168.122.18       tcp dpt:ssh 
to:10.0.0.199:23
   
   Chain POSTROUTING (policy ACCEPT)
   target     prot opt source               destination         
   SNAT       all  --  anywhere             anywhere             
to:192.168.122.17
   SNAT       tcp  --  10.0.0.0/24          test-vm              tcp dpt:telnet 
to:10.0.0.1
   ```
   
   Update:
   
   ```sh
   (admin) 🐢 > update portforwardingrule 
id=7340fcb8-4dee-4f74-9bb9-cae92b944783 cidrlist=""
   {
     "portforwardingrule": {
       "cidrlist": "",
       "fordisplay": true,
       "id": "7340fcb8-4dee-4f74-9bb9-cae92b944783",
       "ipaddress": "192.168.122.18",
       "ipaddressid": "7118532f-a6be-4943-bc06-037ea00ef4d0",
       "networkid": "49a35e15-ea93-4434-a158-0ffbd3743de1",
       "privateendport": "23",
       "privateport": "23",
       "protocol": "tcp",
       "publicendport": "22",
       "publicport": "22",
       "state": "Active",
       "tags": [],
       "virtualmachinedisplayname": "test-vm",
       "virtualmachineid": "8584e8a2-0759-4aba-885d-8c0b903fdfc2",
       "virtualmachinename": "test-vm",
       "vmguestip": "10.0.0.199"
     }
   }
   ```
   
   ```sh
   root@r-39-VM:~# iptables -t nat -L
   Chain PREROUTING (policy ACCEPT)
   target     prot opt source               destination         
   DNAT       tcp  --  anywhere             192.168.122.18       tcp dpt:ssh 
to:10.0.0.199:23
   
   Chain INPUT (policy ACCEPT)
   target     prot opt source               destination         
   
   Chain OUTPUT (policy ACCEPT)
   target     prot opt source               destination         
   DNAT       tcp  --  anywhere             192.168.122.18       tcp dpt:ssh 
to:10.0.0.199:23
   
   Chain POSTROUTING (policy ACCEPT)
   target     prot opt source               destination         
   SNAT       all  --  anywhere             anywhere             
to:192.168.122.17
   SNAT       tcp  --  10.0.0.0/24          test-vm              tcp dpt:telnet 
to:10.0.0.1
   ```
   
   ### 9. Create PF rules with the same public and private ports, but different 
source CIDRs, for the same VM:
   
   ![Screenshot from 2024-10-31 
16-30-17](https://github.com/user-attachments/assets/84ca5eca-5774-499c-b8a4-569f82f2c7c9)
   
   ```sh
   root@r-36-VM:~# iptables -t nat -L
   Chain PREROUTING (policy ACCEPT)
   target     prot opt source               destination         
   DNAT       tcp  --  192.168.200.0/24     192.168.122.18       tcp dpt:ssh 
to:10.0.0.199:22
   DNAT       tcp  --  192.168.122.1        192.168.122.18       tcp dpt:ssh 
to:10.0.0.199:22
   
   Chain INPUT (policy ACCEPT)
   target     prot opt source               destination         
   
   Chain OUTPUT (policy ACCEPT)
   target     prot opt source               destination         
   DNAT       tcp  --  192.168.200.0/24     192.168.122.18       tcp dpt:ssh 
to:10.0.0.199:22
   DNAT       tcp  --  192.168.122.1        192.168.122.18       tcp dpt:ssh 
to:10.0.0.199:22
   
   Chain POSTROUTING (policy ACCEPT)
   target     prot opt source               destination         
   SNAT       all  --  anywhere             anywhere             
to:192.168.122.17
   SNAT       tcp  --  10.0.0.0/24          test-vm              tcp dpt:ssh 
to:10.0.0.1
   ```
   
   ### 10. Delete one of the previously created rules:
   
   I deleted the rule that had 192.168.200.0/24 as the source CIDR.
   
   ```sh
   root@r-36-VM:~# iptables -t nat -L
   Chain PREROUTING (policy ACCEPT)
   target     prot opt source               destination         
   DNAT       tcp  --  192.168.122.1        192.168.122.18       tcp dpt:ssh 
to:10.0.0.199:22
   
   Chain INPUT (policy ACCEPT)
   target     prot opt source               destination         
   
   Chain OUTPUT (policy ACCEPT)
   target     prot opt source               destination         
   DNAT       tcp  --  192.168.122.1        192.168.122.18       tcp dpt:ssh 
to:10.0.0.199:22
   
   Chain POSTROUTING (policy ACCEPT)
   target     prot opt source               destination         
   SNAT       all  --  anywhere             anywhere             
to:192.168.122.17
   SNAT       tcp  --  10.0.0.0/24          test-vm              tcp dpt:ssh 
to:10.0.0.1
   ```
   
   ### 11. Create PF rules with the same public and private ports, but 
different source CIDRs, for different VMs:
   
   ![Screenshot from 2024-10-31 
15-34-25](https://github.com/user-attachments/assets/e8d9e469-910c-441b-bee5-07ad9d2751f1)
   
   ```sh
   root@r-36-VM:~# iptables -t nat -L
   Chain PREROUTING (policy ACCEPT)
   target     prot opt source               destination         
   DNAT       tcp  --  10.0.0.0/24          192.168.122.18       tcp dpt:ssh 
to:10.0.0.199:22
   DNAT       tcp  --  192.168.122.0/24     192.168.122.18       tcp dpt:ssh 
to:10.0.0.186:22
   
   Chain INPUT (policy ACCEPT)
   target     prot opt source               destination         
   
   Chain OUTPUT (policy ACCEPT)
   target     prot opt source               destination         
   DNAT       tcp  --  10.0.0.0/24          192.168.122.18       tcp dpt:ssh 
to:10.0.0.199:22
   DNAT       tcp  --  192.168.122.0/24     192.168.122.18       tcp dpt:ssh 
to:10.0.0.186:22
   
   Chain POSTROUTING (policy ACCEPT)
   target     prot opt source               destination         
   SNAT       all  --  anywhere             anywhere             
to:192.168.122.17
   SNAT       tcp  --  10.0.0.0/24          test-vm              tcp dpt:ssh 
to:10.0.0.1
   SNAT       tcp  --  10.0.0.0/24          test-vm2             tcp dpt:ssh 
to:10.0.0.1
   ```
   
   ### 12. Create PF rules with the same public port, but different private 
port for different source CIDRs:
   
   ![Screenshot from 2024-10-31 
15-38-37](https://github.com/user-attachments/assets/28fa3221-dba5-46b6-9d93-7eb1516a281f)
   
   ```sh
   root@r-36-VM:~# iptables -t nat -L
   Chain PREROUTING (policy ACCEPT)
   target     prot opt source               destination         
   DNAT       tcp  --  10.0.0.0/24          192.168.122.18       tcp dpt:ssh 
to:10.0.0.199:23
   DNAT       tcp  --  192.168.122.0/24     192.168.122.18       tcp dpt:ssh 
to:10.0.0.199:22
   
   Chain INPUT (policy ACCEPT)
   target     prot opt source               destination         
   
   Chain OUTPUT (policy ACCEPT)
   target     prot opt source               destination         
   DNAT       tcp  --  10.0.0.0/24          192.168.122.18       tcp dpt:ssh 
to:10.0.0.199:23
   DNAT       tcp  --  192.168.122.0/24     192.168.122.18       tcp dpt:ssh 
to:10.0.0.199:22
   
   Chain POSTROUTING (policy ACCEPT)
   target     prot opt source               destination         
   SNAT       all  --  anywhere             anywhere             
to:192.168.122.17
   SNAT       tcp  --  10.0.0.0/24          test-vm              tcp dpt:telnet 
to:10.0.0.1
   SNAT       tcp  --  10.0.0.0/24          test-vm              tcp dpt:ssh 
to:10.0.0.1
   ```
   
   ### 13. Delete one of the previously created rules:
   
   I deleted the rule that had `192.168.122.0/24` as source CIDR.
   
   ```sh
   root@r-36-VM:~# iptables -t nat -L
   Chain PREROUTING (policy ACCEPT)
   target     prot opt source               destination         
   DNAT       tcp  --  10.0.0.0/24          192.168.122.18       tcp dpt:ssh 
to:10.0.0.199:23
   
   Chain INPUT (policy ACCEPT)
   target     prot opt source               destination         
   
   Chain OUTPUT (policy ACCEPT)
   target     prot opt source               destination         
   DNAT       tcp  --  10.0.0.0/24          192.168.122.18       tcp dpt:ssh 
to:10.0.0.199:23
   
   Chain POSTROUTING (policy ACCEPT)
   target     prot opt source               destination         
   SNAT       all  --  anywhere             anywhere             
to:192.168.122.17
   SNAT       tcp  --  10.0.0.0/24          test-vm              tcp dpt:telnet 
to:10.0.0.1
   ```
   
   ### 14. Restart VPC with clean-up:
   
   I added a rule that had a list of source CIDRs.
   
   ![Screenshot from 2024-10-31 
16-10-44](https://github.com/user-attachments/assets/091458a7-659c-47ca-aa7e-674267edc6c6)
   
   Then, I restarted the VPC with clean-up. After restarting, I verified the 
iptables.
   
   ```sh
   root@r-37-VM:~# iptables -t nat -L
   Chain PREROUTING (policy ACCEPT)
   target     prot opt source               destination         
   DNAT       tcp  --  192.168.201.0/24     192.168.122.18       tcp dpt:ssh 
to:10.0.0.199:22
   DNAT       tcp  --  192.168.202.0/24     192.168.122.18       tcp dpt:ssh 
to:10.0.0.199:22
   DNAT       tcp  --  192.168.203.2        192.168.122.18       tcp dpt:ssh 
to:10.0.0.199:22
   
   Chain INPUT (policy ACCEPT)
   target     prot opt source               destination         
   
   Chain OUTPUT (policy ACCEPT)
   target     prot opt source               destination         
   DNAT       tcp  --  192.168.201.0/24     192.168.122.18       tcp dpt:ssh 
to:10.0.0.199:22
   DNAT       tcp  --  192.168.202.0/24     192.168.122.18       tcp dpt:ssh 
to:10.0.0.199:22
   DNAT       tcp  --  192.168.203.2        192.168.122.18       tcp dpt:ssh 
to:10.0.0.199:22
   
   Chain POSTROUTING (policy ACCEPT)
   target     prot opt source               destination         
   SNAT       all  --  anywhere             anywhere             
to:192.168.122.17
   SNAT       tcp  --  10.0.0.0/24          test-vm              tcp dpt:ssh 
to:10.0.0.1
   ```
   
   ### 15. Restart VPC without clean-up:
   
   I restarted the same VPC, but without clean-up. After restarting, I verified 
the iptables.
   
   ```sh
   root@r-37-VM:~# iptables -t nat -L
   Chain PREROUTING (policy ACCEPT)
   target     prot opt source               destination         
   DNAT       tcp  --  192.168.201.0/24     192.168.122.18       tcp dpt:ssh 
to:10.0.0.199:22
   DNAT       tcp  --  192.168.202.0/24     192.168.122.18       tcp dpt:ssh 
to:10.0.0.199:22
   DNAT       tcp  --  192.168.203.2        192.168.122.18       tcp dpt:ssh 
to:10.0.0.199:22
   
   Chain INPUT (policy ACCEPT)
   target     prot opt source               destination         
   
   Chain OUTPUT (policy ACCEPT)
   target     prot opt source               destination         
   DNAT       tcp  --  192.168.201.0/24     192.168.122.18       tcp dpt:ssh 
to:10.0.0.199:22
   DNAT       tcp  --  192.168.202.0/24     192.168.122.18       tcp dpt:ssh 
to:10.0.0.199:22
   DNAT       tcp  --  192.168.203.2        192.168.122.18       tcp dpt:ssh 
to:10.0.0.199:22
   
   Chain POSTROUTING (policy ACCEPT)
   target     prot opt source               destination         
   SNAT       all  --  anywhere             anywhere             
to:192.168.122.17
   SNAT       tcp  --  10.0.0.0/24          test-vm              tcp dpt:ssh 
to:10.0.0.1
   ```
   
   ### 16. Restart VPC router:
   
   I rebooted the VR of the same VPC. After rebooting, I verified the iptables.
   
   ```sh
   root@r-37-VM:~# iptables -t nat -L
   Chain PREROUTING (policy ACCEPT)
   target     prot opt source               destination         
   DNAT       tcp  --  192.168.201.0/24     192.168.122.18       tcp dpt:ssh 
to:10.0.0.199:22
   DNAT       tcp  --  192.168.202.0/24     192.168.122.18       tcp dpt:ssh 
to:10.0.0.199:22
   DNAT       tcp  --  192.168.203.2        192.168.122.18       tcp dpt:ssh 
to:10.0.0.199:22
   
   Chain INPUT (policy ACCEPT)
   target     prot opt source               destination         
   
   Chain OUTPUT (policy ACCEPT)
   target     prot opt source               destination         
   DNAT       tcp  --  192.168.201.0/24     192.168.122.18       tcp dpt:ssh 
to:10.0.0.199:22
   DNAT       tcp  --  192.168.202.0/24     192.168.122.18       tcp dpt:ssh 
to:10.0.0.199:22
   DNAT       tcp  --  192.168.203.2        192.168.122.18       tcp dpt:ssh 
to:10.0.0.199:22
   
   Chain POSTROUTING (policy ACCEPT)
   target     prot opt source               destination         
   SNAT       all  --  anywhere             anywhere             
to:192.168.122.17
   SNAT       tcp  --  10.0.0.0/24          test-vm              tcp dpt:ssh 
to:10.0.0.1
   ```
   
   ### 17. Try to create a PF rule with an invalid source CIDR
   
   I verified that I got an exception.
   
   ![Screenshot from 2024-10-30 
20-01-25](https://github.com/user-attachments/assets/508faf6b-77d1-4f27-9c07-9a0f5ac8e735)
   
   ### 18. Try update a PF rule's source CIDR to an invalid value
   
   Also got an error.
   
   ```sh
   (admin) 🐢 > update portforwardingrule 
id=617b41c6-264c-47bb-bdfa-0bd1fdcf2b01 cidrlist="test"
   {
     "account": "admin",
     "accountid": "60b92e66-28b2-11ef-a04e-6ac09c2b3d6b",
     "cmd": 
"org.apache.cloudstack.api.command.user.firewall.UpdatePortForwardingRuleCmd",
     "completed": "2024-10-31T19:42:51+0000",
     "created": "2024-10-31T19:42:50+0000",
     "domainid": "40815ad7-28b2-11ef-a04e-6ac09c2b3d6b",
     "domainpath": "ROOT",
     "jobid": "08f8132c-c715-4ebf-97ac-5cad81ea0648",
     "jobprocstatus": 0,
     "jobresult": {
       "errorcode": 431,
       "errortext": "The given source CIDR [test] is invalid."
     },
     "jobresultcode": 431,
     "jobresulttype": "object",
     "jobstatus": 2,
     "userid": "60ba931c-28b2-11ef-a04e-6ac09c2b3d6b"
   }
   ```
   
   ### 19. Unit tests
   
   I added unit tests for the modified `if` condition, and verified that the 
condition produced the same results before and after the changes for the cases 
that did not involve the new parameter.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Re: [PR] enable to create VPC portfowarding rules with source cidr [cloudstack]

Reply via email to