[ https://issues.apache.org/jira/browse/CLOUDSTACK-10109?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16314779#comment-16314779 ]
ASF subversion and git services commented on CLOUDSTACK-10109: -------------------------------------------------------------- Commit 90ef67bab993c95b253cc810fb0b67fe8d6fc6e8 in cloudstack's branch refs/heads/master from [~nicolas.vazquez] [ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=90ef67b ] CLOUDSTACK-10109: Enable dedication of public IPs to SSVM and CPVM (#2295) This feature allow admins to dedicate a range of public IP addresses to the SSVM and CPVM, such that they can be subject to specific external firewall rules. The option to dedicate a public IP range to the System VMs (SSVM & CPVM) is added to the createVlanIpRange API method and the UI. Solution: Global setting 'system.vm.public.ip.reservation.mode.strictness' is added to determine if the use of the system VM reservation is strict (when true) or preferred (false), false by default. When a range has been dedicated to System VMs, CloudStack should apply IPs from that range to the public interfaces of the CPVM and the SSVM depending on global setting's value: If the global setting is set to false: then CloudStack will use any unused and unreserved public IP addresses for system VMs only when the pool of reserved IPs has been exhausted If the global setting is set to true: then CloudStack will fail to deploy the system VM when the pool of reserved IPs has been exhausted, citing the lack of available IPs. UI Changes Under Infrastructure -> Zone -> Physical Network -> Public -> IP Ranges, button 'Account' label is refactored to 'Set reservation'. When that button is clicked, dialog displayed is also refactored, including a new checkbox 'System VMs' which indicates if range should be dedicated for CPVM and SSVM, and a note indicating its usage. When clicking on button for any created range, UI dialog displayed indicates whether IP range is dedicated for system vms or not. > Enable dedication of public IPs to SSVM and CPVM > ------------------------------------------------ > > Key: CLOUDSTACK-10109 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10109 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) > Reporter: Nicolas Vazquez > Assignee: Nicolas Vazquez > Attachments: public01.png, public02.png, public03.png > > > It is required to dedicate a public IP range for SSVM and CPVM in order to > apply firewall rules to control inbound access. -- This message was sent by Atlassian JIRA (v6.4.14#64029)