[
https://issues.apache.org/jira/browse/CLOUDSTACK-10109?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16314779#comment-16314779
]
ASF subversion and git services commented on CLOUDSTACK-10109:
--------------------------------------------------------------
Commit 90ef67bab993c95b253cc810fb0b67fe8d6fc6e8 in cloudstack's branch
refs/heads/master from [~nicolas.vazquez]
[ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=90ef67b ]
CLOUDSTACK-10109: Enable dedication of public IPs to SSVM and CPVM (#2295)
This feature allow admins to dedicate a range of public IP addresses to the
SSVM and CPVM, such that they can be subject to specific external firewall
rules. The option to dedicate a public IP range to the System VMs (SSVM & CPVM)
is added to the createVlanIpRange API method and the UI.
Solution:
Global setting 'system.vm.public.ip.reservation.mode.strictness' is added to
determine if the use of the system VM reservation is strict (when true) or
preferred (false), false by default.
When a range has been dedicated to System VMs, CloudStack should apply IPs from
that range to
the public interfaces of the CPVM and the SSVM depending on global setting's
value:
If the global setting is set to false: then CloudStack will use any unused and
unreserved public IP
addresses for system VMs only when the pool of reserved IPs has been exhausted
If the global setting is set to true: then CloudStack will fail to deploy the
system VM when the pool
of reserved IPs has been exhausted, citing the lack of available IPs.
UI Changes
Under Infrastructure -> Zone -> Physical Network -> Public -> IP Ranges, button
'Account' label is refactored to 'Set reservation'.
When that button is clicked, dialog displayed is also refactored, including a
new checkbox 'System VMs' which indicates if range should be dedicated for CPVM
and SSVM, and a note indicating its usage.
When clicking on button for any created range, UI dialog displayed indicates
whether IP range is dedicated for system vms or not.
> Enable dedication of public IPs to SSVM and CPVM
> ------------------------------------------------
>
> Key: CLOUDSTACK-10109
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10109
> Project: CloudStack
> Issue Type: Improvement
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Reporter: Nicolas Vazquez
> Assignee: Nicolas Vazquez
> Attachments: public01.png, public02.png, public03.png
>
>
> It is required to dedicate a public IP range for SSVM and CPVM in order to
> apply firewall rules to control inbound access.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
