[jira] [Created] (CLOUDSTACK-10242) Problem Using Ingress/Egress SG Rules over 4.11 rc Tests

Fri, 19 Jan 2018 04:52:57 -0800 

Özhan Rüzgar Karaman created CLOUDSTACK-10242:
-------------------------------------------------

             Summary: Problem Using Ingress/Egress SG Rules over 4.11 rc Tests
                 Key: CLOUDSTACK-10242
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10242
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
          Components: KVM, Management Server
    Affects Versions: 4.11.0.0
         Environment: KVM Host Ubuntu 16.04.3, Management Server Ubuntu 14.04.5
            Reporter: Özhan Rüzgar Karaman


We noticed that Cloudstack-9853 fix generates some problems on applying SG 
rules on security_group.py script. We compare the commands which send to script 
between 4.9.3 and 4.11 versions and we noticed that SG rule delimiter and 
nicsecips values changed on 4.11 release its examples are below:

4.9.3

/usr/share/cloudstack-common/scripts/vm/network/security_group.py 
default_network_rules --vmname i-2-573-VM --vmid 573 --vmip 192.168.2.56 
--vmmac 06:31:56:00:04:09 --vif vnet15 --brname brenp4s0f0-23 --nicsecips 0:

 

/usr/share/cloudstack-common/scripts/vm/network/security_group.py 
add_network_rules --vmname i-2-573-VM --vmid 573 --vmip 192.168.2.56 --sig 
d60255deb618b7be9f477eed10d65234 --seq 2 --vmmac 06:31:56:00:04:09 --vif vnet15 
--brname brenp4s0f0-23 --nicsecips 0: --rules 
"I:icmp:-1:-1:0.0.0.0/0,NEXT;I:tcp:1:65535:0.0.0.0/0,NEXT;I:udp:1:65535:0.0.0.0/0,NEXT;E:icmp:-1:-1:0.0.0.0/0,NEXT;E:tcp:1:65535:0.0.0.0/0,NEXT;E:udp:1:65535:0.0.0.0/0,NEXT;"

 

4.11.0

/usr/share/cloudstack-common/scripts/vm/network/security_group.py 
default_network_rules --vmname i-2-3-VM --vmid 3 --vmip 192.168.18.189 --vmmac 
1e:00:50:00:00:bc --vif vnet10 --brname breth0-23 --nicsecips 0;

/usr/share/cloudstack-common/scripts/vm/network/security_group.py 
add_network_rules --vmname "i-2-3-VM" --vmid "3" --vmip "192.168.18.189" --sig 
"9b1c4aa31c811204e1dae5310d7711b5" --seq "12" --vmmac "1e:00:50:00:00:bc" --vif 
"vnet10" --brname "breth0-23" --nicsecips "0:" --rules 
"I:icmp;-1;-1;0.0.0.0/0,NEXT;I:tcp;1;65535;0.0.0.0/0,NEXT;I:udp;1;65535;0.0.0.0/0,NEXT;E:icmp;-1;-1;0.0.0.0/0,NEXT;E:tcp;1;65535;0.0.0.0/0,NEXT;E:udp;1;65535;0.0.0.0/0,NEXT;"

 

This change creates problem on parse_network_rules function in 
security_group.py. We made this test only on ipv4 enabled environment. So this 
need to be fixed to make SG operational for 4.11 release.

 

 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to