Re: Does traffic touches VR when gateway is is not on the cloud network?

2019-11-02 Thread Fariborz Navidan 
Thanks for reply. How should we block a egress CIDR from specific source
CIDR when default egress policy of the network offering is "Allow"? What
will be behavior of Egress rules in a SG on the network?

On Sat, Nov 2, 2019 at 12:09 AM Andrija Panic 
wrote:

> By the definition, with Shared Networks, VR is providing **ONLY**
> DNS/DHCP/USER-DATA services to VMs in the shared network - i.e. traffic
> NEVER passes through the VR (your VR and all your user VMs have an IP on
> that shared network - they are just "peers" so to speak, VR is not a
> router, it's just a dhcp/dns server).
>
> If you are using Security Groups on that shared network, then you can
> achieve what you want via SG, otherwise, your VMs are using (as you stated)
> external gateway, which you don't control.
>
> If you are NOT using SG, but are brave enough and have awesome automation
> skills - you can try to do traffic limiting on the hypervisor hosts (which
> is exactly what SG do - SG is just a collection of iptables/ebtables rules
> on hypervisors)
> Though I would not advise doing so...^^^
>
> Best,
> Andrija
>
> On Fri, 1 Nov 2019 at 21:21, Fariborz Navidan 
> wrote:
>
> > Yes, it is a shared network with external gateway. Indeed hosts are
> > connected to a vRack on OVH network. Gateway address is externally
> > addressed as last usable IP of the IP block. On CloudStack side, we have
> I
> > have configured several IP address ranges on the same shared guest
> network
> > in an advanced zone.
> >
> > What I want to do is, to block some outgoing traffic from specific source
> > IPs rto specific destination IP ranges. I want to know that I should
> place
> > firewall rule on theVR or on the host itself. The cloud is currently
> > running with one host but I should be able to generalize this rules for
> > further scaling when more hosts are added in future.
> >
> > Thanks
> >
> > On Fri, Nov 1, 2019 at 10:30 PM Andrija Panic 
> > wrote:
> >
> > > Can you explain your setup a bit more - I'm not clear with "gateway
> > address
> > > of my guest network is not inside the cloud and it is
> > > not under my management" - is this a shared network, using some
> external
> > > gateway (which is a normal setup for Shared network)?
> > >
> > > On Fri, 1 Nov 2019 at 16:21, Fariborz Navidan 
> > > wrote:
> > >
> > > > Hello,
> > > >
> > > > The gateway address of my guest network is not inside the cloud and
> it
> > is
> > > > not under my management. My question is that does guest traffic still
> > > touch
> > > > the virtual router and can I place custom firewall rules between
> guests
> > > and
> > > > outside network on VR?
> > > >
> > >
> > >
> > > --
> > >
> > > Andrija Panić
> > >
> >
>
>
> --
>
> Andrija Panić
>

Re: [VOTE] Primate as modern UI for CloudStack

2019-11-02 Thread Osay Osman Yuuni 
+1

On Mon, 7 Oct 2019 at 11:31, Rohit Yadav  wrote:

> All,
>
> The feedback and response has been positive on the proposal to use Primate
> as the modern UI for CloudStack [1] [2]. Thank you all.
>
> I'm starting this vote (to):
>
>   *   Accept Primate codebase [3] as a project under Apache CloudStack
> project
>   *   Create and host a new repository (cloudstack-primate) and follow
> Github based development workflow (issues, pull requests etc) as we do with
> CloudStack
>   *   Given this is a new project, to encourage cadence until its feature
> completeness the merge criteria is proposed as:
>  *   Manual testing against each PR and/or with screenshots from the
> author or testing contributor, integration with Travis is possible once we
> get JS/UI tests
>  *   At least 1 LGTM from any of the active contributors, we'll move
> this to 2 LGTMs when the codebase reaches feature parity wrt the
> existing/old CloudStack UI
>  *   Squash and merge PRs
>   *   Accept the proposed timeline [1][2] (subject to achievement of goals
> wrt Primate technical release and GA)
>  *   the first technical preview targetted with the winter 2019 LTS
> release (~Q1 2020) and release to serve a deprecation notice wrt the older
> UI
>  *   define a release approach before winter LTS
>  *   stop taking feature FRs for old/existing UI after winter 2019 LTS
> release, work on upgrade path/documentation from old UI to Primate
>  *   the first Primate GA targetted wrt summer LTS 2020 (~H2 2019),
> but still ship old UI with a final deprecation notice
>  *   old UI codebase removed from codebase in winter 2020 LTS release
>
> The vote will be up for the next two weeks to give enough time for PMC and
> the community to gather consensus and still have room for questions,
> feedback and discussions. The results to be shared on/after 21th October
> 2019.
>
> For sanity in tallying the vote, can PMC members please be sure to
> indicate "(binding)" with their vote?
>
> [ ] +1  approve
> [ ] +0  no opinion
> [ ] -1  disapprove (and reason why)
>
> [1] Primate Proposal:
>
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Proposal%3A+CloudStack+Primate+UI
>
> [2] Email thread reference:
> https://markmail.org/message/z6fuvw4regig7aqb
>
> [3] Primate repo current location: https://github.com/shapeblue/primate
>
>
> Regards,
>
> Rohit Yadav
>
> Software Architect, ShapeBlue
>
> https://www.shapeblue.com
>
> rohit.ya...@shapeblue.com
> www.shapeblue.com
> Amadeus House, Floral Street, London  WC2E 9DPUK
> @shapeblue
>
>
>
>

-- 
*Osay Osman YUUNI*  | Techno-Geek


*Old Kent Drive | Midstream Estate *Office: +27 12 003 6900 | Ext: 8402 |
E-Mail: o yu...@gmail.com

Mobile: +27 78 090 5501 | Fax: +27866737198 Web: http://www.
yuuniqueenterprises.com

Re: [VOTE] Primate as modern UI for CloudStack

2019-11-02 Thread Osay Osman Yuuni 
On Mon, 7 Oct 2019 at 11:31, Rohit Yadav  wrote:

> All,
>
> The feedback and response has been positive on the proposal to use Primate
> as the modern UI for CloudStack [1] [2]. Thank you all.
>
> I'm starting this vote (to):
>
>   *   Accept Primate codebase [3] as a project under Apache CloudStack
> project
>   *   Create and host a new repository (cloudstack-primate) and follow
> Github based development workflow (issues, pull requests etc) as we do with
> CloudStack
>   *   Given this is a new project, to encourage cadence until its feature
> completeness the merge criteria is proposed as:
>  *   Manual testing against each PR and/or with screenshots from the
> author or testing contributor, integration with Travis is possible once we
> get JS/UI tests
>  *   At least 1 LGTM from any of the active contributors, we'll move
> this to 2 LGTMs when the codebase reaches feature parity wrt the
> existing/old CloudStack UI
>  *   Squash and merge PRs
>   *   Accept the proposed timeline [1][2] (subject to achievement of goals
> wrt Primate technical release and GA)
>  *   the first technical preview targetted with the winter 2019 LTS
> release (~Q1 2020) and release to serve a deprecation notice wrt the older
> UI
>  *   define a release approach before winter LTS
>  *   stop taking feature FRs for old/existing UI after winter 2019 LTS
> release, work on upgrade path/documentation from old UI to Primate
>  *   the first Primate GA targetted wrt summer LTS 2020 (~H2 2019),
> but still ship old UI with a final deprecation notice
>  *   old UI codebase removed from codebase in winter 2020 LTS release
>
> The vote will be up for the next two weeks to give enough time for PMC and
> the community to gather consensus and still have room for questions,
> feedback and discussions. The results to be shared on/after 21th October
> 2019.
>
> For sanity in tallying the vote, can PMC members please be sure to
> indicate "(binding)" with their vote?
>
> [X ] +1  approve
> [ ] +0  no opinion
> [ ] -1  disapprove (and reason why)
>
> [1] Primate Proposal:
>
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Proposal%3A+CloudStack+Primate+UI
>
> [2] Email thread reference:
> https://markmail.org/message/z6fuvw4regig7aqb
>
> [3] Primate repo current location: https://github.com/shapeblue/primate
>
>
> Regards,
>
> Rohit Yadav
>
> Software Architect, ShapeBlue
>
> https://www.shapeblue.com
>
> rohit.ya...@shapeblue.com
> www.shapeblue.com
> Amadeus House, Floral Street, London  WC2E 9DPUK
> @shapeblue
>
>
>
>

-- 
*Osay Osman YUUNI*  | Techno-Geek


*Old Kent Drive | Midstream Estate *Office: +27 12 003 6900 | Ext: 8402 |
E-Mail: o yu...@gmail.com

Mobile: +27 78 090 5501 | Fax: +27866737198 Web: http://www.
yuuniqueenterprises.com