Re: SecurityGroups, Advanced Zone And DefaultSharedNetworkOfferingWithSGService
I just redid the setup with Advanced Zone + Security Groups enabled. I am trying to understand if you could define, apply, use security groups after you just update value in data_center.is_security_group_enabled ? Or you just basically rebuild zone with SG enabled? - Radoslaw Smigielski
Re: SecurityGroups, Advanced Zone And DefaultSharedNetworkOfferingWithSGService
On 05-Dec-2013, at 2:12 pm, Radek Smigielski radek.smigiel...@ymail.com wrote: I just redid the setup with Advanced Zone + Security Groups enabled. I am trying to understand if you could define, apply, use security groups after you just update value in data_center.is_security_group_enabled ? Or you just basically rebuild zone with SG enabled? Hi Radek, I created a shared network with DefaultSharedNetworkOfferingWithSGService in an existing Advanced Zone which had security groups disabled. VMs would get created in the default security group if I choose the DefaultSharedNetworkOfferingWithSGService offering. However, I wasn’t able to any other security groups to the VMs created in the DefaultSharedNetworkOfferingWithSGService network. Once I set data_center.is_security_group_enabled=1, I was able to assign security groups to VMs in the DefaultSharedNetworkOfferingWithSGService network via API. I hope it makes sense. -- @shankerbalan M: +91 98860 60539 | O: +91 (80) 67935867 shanker.ba...@shapeblue.com | www.shapeblue.com | Twitter:@shapeblue ShapeBlue Services India LLP, 22nd floor, Unit 2201A, World Trade Centre, Bangalore - 560 055 This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
Re: SecurityGroups, Advanced Zone And DefaultSharedNetworkOfferingWithSGService
On 04-Dec-2013, at 1:24 pm, Shanker Balan shanker.ba...@shapeblue.com wrote: Helo, My Advanced Zone itself has security groups disabled. I have enabled the SecurityGroupsProvider and created a SharedNetwork with DefaultSharedNetworkOfferingWithSGService offering. With this, I am now able to create a new VM in the shared network by specifying the network ids as the SharedNetwork’s id. The shared VMs end up in the “default” SG and the rules seems to be working correctly. I added ICMP and SSH Ingress rules and I was able to reach the VM. I am also able to create new security groups with rules. I am however, unable to deploy VMs to security groups other than to the “default” SG. deploy virtualmachine displayname=dmz10 diskofferingid=9c8c46f0-9b7a-4d7a-8a9b-0ae085e90316 name=dmz10 serviceofferingid=6554c4c6-d1c6-40c7-9b6b-3ec904422c79 templateid=69686130-5b3e-11e3-a4b9-000c2931adcf securitygroupnames=AdminVM networkids=3240155c-e7a2-4ede-aa73-63e21b0c558e zoneid=66870482-b34e-4218-92cd-954cf639f493 hypervisor=KVM : Can't create vm with security groups; security group feature is not enabled per zone If I leave securitygroupnames (or securitygroupids) out of the deployVirtualMachine command, the VM does get created in the shared network and end up in the default SG. Should I not be able to choose a SG while deploying VMs to a DefaultSharedNetworkOfferingWithSGService network? DB workaround. Am sure it has repercussions elsewhere but makes deployVirtualmachine happy with securitygroupnames. mysql UPDATE data_center SET is_security_group_enabled=1 WHERE id=1; Regards. -- @shankerbalan M: +91 98860 60539 | O: +91 (80) 67935867 shanker.ba...@shapeblue.com | www.shapeblue.com | Twitter:@shapeblue ShapeBlue Services India LLP, 22nd floor, Unit 2201A, World Trade Centre, Bangalore - 560 055 This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
Re: SecurityGroups, Advanced Zone And DefaultSharedNetworkOfferingWithSGService
On 04.12.2013 07:54, Shanker Balan wrote: Helo, My Advanced Zone itself has security groups disabled. I have enabled the SecurityGroupsProvider and created a SharedNetwork with DefaultSharedNetworkOfferingWithSGService offering. With this, I am now able to create a new VM in the shared network by specifying the network ids as the SharedNetwork’s id. The shared VMs end up in the “default” SG and the rules seems to be working correctly. I added ICMP and SSH Ingress rules and I was able to reach the VM. I am also able to create new security groups with rules. I am however, unable to deploy VMs to security groups other than to the “default” SG. Shankar, I'm testing an Adv zone with SG and I can define and use new groups. This is on 4.2.0, which version are you testing? HTH Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro
Re: SecurityGroups, Advanced Zone And DefaultSharedNetworkOfferingWithSGService
On Wednesday, 4 December 2013, 13:26:07, Nux! n...@li.nux.ro wrote: On 04.12.2013 07:54, Shanker Balan wrote: Helo, My Advanced Zone itself has security groups disabled. I have enabled the SecurityGroupsProvider and created a SharedNetwork with DefaultSharedNetworkOfferingWithSGService offering. If I am not mistaken, you can not enable security groups for an existing zone. SG needs to be enabled while you creating zone. Also in adv zone, SG works only on KVM. - Radek Śmigielski
Re: SecurityGroups, Advanced Zone And DefaultSharedNetworkOfferingWithSGService
On 04-Dec-2013, at 6:54 pm, Nux! n...@li.nux.ro wrote: On 04.12.2013 07:54, Shanker Balan wrote: Helo, My Advanced Zone itself has security groups disabled. I have enabled the SecurityGroupsProvider and created a SharedNetwork with DefaultSharedNetworkOfferingWithSGService offering. With this, I am now able to create a new VM in the shared network by specifying the network ids as the SharedNetwork’s id. The shared VMs end up in the “default” SG and the rules seems to be working correctly. I added ICMP and SSH Ingress rules and I was able to reach the VM. I am also able to create new security groups with rules. I am however, unable to deploy VMs to security groups other than to the “default” SG. Shankar, I'm testing an Adv zone with SG and I can define and use new groups. This is on 4.2.0, which version are you testing? Am using 4.2.0. Let me rebuild and try. Thanks. -- @shankerbalan M: +91 98860 60539 | O: +91 (80) 67935867 shanker.ba...@shapeblue.com | www.shapeblue.com | Twitter:@shapeblue ShapeBlue Services India LLP, 22nd floor, Unit 2201A, World Trade Centre, Bangalore - 560 055 This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
Re: SecurityGroups, Advanced Zone And DefaultSharedNetworkOfferingWithSGService
On 04-Dec-2013, at 8:24 pm, Geoff Higginbottom geoff.higginbot...@shapeblue.com wrote: Radek is correct, you cannot use the DefaultSharedNetworkOfferingWithSGService in a 'standard' advanced Zone, only one which had Security Groups enabled when it was created FWIW, it works over here with the DB hack. :) -- @shankerbalan M: +91 98860 60539 | O: +91 (80) 67935867 shanker.ba...@shapeblue.com | www.shapeblue.com | Twitter:@shapeblue ShapeBlue Services India LLP, 22nd floor, Unit 2201A, World Trade Centre, Bangalore - 560 055 This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
RE: SecurityGroups, Advanced Zone And DefaultSharedNetworkOfferingWithSGService
Radek is correct, you cannot use the DefaultSharedNetworkOfferingWithSGService in a 'standard' advanced Zone, only one which had Security Groups enabled when it was created Regards Geoff Higginbottom D: +44 20 3603 0542 | S: +44 20 3603 0540 | M: +447968161581 geoff.higginbot...@shapeblue.com -Original Message- From: Radek Smigielski [mailto:radek.smigiel...@ymail.com] Sent: 04 December 2013 13:51 To: users@cloudstack.apache.org Subject: Re: SecurityGroups, Advanced Zone And DefaultSharedNetworkOfferingWithSGService On Wednesday, 4 December 2013, 13:26:07, Nux! n...@li.nux.ro wrote: On 04.12.2013 07:54, Shanker Balan wrote: Helo, My Advanced Zone itself has security groups disabled. I have enabled the SecurityGroupsProvider and created a SharedNetwork with DefaultSharedNetworkOfferingWithSGService offering. If I am not mistaken, you can not enable security groups for an existing zone. SG needs to be enabled while you creating zone. Also in adv zone, SG works only on KVM. - Radek Śmigielski This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
Re: SecurityGroups, Advanced Zone And DefaultSharedNetworkOfferingWithSGService
FWIW, it works over here with the DB hack. :) Interesting, have you destroyed and re-created VR after you made a db hack? - Radoslaw Smigielski
Re: SecurityGroups, Advanced Zone And DefaultSharedNetworkOfferingWithSGService
On 05-Dec-2013, at 3:06 am, Radek Smigielski radek.smigiel...@ymail.com wrote: FWIW, it works over here with the DB hack. :) Interesting, have you destroyed and re-created VR after you made a db hack? Not yet. I just redid the setup with Advanced Zone + Security Groups enabled. I don’t really like the “reduced” functionality so gonna keep it simple with a Basic Zone and an Advanced Zone. -- @shankerbalan M: +91 98860 60539 | O: +91 (80) 67935867 shanker.ba...@shapeblue.com | www.shapeblue.com | Twitter:@shapeblue ShapeBlue Services India LLP, 22nd floor, Unit 2201A, World Trade Centre, Bangalore - 560 055 This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
SecurityGroups, Advanced Zone And DefaultSharedNetworkOfferingWithSGService
Helo, My Advanced Zone itself has security groups disabled. I have enabled the SecurityGroupsProvider and created a SharedNetwork with DefaultSharedNetworkOfferingWithSGService offering. With this, I am now able to create a new VM in the shared network by specifying the network ids as the SharedNetwork’s id. The shared VMs end up in the “default” SG and the rules seems to be working correctly. I added ICMP and SSH Ingress rules and I was able to reach the VM. I am also able to create new security groups with rules. I am however, unable to deploy VMs to security groups other than to the “default” SG. deploy virtualmachine displayname=dmz10 diskofferingid=9c8c46f0-9b7a-4d7a-8a9b-0ae085e90316 name=dmz10 serviceofferingid=6554c4c6-d1c6-40c7-9b6b-3ec904422c79 templateid=69686130-5b3e-11e3-a4b9-000c2931adcf securitygroupnames=AdminVM networkids=3240155c-e7a2-4ede-aa73-63e21b0c558e zoneid=66870482-b34e-4218-92cd-954cf639f493 hypervisor=KVM : Can't create vm with security groups; security group feature is not enabled per zone If I leave securitygroupnames (or securitygroupids) out of the deployVirtualMachine command, the VM does get created in the shared network and end up in the default SG. Should I not be able to choose a SG while deploying VMs to a DefaultSharedNetworkOfferingWithSGService network? -- @shankerbalan M: +91 98860 60539 | O: +91 (80) 67935867 shanker.ba...@shapeblue.com | www.shapeblue.com | Twitter:@shapeblue ShapeBlue Services India LLP, 22nd floor, Unit 2201A, World Trade Centre, Bangalore - 560 055 This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.