You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cloudstack.apache.org by Andrei Mikhailovsky <an...@arhont.com.INVALID> on 2019/05/03 15:03:42 UTC

Automating creation of ACLs

Hello everyone, 

I have come across a need to create an ACLs that includes around 100 different IP addresses and network ranges for several services. Now, looking at the ACS gui, there is currently no way that I could find to create an ACL with multiple IP addresses / network ranges. Not sure why this hasn't been implemented. 

I am looking at a way to automate the creation of ACLs with CloudStack where ideally I could feed it a list of IP addresses and it would do its job at creating the ACLs. Otherwise it will take a day and sanity to do it manually. 

I am sure I am not the only one in the ACS community that requires a large set of ACLs. Could someone share their scripts / methods of achieving this? 

Thanks 

Andrei

Re: Automating creation of ACLs

Posted by Andrei Mikhailovsky <an...@arhont.com.INVALID>.

Hi Andrija,

I've setup the CloudMonkey on my local host and done some experimentation. It turns out that the API does support specifying multiple ips/networks per single ACL. The gui reflects this and shows a comma separated list. So, it looks like I can do everything I want from the CloudMonkey.

what I've not tested is that it actually works and creates the fw rule on the virtual router. I will test that later on and revert back.

Cheers

----- Original Message -----
> From: "Andrija Panic" <an...@gmail.com>
> To: "users" <us...@cloudstack.apache.org>
> Sent: Friday, 3 May, 2019 17:04:24
> Subject: Re: Automating creation of ACLs

> Hi Andrei,
> 
> I didn't claim that work actually - did you test it,  does it actually
> works (if I understand correctly - you want in single rule to specify
> multiple CIDR ranges instead of creating a rule for each CIDR range in
> question) ?
> 
> Best,
> 
> 
> On Fri, 3 May 2019 at 17:36, Andrei Mikhailovsky <an...@arhont.com.invalid>
> wrote:
> 
>> Hi Andrija,
>>
>> I wasn't aware the API supports creating ACLs with multiple networks / IP
>> addresses.
>>
>> Andrei
>>
>> ----- Original Message -----
>> > From: "Andrija Panic" <an...@gmail.com>
>> > To: "users" <us...@cloudstack.apache.org>
>> > Sent: Friday, 3 May, 2019 16:11:37
>> > Subject: Re: Automating creation of ACLs
>>
>> > Hi Andrei,
>> >
>> > perhaps I got something wrong, but why don't you use API to create needed
>> > ACL rules ?
>> >
>> > Andrija
>> >
>> > On Fri, 3 May 2019 at 17:04, Andrei Mikhailovsky
>> <an...@arhont.com.invalid>
>> > wrote:
>> >
>> >> Hello everyone,
>> >>
>> >> I have come across a need to create an ACLs that includes around 100
>> >> different IP addresses and network ranges for several services. Now,
>> >> looking at the ACS gui, there is currently no way that I could find to
>> >> create an ACL with multiple IP addresses / network ranges. Not sure why
>> >> this hasn't been implemented.
>> >>
>> >> I am looking at a way to automate the creation of ACLs with CloudStack
>> >> where ideally I could feed it a list of IP addresses and it would do its
>> >> job at creating the ACLs. Otherwise it will take a day and sanity to do
>> it
>> >> manually.
>> >>
>> >> I am sure I am not the only one in the ACS community that requires a
>> large
>> >> set of ACLs. Could someone share their scripts / methods of achieving
>> this?
>> >>
>> >> Thanks
>> >>
>> >> Andrei
>> >>
>> >
>> >
>> > --
>> >
>> > Andrija Panić
>>
> 
> 
> --
> 
> Andrija Panić

Re: Automating creation of ACLs

Posted by Andrei Mikhailovsky <an...@arhont.com.INVALID>.

Actually, I was wrong and made a mistake. The ACS gui does allow specifying multiple networks/IPS on the same ACL. I had a typo when I was testing it. All jolly good!

Cheers

----- Original Message -----
> From: "Andrija Panic" <an...@gmail.com>
> To: "users" <us...@cloudstack.apache.org>
> Sent: Friday, 3 May, 2019 17:04:24
> Subject: Re: Automating creation of ACLs

> Hi Andrei,
> 
> I didn't claim that work actually - did you test it,  does it actually
> works (if I understand correctly - you want in single rule to specify
> multiple CIDR ranges instead of creating a rule for each CIDR range in
> question) ?
> 
> Best,
> 
> 
> On Fri, 3 May 2019 at 17:36, Andrei Mikhailovsky <an...@arhont.com.invalid>
> wrote:
> 
>> Hi Andrija,
>>
>> I wasn't aware the API supports creating ACLs with multiple networks / IP
>> addresses.
>>
>> Andrei
>>
>> ----- Original Message -----
>> > From: "Andrija Panic" <an...@gmail.com>
>> > To: "users" <us...@cloudstack.apache.org>
>> > Sent: Friday, 3 May, 2019 16:11:37
>> > Subject: Re: Automating creation of ACLs
>>
>> > Hi Andrei,
>> >
>> > perhaps I got something wrong, but why don't you use API to create needed
>> > ACL rules ?
>> >
>> > Andrija
>> >
>> > On Fri, 3 May 2019 at 17:04, Andrei Mikhailovsky
>> <an...@arhont.com.invalid>
>> > wrote:
>> >
>> >> Hello everyone,
>> >>
>> >> I have come across a need to create an ACLs that includes around 100
>> >> different IP addresses and network ranges for several services. Now,
>> >> looking at the ACS gui, there is currently no way that I could find to
>> >> create an ACL with multiple IP addresses / network ranges. Not sure why
>> >> this hasn't been implemented.
>> >>
>> >> I am looking at a way to automate the creation of ACLs with CloudStack
>> >> where ideally I could feed it a list of IP addresses and it would do its
>> >> job at creating the ACLs. Otherwise it will take a day and sanity to do
>> it
>> >> manually.
>> >>
>> >> I am sure I am not the only one in the ACS community that requires a
>> large
>> >> set of ACLs. Could someone share their scripts / methods of achieving
>> this?
>> >>
>> >> Thanks
>> >>
>> >> Andrei
>> >>
>> >
>> >
>> > --
>> >
>> > Andrija Panić
>>
> 
> 
> --
> 
> Andrija Panić

Re: Automating creation of ACLs

Posted by Andrija Panic <an...@gmail.com>.

Hi Andrei,

I didn't claim that work actually - did you test it,  does it actually
works (if I understand correctly - you want in single rule to specify
multiple CIDR ranges instead of creating a rule for each CIDR range in
question) ?

Best,


On Fri, 3 May 2019 at 17:36, Andrei Mikhailovsky <an...@arhont.com.invalid>
wrote:

> Hi Andrija,
>
> I wasn't aware the API supports creating ACLs with multiple networks / IP
> addresses.
>
> Andrei
>
> ----- Original Message -----
> > From: "Andrija Panic" <an...@gmail.com>
> > To: "users" <us...@cloudstack.apache.org>
> > Sent: Friday, 3 May, 2019 16:11:37
> > Subject: Re: Automating creation of ACLs
>
> > Hi Andrei,
> >
> > perhaps I got something wrong, but why don't you use API to create needed
> > ACL rules ?
> >
> > Andrija
> >
> > On Fri, 3 May 2019 at 17:04, Andrei Mikhailovsky
> <an...@arhont.com.invalid>
> > wrote:
> >
> >> Hello everyone,
> >>
> >> I have come across a need to create an ACLs that includes around 100
> >> different IP addresses and network ranges for several services. Now,
> >> looking at the ACS gui, there is currently no way that I could find to
> >> create an ACL with multiple IP addresses / network ranges. Not sure why
> >> this hasn't been implemented.
> >>
> >> I am looking at a way to automate the creation of ACLs with CloudStack
> >> where ideally I could feed it a list of IP addresses and it would do its
> >> job at creating the ACLs. Otherwise it will take a day and sanity to do
> it
> >> manually.
> >>
> >> I am sure I am not the only one in the ACS community that requires a
> large
> >> set of ACLs. Could someone share their scripts / methods of achieving
> this?
> >>
> >> Thanks
> >>
> >> Andrei
> >>
> >
> >
> > --
> >
> > Andrija Panić
>


-- 

Andrija Panić

Re: Automating creation of ACLs

Posted by Andrei Mikhailovsky <an...@arhont.com.INVALID>.

Hi Andrija,

I wasn't aware the API supports creating ACLs with multiple networks / IP addresses. 

Andrei

----- Original Message -----
> From: "Andrija Panic" <an...@gmail.com>
> To: "users" <us...@cloudstack.apache.org>
> Sent: Friday, 3 May, 2019 16:11:37
> Subject: Re: Automating creation of ACLs

> Hi Andrei,
> 
> perhaps I got something wrong, but why don't you use API to create needed
> ACL rules ?
> 
> Andrija
> 
> On Fri, 3 May 2019 at 17:04, Andrei Mikhailovsky <an...@arhont.com.invalid>
> wrote:
> 
>> Hello everyone,
>>
>> I have come across a need to create an ACLs that includes around 100
>> different IP addresses and network ranges for several services. Now,
>> looking at the ACS gui, there is currently no way that I could find to
>> create an ACL with multiple IP addresses / network ranges. Not sure why
>> this hasn't been implemented.
>>
>> I am looking at a way to automate the creation of ACLs with CloudStack
>> where ideally I could feed it a list of IP addresses and it would do its
>> job at creating the ACLs. Otherwise it will take a day and sanity to do it
>> manually.
>>
>> I am sure I am not the only one in the ACS community that requires a large
>> set of ACLs. Could someone share their scripts / methods of achieving this?
>>
>> Thanks
>>
>> Andrei
>>
> 
> 
> --
> 
> Andrija Panić

Re: Automating creation of ACLs

Posted by Andrija Panic <an...@gmail.com>.

Hi Andrei,

perhaps I got something wrong, but why don't you use API to create needed
ACL rules ?

Andrija

On Fri, 3 May 2019 at 17:04, Andrei Mikhailovsky <an...@arhont.com.invalid>
wrote:

> Hello everyone,
>
> I have come across a need to create an ACLs that includes around 100
> different IP addresses and network ranges for several services. Now,
> looking at the ACS gui, there is currently no way that I could find to
> create an ACL with multiple IP addresses / network ranges. Not sure why
> this hasn't been implemented.
>
> I am looking at a way to automate the creation of ACLs with CloudStack
> where ideally I could feed it a list of IP addresses and it would do its
> job at creating the ACLs. Otherwise it will take a day and sanity to do it
> manually.
>
> I am sure I am not the only one in the ACS community that requires a large
> set of ACLs. Could someone share their scripts / methods of achieving this?
>
> Thanks
>
> Andrei
>


-- 

Andrija Panić