You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by GitBox <gi...@apache.org> on 2020/02/21 10:31:10 UTC
[GitHub] [cloudstack] ravening opened a new pull request #3907: Allow port
80/8080 accessible only from guest network
ravening opened a new pull request #3907: Allow port 80/8080 accessible only from guest network
URL: https://github.com/apache/cloudstack/pull/3907
# Description
<!--- Describe your changes in detail -->
The port 80/8080 in the vr of the guest network is accessible from
outisde the world. Restrict it so that only the vm's in the guest
network can access them
Before fix
$ nc -vz 10.11.118.172 8080
Connection to 10.11.118.172 port 8080 [tcp/http] succeeded!
After fix
$ nc -vz 10.11.118.172 8080
^C
<!-- For new features, provide link to FS, dev ML discussion etc. -->
<!-- In case of bug fix, the expected and actual behaviours, steps to reproduce. -->
<!-- When "Fixes: #<id>" is specified, the issue/PR will automatically be closed when this PR gets merged -->
<!-- For addressing multiple issues/PRs, use multiple "Fixes: #<id>" -->
<!-- Fixes: # -->
## Types of changes
<!--- What types of changes does your code introduce? Put an `x` in all the boxes that apply: -->
- [ ] Breaking change (fix or feature that would cause existing functionality to change)
- [ ] New feature (non-breaking change which adds functionality)
- [X] Bug fix (non-breaking change which fixes an issue)
- [ ] Enhancement (improves an existing feature and functionality)
- [ ] Cleanup (Code refactoring and cleanup, that may add test cases)
## Screenshots (if appropriate):
## How Has This Been Tested?
<!-- Please describe in detail how you tested your changes. -->
<!-- Include details of your testing environment, and the tests you ran to -->
<!-- see how your change affects other areas of the code, etc. -->
<!-- Please read the [CONTRIBUTING](https://github.com/apache/cloudstack/blob/master/CONTRIBUTING.md) document -->
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [cloudstack] weizhouapache commented on issue #3907: Allow port
80/8080 accessible only from guest network
Posted by GitBox <gi...@apache.org>.
weizhouapache commented on issue #3907: Allow port 80/8080 accessible only from guest network
URL: https://github.com/apache/cloudstack/pull/3907#issuecomment-590739442
@rhtyd this PR adds a rule only in method fw_vpcrouter and fw_router. ssvm should not be impacted.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [cloudstack] rhtyd commented on issue #3907: Allow port 80/8080
accessible only from guest network
Posted by GitBox <gi...@apache.org>.
rhtyd commented on issue #3907: Allow port 80/8080 accessible only from guest network
URL: https://github.com/apache/cloudstack/pull/3907#issuecomment-592416067
Thanks @weizhouapache - have you tested this in your env?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [cloudstack] DaanHoogland merged pull request #3907: Allow port
80/8080 accessible only from guest network
Posted by GitBox <gi...@apache.org>.
DaanHoogland merged pull request #3907: Allow port 80/8080 accessible only from guest network
URL: https://github.com/apache/cloudstack/pull/3907
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [cloudstack] blueorangutan commented on issue #3907: Allow port
80/8080 accessible only from guest network
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on issue #3907: Allow port 80/8080 accessible only from guest network
URL: https://github.com/apache/cloudstack/pull/3907#issuecomment-590738714
@rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [cloudstack] blueorangutan commented on issue #3907: Allow port
80/8080 accessible only from guest network
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on issue #3907: Allow port 80/8080 accessible only from guest network
URL: https://github.com/apache/cloudstack/pull/3907#issuecomment-590747732
Packaging result: ✖centos6 ✔centos7 ✔debian. JID-946
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [cloudstack] weizhouapache commented on issue #3907: Allow port
80/8080 accessible only from guest network
Posted by GitBox <gi...@apache.org>.
weizhouapache commented on issue #3907: Allow port 80/8080 accessible only from guest network
URL: https://github.com/apache/cloudstack/pull/3907#issuecomment-592428283
> Thanks @weizhouapache - have you tested this in your env?
@rhtyd yes, we have used this change in production for 3 years.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [cloudstack] blueorangutan commented on issue #3907: Allow port
80/8080 accessible only from guest network
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on issue #3907: Allow port 80/8080 accessible only from guest network
URL: https://github.com/apache/cloudstack/pull/3907#issuecomment-592335146
@rhtyd a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [cloudstack] rhtyd commented on issue #3907: Allow port 80/8080
accessible only from guest network
Posted by GitBox <gi...@apache.org>.
rhtyd commented on issue #3907: Allow port 80/8080 accessible only from guest network
URL: https://github.com/apache/cloudstack/pull/3907#issuecomment-592335105
@blueorangutan test
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [cloudstack] blueorangutan commented on issue #3907: Allow port
80/8080 accessible only from guest network
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on issue #3907: Allow port 80/8080 accessible only from guest network
URL: https://github.com/apache/cloudstack/pull/3907#issuecomment-592553323
<b>Trillian test result (tid-1143)</b>
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 29768 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr3907-t1143-kvm-centos7.zip
Intermittent failure detected: /marvin/tests/smoke/test_privategw_acl.py
Intermittent failure detected: /marvin/tests/smoke/test_routers_network_ops.py
Intermittent failure detected: /marvin/tests/smoke/test_vpc_vpn.py
Smoke tests completed. 76 look OK, 1 have error(s)
Only failed tests results shown below:
Test | Result | Time (s) | Test File
--- | --- | --- | ---
test_02_vpc_privategw_static_routes | `Failure` | 189.12 | test_privategw_acl.py
test_03_vpc_privategw_restart_vpc_cleanup | `Failure` | 174.94 | test_privategw_acl.py
test_04_rvpc_privategw_static_routes | `Failure` | 253.48 | test_privategw_acl.py
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [cloudstack] rhtyd commented on issue #3907: Allow port 80/8080
accessible only from guest network
Posted by GitBox <gi...@apache.org>.
rhtyd commented on issue #3907: Allow port 80/8080 accessible only from guest network
URL: https://github.com/apache/cloudstack/pull/3907#issuecomment-590738636
In case of SSVM we may want port 80 connectivity to be able to download templates/isos/volumes.
@ravening can you check if you change adds regression for SSVM?
@blueorangutan package
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services