From a6b902763071c70f6e530ea4b3440f5fb030090b Mon Sep 17 00:00:00 2001 From: anthony Date: Tue, 15 Jan 2013 11:15:42 -0800 Subject: [PATCH] default Security rule doesn't apply to system VMs since nic.getIsolationUri is not set use to.setSecurityGroupEnabled to indicate if securitygroup is enabled on this NIC CLOUDSTACK-983: default Security rule doesn't apply to system VMs --- .../hypervisor/kvm/resource/LibvirtComputingResource.java | 5 ++--- .../cloud/hypervisor/xen/resource/CitrixResourceBase.java | 6 ++++-- server/src/com/cloud/hypervisor/HypervisorGuruBase.java | 1 + 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java index b52e2d8a0b0..6b5f6df3bff 100755 --- a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java +++ b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java @@ -2901,9 +2901,8 @@ public class LibvirtComputingResource extends ServerResourceBase implements NicTO[] nics = vmSpec.getNics(); for (NicTO nic : nics) { - if (nic.getIsolationUri() != null - && nic.getIsolationUri().getScheme() - .equalsIgnoreCase(IsolationType.Ec2.toString())) { + if (nic.isSecurityGroupEnabled() || ( nic.getIsolationUri() != null + && nic.getIsolationUri().getScheme().equalsIgnoreCase(IsolationType.Ec2.toString()))) { if (vmSpec.getType() != VirtualMachine.Type.User) { default_network_rules_for_systemvm(conn, vmName); break; diff --git a/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java b/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java index 36a12b1b4fa..66a5918b177 100644 --- a/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java +++ b/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java @@ -1324,7 +1324,8 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe NicTO[] nics = vmSpec.getNics(); boolean secGrpEnabled = false; for (NicTO nic : nics) { - if (nic.getIsolationUri() != null && nic.getIsolationUri().getScheme().equalsIgnoreCase(IsolationType.Ec2.toString())) { + if (nic.isSecurityGroupEnabled() || (nic.getIsolationUri() != null + && nic.getIsolationUri().getScheme().equalsIgnoreCase(IsolationType.Ec2.toString()))) { secGrpEnabled = true; break; } @@ -1342,7 +1343,8 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe //For user vm, program the rules for each nic if the isolation uri scheme is ec2 NicTO[] nics = vmSpec.getNics(); for (NicTO nic : nics) { - if (nic.getIsolationUri() != null && nic.getIsolationUri().getScheme().equalsIgnoreCase(IsolationType.Ec2.toString())) { + if ( nic.isSecurityGroupEnabled() || nic.getIsolationUri() != null + && nic.getIsolationUri().getScheme().equalsIgnoreCase(IsolationType.Ec2.toString())) { result = callHostPlugin(conn, "vmops", "default_network_rules", "vmName", vmName, "vmIP", nic.getIp(), "vmMAC", nic.getMac(), "vmID", Long.toString(vmSpec.getId())); if (result == null || result.isEmpty() || !Boolean.parseBoolean(result)) { diff --git a/server/src/com/cloud/hypervisor/HypervisorGuruBase.java b/server/src/com/cloud/hypervisor/HypervisorGuruBase.java index 242852fc681..2efe6d35098 100644 --- a/server/src/com/cloud/hypervisor/HypervisorGuruBase.java +++ b/server/src/com/cloud/hypervisor/HypervisorGuruBase.java @@ -62,6 +62,7 @@ public abstract class HypervisorGuruBase extends AdapterBase implements Hypervis to.setIsolationuri(profile.getIsolationUri()); to.setNetworkRateMbps(profile.getNetworkRate()); to.setName(profile.getName()); + to.setSecurityGroupEnabled(profile.isSecurityGroupEnabled()); // Workaround to make sure the TO has the UUID we need for Niciri integration NicVO nicVO = _nicDao.findById(profile.getId());