From a78f676037042f1ac97d7eca808e0892972d66a7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gabriel=20Beims=20Br=C3=A4scher?= <gabriel@apache.org>
Date: Mon, 31 May 2021 07:22:26 -0300
Subject: [PATCH] engine: fix network with SG disabled still has security group
 script adding rules on KVM (#5049)

This PR fixes #5047 which can be reproduced on Zones with _(I) Advanced Networks, (II) Security Groups enabled for the Zone, (III)  network offering without Security Groups_; for instance, `DefaultSharedNetworkOffering` which does not list Security Group as supported service.

The issue is due to the following code inside the method `VirtualMachineManagerImpl.orchestrateReboot`:
[VirtualMachineManagerImpl.java#L3340](https://github.com/apache/cloudstack/blob/280c13a4bb103dd748ec304bfe0714a148c24602/engine/orchestration/src/main/java/com/cloud/vm/VirtualMachineManagerImpl.java#L3340).

```
  final Answer rebootAnswer = cmds.getAnswer(RebootAnswer.class);
  if (rebootAnswer != null && rebootAnswer.getResult()) {
      if (dc.isSecurityGroupEnabled() && vm.getType() == VirtualMachine.Type.User) {
          List<Long> affectedVms = new ArrayList<Long>();
          affectedVms.add(vm.getId());
          _securityGroupManager.scheduleRulesetUpdateToHosts(affectedVms, true, null);
      }
      return;
  }
```
---
 .../src/main/java/com/cloud/vm/VirtualMachineManagerImpl.java  | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/engine/orchestration/src/main/java/com/cloud/vm/VirtualMachineManagerImpl.java b/engine/orchestration/src/main/java/com/cloud/vm/VirtualMachineManagerImpl.java
index 830e8a1e792..fa589f12742 100755
--- a/engine/orchestration/src/main/java/com/cloud/vm/VirtualMachineManagerImpl.java
+++ b/engine/orchestration/src/main/java/com/cloud/vm/VirtualMachineManagerImpl.java
@@ -3182,7 +3182,8 @@ public class VirtualMachineManagerImpl extends ManagerBase implements VirtualMac
 
             final Answer rebootAnswer = cmds.getAnswer(RebootAnswer.class);
             if (rebootAnswer != null && rebootAnswer.getResult()) {
-                if (dc.isSecurityGroupEnabled() && vm.getType() == VirtualMachine.Type.User) {
+                boolean isVmSecurityGroupEnabled = _securityGroupManager.isVmSecurityGroupEnabled(vm.getId());
+                if (isVmSecurityGroupEnabled && vm.getType() == VirtualMachine.Type.User) {
                     List<Long> affectedVms = new ArrayList<Long>();
                     affectedVms.add(vm.getId());
                     _securityGroupManager.scheduleRulesetUpdateToHosts(affectedVms, true, null);