Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disassociate/change a security group from a Virtual Machine's NIC #5612

Closed
7 tasks
larshith opened this issue Nov 16, 2021 · 4 comments
Closed
7 tasks

Disassociate/change a security group from a Virtual Machine's NIC #5612

larshith opened this issue Nov 16, 2021 · 4 comments
Assignees
@paczerny
Labels
Category: Core & System Category: Drivers - Network Category: Sunstone Community Priority: High Status: Accepted Type: Feature
Milestone
Release 6.4

Comments

@larshith
Copy link

Description
How do we change a security group associated with a NIC of the Virtual Machine? We don't see any option to remove/add any security to a NIC of the Virtual Machine.

Use case
Currently, a small modification in VM with respective Security Group ends up with a complete rewrite of the Security Group rules.

Scenario:

Suppose a customer has spun up a Virtual Machine by accidentally attaching a security group named "default" which allows "all" Ingress communication, and without the knowledge, he has deployed his applications onto the VM. The customer then notices the Security group allowing "all" traffic. Customer decides to create a new security group to meet his needs and tries associating it to the VM NIC. But there is no option to do it. It also wouldn't be a viable option to change the firewall rules of the security group "default" as it would affect other VMs (let's say). We know that the NIC detach-attach and choosing the Security Group at that time does the work, but we think that it is not considered to be the best possible solution.

Interface Changes
Sunstone

Progress Status

  • Branch created
  • Code committed to development branch
  • Testing - QA
  • Documentation
  • Release notes - resolved issues, compatibility, known issues
  • Code committed to upstream release/hotfix branches
  • Documentation committed to upstream release/hotfix branches
@larshith larshith changed the title Modify Security Group rule for existing VM's Disassociate/change a security group from a Virtual Machine's NIC Nov 16, 2021
@rsmontero
Copy link
Member

Duplicated in: #2411. We'll keep this one

@rsmontero rsmontero added this to the Release 6.4 milestone Nov 30, 2021
@paczerny paczerny mentioned this issue Jan 7, 2022
Closed
paczerny pushed a commit to OpenNebula/docs that referenced this issue Jan 18, 2022
F OpenNebula/one#5612: New commands for SG attach/detach
c0bee5c
@paczerny
Copy link
Member

PRs:

rsmontero pushed a commit to OpenNebula/docs that referenced this issue Jan 25, 2022
F OpenNebula/one#5612: New commands for SG attach/detach (#2109)
345a82b
rsmontero added a commit that referenced this issue Jan 28, 2022
@rsmontero
F #5612: (De)/Attach security groups from VM NICs
265d05c 
Author: Pavel Czerný <pczerny@opennebula.systems>
rsmontero pushed a commit that referenced this issue Jan 28, 2022
F #5612: Fix memory corruption (#1726)
75e34b0
rsmontero pushed a commit that referenced this issue Feb 1, 2022
F #5612: De(attach) SG: java and go api (#1720)
6cb4ddb
FrederickBor pushed a commit to FrederickBor/docs that referenced this issue Feb 9, 2022
F OpenNebula/one#5612: Attach/detach secgroup in VM NICs
1bf8471 
Signed-off-by: Frederick Borges <fborges@opennebula.io>
@FrederickBor
Copy link
Contributor

@tinova PRs to be approved:

tinova pushed a commit to OpenNebula/docs that referenced this issue Feb 11, 2022
F OpenNebula/one#5612: Attach/detach secgroup in VM NICs (#2145)
8fb0405
@tinova
Copy link
Member

tinova commented Feb 11, 2022

@paczerny please check that the sunstone implementation is correct, and we can close this

@FrederickBor FrederickBor mentioned this issue Feb 16, 2022
Closed
17 tasks
rsmontero pushed a commit that referenced this issue Feb 25, 2022
F #5612: Attach/detach secgroup in VM NICs (#1764)
6ab6f3f
@treywelsh treywelsh mentioned this issue Oct 27, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@paczerny paczerny

Labels
Category: Core & System Category: Drivers - Network Category: Sunstone Community Priority: High Status: Accepted Type: Feature
Projects
None yet
Milestone
Release 6.4
Development

No branches or pull requests
6 participants
@tinova @rsmontero @FrederickBor @al3xhh @paczerny @larshith