Murano

Range of opened ports in SQL-security.template is too wide

Bug #1264088 reported by Timur Sufiev on 2013-12-25

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Murano	Fix Released	Medium	Dmitry Teselkin	Murano 0.4.1

Bug Description

To make MS SQL Cluster deploy, we've opened TCP&UDP ports in range of 1024-65535 in Cluster's cidr. This port range is too wide, and should be narrowed while SQL Cluster still being deployable.

Tags:

Timur Sufiev (tsufiev-x) on 2013-12-25

Changed in murano:
milestone:	none → 0.4.1
assignee:	nobody → Dmitry Teselkin (teselkin-d)
importance:	Undecided → Medium
status:	New → Confirmed

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-01-22: Fix proposed to murano-repository (master)

Fix proposed to branch: master
Review: https://review.openstack.org/68361

Changed in murano:
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-01-23: Fix proposed to murano-repository (release-0.4)

Fix proposed to branch: release-0.4
Review: https://review.openstack.org/68681

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-01-23: Fix merged to murano-repository (release-0.4)

Reviewed: https://review.openstack.org/68681
Committed: https://git.openstack.org/cgit/stackforge/murano-repository/commit/?id=f9df6ca54eeae3954ca2dc284308ca4037c632cb
Submitter: Jenkins
Branch: release-0.4

commit f9df6ca54eeae3954ca2dc284308ca4037c632cb
Author: Dmitry Teselkin <email address hidden>
Date: Thu Jan 23 20:20:49 2014 +0400

Security rules updated

    * incorrect port ranges for ADDS fixed according to
    http://technet.microsoft.com/en-us/library/dd772723%28v=WS.10%29.aspx
    * security template for Windows Server Failover Cluster added according to
    http://support.microsoft.com/kb/832017#method5
    * security rules for SQL Server updated according to
    http://technet.microsoft.com/en-us/library/cc646023.aspx

Change-Id: I970eaafec7cdb0cad01d9bb3fae46a14d733b352
Relates-Bug: 1264088

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-01-27: Fix proposed to murano-repository (release-0.4)

Fix proposed to branch: release-0.4
Review: https://review.openstack.org/69331

Revision history for this message

Dmitry Teselkin (teselkin-d) wrote on 2014-01-27:

Another useful list of required ports: http://dsfnet.blogspot.ru/2013/04/windows-server-clustering-sql-server.html

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-01-27: Fix merged to murano-repository (release-0.4)

Reviewed: https://review.openstack.org/69331
Committed: https://git.openstack.org/cgit/stackforge/murano-repository/commit/?id=0a13d75bcc18b1b917eb59ed8186d5bc3073f277
Submitter: Jenkins
Branch: release-0.4

commit 0a13d75bcc18b1b917eb59ed8186d5bc3073f277
Author: Dmitry Teselkin <email address hidden>
Date: Mon Jan 27 15:33:04 2014 +0400

WSFCSecurity added to workflow template

* Indents fixed.
* Additonal security config for SQL Cluster added

Relates-Bug: 1264088

Change-Id: I338da968c6ba6f730dd79c096b5ef735dbdcd6f1

Ekaterina Chernova (efedorova) on 2014-02-03

Changed in murano:
status:	In Progress → Fix Committed

Anastasia Kuznetsova (akuznetsova) on 2014-02-06

tags:

added: verified

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-02-11: Fix proposed to murano-repository (master)

Fix proposed to branch: master
Review: https://review.openstack.org/72607

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-02-12: Fix merged to murano-repository (master)

Reviewed: https://review.openstack.org/72607
Committed: https://git.openstack.org/cgit/stackforge/murano-repository/commit/?id=d353dacf8eace1525b0fe623b39d2a230558541d
Submitter: Jenkins
Branch: master

commit d353dacf8eace1525b0fe623b39d2a230558541d
Author: Ekaterina Fedorova <email address hidden>
Date: Tue Jan 14 16:40:00 2014 +0400

Cherry-pick the following commits from release-0.4

* Add forgotten return statements
Closes-bug: #1268934

* Fix error code when there is no input json

* Return correct http code

     During toggle enabled 500 was sent in case service is not defined
     Fix return code to 404
     Closes-Bug: #1268976

    * Remove need to specify IP for load balancer
     Implements:
        https://blueprints.launchpad.net/murano/+spec/auto-assign-virtual-ip
     Address blueprint auto-assign-virtual-ip
     Fix errors in infrastructure
     1) Update path to config file
     2) Update sample config - remove non-existing directory
     3) Add 0.4.1 version
     Fixes-Bug: 1270734

* Add new setup and SysV scripts

* Removed SysV EL6 standalone file, removed old setup scripts

* Add correct error message when no config specified
Closes-Bug: 1271092

    * Security rules updated
     * incorrect port ranges for ADDS fixed according to
     http://technet.microsoft.com/en-us/library/dd772723%28v=WS.10%29.aspx
     * security template for Windows Server Failover Cluster added according to
     http://support.microsoft.com/kb/832017#method5
     * security rules for SQL Server updated according to
     http://technet.microsoft.com/en-us/library/cc646023.aspx

Relates-Bug: 1264088

* Typo fixed

* Revert change
This reverts commit d87bc2309fcc4cc71aaa3d2512e9bcdc6f39b8c0.

* Path flattening is reverted, but opening ports for WinRM 2.0 is kept.
Related-Bug: #1271578

* Fix paths to scripts used by MS SQL Cluster templates.
Partial-Bug: #1271578

* Fix returning list of files in nested dirs - don't cut first symbol.

* And fix a minor PyCharm warning about var not being initialized.
Closes-Bug: #1274851

* Add checkbox to enable floating IP auto assignment

* Implements blueprint auto-assign-floating-ip

* Fixed typo in conductor workflow
Closes-Bug: 1264250

* Add service version during service creation
Closes-Bug: 1269360

    * Resolve issue with KeyPair assignment
     nvironment with a service with Key Pair assigned
     could not be deployed due to invalid match in workflows
     causing invalid Heat template to be produced by Conductor.
     Closes-bug: #1274011

* Correct inform message during floating ip creation

* Fix name for syslog_log_facility param

Change-Id: Id3ad4581cd9ce40a569ac580d0aee8db017855c4

Reviewed:  https://review.openstack.org/72607
Committed: https://git.openstack.org/cgit/stackforge/murano-repository/commit/?id=d353dacf8eace1525b0fe623b39d2a230558541d
Submitter: Jenkins
Branch:    master

commit d353dacf8eace1525b0fe623b39d2a230558541d
Author: Ekaterina Fedorova <efedorova@mirantis.com>
Date:   Tue Jan 14 16:40:00 2014 +0400

Cherry-pick the following commits from release-0.4
    
    * Add forgotten return statements
    	Closes-bug: #1268934
    
    * Fix error code when there is no input json
    
    * Return correct http code
    
    	During toggle enabled 500 was sent in case service is not defined
    	Fix return code to 404
    	Closes-Bug: #1268976
    
    * Remove need to specify IP for load balancer
    	Implements:
    	   https://blueprints.launchpad.net/murano/+spec/auto-assign-virtual-ip
    	Address blueprint auto-assign-virtual-ip
    	Fix errors in infrastructure
    	1) Update path to config file
    	2) Update sample config - remove non-existing directory
    	3) Add 0.4.1 version
    	Fixes-Bug: 1270734
    
    * Add new setup and SysV scripts
    
    * Removed SysV EL6 standalone file, removed old setup scripts
    
    * Add correct error message when no config specified
    	Closes-Bug: 1271092
    
    * Security rules updated
    	* incorrect port ranges for ADDS fixed according to
    	http://technet.microsoft.com/en-us/library/dd772723%28v=WS.10%29.aspx
    	* security template for Windows Server Failover Cluster added according to
    	http://support.microsoft.com/kb/832017#method5
    	* security rules for SQL Server updated according to
    	http://technet.microsoft.com/en-us/library/cc646023.aspx
    
    	Relates-Bug: 1264088
    
    * Typo fixed
    
    * Revert change
    	This reverts commit d87bc2309fcc4cc71aaa3d2512e9bcdc6f39b8c0.
    
    * Path flattening is reverted, but opening ports for WinRM 2.0 is kept.
    	Related-Bug: #1271578
    
    * Fix paths to scripts used by MS SQL Cluster templates.
    	Partial-Bug: #1271578
    
    * Fix returning list of files in nested dirs - don't cut first symbol.
    
    * And fix a minor PyCharm warning about var not being initialized.
    	Closes-Bug: #1274851
    
    * Add checkbox to enable floating IP auto assignment
    
    * Implements blueprint auto-assign-floating-ip
    
    * Fixed typo in conductor workflow
    	Closes-Bug: 1264250
    
    * Add service version during service creation
    	Closes-Bug: 1269360
    
    * Resolve issue with KeyPair assignment
    	nvironment with a service with Key Pair assigned
    	could not be deployed due to invalid match in workflows
    	causing invalid Heat template to be produced by Conductor.
    	Closes-bug: #1274011
    
    * Correct inform message during floating ip creation
    
    * Fix name for syslog_log_facility param
    
    Change-Id: Id3ad4581cd9ce40a569ac580d0aee8db017855c4

Anastasia Kuznetsova (akuznetsova) on 2014-02-12

Changed in murano:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.