Bug 36906

Summary: Info about security group and SSH / HTTPS connection
Product: UCS Reporter: Stefan Gohmann <gohmann>
Component: UMC - Virtual machines (UVMM)Assignee: Erik Damrose <damrose>
Status: CLOSED FIXED QA Contact: Philipp Hahn <hahn>
Severity: normal    
Priority: P5 CC: damrose, walkenhorst
Version: UCS 4.0   
Target Milestone: UCS 4.0-0-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:

Description Stefan Gohmann univentionstaff 2014-11-20 10:42:10 CET 
A new EC2 account has by default only one default security group. In it HTTPS and SSH are not open. If one uses this security group the UCS setup will fail.

The user experience should be improved.
Comment 1 Andreas Peichert univentionstaff 2014-11-27 17:05:47 CET 
r56250 Bug #36906: add tooltip in instance wizard
r56251 Bug #36906: Add tooltip in instance wizard YAML

Package: univention-virtual-machine-manager-daemon
Version: 4.0.20-5.565.201411271655
Branch: ucs_4.0-0
Scope: errata4.0-0
Comment 2 Erik Damrose univentionstaff 2015-01-22 13:20:50 CET 
The tooltips / popups look very good.

Some suggestions on how we could clarify the texts:

A key pair consists of a public and private key to log in using SSH.
> OK
The configuration of all keys takes place directly via the administration page
of the cloud.
>The key creation or upload has to be done at the provider's administration interface.


A security group acts as a virtual firewall that controls the traffic of the
instance. To access a website in a secure way (for example via the edit page
of the instance), a group rule should be used which allow incoming HTTPS
traffic. The configuration of all security groups takes place directly via
the administration page of the cloud.

>A security group acts as a virtual firewall that controls the traffic of the
>instance. To enable access, correct rules have to be configured (for example, a >UCS instance needs at least TCP ports 22 (ssh) and 443 (https))

The configuration of all security groups takes place directly via the administration page of the cloud.
> The security group configuration has to be done at the provider's administration interface.
Comment 3 Andreas Peichert univentionstaff 2015-01-22 16:02:41 CET 
r57493 Bug #36906: Update tooltips in instance wizard
r57498 YAML update

Package: univention-virtual-machine-manager-daemon
Version: 4.0.21-2.573.201501221546
Branch: ucs_4.0-0
Scope: errata4.0-0
Comment 4 Erik Damrose univentionstaff 2015-01-23 10:50:25 CET 
> The configuration of all security groups takes place directly via the 
> administration page of the cloud. The security group configuration has to 
> be done at the provider's administration interface.

Reopen: I think i expressed myself poorly, but the last two sentences are almost duplicate. Only the last sentence should be kept.
Comment 5 Erik Damrose univentionstaff 2015-01-23 12:20:07 CET 
Fixed in
r57512 univention-virtual-machine-manager-daemon 4.0.21-3
r57514 2014-11-26-univention-virtual-machine-manager-daemon.yaml
Comment 6 Philipp Hahn univentionstaff 2015-01-23 14:43:17 CET 
OK: r57512
OK: aptitude install '?source-package(univention-virtual-machine-manager-daemon)?installed'
OK: en
OK: de
OK: r57514
OK: 2014-11-26-univention-virtual-machine-manager-daemon.yaml
OK: errata-announce -V 2014-11-26-univention-virtual-machine-manager-daemon.yaml
Comment 7 Janek Walkenhorst univentionstaff 2015-01-29 11:49:03 CET 
<http://errata.univention.de/ucs/4.0/52.html>