Thanks, Michael. I see you filed the bug last night (I went away after posting my message) but I just added some findings and my scenario to the report. In case others want to check it out: https://bugs.launchpad.net/juju-core/+bug/1420996
— Caio Begotti [ˈka.jo | be.ˈgɔ.t͡ʃi] On Wed, Feb 11, 2015 at 6:39 PM, Michael Nelson < michael.nel...@canonical.com> wrote: > On Thu, Feb 12, 2015 at 5:39 AM, Caio Begotti <caio1...@gmail.com> wrote: > > Hi folks, > > > > I wonder if any of you have had this problem before but Juju and > Openstack > > are resetting my secgroup rules every night. I hope this is > comprehensible > > without much details as it involves private deployment info... I know > this > > is not strictly speaking 100% Juju but anyway... > > I've just checked my ec2 test deployments, and I'm seeing the same > behaviour on the secgroups there. Definitely worth a bug Caio (I'll do > it if you don't get around to it, I don't see one at > https://bugs.launchpad.net/juju-core/?field.searchtext=secgroup ). > > -Michael > > > > > Juju creates the secgroup for Nova, right? I am manually setting a nova > > secgroup-add-rule for port 22 like the following: > > > > nova secgroup-add-rule groupname tcp 22 22 ipaddress/32 > > > > However, my other rules (ICMP etc) are kept between days, but SSH rules > for > > port 22 are being reset and disappearing overnight. Is it a known issue > or > > expected behavior with Juju and Openstack? > > > > I was told Juju or Openstack (no idea who is at faul here, really) might > > reset the secgroups from time to time (when exactly?) if the specified > port > > in the rule is not open in the Juju units. > > > > Ok, so I have created this charm > > https://jujucharms.com/u/caio1982/open-port/ and I confirm that now > port 22 > > is open in all the related units whose IPs are in the secgroup rules. > Still, > > all SSH rules for port 22 are being reset every single night. > > > > Does it make sense? > > > > Right now I have an extra secgroup rule for 0.0.0.0/0 too, just to see > what > > happens tonight. > > > > I would really love to understand why Juju and Openstack are not playing > > nice together with my secgroup rules :-( > > > > — Caio Begotti [ˈka.jo | be.ˈgɔ.t͡ʃi] > > > > -- > > Juju mailing list > > Juju@lists.ubuntu.com > > Modify settings or unsubscribe at: > > https://lists.ubuntu.com/mailman/listinfo/juju > > >
-- Juju mailing list Juju@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju
