On Thu, Feb 12, 2015 at 5:39 AM, Caio Begotti <[email protected]> wrote: > Hi folks, > > I wonder if any of you have had this problem before but Juju and Openstack > are resetting my secgroup rules every night. I hope this is comprehensible > without much details as it involves private deployment info... I know this > is not strictly speaking 100% Juju but anyway...
I've just checked my ec2 test deployments, and I'm seeing the same behaviour on the secgroups there. Definitely worth a bug Caio (I'll do it if you don't get around to it, I don't see one at https://bugs.launchpad.net/juju-core/?field.searchtext=secgroup ). -Michael > > Juju creates the secgroup for Nova, right? I am manually setting a nova > secgroup-add-rule for port 22 like the following: > > nova secgroup-add-rule groupname tcp 22 22 ipaddress/32 > > However, my other rules (ICMP etc) are kept between days, but SSH rules for > port 22 are being reset and disappearing overnight. Is it a known issue or > expected behavior with Juju and Openstack? > > I was told Juju or Openstack (no idea who is at faul here, really) might > reset the secgroups from time to time (when exactly?) if the specified port > in the rule is not open in the Juju units. > > Ok, so I have created this charm > https://jujucharms.com/u/caio1982/open-port/ and I confirm that now port 22 > is open in all the related units whose IPs are in the secgroup rules. Still, > all SSH rules for port 22 are being reset every single night. > > Does it make sense? > > Right now I have an extra secgroup rule for 0.0.0.0/0 too, just to see what > happens tonight. > > I would really love to understand why Juju and Openstack are not playing > nice together with my secgroup rules :-( > > — Caio Begotti [ˈka.jo | be.ˈgɔ.t͡ʃi] > > -- > Juju mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/juju > -- Juju mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju
