juju and openstack reseting secgroups automatically overnight

Caio Begotti caio1982 at gmail.com
Wed Feb 11 18:39:34 UTC 2015

Hi folks,

I wonder if any of you have had this problem before but Juju and Openstack
are resetting my secgroup rules every night. I hope this is comprehensible
without much details as it involves private deployment info... I know this
is not strictly speaking 100% Juju but anyway...

Juju creates the secgroup for Nova, right? I am manually setting a nova
secgroup-add-rule for port 22 like the following:

nova secgroup-add-rule groupname tcp 22 22 ipaddress/32

However, my other rules (ICMP etc) are kept between days, but SSH rules for
port 22 are being reset and disappearing overnight. Is it a known issue or
expected behavior with Juju and Openstack?

I was told Juju or Openstack (no idea who is at faul here, really) might
reset the secgroups from time to time (when exactly?) if the specified port
in the rule is not open in the Juju units.

Ok, so I have created this charm
https://jujucharms.com/u/caio1982/open-port/ and I confirm that now port 22
is open in all the related units whose IPs are in the secgroup rules.
Still, all SSH rules for port 22 are being reset every single night.

Does it make sense?

Right now I have an extra secgroup rule for too, just to see what
happens tonight.

I would really love to understand why Juju and Openstack are not playing
nice together with my secgroup rules :-(

— Caio Begotti [ˈka.jo | be.ˈgɔ.t͡ʃi]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/juju/attachments/20150211/f2b33eed/attachment.html>

More information about the Juju mailing list