EC2 VPC firewall rules
Tom Barber
tom at analytical-labs.com
Thu Feb 18 12:00:58 UTC 2016
Okay, maybe I'm having a senior moment. Can you not expose 3306 in the
mysql charm to the outside world?
--------------
Director Meteorite.bi - Saiku Analytics Founder
Tel: +44(0)5603641316
(Thanks to the Saiku community we reached our Kickstart
<http://kickstarter.com/projects/2117053714/saiku-reporting-interactive-report-designer/>
goal, but you can always help by sponsoring the project
<http://www.meteorite.bi/products/saiku/sponsorship>)
On 18 February 2016 at 11:28, Tom Barber <tom at analytical-labs.com> wrote:
> Okay back to the EC2-VPC question.
>
> I have updated trunk and I have bootstrapped a new environment.
>
> juju service tells me that my mysql charm is running 2.0-beta1.1 and is
> exposed.
>
> On the bootstrap node I see:
>
> https://gist.github.com/buggtb/6b10fa695ea150ea3489
>
> The actual box itself tells me 22 and 17070 are open for business. Again
> though, if I add a firewall rule manually I can log straight in.
>
> Tom
>
> --------------
>
> Director Meteorite.bi - Saiku Analytics Founder
> Tel: +44(0)5603641316
>
> (Thanks to the Saiku community we reached our Kickstart
> <http://kickstarter.com/projects/2117053714/saiku-reporting-interactive-report-designer/>
> goal, but you can always help by sponsoring the project
> <http://www.meteorite.bi/products/saiku/sponsorship>)
>
> On 18 February 2016 at 10:42, Dimiter Naydenov <
> dimiter.naydenov at canonical.com> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 18.02.2016 12:01, Tom Barber wrote:
>> > Hello folks
>> >
>> > I'm not sure if my tinkering has broken something, the fact I'm
>> > running trunk has broken something or I just don't understand
>> > something.
>> >
>> > Until last week we've been running EC2 classic, but we have now
>> > switched to EC2-VPC and have launched a few machines.
>> >
>> > juju ssh to these machines works fine and I've been configuring
>> > them to suit our needs.
>> >
>> > Then I came to look at external access, `juju expose mysqldb` for
>> > example, I would then expect to be able to access it from the
>> > outside world, but can't unless go into my VPC settings and open
>> > the port in one of the juju security groups, at which point
>> > external access works fine.
>> >
>> > Am I missing something?
>> >
>> > Thanks
>> >
>> > Tom
>> >
>> >
>> Hey Tom,
>>
>> What you're describing sounds like a bug, as "juju expose <service>"
>> should trigger the firewaller worker to open the ports the service has
>> declared (with open-ports within the charm) using the security group
>> assigned to the host machine for all units of that service.
>>
>> Have you changed the "firewall-mode" setting by any chance?
>> Can you provide some logs from /var/log/juju/*.log on the bootstrap
>> instance (machine 0)?
>>
>> Cheers,
>> - --
>> Dimiter Naydenov <dimiter.naydenov at canonical.com>
>> Juju Core Sapphire team <http://juju.ubuntu.com>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1
>>
>> iQEcBAEBAgAGBQJWxaAXAAoJENzxV2TbLzHwGgEIAIuj0sPzh7S/4jvTQ6aA/dwP
>> i7WkSZ586JkNbEFeCBjDavO6oZFOwIAEW+EpGuy1C0O8BJr5Y2YJBMR96pdf3Rj/
>> Y6xS4Byt0HrwCWixt7ut6zu7BsT+nv6YFO7fNQvNYLyroufzpqUKaALJp5xwedkJ
>> JIx1iyLnAZ4ZC1/0VkoBM/UjbZN7xQIteNvChBCZSSk8RvbqXCKhbXZKuUKMAw5g
>> R+D3wIwLEyZHb5SATcSSdE6nidv4A0F2waac1/3lOvFebeOsnapnRKkIDp3Y9v19
>> /zDiDLWSJJvMDau8iIzSQ4STK/sLEmA78iRNkfDRWRifv0z1KkY6ppnhaS+jrj4=
>> =kPA7
>> -----END PGP SIGNATURE-----
>>
>> --
>> Juju mailing list
>> Juju at lists.ubuntu.com
>> Modify settings or unsubscribe at:
>> https://lists.ubuntu.com/mailman/listinfo/juju
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/juju/attachments/20160218/11f5ddc9/attachment.html>
More information about the Juju
mailing list