EC2 VPC firewall rules

Tom Barber tom at analytical-labs.com
Thu Feb 18 12:05:06 UTC 2016


https://bugs.launchpad.net/charms/+source/mysql/+bug/1248812 Clearly not!
Dunno what I was doing last time, local deployment or something. Fork
o'clock.

--------------

Director Meteorite.bi - Saiku Analytics Founder
Tel: +44(0)5603641316

(Thanks to the Saiku community we reached our Kickstart
<http://kickstarter.com/projects/2117053714/saiku-reporting-interactive-report-designer/>
goal, but you can always help by sponsoring the project
<http://www.meteorite.bi/products/saiku/sponsorship>)

On 18 February 2016 at 12:00, Tom Barber <tom at analytical-labs.com> wrote:

> Okay, maybe I'm having a senior moment. Can you not expose 3306 in the
> mysql charm to the outside world?
>
> --------------
>
> Director Meteorite.bi - Saiku Analytics Founder
> Tel: +44(0)5603641316
>
> (Thanks to the Saiku community we reached our Kickstart
> <http://kickstarter.com/projects/2117053714/saiku-reporting-interactive-report-designer/>
> goal, but you can always help by sponsoring the project
> <http://www.meteorite.bi/products/saiku/sponsorship>)
>
> On 18 February 2016 at 11:28, Tom Barber <tom at analytical-labs.com> wrote:
>
>> Okay back to the EC2-VPC question.
>>
>> I have updated trunk and I have bootstrapped a new environment.
>>
>> juju service tells me that my mysql charm is running 2.0-beta1.1 and is
>> exposed.
>>
>> On the bootstrap node I see:
>>
>> https://gist.github.com/buggtb/6b10fa695ea150ea3489
>>
>> The actual box itself tells me 22 and 17070 are open for business. Again
>> though, if I add a firewall rule manually I can log straight in.
>>
>> Tom
>>
>> --------------
>>
>> Director Meteorite.bi - Saiku Analytics Founder
>> Tel: +44(0)5603641316
>>
>> (Thanks to the Saiku community we reached our Kickstart
>> <http://kickstarter.com/projects/2117053714/saiku-reporting-interactive-report-designer/>
>> goal, but you can always help by sponsoring the project
>> <http://www.meteorite.bi/products/saiku/sponsorship>)
>>
>> On 18 February 2016 at 10:42, Dimiter Naydenov <
>> dimiter.naydenov at canonical.com> wrote:
>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> On 18.02.2016 12:01, Tom Barber wrote:
>>> > Hello folks
>>> >
>>> > I'm not sure if my tinkering has broken something, the fact I'm
>>> > running trunk has broken something or I just don't understand
>>> > something.
>>> >
>>> > Until last week we've been running EC2 classic, but we have now
>>> > switched to EC2-VPC and have launched a few machines.
>>> >
>>> > juju ssh to these machines works fine and I've been configuring
>>> > them to suit our needs.
>>> >
>>> > Then I came to look at external access, `juju expose mysqldb` for
>>> > example, I would then expect to be able to access it from the
>>> > outside world, but can't unless go into my VPC settings and open
>>> > the port in one of the juju security groups, at which point
>>> > external access works fine.
>>> >
>>> > Am I missing something?
>>> >
>>> > Thanks
>>> >
>>> > Tom
>>> >
>>> >
>>> Hey Tom,
>>>
>>> What you're describing sounds like a bug, as "juju expose <service>"
>>> should trigger the firewaller worker to open the ports the service has
>>> declared (with open-ports within the charm) using the security group
>>> assigned to the host machine for all units of that service.
>>>
>>> Have you changed the "firewall-mode" setting by any chance?
>>> Can you provide some logs from /var/log/juju/*.log on the bootstrap
>>> instance (machine 0)?
>>>
>>> Cheers,
>>> - --
>>> Dimiter Naydenov <dimiter.naydenov at canonical.com>
>>> Juju Core Sapphire team <http://juju.ubuntu.com>
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v1
>>>
>>> iQEcBAEBAgAGBQJWxaAXAAoJENzxV2TbLzHwGgEIAIuj0sPzh7S/4jvTQ6aA/dwP
>>> i7WkSZ586JkNbEFeCBjDavO6oZFOwIAEW+EpGuy1C0O8BJr5Y2YJBMR96pdf3Rj/
>>> Y6xS4Byt0HrwCWixt7ut6zu7BsT+nv6YFO7fNQvNYLyroufzpqUKaALJp5xwedkJ
>>> JIx1iyLnAZ4ZC1/0VkoBM/UjbZN7xQIteNvChBCZSSk8RvbqXCKhbXZKuUKMAw5g
>>> R+D3wIwLEyZHb5SATcSSdE6nidv4A0F2waac1/3lOvFebeOsnapnRKkIDp3Y9v19
>>> /zDiDLWSJJvMDau8iIzSQ4STK/sLEmA78iRNkfDRWRifv0z1KkY6ppnhaS+jrj4=
>>> =kPA7
>>> -----END PGP SIGNATURE-----
>>>
>>> --
>>> Juju mailing list
>>> Juju at lists.ubuntu.com
>>> Modify settings or unsubscribe at:
>>> https://lists.ubuntu.com/mailman/listinfo/juju
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/juju/attachments/20160218/bcd84c88/attachment.html>


More information about the Juju mailing list