EC2 compatibility describe security group returns erroneous value for group ip permissions
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Compute (nova) |
Invalid
|
Medium
|
Unassigned | ||
| pyjuju |
Fix Released
|
Critical
|
Kapil Thangavelu | ||
| txAWS |
Fix Released
|
Undecided
|
Kapil Thangavelu | ||
| txaws (Ubuntu) |
Fix Released
|
High
|
Clint Byrum | ||
Bug Description
When dealing with group to group authorization (including self group authorization), nova doesn't associate the correct port ranges to the group ip permission.
ie.
ec2.authorize_
results in very different output from euca-describe-
ec2-describe-group reports
GROUP sg-a7351dce 619193117841 ensemble-east Ensemble group for east
PERMISSION 619193117841 ensemble-east ALLOWS tcp 1 65535 FROM USER 619193117841 NAME ensemble-east ID sg-a7351dce ingress
PERMISSION 619193117841 ensemble-east ALLOWS udp 1 65535 FROM USER 619193117841 NAME ensemble-east ID sg-a7351dce ingress
PERMISSION 619193117841 ensemble-east ALLOWS icmp -1 -1 FROM USER 619193117841 NAME ensemble-east ID sg-a7351dce ingress
where as euca-describe-group
GROUP kapil_project ensemble-internal Ensemble group for internal
PERMISSION kapil_project ensemble-internal ALLOWS GRPNAME ensemble-internal
the output of euca-describe-group isn't parseable to some tools since its also missing port ranges. Its unclear if this source group declaration for an ingress rule has worked correctly.
Related branches
- Gustavo Niemeyer: Approve
- William Reade (community): Approve
-
Diff: 641 lines (+400/-90)8 files modifiedensemble/charm/publisher.py (+1/-1)
ensemble/charm/tests/test_publisher.py (+6/-5)
ensemble/providers/common/launch.py (+189/-69)
ensemble/providers/common/tests/test_launch.py (+194/-0)
ensemble/providers/common/utils.py (+1/-1)
ensemble/providers/ec2/files.py (+5/-5)
ensemble/providers/ec2/tests/test_files.py (+3/-9)
ensemble/providers/ec2/utils.py (+1/-0)
- Thomas Herve: Approve
-
Diff: 143 lines (+85/-3)5 files modifiedtxaws/ec2/client.py (+13/-2)
txaws/ec2/tests/test_client.py (+32/-0)
txaws/s3/client.py (+2/-0)
txaws/s3/tests/test_client.py (+1/-1)
txaws/testing/payload.py (+37/-0)
| Changed in ensemble: | |
| milestone: | none → eureka |
| importance: | Undecided → High |
| importance: | High → Critical |
| Changed in ensemble: | |
| status: | New → Triaged |
| Changed in ensemble: | |
| assignee: | nobody → Kapil Thangavelu (hazmat) |
| Changed in ensemble: | |
| status: | Triaged → In Progress |
| Thierry Carrez (ttx) wrote | #1 |
| Changed in nova: | |
| status: | New → Incomplete |
| Vish Ishaya (vishvananda) wrote | #2 |
| Changed in nova: | |
| importance: | Undecided → Medium |
| status: | Incomplete → Confirmed |
| Changed in txaws: | |
| status: | New → In Progress |
| assignee: | nobody → Kapil Thangavelu (hazmat) |
| Changed in txaws (Ubuntu): | |
| milestone: | none → ubuntu-11.10-beta-1 |
| Changed in txaws (Ubuntu): | |
| milestone: | ubuntu-11.10-beta-1 → ubuntu-11.10-beta-2 |
| tags: | added: security-group |
| tags: | removed: security-group |
| Changed in txaws (Ubuntu): | |
| status: | New → Triaged |
| importance: | Undecided → High |
| status: | Triaged → In Progress |
| assignee: | nobody → Clint Byrum (clint-fewbar) |
| Launchpad Janitor (janitor) wrote | #3 |
| Changed in txaws (Ubuntu): | |
| status: | In Progress → Fix Released |
| Changed in juju: | |
| status: | In Progress → Fix Released |
| Changed in txaws: | |
| status: | In Progress → Fix Committed |
| Changed in txaws: | |
| status: | Fix Committed → Fix Released |
| tags: | added: ec2 |
| Joe Gordon (jogo) wrote | #4 |
| Changed in nova: | |
| status: | Confirmed → Incomplete |
| status: | Incomplete → Invalid |
May be a euca2ools issue -- Which version of euca2ools are you running ?