pyjuju

netsec needs machine firewall for some providers

Bug #833064 reported by William Reade on 2011-08-24

This bug affects 4 people

Affects		Status	Importance	Assigned to	Milestone
	juju-core	Won't Fix	Low	Unassigned
	pyjuju	Triaged	Low	Unassigned	pyjuju 0.8 "zephr"

Bug Description

open_port, close_port, and get_opened_ports just log a warning and pretend to succeed; this is not good enough for production

Tags:

Revision history for this message

Kapil Thangavelu (hazmat) wrote on 2011-10-06: Re: non ec2 providers have no firewalls

This should probably delegate to the machine agent so we can implement once for all using machine level firewalling.. also gets rids of multi-second slowness for bootstrap/addmachine/remove-machine/and destroy-environment.

summary:	- orchestra has no firewalls + non ec2 providers have no firewalls
Changed in juju:
importance:	Undecided → Medium
milestone:	none → florence

Kapil Thangavelu (hazmat) on 2012-03-16

Changed in juju:
milestone:	florence → honolulu

Revision history for this message

Clint Byrum (clint-fewbar) wrote on 2012-05-15:

The reasons for doing this are piling u p.

* As the dupe bug #996857 states, not having this means things tested on LXC won't work the same on EC2

* We are basically abusing security groups in EC2 by giving every node its own group. Because of the way EC2 works, having to put everynode in a group at launch time, its just not dynamic enough. This also has been a source of difficulty in working with OpenStack.

Changed in juju:
status:	New → Confirmed

Revision history for this message

Clint Byrum (clint-fewbar) wrote on 2012-07-23:

bug #1027641 regarding the openstack provider is related

Clint Byrum (clint-fewbar) on 2012-07-24

summary:

- non ec2 providers have no firewalls
+ non ec2/openstack providers have no firewalls

Clint Byrum (clint-fewbar) on 2012-09-10

Changed in juju:
milestone:	0.6 → none

Revision history for this message

Dave Cheney (dave-cheney) wrote on 2013-01-14: Re: non ec2/openstack providers have no firewalls

I am not sure this is an issue anymore for juju-core as we are more sensible with our firewall setup.

Changed in juju-core:
status:	New → Triaged

Revision history for this message

Kapil Thangavelu (hazmat) wrote on 2013-01-14: Re: [Bug 833064] Re: non ec2/openstack providers have no firewalls

On Sun, Jan 13, 2013 at 11:22 PM, Dave Cheney <email address hidden>wrote:

> I am not sure this is an issue anymore for juju-core as we are more
> sensible with our firewall setup.

its nice to be explicit.. ie. juju-core supports machine level iptable
firewalls.

Revision history for this message

William Reade (fwereade) wrote on 2013-01-14: Re: non ec2/openstack providers have no firewalls

This is still an issue. The firewally stuff has hopefully been implemented in such a way that adding machine-level iptables firewalling will not be too challenging; but it has not actually been done.

Kapil Thangavelu (hazmat) on 2013-03-12

Changed in juju:
milestone:	none → 0.8

Данило Шеган (danilo) on 2013-06-07

Changed in juju-core:
importance:	Undecided → Medium

Revision history for this message

Kapil Thangavelu (hazmat) wrote on 2013-10-09:

atm this is specifically needed for maas and rackspace.

summary:

- non ec2/openstack providers have no firewalls
+ netsec needs machine firewall for some providers

Curtis Hovey (sinzui) on 2013-10-11

Changed in juju-core:
importance:	Medium → Low

Curtis Hovey (sinzui) on 2013-10-12

Changed in juju:
status:	Confirmed → Triaged

Curtis Hovey (sinzui) on 2013-10-15

Changed in juju:
importance:	Medium → Low

Curtis Hovey (sinzui) on 2013-10-15

tags:

added: firewall

Anastasia (anastasia-macmood) on 2016-10-17

Changed in juju-core:
status:	Triaged → Won't Fix

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #996857

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.