Ubuntu
euca2ools package

euca-revoke removes the wrong group authorization

Bug #608623 reported by Andreas Hasenack
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Eucalyptus
New
Undecided
chris grzegorczyk
euca2ools (Ubuntu)
Triaged
Medium
Mitch Garnaat

Bug Description

Binary package hint: euca2ools

I have a security group and have authorized traffic from two other groups to it, "web" and "lds":

andreas@nsn2:~$ euca-describe-groups ssh
GROUP admin ssh Allows 22/tcp from everywhere
PERMISSION admin ssh ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
PERMISSION admin ssh ALLOWS tcp 0 65535 GRPNAME web
PERMISSION admin ssh ALLOWS udp 0 65535 GRPNAME web
PERMISSION admin ssh ALLOWS icmp -1 -1 GRPNAME web
PERMISSION admin ssh ALLOWS tcp 0 65535 GRPNAME lds
PERMISSION admin ssh ALLOWS udp 0 65535 GRPNAME lds
PERMISSION admin ssh ALLOWS icmp -1 -1 GRPNAME lds

Now I remove this authorization for the "lds" group:

andreas@nsn2:~$ euca-revoke -o lds -u admin ssh
GROUP ssh
PERMISSION ssh ALLOWS USER admin GRPNAME lds

Listing the "ssh" group now shows that the "lds" group is still there and the "web" one was removed instead:

andreas@nsn2:~$ euca-describe-groups ssh
GROUP admin ssh Allows 22/tcp from everywhere
PERMISSION admin ssh ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
PERMISSION admin ssh ALLOWS tcp 0 65535 GRPNAME lds
PERMISSION admin ssh ALLOWS udp 0 65535 GRPNAME lds
PERMISSION admin ssh ALLOWS icmp -1 -1 GRPNAME lds

This is against a cloud controller on lucid, running:

$ dpkg -l|grep eucalyptus
ii eucalyptus-cc 1.6.2-0ubuntu30.3 Elastic Utility Computing Architecture - Clu
ii eucalyptus-cloud 1.6.2-0ubuntu30.3 Elastic Utility Computing Architecture - Clo
ii eucalyptus-common 1.6.2-0ubuntu30.3 Elastic Utility Computing Architecture - Com
ii eucalyptus-gl 1.6.2-0ubuntu30.3 Elastic Utility Computing Architecture - Log
ii eucalyptus-java-common 1.6.2-0ubuntu30.3 Elastic Utility Computing Architecture - Com
ii eucalyptus-sc 1.6.2-0ubuntu30.3 Elastic Utility Computing Architecture - Sto
ii eucalyptus-walrus 1.6.2-0ubuntu30.3 Elastic Utility Computing Architecture - Wal
ii libeucalyptus-commons-ext-java 0.5.0-0ubuntu2 Eucalyptus commons external Java library

The client has this version os euca2ools installed and is also lucid:
ii euca2ools 1.2-0ubuntu10 managing cloud instances for Eucalyptus

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

It also happens when using Landscape to manage the security groups of a UEC installation, so it looks like a server bug and not a client one.

Mathias Gug (mathiaz)
Changed in euca2ools (Ubuntu):
importance: Undecided → Medium
Dmitrii Zagorodnov (dmitrii)
Changed in eucalyptus:
assignee: nobody → chris grzegorczyk (chris-grze)
Mitch Garnaat (mitch-garnaat)
Changed in euca2ools (Ubuntu):
assignee: nobody → Mitch Garnaat (mitch-garnaat)
Revision history for this message
Scott Moser (smoser) wrote :

@andreas,
   This bug is old.
    Could you please try to reproduce with current euca2ools?
   If you are unable to find a Eucalyptus, then just point at EC2. If it "does the right thing" against EC2, then this bug is fix-released for euca2ools at least.

Revision history for this message
Dave Walker (davewalker) wrote :

Marking euca2ools task incomplete pending an update.

Thanks.

Changed in euca2ools (Ubuntu):
status: New → Incomplete
Revision history for this message
Andy Grimm (agrimm) wrote :

This issue is now being tracked upstream at http://eucalyptus.atlassian.net/browse/EUCA-2719

Please watch that issue for further updates.

Revision history for this message
Clint Byrum (clint-fewbar) wrote :

Since it is in upstream's hands now, marking as Triaged

Changed in euca2ools (Ubuntu):
status: Incomplete → Triaged
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.