Eucalyptus CC package depends on 'vtund' process in multi-cluster mode
Bug #425928 reported by
Daniel Nurmi
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
eucalyptus (Ubuntu) |
Fix Released
|
Medium
|
Thierry Carrez |
Bug Description
In order for security groups to work properly across two separate clusters (each with their own potentially unroutable subnets), the CC on each cluster uses vtund to set up layer two tunnels between the clusters. The vtun pacakge is not a depndency of eucalyptus-cc as it is not in main (could be 'suggests', as single cluster mode will function properly even if vtund is not present).
Changed in eucalyptus (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → Medium |
assignee: | nobody → Thierry Carrez (ttx) |
tags: | added: eucalyptus |
To post a comment you must log in.
vtun has broken encryption support that makes it unsuitable for main (and for a secure multi-cluster support), see MIR review in bug 412059.
The workaround proposal for karmic is to ship a working but unsupported multi-cluster mode, by suggesting vtun usage in eucalyptus and leaving it in universe. There is no time left to migrate from using vtun to openvpn for proper layer-2 encrypted tunneling.
For karmic+1 this would be revisited so that multi-cluster capabilities are fully supported in main, by removing eucalyptus dependency on vtun and switching to openvpn or an IPsec implementation.