euca-authorize requires source-subnet to function

This bug was fixed in the package euca2ools - 1.3.1-0ubuntu6

---------------
euca2ools (1.3.1-0ubuntu6) natty; urgency=low

  * use 0.0.0.0/0 as default source-subnet in euca-revoke and
    euca-authorize (LP: #725170)
  * parse EC2_URL correctly if it does not contain a port (LP: #719547)
  * provide symlink from euca-authorize-group to euca-authorize-groups
    for better drop-in replacement of ec2-api-tools. (LP: #720856)
 -- Scott Moser <email address hidden> Fri, 25 Feb 2011 15:34:45 -0500

Mitch,
  I've just pulled this into the ubuntu euca2ools package. You can pull the patch from
  http://bazaar.launchpad.net/~ubuntu-virt/ubuntu/natty/euca2ools/natty/view/head:/debian/patches/authorize-add-default-source-subnet.patch

Thanks. I'll merge this in on my side.

Where are you guys with the Natty release? Is that imminent? I've been
working on lots of changes to euca2ools. Refactoring the code, adding
support for things like tags and filters, fixing lots of long-standing bugs,
etc. I suspect all of this is much too late for natty but just wanted to
give you a heads up. I'll probably be merging these changes to our
euca2ools-main sometime over the next two weeks.

Mitch

On Fri, Feb 25, 2011 at 3:54 PM, Scott Moser <email address hidden> wrote:

> Mitch,
> I've just pulled this into the ubuntu euca2ools package. You can pull the
> patch from
>
> http://bazaar.launchpad.net/~ubuntu-virt/ubuntu/natty/euca2ools/natty/view/head:/debian/patches/authorize-add-default-source-subnet.patch
>
> ** Changed in: euca2ools
> Status: New => Confirmed
>
> --
> You received this bug notification because you are a member of
> Eucalyptus Maintainers, which is the registrant for euca2ools.
> https://bugs.launchpad.net/bugs/725170
>
> Title:
> euca-authorize requires source-subnet to function
>
> Status in Euca2ools:
> Confirmed
> Status in “euca2ools” package in Ubuntu:
> Fix Released
>
> Bug description:
> Binary package hint: euca2ools
>
> using the ec2-api-tools, one can do something like:
> $ ec2-add-group --description=bar foogroup
> GROUP foogroup bar
> $ ec2-authorize foogroup -p 22
> GROUP foogroup
> PERMISSION foogroup ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
> $ ec2-describe-group foogroup
> GROUP 950047163771 foogroup bar
> PERMISSION 950047163771 foogroup ALLOWS tcp 22 22 FROM CIDR
> 0.0.0.0/0
>
> Using euca2ools, the same looks like this:
> $ euca-add-group --description=bar foogroup
> GROUP foogroup bar
> $ euca-authorize foogroup -p 22
> foogroup None None tcp 22 22 None
> GROUP foogroup
> PERMISSION foogroup ALLOWS tcp 22 22
> $ echo $?
> 0
> $ euca-describe-groups
> GROUP 950047163771 foogroup bar
>
> Note 2 things there, a.) the command returned success b.) it did not
> do anything. There is no PERMISSIOn rule now as there should be.
>
> However, if we supply a -s/--source-subnet flag, then it works as
> expected:
>
> $ euca-authorize foogroup -p 22 --source-subnet 0.0.0.0/0
> foogroup None None tcp 22 22 0.0.0.0/0
> GROUP foogroup
> PERMISSION foogroup ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
> $ euca-describe-groups foogroup
> GROUP 950047163771 foogroup bar
> PERMISSION 950047163771 foogroup ALLOWS tcp 22 22 FROM CIDR
> 0.0.0.0/0
>
>
> I think all that is really needed is to use '0.0.0.0/0' as the
> source-subnet if one is not supplied.
>
> ProblemType: Bug
> DistroRelease: Ubuntu 11.04
> Package: euca2ools 1.3.1-0ubuntu5
> ProcVersionSignature: Ubuntu 2.6.38-1.28-generic 2.6.38-rc2
> Uname: Linux 2.6.38-1-generic x86_64
> Architecture: amd64
> Date: Fri Feb 25 13:29:08 2011
> InstallationMedia: Ubuntu 10.04 "Lucid Lynx" - Beta amd64 (20100318)
> PackageArchitecture: all
> ProcEnviron:
> LANGUAGE=en_US:en
> PATH=(custom, user)
> LANG=en_US.UTF-8
> LC_MESSAGES=en_US.utf8
> SHELL=/bin/bash
> SourcePackage: euca2ools
>

On Fri, 25 Feb 2011, Mitch Garnaat wrote:

> Thanks. I'll merge this in on my side.
>
> Where are you guys with the Natty release? Is that imminent? I've been
> working on lots of changes to euca2ools. Refactoring the code, adding
> support for things like tags and filters, fixing lots of long-standing bugs,
> etc. I suspect all of this is much too late for natty but just wanted to

Feature freeze was yesterday. We could potentially pull in new versions
still, but we're mostly past that phase :
https://wiki.ubuntu.com/FreezeExceptionProcess

> give you a heads up. I'll probably be merging these changes to our
> euca2ools-main sometime over the next two weeks.

Is this euca2ools-dev branch available somewhere ?

On Fri, Feb 25, 2011 at 4:40 PM, Scott Moser <email address hidden> wrote:

> On Fri, 25 Feb 2011, Mitch Garnaat wrote:
>
> > Thanks. I'll merge this in on my side.
> >
> > Where are you guys with the Natty release? Is that imminent? I've been
> > working on lots of changes to euca2ools. Refactoring the code, adding
> > support for things like tags and filters, fixing lots of long-standing
> bugs,
> > etc. I suspect all of this is much too late for natty but just wanted to
>
> Feature freeze was yesterday. We could potentially pull in new versions
> still, but we're mostly past that phase :
> https://wiki.ubuntu.com/FreezeExceptionProcess

Given the number of changes in the code, I think it would be a bad idea to
try to incorporate it in natty at this point in time. The old code has it's
warts but it's been pretty thoroughly ironed out by now, I think. I did
start my refactoring from the very latest euca2ools-main code so all of the
changes (like copying volume labels, etc.) are in the refactored code.

>
>
> > give you a heads up. I'll probably be merging these changes to our
> > euca2ools-main sometime over the next two weeks.
>
> Is this euca2ools-dev branch available somewhere ?
>

I'm not sure but it certainly could be and should be. I'm not really sure
how the push to LP happens but I'll check to see if we could push this
branch to a dev branch on launchpad. Or, maybe I can just do that manually

This patch has been incorporated upstream in r338.