Ubuntu
euca2ools package

  1. Bug #725170
  2. Comment #4

Comment 4 for bug 725170

Revision history for this message
Mitch Garnaat (mitch-garnaat) wrote : Re: [Bug 725170] Re: euca-authorize requires source-subnet to function

Thanks. I'll merge this in on my side.

Where are you guys with the Natty release? Is that imminent? I've been
working on lots of changes to euca2ools. Refactoring the code, adding
support for things like tags and filters, fixing lots of long-standing bugs,
etc. I suspect all of this is much too late for natty but just wanted to
give you a heads up. I'll probably be merging these changes to our
euca2ools-main sometime over the next two weeks.

Mitch

On Fri, Feb 25, 2011 at 3:54 PM, Scott Moser <email address hidden> wrote:

> Mitch,
> I've just pulled this into the ubuntu euca2ools package. You can pull the
> patch from
>
> http://bazaar.launchpad.net/~ubuntu-virt/ubuntu/natty/euca2ools/natty/view/head:/debian/patches/authorize-add-default-source-subnet.patch
>
> ** Changed in: euca2ools
> Status: New => Confirmed
>
> --
> You received this bug notification because you are a member of
> Eucalyptus Maintainers, which is the registrant for euca2ools.
> https://bugs.launchpad.net/bugs/725170
>
> Title:
> euca-authorize requires source-subnet to function
>
> Status in Euca2ools:
> Confirmed
> Status in “euca2ools” package in Ubuntu:
> Fix Released
>
> Bug description:
> Binary package hint: euca2ools
>
> using the ec2-api-tools, one can do something like:
> $ ec2-add-group --description=bar foogroup
> GROUP foogroup bar
> $ ec2-authorize foogroup -p 22
> GROUP foogroup
> PERMISSION foogroup ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
> $ ec2-describe-group foogroup
> GROUP 950047163771 foogroup bar
> PERMISSION 950047163771 foogroup ALLOWS tcp 22 22 FROM CIDR
> 0.0.0.0/0
>
> Using euca2ools, the same looks like this:
> $ euca-add-group --description=bar foogroup
> GROUP foogroup bar
> $ euca-authorize foogroup -p 22
> foogroup None None tcp 22 22 None
> GROUP foogroup
> PERMISSION foogroup ALLOWS tcp 22 22
> $ echo $?
> 0
> $ euca-describe-groups
> GROUP 950047163771 foogroup bar
>
> Note 2 things there, a.) the command returned success b.) it did not
> do anything. There is no PERMISSIOn rule now as there should be.
>
> However, if we supply a -s/--source-subnet flag, then it works as
> expected:
>
> $ euca-authorize foogroup -p 22 --source-subnet 0.0.0.0/0
> foogroup None None tcp 22 22 0.0.0.0/0
> GROUP foogroup
> PERMISSION foogroup ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
> $ euca-describe-groups foogroup
> GROUP 950047163771 foogroup bar
> PERMISSION 950047163771 foogroup ALLOWS tcp 22 22 FROM CIDR
> 0.0.0.0/0
>
>
> I think all that is really needed is to use '0.0.0.0/0' as the
> source-subnet if one is not supplied.
>
> ProblemType: Bug
> DistroRelease: Ubuntu 11.04
> Package: euca2ools 1.3.1-0ubuntu5
> ProcVersionSignature: Ubuntu 2.6.38-1.28-generic 2.6.38-rc2
> Uname: Linux 2.6.38-1-generic x86_64
> Architecture: amd64
> Date: Fri Feb 25 13:29:08 2011
> InstallationMedia: Ubuntu 10.04 "Lucid Lynx" - Beta amd64 (20100318)
> PackageArchitecture: all
> ProcEnviron:
> LANGUAGE=en_US:en
> PATH=(custom, user)
> LANG=en_US.UTF-8
> LC_MESSAGES=en_US.utf8
> SHELL=/bin/bash
> SourcePackage: euca2ools
>