Services no longer publicly exposed by default

[Gustavo Niemeyer]

Good to see this finally landing.  Thanks Jim.

> Deployed services no longer have a wide-open firewall for the EC2
> provider as of r309 of Ensemble trunk.  For many formulas, this new
> functionality doesn't matter - they should not have the firewall
> open anyway. However, for other formulas, here's what you can do to respond
> to the change.

The design we've put in place means it matters for all formulas, and
it will be critical once we change the implementation to work with
local firewalling.

So, restating it: all formulas that expose ports should use open-port
(and optionally close-port) diligently.

> WordPress example, you can expose it any time after the service has
> been deployed with the following:
>
>  ensemble expose wordpress

Beautiful.

> Security groups are not yet deleted at shutdown
> (https://bugs.launchpad.net/ensemble/+bug/824219).

When is this landing?

> The possibly good
> impact of this during the transition is that any existing security
> groups are currently wide open. This means that your deployments
> should work the same. You can delete the security group, or just wait
> for this bug to be fixed.

I don't understand this point.

> Related to this, attempting to bootstrap too soon after shutdown may
> result in this problem: Error Message: There are active instances
> using security group
> 'ensemble-sample-0'. (https://bugs.launchpad.net/ensemble/+bug/824222)

As we discussed over the sprint, this should error with something that
makes sense to the user, rather than something they can't relate to.

> Docs are being updated. For trunk, the draft version is essentially
> accurate in terms of usage
> (https://code.launchpad.net/~jimbaker/ensemble/expose-docs/+merge/71122)

Nice docs!

-- 
Gustavo Niemeyer
http://niemeyer.net
http://niemeyer.net/plus
http://niemeyer.net/twitter
http://niemeyer.net/blog

-- I never filed a patent.