Services no longer publicly exposed by default
Ahmed Kamal
kim0 at ubuntu.com
Tue Aug 16 13:39:58 UTC 2011
On 08/16/2011 03:21 PM, Gustavo Niemeyer wrote:
> Good to see this finally landing. Thanks Jim.
>
>> Deployed services no longer have a wide-open firewall for the EC2
>> provider as of r309 of Ensemble trunk. For many formulas, this new
>> functionality doesn't matter - they should not have the firewall
>> open anyway. However, for other formulas, here's what you can do to respond
>> to the change.
> The design we've put in place means it matters for all formulas, and
> it will be critical once we change the implementation to work with
> local firewalling.
>
> So, restating it: all formulas that expose ports should use open-port
> (and optionally close-port) diligently.
>
>> WordPress example, you can expose it any time after the service has
>> been deployed with the following:
>>
>> ensemble expose wordpress
> Beautiful.
>
>> Security groups are not yet deleted at shutdown
>> (https://bugs.launchpad.net/ensemble/+bug/824219).
> When is this landing?
>
>> The possibly good
>> impact of this during the transition is that any existing security
>> groups are currently wide open. This means that your deployments
>> should work the same. You can delete the security group, or just wait
>> for this bug to be fixed.
> I don't understand this point.
>
>> Related to this, attempting to bootstrap too soon after shutdown may
>> result in this problem: Error Message: There are active instances
>> using security group
>> 'ensemble-sample-0'. (https://bugs.launchpad.net/ensemble/+bug/824222)
> As we discussed over the sprint, this should error with something that
> makes sense to the user, rather than something they can't relate to.
>
>> Docs are being updated. For trunk, the draft version is essentially
>> accurate in terms of usage
>> (https://code.launchpad.net/~jimbaker/ensemble/expose-docs/+merge/71122)
> Nice docs!
>
Thanks for the info Jim, I just massaged it into this blog post as well
http://cloud.ubuntu.com/2011/08/ensemble-security-and-firewall-enhancements/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/juju/attachments/20110816/ea8380db/attachment-0002.html>
More information about the Ensemble
mailing list