EC2 VPC firewall rules

[Dimiter Naydenov]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 18.02.2016 12:01, Tom Barber wrote:
> Hello folks
> 
> I'm not sure if my tinkering has broken something, the fact I'm
> running trunk has broken something or I just don't understand
> something.
> 
> Until last week we've been running EC2 classic, but we have now
> switched to EC2-VPC and have launched a few machines.
> 
> juju ssh to these machines works fine and I've been configuring
> them to suit our needs.
> 
> Then I came to look at external access, `juju expose mysqldb` for 
> example, I would then expect to be able to access it from the
> outside world, but can't unless go into my VPC settings and open
> the port in one of the juju security groups, at which point
> external access works fine.
> 
> Am I missing something?
> 
> Thanks
> 
> Tom
> 
> 
Hey Tom,

What you're describing sounds like a bug, as "juju expose <service>"
should trigger the firewaller worker to open the ports the service has
declared (with open-ports within the charm) using the security group
assigned to the host machine for all units of that service.

Have you changed the "firewall-mode" setting by any chance?
Can you provide some logs from /var/log/juju/*.log on the bootstrap
instance (machine 0)?

Cheers,
- -- 
Dimiter Naydenov <dimiter.naydenov at canonical.com>
Juju Core Sapphire team <http://juju.ubuntu.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJWxaAXAAoJENzxV2TbLzHwGgEIAIuj0sPzh7S/4jvTQ6aA/dwP
i7WkSZ586JkNbEFeCBjDavO6oZFOwIAEW+EpGuy1C0O8BJr5Y2YJBMR96pdf3Rj/
Y6xS4Byt0HrwCWixt7ut6zu7BsT+nv6YFO7fNQvNYLyroufzpqUKaALJp5xwedkJ
JIx1iyLnAZ4ZC1/0VkoBM/UjbZN7xQIteNvChBCZSSk8RvbqXCKhbXZKuUKMAw5g
R+D3wIwLEyZHb5SATcSSdE6nidv4A0F2waac1/3lOvFebeOsnapnRKkIDp3Y9v19
/zDiDLWSJJvMDau8iIzSQ4STK/sLEmA78iRNkfDRWRifv0z1KkY6ppnhaS+jrj4=
=kPA7
-----END PGP SIGNATURE-----