| *** andrey-mp2 has quit IRC | 06:27 | |
| *** andrey-mp has joined #openstack-ec2api | 10:10 | |
| *** andrey-mp has quit IRC | 10:17 | |
| *** andrey-mp has joined #openstack-ec2api | 10:24 | |
| *** andrey-mp has quit IRC | 11:47 | |
| *** andrey-mp has joined #openstack-ec2api | 11:54 | |
| *** andrey-mp has quit IRC | 14:32 | |
| *** andrey-mp has joined #openstack-ec2api | 16:13 | |
| *** cybojanek has joined #openstack-ec2api | 18:51 | |
| cybojanek | I'm back again :D | 18:54 |
|---|---|---|
| cybojanek | andrey-mp: revoke-security-group-ingress --protocol tcp --port 5003 --cidr 0.0.0.0/0 --group-name default | 18:56 |
| cybojanek | that fails because the group-id is None | 18:56 |
| cybojanek | and _revoke_security_group does not check / get group id | 18:56 |
| cybojanek | Actual error is a string split on None | 18:57 |
| cybojanek | also | 19:17 |
| cybojanek | After running: authorize-security-group-ingress --protocol tcp --port 5003 --cidr 0.0.0.0/0 --group-id sg-e30d3a76 | 19:17 |
| cybojanek | And then: revoke-security-group-ingress --protocol tcp --port 5003 --cidr 0.0.0.0/0 --group-id sg-e30d3a76 | 19:17 |
| cybojanek | the rule doesn't actually get deleted because the comparison fails: | 19:18 |
| cybojanek | rule1 = {'direction': 'ingress', 'protocol': u'tcp', 'ethertype': 'IPv4', 'port_range_max': 5003, 'security_group_id': u'b65bc978-ef07-4c37-bc14-f1e0f8252946', 'port_range_min': 5003, 'remote_ip_prefix': u'0.0.0.0/0'} | 19:18 |
| cybojanek | rule2 = {u'remote_group_id': u'b65bc978-ef07-4c37-bc14-f1e0f8252946', u'direction': u'ingress', u'protocol': None, u'description': u'', u'ethertype': u'IPv6', u'remote_ip_prefix | 19:18 |
| cybojanek | ': None, u'port_range_max': None, u'security_group_id': u'b65bc978-ef07-4c37-bc14-f1e0f8252946', u'port_range_min': None, u'tenant_id': u'bc6dc3e9a3264b9f91b9450c0be5ea82', u'id': u | 19:18 |
| cybojanek | 'e2f8ff59-b852-46be-b40c-5202c0dccb65'} | 19:18 |
| cybojanek | significant_values(rule1) | 19:19 |
| cybojanek | {'ethertype': 'IPv4', 'direction': 'ingress', 'port_range_min': '5003', 'protocol': 'tcp', 'port_range_max': '5003'} | 19:19 |
| cybojanek | significant_values(rule2) | 19:19 |
| cybojanek | {u'ethertype': 'IPv6', u'direction': 'ingress', u'remote_group_id': 'b65bc978-ef07-4c37-bc14-f1e0f8252946'} | 19:19 |
| cybojanek | code: 187095b411cf5cf4d69002afda8c74d1fc1deb18 | 19:19 |
| cybojanek | Sorry, nvm about that, the port isnt there | 19:20 |
| cybojanek | Sorry about the spam, I think I've got it this time | 19:28 |
| cybojanek | andrey-mp: Ok, so the 'description' field doesn't get filtered out, and now I see that its included in the master branch changes (but not yet stable/mitaka) | 19:30 |
| cybojanek | I think the other problem will still persist | 19:30 |
| andrey-mp | hi :) | 19:30 |
| cybojanek | ! | 19:31 |
| andrey-mp | so, is it only one problem with group-id? | 19:31 |
| cybojanek | Yea | 19:32 |
| cybojanek | I'm still on stable/mitaka | 19:32 |
| cybojanek | I'll merge master into my branch but I think the problem in master is still there (that code doesn't look changed) | 19:32 |
| cybojanek | I have a few other issues I'm going through and will post those here later too | 19:32 |
| andrey-mp | ok | 19:33 |
| andrey-mp | as I understood you are not using VPC? | 19:43 |
| andrey-mp | cybojanek ^ | 19:43 |
| *** andrey-mp2 has joined #openstack-ec2api | 19:50 | |
| cybojanek | I always get confused with the naming stuff, but in OpenStack I have a private 10.0.0.0/24 that runs over GRE | 19:50 |
| cybojanek | I'm trying to run the latest code atm | 19:51 |
| *** andrey-mp has quit IRC | 19:52 | |
| andrey-mp2 | VPC - virtual private cloud. It's a network stuff in Amazon. | 19:55 |
| cybojanek | Yea, I use that in Amazon | 19:55 |
| andrey-mp2 | ah, ok. | 19:55 |
| cybojanek | andrey-mp2: In latest code, deleteion works ok with group-id but not with group-name | 19:56 |
| andrey-mp2 | did you create vpc in openstack (via ec2-api)? | 19:56 |
| cybojanek | No | 19:57 |
| cybojanek | Do I have to do it that way? | 19:57 |
| andrey-mp2 | I don't remember right now ) I need to see. | 19:59 |
| andrey-mp2 | ok. I've checked it. ec2-api has a bug/feature. in case when neutron available and support_vpc is on in ec2-api.conf then ec2-api uses security_groups from neutron. but it doesn't store information about default VPC and can't choose correct security_group by name (neutron can have many equal names). | 20:07 |
| andrey-mp2 | so problem is in the information what is default VPC. in amazon it always present and if user make call with group_name then amazon searchs for security group in default vpc. ec2-api doesn't create default VPC automatically and can't choose correct security group by name. | 20:09 |
| *** andrey-mp2 has quit IRC | 20:18 | |
| cybojanek | another issue, this works fine: run-instances --count 1 --image-id ami-25f72113 --instance-type m1.small --security-groups default | 22:59 |
| cybojanek | but this fails: run-instances --count 1 --image-id ami-25f72113 --instance-type m1.small --security-group-ids sg-e30d3a76 | 22:59 |
| cybojanek | due to: 'VPC security groups may not be used for a non-VPC launch' | 22:59 |
| cybojanek | I didn't create a VPC in ec2, but enabled full vpc support | 23:00 |
| cybojanek | and I have an OS private subnet for my project | 23:00 |
| cybojanek | I commented out that case and my instance allocated fine | 23:01 |
| cybojanek | I obviously don't completely understand the implications of this, but was wondering what you thought | 23:01 |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!