Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(1728)
Issues Repositories Search
Open Issues | Closed Issues | All Issues | Sign in with your Google Account to create issues and add comments

Issue 44770044: New openstack use-default-secgroup option (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
10 years, 4 months ago by wallyworld
Modified:
10 years, 4 months ago
Reviewers:
gz, mp+199929, fwereade
Visibility:
Public.

Description

New openstack use-default-secgroup option Bug #1129720 Openstack environments can be configured to start instances with the "default" security group assigned. The new use-default-secgroup config option (default false) is used to enable this behaviour. https://code.launchpad.net/~wallyworld/juju-core/instance-default-secgroup/+merge/199929 (do not edit description out of merge proposal)

Patch Set 1 #

Total comments: 1
Unified diffs Side-by-side diffs Delta from patch set Stats (+106 lines, -23 lines) Patch
A [revision details] View 1 chunk +2 lines, -0 lines 0 comments Download
M cmd/juju/help_topics.go View 1 chunk +3 lines, -0 lines 1 comment Download
M dependencies.tsv View 1 chunk +1 line, -1 line 0 comments Download
M provider/openstack/config.go View 2 chunks +26 lines, -20 lines 0 comments Download
M provider/openstack/config_test.go View 3 chunks +12 lines, -0 lines 0 comments Download
M provider/openstack/live_test.go View 2 chunks +44 lines, -0 lines 0 comments Download
M provider/openstack/provider.go View 3 chunks +18 lines, -2 lines 0 comments Download

Messages

Total messages: 5
wallyworld
Please take a look.
10 years, 4 months ago (2013-12-23 00:51:04 UTC) #1
fwereade
I'm just ignorant, I'm sure, but I don't see what we gain by making this ...
10 years, 4 months ago (2014-01-02 09:41:46 UTC) #2
gz
I added a comment to bug 1129720 about the general approach. I agree with William ...
10 years, 4 months ago (2014-01-09 12:56:35 UTC) #3
fwereade
On 2014/01/09 12:56:35, gz wrote: > I added a comment to bug 1129720 about the ...
10 years, 4 months ago (2014-01-09 19:48:46 UTC) #4
fwereade
10 years, 4 months ago (2014-01-10 08:28:07 UTC) #5 
On 2014/01/09 19:48:46, fwereade wrote:
> On 2014/01/09 12:56:35, gz wrote:
> > I added a comment to bug 1129720 about the general approach.
> > 
> > I agree with William that adding more config here isn't really desirable,
but
> > just putting the default group on all machines juju creates is a step back
in
> > our general isolation level. The per-environment security group is a much
> > cleaner place to add custom rules, even if we don't supply a juju command
for
> > doing that (though we could).
> > 
> > Code itself looks fine.
> 
> I dunno, I think there's quite a neat separation between the default security
> group -- with whatever cloud-specific rules, considered appropriate by the
> administrator, that are kinda outside our purview -- and our own config.
What's
> the use case for *not* including the default security group? Nobody's needed
it
> before, sure; but the default behaviour doesn't look harmful, and if that's
been
> changed it seems reasonable to assume it's been done for a reason. Right?
> 
> Sorry for the delay, Ian, I had an all-day power cut -- can we chat about this
> tomorrow morning? I'm fine with the code, indeed, but I feel like including
that
> security group is the correct default, and I'd be happiest of all if we just
> skipped the config, but I'll accept pretty much any plausible use case that
> requires its falsity as justification for including the setting.

LGTM after discussion -- we've been fine without it so far, so let's stick with
the existing default. Thanks for bearing with me.
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b