Details
Bug
Closed
Trivial
Description
I noticed this when trying to launch serverB from an EC2 instance, serverA
The Problem:
-Allow port 22 access to security group for the security group (by default, instances in the same security group can't access each other, this allows them to)
-Group policy matches only the internal IP address.
-By trying to connect to the public_ip_address, the tcp connection egresses outside the firewall and then ingresses back so the security group sees serverA's public IP address and disallows access.
-Workaround, you can add serverA's public IP address to have access to port 22 in security group.
-However this is suboptimal because it causes excess management of security group acls
Proposed Solution:
-Have test_tcp_ssh method connect to the server.dns_name which because of trick in how Amazon resolves dns inside of ec2 will resolve to the private IP address
-This allows for the group policy to match and allows access
-This also allows instances launched by knife from a non-EC2 box to resolve to the public_ip_address
The bootstrap code already uses the server.dns_name so I propose the test_tcp_ssh method use the same.
This trivial change is located here,
https://github.com/butlern/knife-ec2/branches/ssh_test
I've initiated a pull request to opscode/knife-ec2 already.
Thanks,
Nate
Activity
| Transition | Time In Source Status | Execution Times | Last Executer | Last Execution Date | |||||
|---|---|---|---|---|---|---|---|---|---|
|
2h 1m | 1 | Nathan Butler | 19/May/11 9:14 PM | |||||
|
1h 15m | 1 | Nathan Butler | 19/May/11 10:30 PM | |||||
|
71d 14h 13m | 1 | Seth Chisamore | 30/Jul/11 12:43 PM |
