OpenStack Security Groups - missing rule

cloudfoundry / docs-deploying-cf

The docs repo for material on deploying Cloud Foundry

Apache License 2.0

15 stars 101 forks source link

OpenStack Security Groups - missing rule #112

Closed cklause closed 8 years ago

cklause commented 8 years ago

Hi,

the documentation lists the following security group rule:

| Ingress | IPv4 | TCP | - | cf (Security Gp) |

but no UDP counterpart. I think this is required for Consul to work.

| Ingress | IPv4 | UDP | - | cf (Security Gp) |

issue cf release

cf-gitbot commented 8 years ago

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/121837885

The labels on this github issue will be updated when the story is started.

aduffeck commented 8 years ago

:+1:

We ran into a similar issue where we had to allow incoming UDP traffic on port 3457 from the security group so that doppler could receive log messages well.

bentarnoff commented 8 years ago

Hey @cklause did you determine whether the lack of a security group allowing incoming UDP traffic was the source of your problem? We can update the topic but we'd like to provide a more restricted security group if possible. The ports required by Consul are provided here and @aduffeck above indicated that incoming UDP traffic to port 3457 needs to be open for Doppler. Do you have anything more specific to add?

bentarnoff commented 8 years ago

We've updated the docs to correct this error. Thanks for bringing it to our attention. I'm closing this issue for now, but please feel free to get in touch in the future with any feedback.