[使用salt --version:2015.5.0]我想添加允许来自其他安全组的所有TRAFFIC的规则
我的支柱中有这个:
securitygroups:
groups:
- name: NFS
region: us-east-1
vpc_id: vpc-1234
description: desc
rules:
- ip_protocol: -1
from_port: -1
to_port: -1
ec2_group: sg123456
API建议使用-1来指定所有 IpProtcol 。但是我收到了这个错误:
----------
ID: secgroups_NFSecurityGroup
Function: boto_secgroup.present
Name: NFSecurityGroup
Result: False
Comment: An exception occurred in this state: Traceback (most recent call last):
File "/usr/lib/python2.6/site-packages/salt/state.py", line 1563, in call
**cdata['kwargs'])
File "/usr/lib/python2.6/site-packages/salt/states/boto_secgroup.py", line 140, in present
_ret = _rules_present(name, rules, vpc_id, region, key, keyid, profile)
File "/usr/lib/python2.6/site-packages/salt/states/boto_secgroup.py", line 345, in _rules_present
to_delete, to_create = _get_rule_changes(rules, sg['rules'])
File "/usr/lib/python2.6/site-packages/salt/states/boto_secgroup.py", line 265, in _get_rule_changes
raise SaltInvocationError(msg.format(ip_protocol))
SaltInvocationError: Invalid ip_protocol traffic specified in security group rule.
Started: 03:09:58.163808
Duration: 235.323 ms
from_port: -1和 to_port: -1如果指定ip_protocol就可以正常工作:icmp | tcp | udp
答案 0 :(得分:0)
我认为协议的-1值仅适用于属于VPC的安全组。对于EC2-Classic,我认为你必须添加三个单独的规则,每个协议一个。