chef-provisioning-aws icon indicating copy to clipboard operation
chef-provisioning-aws copied to clipboard

Published 20 hours ago verified publisher icon chef-boneyard

Disable source/destination check

Open lfrodrigues opened this issue 9 years ago • 8 comments

Would it be possible to add an attribute to machine to be able to disable source/destination check?

I know there are a few solutions out there but would be good if I could use just chef-provisioning to deploy a NAT box in AWS.

lfrodrigues avatar Oct 06 '15 21:10 lfrodrigues

@lfrodrigues It's already there (link shows code), although not as an ~~attribute~~ property on the resource - You just need to add source_dest_check: false into your machine_options, e.g.:

machine 'nat' do
  machine_options(
    source_dest_check: false
  )
  action :converge
end

HTH. :smile:

lskillen avatar Oct 06 '15 23:10 lskillen

Ok I didn't see it in docs so I assumed it didn't exist. Should have read the code...

I just tried it on a running instance but it didn't change the value. Does it only work for new instances?

My code:

machine 'ipsec-1' do
    machine_options ({
        :source_dest_check => true,
        :transport_address_location => :private_ip,
        :bootstrap_options => {
          :key_name => 'keyname',
          :instance_type => 't2.micro',
          :image_id => 'ami-d05e75b8',
          :network_interfaces => [
              {
                :device_index => 0,
                :subnet_id => subnet_internet_gw.aws_object.id,
                :groups => [security_group_internet_gw_ipsec.aws_object.id],
                :private_ip_addresses => [{
                    :private_ip_address => '172.16.145.1',
                    :primary => true
                }],
               :associate_public_ip_address => true
              }
          ]
        }
    })
    ```

lfrodrigues avatar Oct 07 '15 00:10 lfrodrigues

@lfrodrigues You've got :source_dest_check => true there, should that be :source_dest_check => false? You're trying to disable source/destination checking, right? :wink:

I tried it here with an existing instance and it seems to set it correctly:

[2015-10-07T01:19:06+01:00] INFO: [Aws::EC2::Client 200 0.134204 0 retries] modify_instance_attribute(source_dest_check:{value:false},instance_id:"i-02dexxxx")

Haven't tried it with a brand new instance yet, but trying it now to see if it works.

lskillen avatar Oct 07 '15 00:10 lskillen

@lskillen I tried setting it to true because it was already false (running nat instance), I saw no change on console/AWS. Maybe I did something wrong...

lfrodrigues avatar Oct 07 '15 00:10 lfrodrigues

You're right, I had a look at the code again and it seems like it only gets applied when the instance is first allocated (which is a shame) - Thinking my previous assumption was actually for a new instance rather than an existing one. However, it definitely works on a brand new instance, checking the EC2 dashboard for the instances, I can see that:

Source/dest. check: False

Perhaps try again with a brand new instance?

lskillen avatar Oct 07 '15 00:10 lskillen

I confirm it works for a new instance. Could this issue be kept open so that the code can be revised to work on both cases?

lfrodrigues avatar Oct 07 '15 08:10 lfrodrigues

Confirming that it works for new instances, but does not update existing instances

kplimack avatar Jan 19 '16 19:01 kplimack

@gmiranda23 this is the other issue we discussed where instance's source_dest_check does not get modified on existing nodes.

kplimack avatar Jan 22 '16 23:01 kplimack