[Starcluster] security groups
Justin Riley
justin.t.riley at gmail.com
Fri Aug 13 12:20:05 EDT 2010
Hi Fabian,
StarCluster puts all instances launched for a particular cluster in a
group named @sc-tagname where tagname is the name you give to your
cluster when you start it.
For example:
$ starcluster start mynewcluster
This command will create @sc-mynewcluster for the cluster. The
@sc-masters group is a group that all StarCluster master nodes are added
to. This group is used to determine who the master is in the cluster. In
the next version this group will no longer be necessary because we've
switched to using the node's user-data to assign master,node001,etc names.
The security groups have port 22 opened to 0.0.0.0/0 by default so that
your machine will be able to connect to the instances. All inter-group
traffic is allowed (and absolutely required) as well so that the nodes
can communicate. You can easily change the ssh rule in ElasticFox for
example to narrow the ip range to a specific ip however your local
machine *must* be able to connect via port 22 to the instances or
starcluster will not work.
In the next version I've added support for setting custom security group
permissions automatically after launch:
http://github.com/jtriley/StarCluster/blob/master/docs/sphinx/configuration.rst
This will allow you to tell StarCluster to open up your own custom ports
after the cluster has been started. You should also be able to use this
to customize the ssh rule after launch to specify a specific ip to only
allow access to but again you need to be sure you will still be able to
connect after applying the rule.
~Justin
On 08/12/2010 05:40 PM, Fabian Boes wrote:
> Hi,
>
> just joined the mailing list after having started my first test
> cluster on AWS. I have noticed in the AWS management console that the
> number of security groups has increased by +2, however when listing
> the security groups, I could only see the ones I had defined
> previously.
>
> What is the definition of @sc-* groups? Are only SSH connections
> allowed to the master and nodes?
>
> Kind regards,
> Fabian
> _______________________________________________
> Starcluster mailing list
> Starcluster at mit.edu
> http://mailman.mit.edu/mailman/listinfo/starcluster
More information about the StarCluster
mailing list