[StarCluster] Adding security group permissions

Justin Riley jtriley at MIT.EDU
Tue Mar 13 15:48:09 EDT 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Titus,

By default StarCluster will configure the proper permissions for ssh
so the ssh permission you've defined is not needed. Simply removing
the SSH permission from the list should work for you. Let me know how
it goes.

~Justin

On 03/12/2012 10:01 PM, C. Titus Brown wrote:
> Hi all,
> 
> thanks for Starcluster!  Truly awesome.
> 
> I'm running into a slight security group problem with 0.93.1 that I
> don't understand.
> 
> I was using starcluster start to start an EBS AMI, and everything
> seemed to be working fine -- it would start up & I would be able to
> ssh into it with 'sshmaster'.
> 
> Then I wanted to add https to the security group permissions on
> startup, so I modified my '[cluster smallcluster]' config settings
> to include
> 
> PERMISSIONS = ssh, https
> 
> and then added
> 
> --- [permission ssh] protocol=tcp from_port=22 to_port=22
> 
> [permission https] protocol=tcp from_port=443 to_port=443 ---
> 
> at the bottom of the config file.
> 
> This worked partially: https was now allowed.  But ssh wasn't any
> more!
> 
> I can disable https and enable ssh on start by commenting out
> PERMISSIONS; or disable ssh and enable https by uncommenting
> PERMISSIONS.
> 
> Any thoughts?  I have verified that the security settings on Amazon
> match the behavior (that is, no SSH port added when PERMISSIONS is
> uncommented, etc.)
> 
> thanks, --titus
> 
> The output, with PERMISSIONS uncommented:
> 
>>>> Using default cluster template: smallcluster Validating
>>>> cluster template settings... Cluster template settings are
>>>> valid Starting cluster... Launching a 1-node cluster... 
>>>> Creating security group @sc-test2... Opening tcp port range
>>>> 443-443 for CIDR 0.0.0.0/0
> Reservation:r-e5fbe185
>>>> Starting cluster took 0.033 mins
> 
> The output, with PERMISSIONS commented out:
> 
>>>> Using default cluster template: smallcluster Validating
>>>> cluster template settings... Cluster template settings are
>>>> valid Starting cluster... Launching a 1-node cluster... 
>>>> Creating security group @sc-test...
> Reservation:r-49fae029
>>>> Starting cluster took 0.029 mins
> 
> 
> 
> _______________________________________________ StarCluster mailing
> list StarCluster at mit.edu 
> http://mailman.mit.edu/mailman/listinfo/starcluster

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEUEARECAAYFAk9fpHkACgkQ4llAkMfDcrnJrwCWIgtXRGM/lKAcAkMHBbVR5wUG
uACbBaLZf4zJWrERB8XunXhCKO8qFOg=
=S+cK
-----END PGP SIGNATURE-----

More information about the StarCluster mailing list