[StarCluster] dealing with security groups
Igor Tatarinov
igor at priceyeti.com
Sat Dec 4 16:19:51 EST 2010
Hi,
I was really impressed how easy it was to use StarCluster - thanks! :) but I
can't figure out how to work around EC2 security groups to make it work for
us.
We need to be able to mount an NFS share (which is an EBS volume). I
understand that StarCluster can attach and share an EBS volume but we
already have our EBS volumes attached and used by other nodes. So instead of
attaching an EBS volume we need to mount an existing NFS share. Does this
make sense? I wonder how many people have a similar set up? (We also need
access to our NIS server and possibly other services)
By default, new EC2 security groups have all of the ports closed (except
ssh) so one thing I could do is to open the relevant ports at cluster
startup. Alternatively, I'd rather not deal with security groups at all.
'default' would work fine for us. Unfortunately, it looks like the code
assumes that a cluster has its own security group with a certain name. So I
guess that's not an option, right?
If I follow the first approach, I would need to do something like this:
ec2-authorize default -p <nfs-port> -o @sc-mycluster
right? or do I also need to allow access from sc-cluster to default?
Do I need to revoke these permissions when the cluster shuts down or will
EC2 take care of that as long as StarCluster deletes the security group
(does it?)
Thanks!
igor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/starcluster/attachments/20101204/4df09cad/attachment.htm
More information about the StarCluster
mailing list