[StarCluster] Adding security group permissions

C. Titus Brown ctb at msu.edu
Mon Mar 12 22:01:11 EDT 2012


Hi all,

thanks for Starcluster!  Truly awesome.

I'm running into a slight security group problem with 0.93.1 that I don't understand.

I was using starcluster start to start an EBS AMI, and everything seemed to be working fine -- it would start up & I would be able to ssh into it with 'sshmaster'.

Then I wanted to add https to the security group permissions on startup, so I modified my '[cluster smallcluster]' config settings to include

PERMISSIONS = ssh, https

and then added

---
[permission ssh]
protocol=tcp
from_port=22
to_port=22

[permission https]
protocol=tcp
from_port=443
to_port=443
---

at the bottom of the config file.

This worked partially: https was now allowed.  But ssh wasn't any more!

I can disable https and enable ssh on start by commenting out PERMISSIONS; or disable ssh and enable https by uncommenting PERMISSIONS.

Any thoughts?  I have verified that the security settings on Amazon match the behavior (that is, no SSH port added when PERMISSIONS is uncommented, etc.)

thanks,
--titus

The output, with PERMISSIONS uncommented:

>>> Using default cluster template: smallcluster
>>> Validating cluster template settings...
>>> Cluster template settings are valid
>>> Starting cluster...
>>> Launching a 1-node cluster...
>>> Creating security group @sc-test2...
>>> Opening tcp port range 443-443 for CIDR 0.0.0.0/0
Reservation:r-e5fbe185
>>> Starting cluster took 0.033 mins

The output, with PERMISSIONS commented out:

>>> Using default cluster template: smallcluster
>>> Validating cluster template settings...
>>> Cluster template settings are valid
>>> Starting cluster...
>>> Launching a 1-node cluster...
>>> Creating security group @sc-test...
Reservation:r-49fae029
>>> Starting cluster took 0.029 mins





More information about the StarCluster mailing list