[StarCluster] Adding security group permissions

C. Titus Brown ctb at msu.edu
Tue Mar 13 22:27:59 EDT 2012


On Tue, Mar 13, 2012 at 03:48:09PM -0400, Justin Riley wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi Titus,
> 
> By default StarCluster will configure the proper permissions for ssh
> so the ssh permission you've defined is not needed. Simply removing
> the SSH permission from the list should work for you. Let me know how
> it goes.

You know, I could have sworn I started there... but apparently I screwed
up something else at the time, because that worked!

It'd still be nice to know why explicitly putting in ssh fails :)

thanks,
--titus

> On 03/12/2012 10:01 PM, C. Titus Brown wrote:
> > Hi all,
> > 
> > thanks for Starcluster!  Truly awesome.
> > 
> > I'm running into a slight security group problem with 0.93.1 that I
> > don't understand.
> > 
> > I was using starcluster start to start an EBS AMI, and everything
> > seemed to be working fine -- it would start up & I would be able to
> > ssh into it with 'sshmaster'.
> > 
> > Then I wanted to add https to the security group permissions on
> > startup, so I modified my '[cluster smallcluster]' config settings
> > to include
> > 
> > PERMISSIONS = ssh, https
> > 
> > and then added
> > 
> > --- [permission ssh] protocol=tcp from_port=22 to_port=22
> > 
> > [permission https] protocol=tcp from_port=443 to_port=443 ---
> > 
> > at the bottom of the config file.
> > 
> > This worked partially: https was now allowed.  But ssh wasn't any
> > more!
> > 
> > I can disable https and enable ssh on start by commenting out
> > PERMISSIONS; or disable ssh and enable https by uncommenting
> > PERMISSIONS.
> > 
> > Any thoughts?  I have verified that the security settings on Amazon
> > match the behavior (that is, no SSH port added when PERMISSIONS is
> > uncommented, etc.)
> > 
> > thanks, --titus
> > 
> > The output, with PERMISSIONS uncommented:
> > 
> >>>> Using default cluster template: smallcluster Validating
> >>>> cluster template settings... Cluster template settings are
> >>>> valid Starting cluster... Launching a 1-node cluster... 
> >>>> Creating security group @sc-test2... Opening tcp port range
> >>>> 443-443 for CIDR 0.0.0.0/0
> > Reservation:r-e5fbe185
> >>>> Starting cluster took 0.033 mins
> > 
> > The output, with PERMISSIONS commented out:
> > 
> >>>> Using default cluster template: smallcluster Validating
> >>>> cluster template settings... Cluster template settings are
> >>>> valid Starting cluster... Launching a 1-node cluster... 
> >>>> Creating security group @sc-test...
> > Reservation:r-49fae029
> >>>> Starting cluster took 0.029 mins
> > 
> > 
> > 
> > _______________________________________________ StarCluster mailing
> > list StarCluster at mit.edu 
> > http://mailman.mit.edu/mailman/listinfo/starcluster
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> 
> iEUEARECAAYFAk9fpHkACgkQ4llAkMfDcrnJrwCWIgtXRGM/lKAcAkMHBbVR5wUG
> uACbBaLZf4zJWrERB8XunXhCKO8qFOg=
> =S+cK
> -----END PGP SIGNATURE-----

-- 
C. Titus Brown, ctb at msu.edu


More information about the StarCluster mailing list