[StarCluster] Adding security group permissions
C. Titus Brown
ctb at msu.edu
Tue Mar 13 22:27:59 EDT 2012
On Tue, Mar 13, 2012 at 03:48:09PM -0400, Justin Riley wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Titus,
>
> By default StarCluster will configure the proper permissions for ssh
> so the ssh permission you've defined is not needed. Simply removing
> the SSH permission from the list should work for you. Let me know how
> it goes.
You know, I could have sworn I started there... but apparently I screwed
up something else at the time, because that worked!
It'd still be nice to know why explicitly putting in ssh fails :)
thanks,
--titus
> On 03/12/2012 10:01 PM, C. Titus Brown wrote:
> > Hi all,
> >
> > thanks for Starcluster! Truly awesome.
> >
> > I'm running into a slight security group problem with 0.93.1 that I
> > don't understand.
> >
> > I was using starcluster start to start an EBS AMI, and everything
> > seemed to be working fine -- it would start up & I would be able to
> > ssh into it with 'sshmaster'.
> >
> > Then I wanted to add https to the security group permissions on
> > startup, so I modified my '[cluster smallcluster]' config settings
> > to include
> >
> > PERMISSIONS = ssh, https
> >
> > and then added
> >
> > --- [permission ssh] protocol=tcp from_port=22 to_port=22
> >
> > [permission https] protocol=tcp from_port=443 to_port=443 ---
> >
> > at the bottom of the config file.
> >
> > This worked partially: https was now allowed. But ssh wasn't any
> > more!
> >
> > I can disable https and enable ssh on start by commenting out
> > PERMISSIONS; or disable ssh and enable https by uncommenting
> > PERMISSIONS.
> >
> > Any thoughts? I have verified that the security settings on Amazon
> > match the behavior (that is, no SSH port added when PERMISSIONS is
> > uncommented, etc.)
> >
> > thanks, --titus
> >
> > The output, with PERMISSIONS uncommented:
> >
> >>>> Using default cluster template: smallcluster Validating
> >>>> cluster template settings... Cluster template settings are
> >>>> valid Starting cluster... Launching a 1-node cluster...
> >>>> Creating security group @sc-test2... Opening tcp port range
> >>>> 443-443 for CIDR 0.0.0.0/0
> > Reservation:r-e5fbe185
> >>>> Starting cluster took 0.033 mins
> >
> > The output, with PERMISSIONS commented out:
> >
> >>>> Using default cluster template: smallcluster Validating
> >>>> cluster template settings... Cluster template settings are
> >>>> valid Starting cluster... Launching a 1-node cluster...
> >>>> Creating security group @sc-test...
> > Reservation:r-49fae029
> >>>> Starting cluster took 0.029 mins
> >
> >
> >
> > _______________________________________________ StarCluster mailing
> > list StarCluster at mit.edu
> > http://mailman.mit.edu/mailman/listinfo/starcluster
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEUEARECAAYFAk9fpHkACgkQ4llAkMfDcrnJrwCWIgtXRGM/lKAcAkMHBbVR5wUG
> uACbBaLZf4zJWrERB8XunXhCKO8qFOg=
> =S+cK
> -----END PGP SIGNATURE-----
--
C. Titus Brown, ctb at msu.edu
More information about the StarCluster
mailing list