brooklyn-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From drigod...@apache.org
Subject [1/2] brooklyn-docs git commit: Opening ports for Security Group based locations
Date Fri, 23 Jun 2017 13:09:15 GMT
Repository: brooklyn-docs
Updated Branches:
  refs/heads/master 7df106adf -> 0ca3f6e74


Opening ports for Security Group based locations


Project: http://git-wip-us.apache.org/repos/asf/brooklyn-docs/repo
Commit: http://git-wip-us.apache.org/repos/asf/brooklyn-docs/commit/6631963c
Tree: http://git-wip-us.apache.org/repos/asf/brooklyn-docs/tree/6631963c
Diff: http://git-wip-us.apache.org/repos/asf/brooklyn-docs/diff/6631963c

Branch: refs/heads/master
Commit: 6631963caff3df41880daebc75b9b440e380c397
Parents: b86635c
Author: Valentin Aitken <bostko@gmail.com>
Authored: Sat Oct 29 00:19:24 2016 +0300
Committer: Valentin Aitken <bostko@gmail.com>
Committed: Tue Jun 20 16:14:11 2017 +0300

----------------------------------------------------------------------
 guide/locations/_clouds.md                      |  2 +-
 .../_location-customizer-security-groups.md     | 56 ++++++++++++++++++++
 .../jclouds-location-customizers/index.md       |  6 +++
 guide/locations/location-customizers.md         |  6 +++
 .../machine-location-customizers/index.md       |  9 ++++
 5 files changed, 78 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/brooklyn-docs/blob/6631963c/guide/locations/_clouds.md
----------------------------------------------------------------------
diff --git a/guide/locations/_clouds.md b/guide/locations/_clouds.md
index 7c82b9e..b590014 100644
--- a/guide/locations/_clouds.md
+++ b/guide/locations/_clouds.md
@@ -252,7 +252,7 @@ For example, here is a complete blueprint that sets some AWS EC2 specific
option
     location: AWS_eu-west-1
     services:
     - type: org.apache.brooklyn.entity.software.base.EmptySoftwareProcess
-      provisioningProperties:
+      provisioning.properties:
         templateOptions:
           subnetId: subnet-041c8373
           mapNewVolumeToDeviceName: ["/dev/sda1", 100, true]

http://git-wip-us.apache.org/repos/asf/brooklyn-docs/blob/6631963c/guide/locations/jclouds-location-customizers/_location-customizer-security-groups.md
----------------------------------------------------------------------
diff --git a/guide/locations/jclouds-location-customizers/_location-customizer-security-groups.md
b/guide/locations/jclouds-location-customizers/_location-customizer-security-groups.md
new file mode 100644
index 0000000..b472a13
--- /dev/null
+++ b/guide/locations/jclouds-location-customizers/_location-customizer-security-groups.md
@@ -0,0 +1,56 @@
+---
+section: Customizing Cloud Security Group
+section_position: 1
+section_type: inline
+---
+
+
+## Customizing Cloud Security Group
+
+Before using SharedLocationSecurityGroupCustomizer, please first refer to [Port Inferencing](../../blueprints/custom-entities.html#port-inferencing).
+
+A security group is a named collection of network access rules that are use to limit the
types of traffic that have access to instances.<br>
+Security group is the standard way to set firewall restrictions on the AWS-EC2 environment.
+[docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html](http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html)
+
+When deploying to AWS EC2 target, by default Apache Brooklyn creates security group attached
to the VM.
+It is easy to add additional rules to the initial security group using `org.apache.brooklyn
SharedLocationSecurityGroupCustomizer`.
+
+YAML Example:
+
+    name: ports @ AWS
+    location: jclouds:aws-ec2:us-west-2:
+    services:
+    - type: org.apache.brooklyn.entity.software.base.EmptySoftwareProcess
+      brooklyn.config:
+        provisioning.properties:
+          customizers:
+          - $brooklyn:object:
+              type: org.apache.brooklyn.location.jclouds.networking.SharedLocationSecurityGroupCustomizer
+              object.fields: {tcpPortRanges: ["900-910", "915", "22"], udpPortRanges: ["100","200-300"],
cidr: "82.40.153.101/24"}
+
+
+Make sure that you have rule which makes port 22 accessible from Apache Brooklyn.
+
+### Opening ports during runtime.
+
+Apache Brooklyn exposes the SharedLocationSecurityGroupCustomizer functionality after entity
is deployed <br>
+just by supplying `effector.add.openInboundPorts: true` "brooklyn.config".
+Example configuration in effector
+
+    location: jclouds:aws-ec2:us-west-2
+    services:
+    - type: org.apache.brooklyn.entity.software.base.EmptySoftwareProcess
+      brooklyn.config:
+        effector.add.openInboundPorts: true
+
+### Known limitations
+
+Not all cloud providers support Security Group abstraction.
+`SharedLocationSecurityGroupCustomizer` is known to work well with Amazon EC2.<br>
+Other clouds which support Security Groups:
+
+- Openstack
+- Azure - jclouds-labs azurecompute implementation uses endpoints rules when creating a VM
instance.
+  jclouds:azurecompute based location do not have security groups so SharedLocationSecurityGroupCustomizer
is used it will fail to find a security group.
+

http://git-wip-us.apache.org/repos/asf/brooklyn-docs/blob/6631963c/guide/locations/jclouds-location-customizers/index.md
----------------------------------------------------------------------
diff --git a/guide/locations/jclouds-location-customizers/index.md b/guide/locations/jclouds-location-customizers/index.md
new file mode 100644
index 0000000..b54c235
--- /dev/null
+++ b/guide/locations/jclouds-location-customizers/index.md
@@ -0,0 +1,6 @@
+---
+title: Jclouds Location Customizers
+layout: website-normal
+check_directory_for_children: true
+---
+{% child_content %}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/brooklyn-docs/blob/6631963c/guide/locations/location-customizers.md
----------------------------------------------------------------------
diff --git a/guide/locations/location-customizers.md b/guide/locations/location-customizers.md
index 405bb14..ddcb599 100644
--- a/guide/locations/location-customizers.md
+++ b/guide/locations/location-customizers.md
@@ -1,6 +1,9 @@
 ---
 title: Location Customizers
 layout: website-normal
+children:
+- machine-location-customizers/
+- jclouds-location-customizers/
 ---
 
 Apache Brooklyn supports a number of ways to configure and customize locations. These include
@@ -167,3 +170,6 @@ the type and its configuration. For example:
 To register `MachineLocationCustomizer` instances programmatically, set the config key
 `CloudLocationConfig.MACHINE_LOCATION_CUSTOMIZERS` on the location, or pass this 
 config option when calling `location.obtain(options)`.
+
+## Implementations available in Apache Brooklyn
+{% include list-children.html %}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/brooklyn-docs/blob/6631963c/guide/locations/machine-location-customizers/index.md
----------------------------------------------------------------------
diff --git a/guide/locations/machine-location-customizers/index.md b/guide/locations/machine-location-customizers/index.md
new file mode 100644
index 0000000..56e9e03
--- /dev/null
+++ b/guide/locations/machine-location-customizers/index.md
@@ -0,0 +1,9 @@
+---
+title: Machine Location Customizers
+layout: website-normal
+check_directory_for_children: true
+---
+
+* [org.apache.brooklyn.entity.machine.SetHostnameCustomizer](https://github.com/apache/brooklyn-server/blob/master/software/base/src/main/java/org/apache/brooklyn/entity/machine/SetHostnameCustomizer.java)
+Sets the hostname on an ssh'able machine. Currently only CentOS and RHEL are supported.
+The customizer can be configured with a hard-coded hostname, or with a freemarker template
whose value (after substitutions) will be used for the hostname.


Mime
View raw message