brooklyn-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aled Sage <aled.s...@gmail.com>
Subject openIptables with BYON machines: add to SoftwareProcess?
Date Fri, 17 Jul 2015 20:41:13 GMT
Hi all,

A customer is using a bring-your-own-node location, and wants to use 
something akin to the JcloudsLocation's openIptables. In 
JcloudsLocation, it will look at the inboundPorts configuration, and 
open those ports in the iptables rules on the OS.

A fundamental question... is this the responsibility of the location, or 
should this be in the entity (i.e. the location just does cloud config + 
setup of the initial user, and then hands over the VM; whatever is on 
the actual OS is the responsibility of the entity)?

I favour adding to SoftwareProcess the config keys:

  * openIptables (default true)
  * stopIptables (default false)
  * dontRequireTtyForSudo (default false - see
    BashCommands.dontRequireTtyForSudo for details)

These would be the first things done by the SoftwareProcess (prior to 
executing the pre-install commands). The SoftwareProcess has access to 
the inboundPorts (it passed those in when obtaining the machine).

Does this sound sensible? Comments much appreciated!

Aled


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message