brooklyn-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sam Corbett <>
Subject Re: openIptables with BYON machines: add to SoftwareProcess?
Date Tue, 21 Jul 2015 12:26:05 GMT
True, but in that case I think whoever is putting both entities in the 
same location is responsible for their configuration.


On 21/07/2015 12:50, Yavor Yanchev wrote:
> Hi,
> Can including openIptables on the SoftwareProcess cause some 
> interference between different entities running on the same location?
> If one process has openIptables set to false, but some other changes 
> it to true. Isn't the location a more suitable place to handle single 
> configuration for multiple entities?
> Regards,
> Yavor
> On 07/20/2015 01:01 PM, Sam Corbett wrote:
>> Hi Aled,
>> I favour including these parameters on the entity. Presumably it is the
>> software process being modelled that requires iptables opened or 
>> stopped.
>> Sam
>> On 17 July 2015 at 21:41, Aled Sage <> wrote:
>>> Hi all,
>>> A customer is using a bring-your-own-node location, and wants to use
>>> something akin to the JcloudsLocation's openIptables. In 
>>> JcloudsLocation,
>>> it will look at the inboundPorts configuration, and open those ports 
>>> in the
>>> iptables rules on the OS.
>>> A fundamental question... is this the responsibility of the 
>>> location, or
>>> should this be in the entity (i.e. the location just does cloud 
>>> config +
>>> setup of the initial user, and then hands over the VM; whatever is 
>>> on the
>>> actual OS is the responsibility of the entity)?
>>> I favour adding to SoftwareProcess the config keys:
>>>   * openIptables (default true)
>>>   * stopIptables (default false)
>>>   * dontRequireTtyForSudo (default false - see
>>>     BashCommands.dontRequireTtyForSudo for details)
>>> These would be the first things done by the SoftwareProcess (prior to
>>> executing the pre-install commands). The SoftwareProcess has access 
>>> to the
>>> inboundPorts (it passed those in when obtaining the machine).
>>> Does this sound sensible? Comments much appreciated!
>>> Aled

Cloudsoft Corporation Limited, Registered in Scotland No: SC349230. 
 Registered Office: 13 Dryden Place, Edinburgh, EH9 1RP
This e-mail message is confidential and for use by the addressee only. If 
the message is received by anyone other than the addressee, please return 
the message to the sender by replying to it and then delete the message 
from your computer. Internet e-mails are not necessarily secure. Cloudsoft 
Corporation Limited does not accept responsibility for changes made to this 
message after it was sent.

Whilst all reasonable care has been taken to avoid the transmission of 
viruses, it is the responsibility of the recipient to ensure that the 
onward transmission, opening or use of this message and any attachments 
will not adversely affect its systems or data. No responsibility is 
accepted by Cloudsoft Corporation Limited in this regard and the recipient 
should carry out such virus and other checks as it considers appropriate.

View raw message