You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I was using starcluster start to start an EBS AMI, and everything seemed to be working fine -- it would start up & I would be able to ssh into it with 'sshmaster'.
Then I wanted to add https to the security group permissions on startup, so I modified my '[cluster smallcluster]' config settings to include
The cluster_group property applies all user-specified permissions when
creating or fetching the cluster's security group. If the user
customizes the SSH permissions StarCluster removes the public CIDR_IP
permission in order to accomodate stricter CIDR_IP settings (e.g.
limiting access to a single IP). This is needed because in general
all CIDR_IPs for a given security group rule are allowed access which
means if 0.0.0.0/0 is in the list then *all* users have access
regardless of other CIDR_IPs.
The previous logic would remove 0.0.0.0/0 from the CIDR_IP list if *any*
ssh rule was specified by the user. This is fine except when users dont
specify a custom CIDR_IP - in this case the code ends up removing the
SSH rule completely given that only a single CIDR_IP (0.0.0.0/0) exists
and it's blindly removed. Updated this logic to remove the public CIDR_IP
(0.0.0.0/0) from the SSH rule *only* if the custom SSH permission
explicitly specifies a CIDR_IP other than the public CIDR_IP. This
avoids ever removing the SSH rule entirely and prevents locking users
out of their cluster(s).
closesjtrileygh-91
From the StarCluster mailing list:
http://mailman.mit.edu/pipermail/starcluster/2012-March/001115.html
I was using starcluster start to start an EBS AMI, and everything seemed to be working fine -- it would start up & I would be able to ssh into it with 'sshmaster'.
Then I wanted to add https to the security group permissions on startup, so I modified my '[cluster smallcluster]' config settings to include
and then added
at the bottom of the config file.
This worked partially: https was now allowed. But ssh wasn't any more!
I can disable https and enable ssh on start by commenting out PERMISSIONS; or disable ssh and enable https by uncommenting PERMISSIONS.
The text was updated successfully, but these errors were encountered: