Hi,
Can including openIptables on the SoftwareProcess cause some
interference between different entities running on the same location?
If one process has openIptables set to false, but some other changes it
to true. Isn't the location a more suitable place to handle single
configuration for multiple entities?
Regards,
Yavor
On 07/20/2015 01:01 PM, Sam Corbett wrote:
Hi Aled,
I favour including these parameters on the entity. Presumably it is the
software process being modelled that requires iptables opened or stopped.
Sam
On 17 July 2015 at 21:41, Aled Sage <[email protected]> wrote:
Hi all,
A customer is using a bring-your-own-node location, and wants to use
something akin to the JcloudsLocation's openIptables. In JcloudsLocation,
it will look at the inboundPorts configuration, and open those ports in the
iptables rules on the OS.
A fundamental question... is this the responsibility of the location, or
should this be in the entity (i.e. the location just does cloud config +
setup of the initial user, and then hands over the VM; whatever is on the
actual OS is the responsibility of the entity)?
I favour adding to SoftwareProcess the config keys:
* openIptables (default true)
* stopIptables (default false)
* dontRequireTtyForSudo (default false - see
BashCommands.dontRequireTtyForSudo for details)
These would be the first things done by the SoftwareProcess (prior to
executing the pre-install commands). The SoftwareProcess has access to the
inboundPorts (it passed those in when obtaining the machine).
Does this sound sensible? Comments much appreciated!
Aled
