On 2017-11-21 13:34:57 -0500 (-0500), Paul Belanger wrote: [...] > I don't think we'd need to use security groups, we could just > setup a local firewall ruleset to do this on the node if we > wanted. [...]
I considered suggesting that in my original reply, but then realized that we still have steps in the job which are going to need to do egress (though perhaps only to our mirror servers?) and in particular between phases of tox itself where we can't easily pause execution to perform root tasks like injecting iptables rules. I suppose if someone wants to write up a generic role which restricts egress access to only allow reaching the mirror server for the provider where that job is running, we could try adding it to some copies of unit test jobs in a few projects to see what happens. -- Jeremy Stanley
signature.asc
Description: Digital signature
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
