Setting the security group?
331 views
Skip to first unread message
AndyK
Dec 24, 2011, 7:46:45 AM12/24/11
to pallet
How can the security group be set to an existing one, rather than
defaulting to the jclouds generated name?
defaulting to the jclouds generated name?
Adrian Cole
Dec 24, 2011, 11:04:16 AM12/24/11
to palle...@googlegroups.com, jclou...@googlegroups.com
The jclouds option you want is EC2TemplateOptions.Builder/keyPair
This would be passed to your node definition along with image id, etc.
I suspect :key-pair might work, but I haven't tried. Here is an overview of options like these, and we probably need to update them with clojure examples and/or make a clojure version of the page.
http://www.jclouds.org/documentation/userguide/using-ec2
-A
AndyK
Dec 24, 2011, 4:14:10 PM12/24/11
to pallet
Actually - this looks like what I'm talking about - the EC2 instance
security group that defines allowed incoming ports but also defines
what instances are allowed to talk to each other directly...
template.getOptions().as(EC2TemplateOptions.class).securityGroup(group1,
group2);
Adding this to my node-spec created an instance with both the jclouds-
generated security group and my security group
:network {:security-groups ["MySecurityGroup"]}
On Dec 24, 11:04 am, Adrian Cole <adrian.f.c...@gmail.com> wrote:
> The jclouds option you want is EC2TemplateOptions.Builder/keyPair
>
> This would be passed to your node definition along with image id, etc.
>
> I suspect :key-pair might work, but I haven't tried. Here is an overview
> of options like these, and we probably need to update them with clojure
> examples and/or make a clojure version of the page.
>
> http://www.jclouds.org/documentation/userguide/using-ec2
>
> -A
>
security group that defines allowed incoming ports but also defines
what instances are allowed to talk to each other directly...
template.getOptions().as(EC2TemplateOptions.class).securityGroup(group1,
group2);
Adding this to my node-spec created an instance with both the jclouds-
generated security group and my security group
:network {:security-groups ["MySecurityGroup"]}
On Dec 24, 11:04 am, Adrian Cole <adrian.f.c...@gmail.com> wrote:
> The jclouds option you want is EC2TemplateOptions.Builder/keyPair
>
> This would be passed to your node definition along with image id, etc.
>
> I suspect :key-pair might work, but I haven't tried. Here is an overview
> of options like these, and we probably need to update them with clojure
> examples and/or make a clojure version of the page.
>
> http://www.jclouds.org/documentation/userguide/using-ec2
>
> -A
>
AndyK
Dec 26, 2011, 8:21:45 AM12/26/11
to pallet
On Dec 24, 4:14 pm, AndyK <andy.kri...@gmail.com> wrote:
> Actually - this looks like what I'm talking about - the EC2 instance
> security group that defines allowed incoming ports but also defines
> what instances are allowed to talk to each other directly...
> template.getOptions().as(EC2TemplateOptions.class).securityGroup(group1,
> group2);
>
> Adding this to my node-spec created an instance with both the jclouds-
> generated security group and my security group
> :network {:security-groups ["MySecurityGroup"]}
>
Does the JClouds or Pallet APIs support creation of new security-
> Actually - this looks like what I'm talking about - the EC2 instance
> security group that defines allowed incoming ports but also defines
> what instances are allowed to talk to each other directly...
> template.getOptions().as(EC2TemplateOptions.class).securityGroup(group1,
> group2);
>
> Adding this to my node-spec created an instance with both the jclouds-
> generated security group and my security group
> :network {:security-groups ["MySecurityGroup"]}
>
groups?
Adrian Cole
Dec 26, 2011, 10:45:07 AM12/26/11
to palle...@googlegroups.com, jcl...@googlegroups.com
Sure does. Here's the clojure namespace you want:
AndyK
Jan 22, 2012, 10:04:20 PM1/22/12
to pallet
And is it possible to suppress the automatic creation of a security
group by JClouds? (i.e. to totally control the security group creation
process)
group by JClouds? (i.e. to totally control the security group creation
process)
Hugo Duncan
Jan 22, 2012, 10:28:37 PM1/22/12
to palle...@googlegroups.com
AndyK <andy....@gmail.com> writes:
> And is it possible to suppress the automatic creation of a security
> group by JClouds? (i.e. to totally control the security group creation
> process)
This is managed at the jclouds level. I believe the :no-key-pair
template options achieves this, though I'm not 100% sure.
You can try adding this key to your node-spec.
Hugo
Mattias Holmqvist
Jan 23, 2012, 2:32:10 AM1/23/12
to pallet
Hi Andy,
When someone sets :security-groups (see compute2.clj) to a list of
security group ids, jclouds will not create security groups
automatically. This is the same as EC2TemplateOptions.securityGroups,
and the logic behind this is:
CreateKeyPairAndSecurityGroupsAsNeededAndReturnRunOptions.userSpecifiedTheirOwnGroups
/Mattias
When someone sets :security-groups (see compute2.clj) to a list of
security group ids, jclouds will not create security groups
automatically. This is the same as EC2TemplateOptions.securityGroups,
and the logic behind this is:
CreateKeyPairAndSecurityGroupsAsNeededAndReturnRunOptions.userSpecifiedTheirOwnGroups
/Mattias
AndyK
Jan 24, 2012, 4:32:06 PM1/24/12
to pallet
When I do something like this using using pallet...
(node-spec :image {:os-family :amzn-linux
:image-id my-img-id
:hardware-id node-type}
:network {:security-groups [my-sec-group]})
I see both my-sec-group and the jclouds security group (which is based
on the group-spec name). Are you saying that's not what I should be
seeing? Or is it that I'm using pallet and not the jclouds to do
this?
Forgive me if the line between pallet + jclouds isn't so distinct as
I'm thinking of it - I don't know how much pallet calls to jclouds
clojure code and how much it uses the Java libs.
On Jan 23, 2:32 am, Mattias Holmqvist <mattias.holmqv...@gmail.com>
wrote:
(node-spec :image {:os-family :amzn-linux
:image-id my-img-id
:hardware-id node-type}
:network {:security-groups [my-sec-group]})
I see both my-sec-group and the jclouds security group (which is based
on the group-spec name). Are you saying that's not what I should be
seeing? Or is it that I'm using pallet and not the jclouds to do
this?
Forgive me if the line between pallet + jclouds isn't so distinct as
I'm thinking of it - I don't know how much pallet calls to jclouds
clojure code and how much it uses the Java libs.
On Jan 23, 2:32 am, Mattias Holmqvist <mattias.holmqv...@gmail.com>
wrote:
Mattias Holmqvist
Jan 25, 2012, 3:31:51 AM1/25/12
to pallet
Whoops, you are right. :)
What you are seeing is the jclouds marker group, which allows jclouds
to look up nodes within a group by name. While asthetically this may
seem undesirable, this "marker" security group created by jclouds
holds no rules and is harmless. It will have the naming convention
jclouds#group#region [1]
The jclouds group is encoded into the name of a security group, as
when jclouds ec2 support was written, the EC2 "tags" api didn't exist.
Now that a tags api exists, we can move the "aws-ec2" provider to use
this, ex. by adding a tag named "jclouds:group" and ensuring our code
that parses the group looks at this data. That said, the base logic is
still required, as openstack nova, cloudstack, eucalyptus, etc. EC2
implementations do not yet support tags.
Feel free to open an issue to change aws-ec2 support to use ec2 tags
as opposed to marker security group for assigning the jclouds group
name: http://code.google.com/p/jclouds/issues/entry We will get to it
as soon as we can. In the mean time, just ignore the extra group.
[1]
CreateKeyPairAndSecurityGroupsAsNeededAndReturnRunOptions.getSecurityGroupsForTagAndOptions
I will send a ping to jclouds-dev about this as well.
Hope this helps!
What you are seeing is the jclouds marker group, which allows jclouds
to look up nodes within a group by name. While asthetically this may
seem undesirable, this "marker" security group created by jclouds
holds no rules and is harmless. It will have the naming convention
jclouds#group#region [1]
The jclouds group is encoded into the name of a security group, as
when jclouds ec2 support was written, the EC2 "tags" api didn't exist.
Now that a tags api exists, we can move the "aws-ec2" provider to use
this, ex. by adding a tag named "jclouds:group" and ensuring our code
that parses the group looks at this data. That said, the base logic is
still required, as openstack nova, cloudstack, eucalyptus, etc. EC2
implementations do not yet support tags.
Feel free to open an issue to change aws-ec2 support to use ec2 tags
as opposed to marker security group for assigning the jclouds group
name: http://code.google.com/p/jclouds/issues/entry We will get to it
as soon as we can. In the mean time, just ignore the extra group.
[1]
CreateKeyPairAndSecurityGroupsAsNeededAndReturnRunOptions.getSecurityGroupsForTagAndOptions
I will send a ping to jclouds-dev about this as well.
Hope this helps!
Eugen Paraschiv
Apr 20, 2012, 7:49:57 AM4/20/12
to palle...@googlegroups.com
Hi,
Any news on this one? Has the issue been opened (so that I can track it)?
I'm still getting a new security group created even when a specify the security groups manually in 1.5.0-alpha.4.
Thanks.
Eugen.
Any news on this one? Has the issue been opened (so that I can track it)?
I'm still getting a new security group created even when a specify the security groups manually in 1.5.0-alpha.4.
Thanks.
Eugen.
Adrian Cole
Apr 20, 2012, 11:43:45 AM4/20/12
to palle...@googlegroups.com
Hi, Eugen.
Can you search for and/or create an issue here:
http://code.google.com/p/jclouds/issues
Mark it milestone 1.5.0-alpha.5 and critical. We need to cut another
alpha for the jenkins plugin [1] this weekend, and I'll be sure to
attend to this, when it's on the radar :)
Cheers,
-A
[1] https://github.com/jenkinsci/jclouds-plugin
Eugen Paraschiv
Sep 7, 2012, 4:31:21 PM9/7/12
to palle...@googlegroups.com
Quick followup on this one:
As far as I can see, this is being tracked in:
http://code.google.com/p/jclouds/issues/detail?id=365 (comment says it's fixed)
https://github.com/jclouds/jclouds/pull/348
However, on 1.5.0-beta.11 I am still seeing the marker security group after the node itself has been deleted.
Is this expected behavior or should an issue still be created to track this?
Thanks.
Eugen.
As far as I can see, this is being tracked in:
http://code.google.com/p/jclouds/issues/detail?id=365 (comment says it's fixed)
https://github.com/jclouds/jclouds/pull/348
However, on 1.5.0-beta.11 I am still seeing the marker security group after the node itself has been deleted.
Is this expected behavior or should an issue still be created to track this?
Thanks.
Eugen.
Hao Lin
Apr 27, 2016, 5:05:59 PM4/27/16
to pallet, hanri...@gmail.com
Do we have a solution in Pallet to use pre-existing security groups without creating a new one from Pallet? many thanks
Michael Jerger
Aug 13, 2016, 5:00:35 AM8/13/16
to pallet, hanri...@gmail.com
Hi Hao,
if your interessed in a alternative solution you will find here my setting using a more native aws provider:
On line 77 you'll finde how to integrate existing groups here.
BG, Michael
Reply all
Reply to author
Forward
0 new messages