HPCCloud icon indicating copy to clipboard operation
HPCCloud copied to clipboard

Published 20 hours ago verified publisher icon Kitware

AWS profile region restrictions

Open cjh1 opened this issue 9 years ago • 7 comments

AWS creates a default VPC per region. Starcluster creates its instances in this VPC by default so that the cluster instance are not accessible from the outside world. In order to do this Starcluster must be run from a machine that is in the VPC. Starcluster also has the option to assign public ips to all node in the cluster that then removes this restriction although there is potentially a greater security risk. So what does this mean client? We need to expose and check box indicating whether to use public ip on cluster nodes. This check box will have different behavior depending if the HPCCloud stack is deployed on EC2 or not.

EC2 deployment

  • Check box is checked - We configure Starcluster to use public IP and the pull list of AWS regions is available to choose from.
  • Check box is unchecked - We have to restrict the regions that can be used to the region the stack has been deployed in so Starcluster will have access to the default VPC. The region will be configured into a JSON file as part of the deployment process.

Non EC2 deployment

  • In this case the only option is to use public IP for every node as Starcluster will be running outside EC2.
  • The checkbox should be checked and disabled and all regions will be availble to the user to create clusters in.

cjh1 avatar Sep 24 '15 16:09 cjh1

We are going to simplify this further. There will be no public ips check box.

EC2 deployment

We have to restrict the regions that can be used to the region the stack has been deployed in so Starcluster will have access to the default VPC. The region will be configured into a JSON file as part of the deployment process.

Non EC2 deployment

In this case there will be not access to EC2, so traditional cluster should be the only thing a user can configure. This deployment will be indicated by the fact that there will be no region set in the JSON file mentioned above.

cjh1 avatar Sep 28 '15 13:09 cjh1

+1

On Mon, Sep 28, 2015 at 7:12 AM, Chris Harris [email protected] wrote:

We are going to simplify this further. There will be no public ips check box. EC2 deployment

We have to restrict the regions that can be used to the region the stack has been deployed in so Starcluster will have access to the default VPC. The region will be configured into a JSON file as part of the deployment process. Non EC2 deployment

In this case there will be not access to EC2, so traditional cluster should be the only thing a user can configure. This deployment will be indicated by the fact that there will be no region set in the JSON file mentioned above.

— Reply to this email directly or view it on GitHub https://github.com/Kitware/HPCCloud/issues/33#issuecomment-143739550.

patrickoleary avatar Sep 28 '15 13:09 patrickoleary

@TristanWright Where do you think the configured file should be added to HPCCloud?

cjh1 avatar Oct 01 '15 13:10 cjh1

How about the configuration gets reached from a service or a factory injected into the user-preferences? The file can be on the root level for simplicity's sake/

TristanWright avatar Oct 14 '15 22:10 TristanWright

Sounds good to me

cjh1 avatar Oct 15 '15 12:10 cjh1

Starcluster was removed from cumulus, is this issue still pertinent?

TristanWright avatar Apr 07 '16 21:04 TristanWright

Yes, lets leave this open

cjh1 avatar Apr 08 '16 12:04 cjh1