Allow to set allowed_ssh_prefixes list parameter #396

BenoitCattie · 2017-12-05T18:11:03Z

Hello,

this PR allow to set a list of IP prefixes allowed for SSH in instances security groups.

Notes :

adding OS::Neutron::SecurityGroupRule as i wasn't able to combine "repeat" and "static" rules

Benoit

tomassedovic · 2017-12-06T08:49:39Z

Thanks @BenoitCattie! I understand the desire for this change, but it makes the template much more verbose :-(.

What do you think about creating a separate SSH security group with the IP prefixes rules and passing that in addition to the current security group?

A server/port can have more than one security group applied:

https://github.com/BenoitCattie/openshift-on-openstack/blob/4d8d64516dc6b0fb2ee7416a88f239449b06b9a2/master.yaml#L235

If that doesn't work out (but it should), I'd prefer if we moved all the security groups & rules to separate files.

BenoitCattie · 2017-12-08T09:40:08Z

Hello,

indeed, the template is much more verbose with OS::Neutron::SecurityGroupRule.

I'm not sure how to pass IP prefixes in a different security group, as existing security group have a SSH rule allowing any ingress traffic. So adding restricted prefixes in addition will not remove the existing rule.

Do i misunderstood something ?

Benoit

Allow to set allowed_ssh_prefixes list parameter

4d8d645

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Allow to set allowed_ssh_prefixes list parameter #396

Allow to set allowed_ssh_prefixes list parameter #396

Uh oh!

BenoitCattie commented Dec 5, 2017

Uh oh!

tomassedovic commented Dec 6, 2017

Uh oh!

BenoitCattie commented Dec 8, 2017

Uh oh!

Uh oh!

Allow to set allowed_ssh_prefixes list parameter #396

Are you sure you want to change the base?

Allow to set allowed_ssh_prefixes list parameter #396

Uh oh!

Conversation

BenoitCattie commented Dec 5, 2017

Uh oh!

tomassedovic commented Dec 6, 2017

Uh oh!

BenoitCattie commented Dec 8, 2017

Uh oh!

Uh oh!