[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: Strange security issue with Origin Install



I would like to understand some pointers on security groups for aws while Installing origin.

Need to understand how restrictive it can get and what are the bare minimum protocols that are needed.


Any ideas on this would be appreciated since I feel this could be one reason for such an issue.

I have created a security group which can be used for node and broker and highlighted areas  which needs

some confirmation – looking forward to have secure environment and to have bare minimum opened.

For a set up where we have 1 broker + 1 node set up




Thanks for all the great work and support!



-----Original Message-----
From: N. Harrison Ripps [mailto:hripps redhat com]
Sent: Wednesday, February 19, 2014 7:39 PM
To: Madathilthattantav, S.
Cc: dev lists openshift redhat com
Subject: Re: Strange security issue with Origin Install


Hey Shabna--

I'm adding the dev list because I know others have encountered security issues when deploying Origin on AWS. Has anyone else run into this?


On Feb 18, 2014, at 23:50, <s madathilthattantav accenture com> <s madathilthattantav accenture com> wrote:


> I have set up OpenShift Origin V3 Installation  in an aws ec2 Instance(Fedora 19) using oo-install.

> Configuration :

> Broker +Broker Support services in one instance

> Node in another instance

> The installation looks good and I am able to deploy applications and work with it.

> Issue:

> Strangely,I am getting security incident on the Broker  instance saying  that its been operating an open proxy and environment is compromised etc..

> And I  had to shut down this instance.

> More Information:

> I have created the security groups by referring this blog : http://cloud-mechanic.blogspot.in/2013/05/openshift-on-aws-ec2-part-3-getting-in.html

> Also some additional steps required for getting installation working was

> 1.       Modify iptables to enable udp port

> 2.       Since  EC2 images are configured to only allow root logins with a key ,Node Instance sshd config was modified to PermitRootLogin and PasswordAuthentication as yes.

> 3.       On Node Host ,had to modify  the IP address of Broker and Node to point to the public ip addresses of Broker and Node host.

> 4.       On Node host ,Modify the MCollective configuration to point to the ip address of the Broker instead of hostname.

> 5.       Restart the services that were not running

> All the other steps were more or less done by the oo-install .As I understand some Installation configuration needs to be reviewed or modified – Any pointers will be greatly appreciated.

> I am not able to use the Origin installation due to this security issue.



Attachment: smime.p7s
Description: S/MIME cryptographic signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]