Deploy securely on RackSpace

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Deploy securely on RackSpace

MarcusLongmuir
I'm looking into using RackSpace Cloud Servers for my application and
I've set up a single node successfully, but without firewall rules and
such the node is completely public and I assume that it won't be able
to create a cluster because of discovery settings.

Has anyone setup an ElasticSearch cluster on RackSpace successfully?
Reply | Threaded
Open this post in threaded view
|

Re: Deploy securely on RackSpace

Darron Froese
I'm working on a setup right now that uses firewall rules to keep
things pretty tight - once I get the last few kinks worked out I'll
post it here.

On Sun, Dec 4, 2011 at 1:29 PM, marcuslongmuir <[hidden email]> wrote:
> I'm looking into using RackSpace Cloud Servers for my application and
> I've set up a single node successfully, but without firewall rules and
> such the node is completely public and I assume that it won't be able
> to create a cluster because of discovery settings.
>
> Has anyone setup an ElasticSearch cluster on RackSpace successfully?
Reply | Threaded
Open this post in threaded view
|

Re: Deploy securely on RackSpace

Darron Froese
I got this running - it's been running now for a week now.

There's really 2 things you need to do to secure it:

1. Firewall the box - make sure you don't have access to 9200 or 9300
from everywhere - just the IPs that need it.
2. If you have a Rackspace Cloud Load Balancer, you need to also limit
access through that.

For #1 - I did this in my chef recipe:

http://d.pr/8Fba

That allows each IP address in my data bag to have access to each other.

For #2 - you need to use their interface that allows you to deny all,
then add the IPs that are required to have access.

Hopefully that helps - but it works great for us.

If somebody would like the Chef recipe that builds my boxes - I'll
sanitize and clean them up to post.

On Tue, Dec 6, 2011 at 8:10 PM, Darron Froese <[hidden email]> wrote:

> I'm working on a setup right now that uses firewall rules to keep
> things pretty tight - once I get the last few kinks worked out I'll
> post it here.
>
> On Sun, Dec 4, 2011 at 1:29 PM, marcuslongmuir <[hidden email]> wrote:
>> I'm looking into using RackSpace Cloud Servers for my application and
>> I've set up a single node successfully, but without firewall rules and
>> such the node is completely public and I assume that it won't be able
>> to create a cluster because of discovery settings.
>>
>> Has anyone setup an ElasticSearch cluster on RackSpace successfully?