github-actions[bot]
commented
2 years ago The issue had no activity for 30 days, mark with Stale label.
Open akshayar opened 2 years ago
github-actions[bot]
commented
2 years ago The issue had no activity for 30 days, mark with Stale label.
Is your enhancement request related to a problem? Please describe. A clear and concise description of what the enhancement is. I am referring to https://github.com/apache/pulsar/blob/master/deployment/terraform-ansible/aws/security.tf. The default security group (SG) opens SSH to the world and this SG gets applied to all the nodes. This is not a right practice. I would recommend opening only the proxy for SSH from anywhere. You can allow SSH from the default SG elsewhere.
Describe the solution you'd like A clear and concise description of what you want to happen. I am referring to https://github.com/apache/pulsar/blob/master/deployment/terraform-ansible/aws/security.tf. Create 3 SGs. 1) ELB 2) Proxy and 3) default. Open only Proxy for SSH. Apply Proxy and default to proxy server. Apply default to all other nodes. Also in the instructions ask to use private IP everywhere.
TF_STATE=./ TF_KEY_NAME=private_ip ansible-playbook --user='ec2-user' --inventory=~/environment/terraform-inventory ../deploy-pulsar.yaml, this is useful as now servers are connecting to each other using private IP. Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.Additional context Add any other context or screenshots about the feature request here.