AWS firewall configuration via security groups #239
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
parasj
reviewed
Mar 29, 2022
|
Follow up from today's meeting: we should reuse the same VPC + SG and not clear it (except in |
|
@parasj Can you list out the exact scenario you are thinking for which this would be useful? I can then reason about the best way to handle it. |
|
@ShishirPatil Setup:
This will allow concurrent transfers to occur. |
|
In a new issue: we should remove the client from the SG and use port 22 to copy a JSON to each instance containing the initial gateway ChunkRequests using SFTP (already implemented) then call curl via SSH to actually start the transfer. |
We cannot support concurrent transfers with the current architecture. This is because - on the source bucket side we will first check if there are any instances up. If there are, then we will just start re-using those instances. However, we don't check if those instances are busy, already engaged in a transfer. |
* Switch to ILock from oslo.concurrency's lockutils * Change behavior of remove_ip_from_security_group to instead remove * Remove make_vpc from add_ip_to_security_group and instead call it explicitly * Firewall rules also called old init jobs, fixed by redefining jobs * Remove add_ip_to_security_group and remove_ip_from_security_group from GCP/Azure since those two clouds have different terminology
ShishirPatil
commented
May 4, 2022
ShishirPatil
commented
May 4, 2022
parasj
added a commit
that referenced
this pull request
May 10, 2022
* Clean up instance profiles in deprovision * Fix bug in #239 * Fix pytype * Update deprovisoin logic * Cache pytype * Fix pytype * Disable pylint
parasj
pushed a commit
that referenced
this pull request
May 10, 2022
Skyplane now supports concurrent transfers in a secure manner. Every instance's ip is manually added to the SG at the start of transfer, and removed from the SG at the end of a transfer.
parasj
added a commit
that referenced
this pull request
May 10, 2022
* Clean up instance profiles in deprovision * Fix bug in #239 * Fix pytype * Update deprovisoin logic * Cache pytype * Fix pytype * Disable pylint
parasj
added a commit
that referenced
this pull request
May 10, 2022
…ation (#323) * Fix #318 by passing project_id during setup to region config serialization * Try another fix * Fig * Fix project ID * Fix bug with GCS transfers * Add internal CLI commands * Exit replicator client upon any errors (#324) * AWS firewall configuration via security groups (#239) Skyplane now supports concurrent transfers in a secure manner. Every instance's ip is manually added to the SG at the start of transfer, and removed from the SG at the end of a transfer. * Fix bug in #239 * Add CLI option to use BBR for transfers (#331) * Add option to use BBR in skylark cli * format * Update * Fix pytype * Open tunnel * Bold font * Update * Update * Update * Increase connections * Clean up instance profiles in deprovision (#334) * Clean up instance profiles in deprovision * Fix bug in #239 * Fix pytype * Update deprovisoin logic * Cache pytype * Fix pytype * Disable pylint * Fix issue Co-authored-by: Shishir Patil <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds firewalls
Fixes #272