Version 2 (modified by ibaldin, 8 years ago)

--

Using Shorewall DNAT proxy with ORCA

Overview

Support for Shorewall DNAT proxy is integrated into ORCA's EC2 handler that operates on Eucalyptus/NEuca installations. All configuration parameters are located in the ec2.site.properties file. Parts of that file relevant to Shorewall proxy are shown below.

Proxy configuration (statically configured)

The handler support configuring a proxy for the created instance for situations when instances are created within a private address space separated from the public Internet. Currently SHOREWALL-DNAT proxy is supported. The following properties are used by the handler (typically specified in ec2.site.properties, see below):

  • Whether proxy should be used at all (true|false)
    ec2.use.proxy=true
    
  • The type of proxy (currently supported types: 'SHOREWALL-DNAT')
    proxy.type=SHOREWALL-DNAT
    
  • IP address of proxy host
    proxy.proxy.ip=geni-test.renci.ben
    
  • Username on the proxy authorized to make configuration changes
    proxy.user=orca
    
  • Filename containing private SSH key of the authorized user (absolute path)
    proxy.ssh.key=/opt/orca/config/orca-proxy-ssh-key
    
  • Path to shorewall scripts on proxy
    proxy.script.path=/opt/shorewall-scripts
    

Fore more details see NEuca handler