Version 6 (modified by ibaldin, 8 years ago)

--

Using Shorewall DNAT proxy with ORCA

Overview

Support for Shorewall DNAT proxy is integrated into ORCA's EC2 handler that operates on Eucalyptus/NEuca installations. All configuration parameters are located in the ec2.site.properties file. Parts of that file relevant to Shorewall proxy are shown below.

Proxy configuration (Camano 3.0+)

The handler support configuring a proxy for the created instance for situations when instances are created within a private address space separated from the public Internet. Currently SHOREWALL-DNAT proxy is supported. The following properties are used by the handler (specified in ec2.site.properties, see NEuca handler):

  • Whether proxy should be used at all (true|false)
    ec2.use.proxy=true
    
  • The type of proxy (currently supported types: 'SHOREWALL-DNAT')
    proxy.type=SHOREWALL-DNAT
    
  • IP address of proxy host
    proxy.proxy.ip=geni-test.renci.ben
    
  • Username on the proxy authorized to make configuration changes
    proxy.user=orca
    
  • Filename containing private SSH key of the authorized user (absolute path)
    proxy.ssh.key=/opt/orca/config/orca-proxy-ssh-key
    
  • Path to shorewall scripts on proxy
    proxy.script.path=/opt/shorewall-scripts
    

Fore more details see NEuca handler and NEuca handler testing.

Output

Shorewall DNAT proxy output is returned by ORCA in unit.manage.ip and unit.manage.port properties returned to the user.