octavia/elements
Stephen Balukoff 81c73bd1b5 Make SSH bind to management net only
Our present amphora image create scripts set up the ssh daemon on the
amphora to bind to the wildcard interface (which is the default).
However, this causes problems for anyone who tries to set up a listener
on TCP port 22, since haproxy will not be able to bind to the same IP.

This patch introduces a dhclient post-bind script to the amphora image
to gracefully rebind the SSH-daemon to only the load balancer management
net IP when it comes up on the network, solving the above use case. This
patch has the secondary benefit of making the amphora's SSH daemon only
respond to requests on the management network, which incrementally
increases the security of the amphora.

Change-Id: Iab93cec1f4dc4a2e37ad3cb8a92c132383dcda6a
Closes-Bug: #1551505
2016-03-04 13:58:33 -08:00
..
amphora-agent Fixes Octavia Amphora RHEL based images 2016-02-03 15:51:48 -06:00
amphora-agent-ubuntu Fixes Octavia Amphora RHEL based images 2016-02-03 15:51:48 -06:00
apt-mirror Add Amphora base image creation scripts for Octavia 2014-12-11 01:31:19 +00:00
centos-mirror Add Amphora base image creation scripts for Octavia 2014-12-11 01:31:19 +00:00
fedora-mirror Add Amphora base image creation scripts for Octavia 2014-12-11 01:31:19 +00:00
haproxy-octavia Disable default haproxy process in amphora image 2016-01-13 19:50:41 +00:00
haproxy-octavia-ubuntu Disable default haproxy process in amphora image 2016-01-13 19:50:41 +00:00
keepalived-octavia Fixes Octavia Amphora RHEL based images 2016-02-03 15:51:48 -06:00
keepalived-octavia-ubuntu Add backport keepalived 2015-12-04 17:39:35 +00:00
no-resolvconf Optimizations for tempest tests 2016-02-01 13:36:17 -08:00
pyroute2 Adds policy based routing for the amphora 2015-08-05 17:27:56 +00:00
rebind-sshd Make SSH bind to management net only 2016-03-04 13:58:33 -08:00
root-passwd Add Amphora base image creation scripts for Octavia 2014-12-11 01:31:19 +00:00