...
Pre-existing VM: Rocky Linux 9.5 or 8.10, ≥4 GB RAM with a public IP address attached to it. You may create one via any of the available methods (order top to bottom from older to newer):
- Morpheus UI
- OpenStack CLI
- Terraform/OpenTofu
- Comminity Hub Item (Terraform under the hood)
SSH access: In this example, by impersonating the default Linux account of EWC's Rocky Linux VM images via a valid SSH keypair (public key shared with the target VM):
- Create a keypair (if none available).
- Import SSH keys (public) (into OpenStack for automatic distribution upon VM creation).
Work environment equipped with:
- Git ≥ 2.0
- Python ≥ 3.9
- Ansible ≥ 2.15
...
As is the case for other Items open-sourced by the EWC, you can change the inputs of the SSH Bastion Flavour at any point in time, by simply re-running with the new values. Imagine the following scenario:
Your EWC tenant admin notifies you of a new security policy which implies Fail2Ban should not make exceptions for any IP addresses, regardless of whether they are internal or not.
In order to make changes needed to comply with the new policy, you can run:
| Code Block | ||
|---|---|---|
| ||
$ ansible-playbook -i inventory.yml -e '{"whitelisted_ip_ranges": ""}' ssh-bastion-flavour.yml |
...