network security group for `cf ssh` for small footprint PAS.
johnlafata opened this issue · 2 comments
On Small footprint, we needed to update the network security group, pas-ops-manager-security-group, open port 2222. For Full PAS, Terraform takes care of this within the bosh-deployed-vms network security group.
Hi @johnlafata - any reason you needed TCP2222 open against Ops Manager (the pas-ops-manager-security-group only applies against the OpsManager VM)? The NSG created as part of this Terraform (bosh-deployed-vms-security-group) includes a rule to allow TCP2222, which will allow cf ssh across both Small Footprint and standard PAS deployments.
To enable cf ssh in small footprint you will need to:
- associate the diego-ssh-lb load balancer with the "Control" vm (job) in OpsMgr.
- ensure the ssh.{sys domain} maps to the diego-ssh-lb public IP accordingly
- specify the bosh-deployed-vms-security-group as the "Default Security Group" in OpsMgr (BOSH Director for Azure tile/Azure Config)
Will work with no changes required to the Terraform or security group.
Hi @drhpivotal,
In John's deployment, for some reason the Ops manager NSG was assigned to the control VM. We concluded this was by design. Perhaps the root cause was not specifying the bosh-deployed-vms NSG as the default security group. John's deployment should still be around too check and confirm.