Thoughts about the firewaller
Frank Mueller
frank.mueller at canonical.com
Tue Oct 9 16:33:32 UTC 2012
Hi,
here are some thoughts about the open firewaller tasks.
1. What to do if an instance dies?
Currently we have no control about dying instances (heartbeat or active pinging). This is needed to notify the firewaller about those changes so that re-starting units don't confuse it. IMHO the monitoring should be done by the provisioner. It then can change the state while the firewaller listens to it and re-adjusts its own data (machine, unit, service). New starting machines and units are handled as today.
2. How to restart the firewaller?
Today all machines, services and units are added and the needed ports are opened on the according instances. As long as the number of instances is small it's ok. But how about a large number of instances, e.g. > 10.000? So far I've got no other idea than partitioning the firewaller to keep the number of responsible instances small. But right now that's only a vague idea. Any idea is welcome.
3. How to handle different firewall modes?
Today we only know "default" and "global", an interesting one may also be "service" to open ports per service. So we have less security groups then "default and a better control than "global". But the specific behavior depends on the provider. So the firewaller maybe should work on instances as today but on the environment and passes informations about the instance, the machine and the ports (today only machine and port). So the environment can decide how to handle it based on the configured firewall mode (e.g. maintain counters in case of global or service groups).
Any ideas, comments, questions are welcome.
thx mue
--
** Frank Mueller <frank.mueller at canonical.com>
** Software Engineer - Juju Development
** Canonical
More information about the Juju-dev
mailing list