Thoughts about the firewaller
Gustavo Niemeyer
gustavo at niemeyer.net
Tue Oct 9 17:10:13 UTC 2012
On Tue, Oct 9, 2012 at 1:33 PM, Frank Mueller
<frank.mueller at canonical.com> wrote:
> Hi,
>
> here are some thoughts about the open firewaller tasks.
>
> 1. What to do if an instance dies?
>
> Currently we have no control about dying instances (heartbeat or active pinging).
> This is needed to notify the firewaller about those changes so that re-starting
> units don't confuse it.
We actually do pretty good control of dying instances and do have
heartbeating too.
> IMHO the monitoring should be done by the provisioner. It then can change the
> state while the firewaller listens to it and re-adjusts its own data (machine, unit,
> service). New starting machines and units are handled as today.
That's exactly what we do today. The suggested solution seems slightly
hand-wavy.
> 2. How to restart the firewaller?
(...)
> 3. How to handle different firewall modes?
(...)
Do you have any suggestion for how to solve the problem of supporting
global mode without depending on memory state of the firewaller?
This is the real issue we have to solve now.
gustavo @ http://niemeyer.net
More information about the Juju-dev
mailing list