Thoughts about the firewaller

Frank Mueller frank.mueller at canonical.com
Wed Oct 10 14:49:20 UTC 2012 

> Do you have any suggestion for how to solve the problem of supporting
> global mode without depending on memory state of the firewaller?

Currently I don't get the problem of the memory state in global mode, only that the different modes maybe better should be handled by the provider. Today the scaling problem would happen in default mode, where we open each needed port extra for each instance while the proposal for the global mode at least opens each only once.

So here the current observations as a bullet list:

- problem: we have a bad scaling due to the re-opening of all needed ports after a restart
  - in default mode: ports per instance are opened
  - in global mode: ports are opened on first instance only once for all; 
    today the provider makes it global (e.g. EC2 by a global security group);
    after the opening only a counting for closing a port after the last usage is gone
- challenge: find a fast way to set up a valid internal firewaller state

- current restart procedure:
  - the new started machines watcher initially returns all active machines
  - machine datas are started
  - units watcher per machine initially returns all their units
  - unit datas and their service datas are started
  - ports on instance are opened per unit via unit >> machine >> instance
  - unit datas and machine datas remember their ports
- after that procedure the firewaller has a clean state for future changes

Idea 1)

- in firewaller.go in flushMashines() at "machined.ports = want" we know the desired state
- that's before ports are opened or closed
- when the old ports of the machine data are empty, it has a possible "initialization mode" and
  could retrieve the already open ports with instance.Ports()
- question: how expensive is Ports() to check open ports before calling OpenPorts()?

Idea 2)

- persistent firewall state used for startup
- problem: the state may change between the death of the firewaller and its restart
- initial states are still delivered by the watchers and have to be synchronized with the 
  internal firewaller state restored from the persisted data

So far I'm not happy with the ideas regarding the scaling. Regarding the global mode I prefer to change the handling of Environ and Instance to open, close and retrieve ports from Environ by additionally passing the instance id retrieved from the Machine. So each provider is able to handle the different modes individually. The implementation for the global mode is like in my proposal a reference counting to open only the first one and close after the last one.

mue

--
** Frank Mueller <frank.mueller at canonical.com>
** Software Engineer - Juju Development
** Canonical

More information about the Juju-dev mailing list