SecurityGroupsSpec
- Launchpad Entry: NovaSpec:austin-ec2-security-groups
- Created: 2010-09-06
- Contributors: Soren Hansen
Contents
Summary
Add support for EC2's security groups.
Release Note
Nova supports network filtering using the security groups concept known from EC2.
Rationale
People migrating from EC2 (or Eucalyptus) may be using security groups as part of their security model, so this is an important feature.
User stories
Assumptions
Design
Dictated by EC2's API.
Implementation
- A filter in libvirt will be created for each security group.
- This security group will be defined on each node running an instance belonging to the given customer. This depends highly on the data model/architecture we're going to end up with. The challenge is to effectively and efficiently locate the nodes the are running stuff belonging to a particular user.
- Changes to the security group is propagated to the libvirt nwfilter, immediately making it take effect.
- Once the last instance owned by a given user is removed from a node, the filter is undefined (removed).