Jump to: navigation, search

SecurityGroupsSpec

Revision as of 23:30, 17 February 2013 by Ryan Lane (talk | contribs) (Text replace - "__NOTOC__" to "")
  • Launchpad Entry: NovaSpec:austin-ec2-security-groups
  • Created: 2010-09-06
  • Contributors: Soren Hansen

Summary

Add support for EC2's security groups.

Release Note

Nova supports network filtering using the security groups concept known from EC2.

Rationale

People migrating from EC2 (or Eucalyptus) may be using security groups as part of their security model, so this is an important feature.

User stories

Assumptions

Design

Dictated by EC2's API.

Implementation

  • A filter in libvirt will be created for each security group.
  • This security group will be defined on each node running an instance belonging to the given customer. This depends highly on the data model/architecture we're going to end up with. The challenge is to effectively and efficiently locate the nodes the are running stuff belonging to a particular user.
  • Changes to the security group is propagated to the libvirt nwfilter, immediately making it take effect.
  • Once the last instance owned by a given user is removed from a node, the filter is undefined (removed).
Retrieved from "https://wiki.openstack.org/w/index.php?title=SecurityGroupsSpec&oldid=17460"