You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@whirr.apache.org by "Paul Baclace (JIRA)" <ji...@apache.org> on 2012/12/12 20:06:20 UTC
[jira] [Comment Edited] (WHIRR-336) Support additional security
group option
[ https://issues.apache.org/jira/browse/WHIRR-336?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13529605#comment-13529605 ]
Paul Baclace edited comment on WHIRR-336 at 12/12/12 7:04 PM:
--------------------------------------------------------------
The description/discussion is a bit vague. Here are 2 possible interpretations:
1. "fully predefined rules, only make membership changes": specify a pre-defined security group to use (just allocate host instances as members of the group, remove added members on shutdown, and don't delete the group when shutting down); no run-specific sec. group created, specified sec. group must have all needed rules.
This would be handy for avoiding the possibly slow process of adding rules to a sec. group, and it enables a member-wide-open rule (like "all members can see each other on all ports") that is very handy and much like a DMZ LAN behind a firewall to the rest of the universe. (Rationale: I have seen post-Whirr sec. group manipulations take 6-10 sec. per port opened.)
2. "additional, default permissions": in addition to the automatic sec. group (say whirr#<cluster-name>#<role>#<region>), all allocated instances are added as members to the predefined group, and removed upon shutdown, and the predefined group would not be deleted.
Of course, the pre-defined sec. group need not be a single group, it could be a list of groups.
I would be happy with either 1 or 2.
Overall, considering clouds without security groups, a strategy pattern could be useful here.
was (Author: pbaclace):
The description/discussion is a bit vague. Here are 2 possible interpretations:
1. "fully predefined rules, only make membership changes": specify a pre-defined security group to use (just allocate host instances as members of the group, remove added members on shutdown, and don't delete the group when shutting down); no run-specific sec. group created, specified sec. group must have all needed rules.
This would be handy for avoiding the possibly slow process of adding rules to a sec. group, and it enables a member-wide-open rule (like "all members can see each other on all ports") that is very handy and much like a DMZ LAN behind a firewall to the rest of the universe. (Rationale: I have seen post-Whirr sec. group manipulations take 6-10 sec. per port opened.)
2. "additional, default permissions": in addition to the automatic sec. group (say whirr#<cluster-name>#<role>#<region>), all allocated instances are added as members to the predefined group, and removed upon shutdown, and the predefined group would not be deleted.
Of course, the pre-defined sec. group need not be a single goup, it could be a list of groups.
I would be happy with either 1 or 2.
Overall, considering clouds without security groups, a strategy pattern could be useful here.
> Support additional security group option
> ----------------------------------------
>
> Key: WHIRR-336
> URL: https://issues.apache.org/jira/browse/WHIRR-336
> Project: Whirr
> Issue Type: Improvement
> Components: core
> Reporter: Tom White
> Assignee: Andrei Savu
> Fix For: 0.9.0
>
>
> This is WHIRR-9 for the Java version of Whirr.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira