Modify the provisioning agent to watch ZK settings for exposed services and makes appropriate firewall changes through the provider

Bug #767418 reported by Jim Baker
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
pyjuju
Fix Released
Medium
Jim Baker

Bug Description

The provisioning agent currently is the only place within Ensemble
that can take global actions with respect to the provider. Consequently,
provisioning is currently responsible for the current, if simple EC2
security group management (with the policy of open all ports, seen in
the code `ensemble.providers.ec2.launch.EC2LaunchMachine`).

The provisioning agent will watch for the existence of
**/services/<internal service id>/exposed**, and if so watch the
service units settings **/units/<internal unit id>/ports** and make
changes in the firewall settings through the provider.

For the EC2 provider, this will be done through security groups (see
below). Later we will revisit to let a machine agent do this in the
context of iptables, so as to get out of the 500 security group limit
for EC2, enable multiple service units per machine, be generic with
other providers, and to provide future support for internal firewall
config.

Jim Baker (jimbaker)
Changed in ensemble:
importance: Undecided → Medium
assignee: nobody → Jim Baker (jimbaker)
milestone: none → budapest
Jim Baker (jimbaker)
Changed in ensemble:
status: New → In Progress
Changed in ensemble:
milestone: budapest → dublin
Jim Baker (jimbaker)
Changed in ensemble:
status: In Progress → Confirmed
Changed in ensemble:
milestone: dublin → eureka
Revision history for this message
Jim Baker (jimbaker) wrote :

This bug was subdivided into a number of bugs. Although expose-cleanup and future support for exposed and unexposed hooks is forthcoming, it doesn't make sense to keep this overarching bug just going on.

Changed in ensemble:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.