nova-feature-parity team mailing list archive

Thread
Date

XenAPI support for security groups

To: "nova-feature-parity@xxxxxxxxxxxxxxxxxxx" <nova-feature-parity@xxxxxxxxxxxxxxxxxxx>
From: Salvatore Orlando <Salvatore.Orlando@xxxxxxxxxxxxx>
Date: Mon, 17 Oct 2011 14:48:09 +0100
Accept-language: en-US
Acceptlanguage: en-US
Thread-index: AcyM0p+DEx7ShXqjRsWnOfaZiA7uZg==
Thread-topic: XenAPI support for security groups

Hi,

Regarding  AWS-style security groups for the XenAPI backend, it is my opinion that we should diverge as less as possible from the libvirt implementation, reusing code that has already been written whenever possible.
I had a look at the existing code and devised a possible implementation strategy, which can be found at this page: http://wiki.openstack.org/xenapi-security-groups
It is my opinion that we could initially focus on a driver based on iptables, and then try and develop a driver for enforcing security groups in Open vSwitch - for both XenAPI and libvirt.

Regards,
Salvatore