OpenStack Compute (Nova)

XenAPI support for Security Groups

Registered by Salvatore Orlando on 2011-10-12

The goal of this blueprint is to provide support for security groups on the XenAPI driver as well.

The implementation will be basically a porting og the current libvirt implementation, with the only exception that it will provide the IPTables driver only (and VIF isolation rules will be enforced through XenAPI plugins as they are enforced now).

In the future we might provide an Open vSwitch drivers, but this work item is not in the scope of this blueprint.

A full specification and implementation plan will follow soon.

Blueprint information

Status:
Complete
Approver:
Vish Ishaya
Priority:
Medium
Drafter:
Nova Feature Parity Team
Direction:
Approved
Assignee:
Citrix OpenStack development team
Definition:
Approved
Series goal:
Accepted for essex
Implementation:
Implemented
Milestone target:
milestone icon 2012.1
Started by
Salvatore Orlando on 2011-11-24
Completed by
Thierry Carrez on 2012-01-17

Related branches

Sprints

Whiteboard

Salvatore: can you collaborate with someone from the Ozone/Titan team to help implement this for the Open vSwitch implementation? You can reach out through me (pvo) initially.

Thanks!

[Salvatore]: provisionally targeting essex-2

[UPDATE 2011/11/23 - salvatore-orlando]:

We have now completed implementation the security groups functionality and are doing QA work on it.
We will propose it for merge as soon as all the relevant tests have passed.

Estimated date for merge proposal: 2011/11/29 (this should give us enough time for the review cycle before Essex-2)

Code preview available at:
<email address hidden>:salv-orlando/MyRepo.git (use default branch, bp/xenapi-security-groups)

Note: code is in need of a rebase (last rebase was to essex-1)!

Gerrit topic: https://review.openstack.org/#q,topic:bp/xenapi-security-groups,n,z

Addressed by: https://review.openstack.org/2071
    Blueprint xenapi-security-groups

[UPDATE 2011/12/05 - salvatore-orlando[

Code is available for review now

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.