I would like to be able to create a security group rule which allows communication between VMs within the group. Using the EC2 API this can be done as follows:
rjh@cloud1:~$ euca-describe-groups GROUP rjhproject default default PERMISSION rjhproject default ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0 PERMISSION rjhproject default ALLOWS icmp -1 -1 FROM CIDR 0.0.0.0/0 PERMISSION rjhproject default ALLOWS tcp 80 80 GRPNAME default rjh@cloud1:~$ euca-add-group -d 'permissive group' rjhgroup GROUP rjhgroup permissive group rjh@cloud1:~$ euca-authorize -o rjhgroup rjhgroup rjhgroup rjhgroup None tcp None None 0.0.0.0/0 GROUP rjhgroup PERMISSION rjhgroup ALLOWS tcp GRPNAME rjhgroup FROM CIDR 0.0.0.0/0 rjh@cloud1:~$ euca-describe-groups GROUP rjhproject default default PERMISSION rjhproject default ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0 PERMISSION rjhproject default ALLOWS icmp -1 -1 FROM CIDR 0.0.0.0/0 PERMISSION rjhproject default ALLOWS tcp 80 80 GRPNAME default GROUP rjhproject rjhgroup permissive group PERMISSION rjhproject rjhgroup ALLOWS icmp -1 -1 GRPNAME rjhgroup PERMISSION rjhproject rjhgroup ALLOWS tcp 1 65535 GRPNAME rjhgroup PERMISSION rjhproject rjhgroup ALLOWS udp 1 65536 GRPNAME rjhgroup So, it looks like security groups support the notion of a group with rules that mention the group containing the rule as a source. However, the security_groups.py extension contains an explicit check that the source group id is not the same as the parent group id. Why is this done? I would like to remove this restriction allowing rules to be created similar to the one created above using EC2. Any objections? -Ray Hookway (rjh)
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp