Re: Port ranges - restricting opening and closing ranges
agreed. to be clear .. imo, close-port shouldn't error unless there's a type mismatch on inputs. ie none of the posited scenarios in this thread should result in an error. -k On Tue, Aug 5, 2014 at 8:34 PM, Gustavo Niemeyer gust...@niemeyer.net wrote: On Tue, Aug 5, 2014 at 4:18 PM, roger peppe rogpe...@gmail.com wrote: close ports 80-110 - error (mismatched port range?) I'd expect ports to be closed here, and also on 0-65536. gustavo @ http://niemeyer.net -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev
Re: Port ranges - restricting opening and closing ranges
Agreed, but I also agree that the error on split ranges is a good simplification to get an implementation in place, and it also doesn't sound super useful, so it sounds okay to fail to begin with. The other cases are easy to handle, though. On Wed, Aug 6, 2014 at 8:26 AM, Kapil Thangavelu kapil.thangav...@canonical.com wrote: agreed. to be clear .. imo, close-port shouldn't error unless there's a type mismatch on inputs. ie none of the posited scenarios in this thread should result in an error. -k On Tue, Aug 5, 2014 at 8:34 PM, Gustavo Niemeyer gust...@niemeyer.net wrote: On Tue, Aug 5, 2014 at 4:18 PM, roger peppe rogpe...@gmail.com wrote: close ports 80-110 - error (mismatched port range?) I'd expect ports to be closed here, and also on 0-65536. gustavo @ http://niemeyer.net -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev -- gustavo @ http://niemeyer.net -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev
Re: Port ranges - restricting opening and closing ranges
On 5 August 2014 19:34, Gustavo Niemeyer gust...@niemeyer.net wrote: On Tue, Aug 5, 2014 at 4:18 PM, roger peppe rogpe...@gmail.com wrote: close ports 80-110 - error (mismatched port range?) I'd expect ports to be closed here, and also on 0-65536. I'm not sure. An advantage of requiring that exactly the same ports must be closed as were opened, you can use the port range as a key, which makes for a very simple (and trivially concurrent-safe) implementation in a mongo collection. I'd suggest that this compromise is worth it. We could always make an initial special case for 0-65535 too, if desired. -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev
Re: Port ranges - restricting opening and closing ranges
How many port ranges are typically made available? One.. Two? Sounds like a trivial problem. In terms of concurrency, there are issues either way. Someone can open a port while it is being closed, and whether that works or not depends purely on timing. gustavo @ http://niemeyer.net On Aug 6, 2014 9:41 AM, roger peppe roger.pe...@canonical.com wrote: On 5 August 2014 19:34, Gustavo Niemeyer gust...@niemeyer.net wrote: On Tue, Aug 5, 2014 at 4:18 PM, roger peppe rogpe...@gmail.com wrote: close ports 80-110 - error (mismatched port range?) I'd expect ports to be closed here, and also on 0-65536. I'm not sure. An advantage of requiring that exactly the same ports must be closed as were opened, you can use the port range as a key, which makes for a very simple (and trivially concurrent-safe) implementation in a mongo collection. I'd suggest that this compromise is worth it. We could always make an initial special case for 0-65535 too, if desired. -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev
Re: Port ranges - restricting opening and closing ranges
Why would any application well designed open thousands of ports individually rather than a range? Sounds like an unreasonable use case. I also don't get your point about concurrency. You don't seem to have addressed the point I brought up that opening or closing ports concurrently today already presents undefined behavior. gustavo @ http://niemeyer.net On Aug 6, 2014 2:53 PM, roger peppe roger.pe...@canonical.com wrote: On 6 August 2014 10:32, Gustavo Niemeyer gust...@niemeyer.net wrote: How many port ranges are typically made available? One.. Two? Sounds like a trivial problem. Some applications might open thousands of individual ports. It would be nice if it worked well in that case too. In terms of concurrency, there are issues either way. Someone can open a port while it is being closed, and whether that works or not depends purely on timing. When we've got several units sharing a port space, we'll want to keep a unique owner for each port range. That's trivial if the reference can be keyed by the port range, but not as straightforward if the lookup is two-phase. What we don't want is two units in the same machine to be able to have the same port open at the same time. I suppose we could rely on the fact that hooks do not execute simultaneously, but it would be preferable in my view to keep those concerns separate. In my view, always close the range you've opened is an easy to explain rule, and makes quite a few things simpler, without being overly restrictive. gustavo @ http://niemeyer.net On Aug 6, 2014 9:41 AM, roger peppe roger.pe...@canonical.com wrote: On 5 August 2014 19:34, Gustavo Niemeyer gust...@niemeyer.net wrote: On Tue, Aug 5, 2014 at 4:18 PM, roger peppe rogpe...@gmail.com wrote: close ports 80-110 - error (mismatched port range?) I'd expect ports to be closed here, and also on 0-65536. I'm not sure. An advantage of requiring that exactly the same ports must be closed as were opened, you can use the port range as a key, which makes for a very simple (and trivially concurrent-safe) implementation in a mongo collection. I'd suggest that this compromise is worth it. We could always make an initial special case for 0-65535 too, if desired. -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev
Re: Port ranges - restricting opening and closing ranges
On 6 August 2014 13:57, Gustavo Niemeyer gust...@niemeyer.net wrote: Why would any application well designed open thousands of ports individually rather than a range? Sounds like an unreasonable use case. I don't know. But if it's easy to make it work well in this case too (and I believe it is), then why not make it work well for all use cases? I also don't get your point about concurrency. You don't seem to have addressed the point I brought up that opening or closing ports concurrently today already presents undefined behavior. The result is undefined for a unit (a port open can fail if another one already has the port open) but the invariant is well defined - only one unit may have a port open at any one time. We want to make sure the invariant is always satisfied even if units are racing for the port. Defining the simple rule (you must always close exactly what you've opened) makes it easy to do that without imposing much burden on the charm authors AFAICS. rog. gustavo @ http://niemeyer.net On Aug 6, 2014 2:53 PM, roger peppe roger.pe...@canonical.com wrote: On 6 August 2014 10:32, Gustavo Niemeyer gust...@niemeyer.net wrote: How many port ranges are typically made available? One.. Two? Sounds like a trivial problem. Some applications might open thousands of individual ports. It would be nice if it worked well in that case too. In terms of concurrency, there are issues either way. Someone can open a port while it is being closed, and whether that works or not depends purely on timing. When we've got several units sharing a port space, we'll want to keep a unique owner for each port range. That's trivial if the reference can be keyed by the port range, but not as straightforward if the lookup is two-phase. What we don't want is two units in the same machine to be able to have the same port open at the same time. I suppose we could rely on the fact that hooks do not execute simultaneously, but it would be preferable in my view to keep those concerns separate. In my view, always close the range you've opened is an easy to explain rule, and makes quite a few things simpler, without being overly restrictive. gustavo @ http://niemeyer.net On Aug 6, 2014 9:41 AM, roger peppe roger.pe...@canonical.com wrote: On 5 August 2014 19:34, Gustavo Niemeyer gust...@niemeyer.net wrote: On Tue, Aug 5, 2014 at 4:18 PM, roger peppe rogpe...@gmail.com wrote: close ports 80-110 - error (mismatched port range?) I'd expect ports to be closed here, and also on 0-65536. I'm not sure. An advantage of requiring that exactly the same ports must be closed as were opened, you can use the port range as a key, which makes for a very simple (and trivially concurrent-safe) implementation in a mongo collection. I'd suggest that this compromise is worth it. We could always make an initial special case for 0-65535 too, if desired. -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev
Re: Port ranges - restricting opening and closing ranges
gustavo @ http://niemeyer.net On Aug 6, 2014 3:03 PM, roger peppe roger.pe...@canonical.com wrote: On 6 August 2014 13:57, Gustavo Niemeyer gust...@niemeyer.net wrote: Why would any application well designed open thousands of ports individually rather than a range? Sounds like an unreasonable use case. I don't know. Ok. So let's please move on. I don't see the complexity of listing a few things (even if it is a thousand) and removing them. It's certainly much better than removing a thousand ports individually. I also don't get your point about concurrency. You don't seem to have addressed the point I brought up that opening or closing ports concurrently today already presents undefined behavior. The result is undefined for a unit (a port open can fail if another one already has the port open) Again, let's not argue anymore then. There's no real problem being created or solved either way. -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev
Re: Port ranges - restricting opening and closing ranges
A follow-up question: should closing a port that was not opened previous to that result in an error? Domas On Fri, Jun 27, 2014 at 2:13 PM, Matthew Williams matthew.willi...@canonical.com wrote: +1 on an opened-ports hook tool, I've added it to the task list On Fri, Jun 27, 2014 at 9:41 AM, William Reade william.re...@canonical.com wrote: Agreed. Note, though, that we'll want to give charms a way to know what ports they have already opened: I think this is a case where look-before-you-leap maybe beats easier-ask-forgiveness-than-permission (and the consequent requirement that error messages be parsed...). An opened-ports hook tool should do the trick. On Thu, Jun 26, 2014 at 9:18 PM, Gustavo Niemeyer gust...@niemeyer.net wrote: +1 to Mark's point. Handling exact matches is much easier, and does not prevent a fancier feature later, if there's ever the need. On Thu, Jun 26, 2014 at 3:38 PM, Mark Ramm-Christensen (Canonical.com) mark.ramm-christen...@canonical.com wrote: My belief is that as long as the error messages are clear, and it is easy to close 8000-9000 and then open 8000-8499 and 8600-9000, we are fine. Of course it is nicer if we can do that automatically for you, but I don't see why we can't add that later, and I think there is a value in keeping a port-range as an atomic data-object either way. --Mark Ramm On Thu, Jun 26, 2014 at 2:11 PM, Domas Monkus domas.mon...@canonical.com wrote: Hi, me and Matthew Williams are working on support for port ranges in juju. There is one question that the networking model document does not answer explicitly and the simplicity (or complexity) of the implementation depends greatly on that. Should we only allow units to close exactly the same port ranges that they have opened? That is, if a unit opens the port range [8000-9000], can it later close ports [8500-8600], effectively splitting the previously opened port range in half? Domas -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev -- gustavo @ http://niemeyer.net -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev
Re: Port ranges - restricting opening and closing ranges
Yes, absolutely. On Tue, Aug 5, 2014 at 8:33 PM, Domas Monkus domas.mon...@canonical.com wrote: A follow-up question: should closing a port that was not opened previous to that result in an error? Domas On Fri, Jun 27, 2014 at 2:13 PM, Matthew Williams matthew.willi...@canonical.com wrote: +1 on an opened-ports hook tool, I've added it to the task list On Fri, Jun 27, 2014 at 9:41 AM, William Reade william.re...@canonical.com wrote: Agreed. Note, though, that we'll want to give charms a way to know what ports they have already opened: I think this is a case where look-before-you-leap maybe beats easier-ask-forgiveness-than-permission (and the consequent requirement that error messages be parsed...). An opened-ports hook tool should do the trick. On Thu, Jun 26, 2014 at 9:18 PM, Gustavo Niemeyer gust...@niemeyer.net wrote: +1 to Mark's point. Handling exact matches is much easier, and does not prevent a fancier feature later, if there's ever the need. On Thu, Jun 26, 2014 at 3:38 PM, Mark Ramm-Christensen (Canonical.com) mark.ramm-christen...@canonical.com wrote: My belief is that as long as the error messages are clear, and it is easy to close 8000-9000 and then open 8000-8499 and 8600-9000, we are fine. Of course it is nicer if we can do that automatically for you, but I don't see why we can't add that later, and I think there is a value in keeping a port-range as an atomic data-object either way. --Mark Ramm On Thu, Jun 26, 2014 at 2:11 PM, Domas Monkus domas.mon...@canonical.com wrote: Hi, me and Matthew Williams are working on support for port ranges in juju. There is one question that the networking model document does not answer explicitly and the simplicity (or complexity) of the implementation depends greatly on that. Should we only allow units to close exactly the same port ranges that they have opened? That is, if a unit opens the port range [8000-9000], can it later close ports [8500-8600], effectively splitting the previously opened port range in half? Domas -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev -- gustavo @ http://niemeyer.net -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev
Re: Port ranges - restricting opening and closing ranges
imo, no, its a no-op. the end state is still the same. if its an error, and now we have partial failure modes to consider against ranges. On Tue, Aug 5, 2014 at 1:25 PM, David Cheney david.che...@canonical.com wrote: Yes, absolutely. On Tue, Aug 5, 2014 at 8:33 PM, Domas Monkus domas.mon...@canonical.com wrote: A follow-up question: should closing a port that was not opened previous to that result in an error? Domas On Fri, Jun 27, 2014 at 2:13 PM, Matthew Williams matthew.willi...@canonical.com wrote: +1 on an opened-ports hook tool, I've added it to the task list On Fri, Jun 27, 2014 at 9:41 AM, William Reade william.re...@canonical.com wrote: Agreed. Note, though, that we'll want to give charms a way to know what ports they have already opened: I think this is a case where look-before-you-leap maybe beats easier-ask-forgiveness-than-permission (and the consequent requirement that error messages be parsed...). An opened-ports hook tool should do the trick. On Thu, Jun 26, 2014 at 9:18 PM, Gustavo Niemeyer gust...@niemeyer.net wrote: +1 to Mark's point. Handling exact matches is much easier, and does not prevent a fancier feature later, if there's ever the need. On Thu, Jun 26, 2014 at 3:38 PM, Mark Ramm-Christensen (Canonical.com) mark.ramm-christen...@canonical.com wrote: My belief is that as long as the error messages are clear, and it is easy to close 8000-9000 and then open 8000-8499 and 8600-9000, we are fine. Of course it is nicer if we can do that automatically for you, but I don't see why we can't add that later, and I think there is a value in keeping a port-range as an atomic data-object either way. --Mark Ramm On Thu, Jun 26, 2014 at 2:11 PM, Domas Monkus domas.mon...@canonical.com wrote: Hi, me and Matthew Williams are working on support for port ranges in juju. There is one question that the networking model document does not answer explicitly and the simplicity (or complexity) of the implementation depends greatly on that. Should we only allow units to close exactly the same port ranges that they have opened? That is, if a unit opens the port range [8000-9000], can it later close ports [8500-8600], effectively splitting the previously opened port range in half? Domas -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev -- gustavo @ http://niemeyer.net -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev
Re: Port ranges - restricting opening and closing ranges
Ok, so the behavior would have to be: opened ports : 80-100 close ports 60-70 - no error (noop) close ports 60-90 - error (cannot close part of a port range) close ports 80-100 - no error I'm starting to think this scenario is preferrable, especially with respect to the idempotency of charm hooks. Domas On Tue, Aug 5, 2014 at 2:45 PM, Kapil Thangavelu kapil.thangav...@canonical.com wrote: imo, no, its a no-op. the end state is still the same. if its an error, and now we have partial failure modes to consider against ranges. On Tue, Aug 5, 2014 at 1:25 PM, David Cheney david.che...@canonical.com wrote: Yes, absolutely. On Tue, Aug 5, 2014 at 8:33 PM, Domas Monkus domas.mon...@canonical.com wrote: A follow-up question: should closing a port that was not opened previous to that result in an error? Domas On Fri, Jun 27, 2014 at 2:13 PM, Matthew Williams matthew.willi...@canonical.com wrote: +1 on an opened-ports hook tool, I've added it to the task list On Fri, Jun 27, 2014 at 9:41 AM, William Reade william.re...@canonical.com wrote: Agreed. Note, though, that we'll want to give charms a way to know what ports they have already opened: I think this is a case where look-before-you-leap maybe beats easier-ask-forgiveness-than-permission (and the consequent requirement that error messages be parsed...). An opened-ports hook tool should do the trick. On Thu, Jun 26, 2014 at 9:18 PM, Gustavo Niemeyer gust...@niemeyer.net wrote: +1 to Mark's point. Handling exact matches is much easier, and does not prevent a fancier feature later, if there's ever the need. On Thu, Jun 26, 2014 at 3:38 PM, Mark Ramm-Christensen (Canonical.com) mark.ramm-christen...@canonical.com wrote: My belief is that as long as the error messages are clear, and it is easy to close 8000-9000 and then open 8000-8499 and 8600-9000, we are fine. Of course it is nicer if we can do that automatically for you, but I don't see why we can't add that later, and I think there is a value in keeping a port-range as an atomic data-object either way. --Mark Ramm On Thu, Jun 26, 2014 at 2:11 PM, Domas Monkus domas.mon...@canonical.com wrote: Hi, me and Matthew Williams are working on support for port ranges in juju. There is one question that the networking model document does not answer explicitly and the simplicity (or complexity) of the implementation depends greatly on that. Should we only allow units to close exactly the same port ranges that they have opened? That is, if a unit opens the port range [8000-9000], can it later close ports [8500-8600], effectively splitting the previously opened port range in half? Domas -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev -- gustavo @ http://niemeyer.net -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev
Re: Port ranges - restricting opening and closing ranges
On Tue, Aug 5, 2014 at 4:18 PM, roger peppe rogpe...@gmail.com wrote: close ports 80-110 - error (mismatched port range?) I'd expect ports to be closed here, and also on 0-65536. gustavo @ http://niemeyer.net -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev
Re: Port ranges - restricting opening and closing ranges
+1 on an opened-ports hook tool, I've added it to the task list On Fri, Jun 27, 2014 at 9:41 AM, William Reade william.re...@canonical.com wrote: Agreed. Note, though, that we'll want to give charms a way to know what ports they have already opened: I think this is a case where look-before-you-leap maybe beats easier-ask-forgiveness-than-permission (and the consequent requirement that error messages be parsed...). An opened-ports hook tool should do the trick. On Thu, Jun 26, 2014 at 9:18 PM, Gustavo Niemeyer gust...@niemeyer.net wrote: +1 to Mark's point. Handling exact matches is much easier, and does not prevent a fancier feature later, if there's ever the need. On Thu, Jun 26, 2014 at 3:38 PM, Mark Ramm-Christensen (Canonical.com) mark.ramm-christen...@canonical.com wrote: My belief is that as long as the error messages are clear, and it is easy to close 8000-9000 and then open 8000-8499 and 8600-9000, we are fine. Of course it is nicer if we can do that automatically for you, but I don't see why we can't add that later, and I think there is a value in keeping a port-range as an atomic data-object either way. --Mark Ramm On Thu, Jun 26, 2014 at 2:11 PM, Domas Monkus domas.mon...@canonical.com wrote: Hi, me and Matthew Williams are working on support for port ranges in juju. There is one question that the networking model document does not answer explicitly and the simplicity (or complexity) of the implementation depends greatly on that. Should we only allow units to close exactly the same port ranges that they have opened? That is, if a unit opens the port range [8000-9000], can it later close ports [8500-8600], effectively splitting the previously opened port range in half? Domas -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev -- gustavo @ http://niemeyer.net -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev
Re: Port ranges - restricting opening and closing ranges
My belief is that as long as the error messages are clear, and it is easy to close 8000-9000 and then open 8000-8499 and 8600-9000, we are fine. Of course it is nicer if we can do that automatically for you, but I don't see why we can't add that later, and I think there is a value in keeping a port-range as an atomic data-object either way. --Mark Ramm On Thu, Jun 26, 2014 at 2:11 PM, Domas Monkus domas.mon...@canonical.com wrote: Hi, me and Matthew Williams are working on support for port ranges in juju. There is one question that the networking model document does not answer explicitly and the simplicity (or complexity) of the implementation depends greatly on that. Should we only allow units to close exactly the same port ranges that they have opened? That is, if a unit opens the port range [8000-9000], can it later close ports [8500-8600], effectively splitting the previously opened port range in half? Domas -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev
Re: Port ranges - restricting opening and closing ranges
+1 to Mark's point. Handling exact matches is much easier, and does not prevent a fancier feature later, if there's ever the need. On Thu, Jun 26, 2014 at 3:38 PM, Mark Ramm-Christensen (Canonical.com) mark.ramm-christen...@canonical.com wrote: My belief is that as long as the error messages are clear, and it is easy to close 8000-9000 and then open 8000-8499 and 8600-9000, we are fine.Of course it is nicer if we can do that automatically for you, but I don't see why we can't add that later, and I think there is a value in keeping a port-range as an atomic data-object either way. --Mark Ramm On Thu, Jun 26, 2014 at 2:11 PM, Domas Monkus domas.mon...@canonical.com wrote: Hi, me and Matthew Williams are working on support for port ranges in juju. There is one question that the networking model document does not answer explicitly and the simplicity (or complexity) of the implementation depends greatly on that. Should we only allow units to close exactly the same port ranges that they have opened? That is, if a unit opens the port range [8000-9000], can it later close ports [8500-8600], effectively splitting the previously opened port range in half? Domas -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev -- gustavo @ http://niemeyer.net -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev