Comment 12 for bug 1112912
Revision history for this message
| Daniel Berrange (berrange) wrote Re: get_firewall_required should use VIF parameter from quantum | #12 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
@dan: so the issue is really who is in charge of defining the overall policy for VIF network setup.
My mindset in comment #10 is that Quantum is providing a mechanism for creating VIFs, while Nova is providing the policy for configuring them with the guest, and as such Nova decides whether firewalling is required or not. So the scenario you describe is not an issue in this POV.
From your description it seems you believe Quantum is in charge of policy for how the VIF is configured & thus making the decision about whether firewalling is required or not, and Nova is only providing the mechanism.
IMHO it doesn't make sense for Quantum to be the thing declaring that a VM should have completely unfiltered network access. This is a decision for Nova to make, since it is in charge of VM managmeent & policy. Quantum is merely providing a way to connect a VM to a physical network