deltacloud-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "marios@redhat.com" <mandr...@redhat.com>
Subject Re: Launching into a VPC with the EC2 driver
Date Thu, 09 Aug 2012 08:03:23 GMT
On 09/08/12 01:23, David Lutterkort wrote:
> Hi,
> 
> there are some people who would like to be able to launch instances into
> a specific subnet attached to their VPC in EC2. In looking at how to do
> this without going down the rathole of supporting everything related to
> VPC's, this is the plan I've come up with.
> 
> The assumption is that users will set up VPC's and subnets outside of
> DC. Once they have subnets, they will show up as realms with the EC2
> driver. IOW, GET /realms will not only list availability zones like
> us-east-1a, but also subnets in those AZ's, i.e. realms that will be
> named something like us-east-1c:subnet-deadbeef; when launching an
> instance into such a realm, the create_instance call will pass the
> subnetID to AWS' RunInstances, rather than an AZ.

Sounds good: just did a bit of AWS API scraping (haven't looked at this
'till just now):

* to launch an instance into a specific vpc you need:
==> subnet ID (fine - subnets show up as realms according to the plan above)
==> a private IP address from the subnet cidr block (we can expose the
cidr block in our description of subnet/realm)
==> security group ID - doable in the sense that vpc security groups are
just like 'normal' security groups (i.e. our firewall collection) except
they have a 'vpc ID' - so we can just add to the model and return vpc
security groups in the 'normal' security groups list. We can even go
further and allow creation of these - but user would need to 'know'
out-of-band the vpc ID for to use for creation of the group

* Could we consider a 'create realm' function? i.e. create a new subnet.
If we have create realm, create (vpc) security group, then that would
leave just the creation of the vpc itself.

Strictly speaking - Realm is probably a better (logical) 'match' for VPC
- except we don't yet have any networking models for covering the
subnets - hence (I assume) your logic for realm<==>subnet as the 'best
fit' right now.


marios

> 
> any objections to this ?
> 
> David
> 
> 



Mime
View raw message