incubator-deltacloud-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Lutterkort <>
Subject Re: Core API features to assist image building
Date Sat, 15 Jan 2011 00:08:59 GMT
On Fri, 2011-01-14 at 14:28 -0600, Ian McLeod wrote:
> 1) Snapshot support - For most public clouds we will have to create
> custom images by launching a generic/JEOS image from the provider,
> modifying it and then taking a snapshot or otherwise saving the
> result.  

This is on the roadmap as 'Create image from running server'. There's
two ways we can implement this:

      * POST to /api/images and provide the URL/id of the instance to
        snapshot as part of the request
      * Make it an action on the instance, e.g. POST
        to /api/instances/42/snapshot and provide, amongst other
        parameters, the name of the image

Both have pros and cons: the first one will likely lead to various
variants of the same call (at a minumum snapshot from running server and
declare bits in blob storage to be an image), which makes it a little
harder to keep straight what variant of the call is being used, and
which parameters need to be provided.

The second option is ugly and very non-RESTish, but clearer in what it
does and does not do.

> 2) Firewall control - To do the modification described in #1 we need to
> open up access to certain ports on the original guest.

*Sigh* ... also on the roadmap; the issue is that firewalling is an area
of great creativity in cloud API's and the two only API's that have any
notion of firewalls (EC2 and Terremark) do it completely differently.
EC2 uses security groups, which are almost sets of firewall rules,
except that they also have the sideeffect that two instances in the same
security group can talk to each other w/o restrictions, no matter what
ports are opened to the outside. Terremark provides NATing individual
ports, and it is possible to map the same port on a public IP to
multiple instances to get simple round-robin load balancing. In EC2,
opening FW ports is an operation on an instance (apply security group to
instance) whereas in Terremark it's an operation on the IP address, with
no notion of sets of rules.

IOW, firewall support is absolutely doable, but will likely lead to
completely different API calls in the Deltacloud API, together with some
funky metadata to indicate which route to take for firewalling.

Oh, and yes, we can give these higher priority in the roadmap and
address them soon.


View raw message