We have a need to add a feature to Ambari to inject iptables rules on all the nodes in a cluster to allow traffic only from other nodes in the cluster. We'd need to rewrite those rules any time a node was added or removed from the cluster. I was thinking the best way to handle this would be to add an IPTABLES component that we can assign to all of the nodes that would do this for us, but I'm not sure if there's an easy way to force the regeneration of the rules on cluster resize.
So, a few questions: 1. Is that something we could contribute to the project? Not sure if it's something that's globally useful or not. Happy to contribute it if it's welcomed. 2. Is the approach of adding a component the best way to handle this or is there some other method I'm not considering? Maybe just a special Request type? Thanks in advance for any feedback/direction. Greg
