[openstack-dev] [Neutron] Group Based Policy and the way forward

Kevin Benton blak111 at gmail.com
Tue Aug 5 19:24:21 UTC 2014


Specifying an endpoint group would achieve the --networking-template
effects you described. The endpoint group would have all of the security
policies, IP allocation policies, connectivity policies, etc. already setup.


On Tue, Aug 5, 2014 at 1:04 PM, Jay Pipes <jaypipes at gmail.com> wrote:

> On 08/05/2014 01:13 PM, Robert Kukura wrote:
>
>>
>> On 8/5/14, 11:04 AM, Gary Kotton wrote:
>>
>>> Hi,
>>> Is there any description of how this will be consumed by Nova. My
>>> concern is this code landing there.
>>>
>> Hi Gary,
>>
>> Initially, an endpoint's port_id is passed to Nova using "nova boot ...
>> --nic port-id=<port-uuid> ...", requiring no changes to Nova. Later,
>> slight enhancements to Nova would allow using commands such as "nova
>> boot ... --nic ep-id=<endpoint-uuid> ..." or "nova boot ... --nic
>> epg-id=<endpoint-group-uuid> ...".
>>
>
> Hi Bob,
>
> How exactly is the above a friendlier API for the main user of Neutron,
> which is Nova? I thought one of the main ideas behind the GBP stuff was to
> create a more declarative and intuitive API for users of Neutron -- i.e.
> Nova -- to use in constructing needed networking objects. The above just
> seems to me to be exchanging one low-level object (port) with another
> low-level object (endpoint or endpoint group)?
>
> Perhaps the disconnect is due to the term "endpoint" being used, which,
> everywhere else in the OpenStack universe, means something entirely
> different from GBP.
>
> I guess, based on my understanding of the *intent* of the GBP API, I would
> have expected an API more like:
>
>  nova boot ... --networking-template <UUID>
>
> where --networking-template would refer to a network, subnet topology, IP
> assignment policy, collection of security groups and firewall policies that
> the tenant had established prior to booting an instance... thereby making
> the API more intuitive and less cluttered.
>
> Or is it that I just don't understand this new "endpoint" terminology?
>
> Best,
> -jay
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>



-- 
Kevin Benton
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140805/8db4a534/attachment.html>


More information about the OpenStack-dev mailing list