[openstack-dev] [Neutron] Group Based Policy and the way forward

Jay Pipes jaypipes at gmail.com
Tue Aug 5 19:51:36 UTC 2014


On 08/05/2014 03:24 PM, Kevin Benton wrote:
> Specifying an endpoint group would achieve the --networking-template
> effects you described. The endpoint group would have all of the security
> policies, IP allocation policies, connectivity policies, etc. already setup.

OK. Is there any reason it was called an "endpoint group" then? Perhaps 
I am missing something, but the term endpoint is well-used and 
understood to mean something entirely different in the OpenStack 
ecosystem...

Best,
-jay

> On Tue, Aug 5, 2014 at 1:04 PM, Jay Pipes <jaypipes at gmail.com
> <mailto:jaypipes at gmail.com>> wrote:
>
>     On 08/05/2014 01:13 PM, Robert Kukura wrote:
>
>
>         On 8/5/14, 11:04 AM, Gary Kotton wrote:
>
>             Hi,
>             Is there any description of how this will be consumed by
>             Nova. My
>             concern is this code landing there.
>
>         Hi Gary,
>
>         Initially, an endpoint's port_id is passed to Nova using "nova
>         boot ...
>         --nic port-id=<port-uuid> ...", requiring no changes to Nova. Later,
>         slight enhancements to Nova would allow using commands such as "nova
>         boot ... --nic ep-id=<endpoint-uuid> ..." or "nova boot ... --nic
>         epg-id=<endpoint-group-uuid> ...".
>
>
>     Hi Bob,
>
>     How exactly is the above a friendlier API for the main user of
>     Neutron, which is Nova? I thought one of the main ideas behind the
>     GBP stuff was to create a more declarative and intuitive API for
>     users of Neutron -- i.e. Nova -- to use in constructing needed
>     networking objects. The above just seems to me to be exchanging one
>     low-level object (port) with another low-level object (endpoint or
>     endpoint group)?
>
>     Perhaps the disconnect is due to the term "endpoint" being used,
>     which, everywhere else in the OpenStack universe, means something
>     entirely different from GBP.
>
>     I guess, based on my understanding of the *intent* of the GBP API, I
>     would have expected an API more like:
>
>       nova boot ... --networking-template <UUID>
>
>     where --networking-template would refer to a network, subnet
>     topology, IP assignment policy, collection of security groups and
>     firewall policies that the tenant had established prior to booting
>     an instance... thereby making the API more intuitive and less cluttered.
>
>     Or is it that I just don't understand this new "endpoint" terminology?
>
>     Best,
>     -jay
>
>
>     _________________________________________________
>     OpenStack-dev mailing list
>     OpenStack-dev at lists.openstack.__org
>     <mailto:OpenStack-dev at lists.openstack.org>
>     http://lists.openstack.org/__cgi-bin/mailman/listinfo/__openstack-dev <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev>
>
>
>
>
> --
> Kevin Benton
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>



More information about the OpenStack-dev mailing list