[openstack-dev] PLEASE READ: VPNaaS API Change - not backward compatible

Xav Paice xavpaice at gmail.com
Mon Aug 24 19:49:33 UTC 2015


On 25/08/15 06:32, Paul Michali wrote:
> As part of the effort to provide support for multiple local subnets
> for VPNaaS IPSec connections, there are three API changes planned [1].
>
> One is to add a new "endpoint groups" API that will describe what is
> being connected. This is the place were local and peer subnets will be
> specified. It will allow future VPN flavors to reuse this API for
> other types of VPN endpoints.
>
> The second is to modify the IPSec site connection API to make use of
> this new endpoint groups API and no longer use the peer CIDRs arguments.
>
> The third is to remove the subnet ID from the VPN service API, and
> again, use the new endpoint groups API for this information (and to
> allow >1).
>
> A previous email send out from Kyle Mestery, asking about the
> production usage of VPNaaS, did not indicate that this service was
> used in production by operators.
>

Not true.  There were replies indicating that it is indeed in use, but
perhaps not from operators of installations deemed significant enough -
what's the criteria here?

> As a result, we'd like to propose making this change as a non-backward
> compatible change, which greatly reduces the effort.
>
> The change WILL support migration, so older databases can be migrated
> to the new schema and continue to operate, with future changes using
> the new API. This gives a smooth upgrade path to the new capability.
>
> The change would NOT support the older API in parallel with the new
> API, so users upgrading would need to also update any client
> scripts/tools to use the revised/new VPN API.

How will this integrate with Horizon?  The majority of our users don't
use the API directly, but use Horizon for the config, does this mean
we'll be tied in to using a particular version of Horizon to match Neutron?

>
> If this is acceptable to operators, we'd like to go forward with these
> plans. Please respond within 7 days of this email, if you have
> concerns about the proposal.
>
> Regards,
>
> Paul Michali (IRC pc_m)
> VPNaaS Core
>
> Ref: https://review.openstack.org/#/c/191944/
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150825/c9167ded/attachment.html>


More information about the OpenStack-dev mailing list