<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 2013年08月16日 14:34, Christopher Yeoh
wrote:<br>
</div>
<blockquote
cite="mid:CANCY3efXm=af=qH4gONA3iuDSSgEU05kMHDnzBZDQO921Xp77Q@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra"><br>
<div class="gmail_quote">On Fri, Aug 16, 2013 at 10:28 AM,
Melanie Witt <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:melwitt@yahoo-inc.com" target="_blank">melwitt@yahoo-inc.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">On Aug 15, 2013, at 1:13 PM, Joe Gordon
wrote:<br>
<br>
> +1 from me as long as this wouldn't change anything
for the EC2 API's security groups support, which I
assume it won't.<br>
<br>
</div>
Correct, it's unrelated to the ec2 api.<br>
<br>
We discussed briefly in the nova meeting today and there
was consensus that removing the standalone
associate/disassociate actions should happen.<br>
<br>
Now the question is whether to keep the server create
piece and not remove the extension entirely. The concern
is about a delay in the newly provisioned instance being
associated with the desired security groups. With the
extension, the instance gets the desired security groups
before the instance is active (I think). Without the
extension, the client would receive the active instance
and then call neutron to associate it with the desired
security groups.<br>
<br>
Would such a delay in associating with security groups be
a problem?<br>
</blockquote>
<div><br>
</div>
<div>I think we should keep the capability to set the
security group on instance creation, so those who care
about this sort of race condition can avoid if they want
to.<br>
</div>
<div><br>
</div>
</div>
</div>
</div>
</blockquote>
<br>
I am working v3 network. I plan to only support create new instance
with port id, didn't support with<br>
network id and fixed ip anymore. So that means user need create port
from Neutron firstly, then<br>
pass the port id into the request of creating instance. If we think
this is ok, user can associate the <br>
desired security groups when create port, and we can remove the
securitygroup extension entirely.<br>
<br>
<blockquote
cite="mid:CANCY3efXm=af=qH4gONA3iuDSSgEU05kMHDnzBZDQO921Xp77Q@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">
<div>+1 to removing the associate/disassociate actions
though<br>
</div>
<div> <br>
</div>
<div>Chris<br>
</div>
<br>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
OpenStack-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a>
<a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a>
</pre>
</blockquote>
<br>
</body>
</html>