<div dir="ltr"><p dir="ltr">That makes sense. It's not quite a fair analogy though to compare to reintroducing projects or tenants because Keystone endpoints aren't 'user-facing' so to speak. i.e. a regular user (application deployer, instance operator, etc) should never have to see or understand the purpose of a Keystone endpoint.</p>
<div class="gmail_quote">On Aug 5, 2014 3:53 PM, "Jay Pipes" <<a href="mailto:jaypipes@gmail.com" target="_blank">jaypipes@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On 08/05/2014 05:22 PM, Kevin Benton wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
>Is anyone listening to what I'm saying? The term "endpoint" is obtuse<br>
and completely disregards the existing denotation of the word "endpoint"<br>
in use in OpenStack today.<br>
<br>
Sorry, I didn't understand the confusion because you didn't provide a<br>
reference to how "endpoint" is used in OpenStack now. I hadn't heard the<br>
term until this GBP work other than keystone endpoints, which have no<br>
overlap with this. Can you provide the definition you are familiar with<br>
so someone can explain the difference?<br>
</blockquote>
<br>
Yes, a Keystone endpoint, which exists in the service catalog that every single token sent to and from any OpenStack service.<br>
<br>
You are correct that there is no overlap with the GBP concept of endpoint. But, I guess I'm surprised nobody brought this up when discussing the proposed GBP API extensions to Neutron... since the endpoint has been a part of the Keystone service catalog API for years.<br>
<br>
It would be like if the GBP API came up with a new resource called "project" or "tenant" and expected everyone to just understand that this new "project" resource had nothing to do with the project concept that is used throughout the other APIs...<br>
<br>
Anyway, sorry if I'm just blowing off some steam here... it's my fault for not paying more attention to this earlier on. But this point goes directly to the discussion that Mark McClain and Bob were having about whether to let an major API extension like this bake somewhere outside of Neutron vs. baking inside Neutron ala VPNaaS, LBaaS, etc.<br>
<br>
OK, steam has been blown off, sorry for the partially tangential thread.<br>
<br>
-jay<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On Tue, Aug 5, 2014 at 2:41 PM, Jay Pipes <<a href="mailto:jaypipes@gmail.com" target="_blank">jaypipes@gmail.com</a><br>
<mailto:<a href="mailto:jaypipes@gmail.com" target="_blank">jaypipes@gmail.com</a>>> wrote:<br>
<br>
On 08/05/2014 04:26 PM, Stephen Wong wrote:<br>
<br>
Agreed with Kevin and Sumit here. As a subgroup we talked about Nova<br>
integration, and the preliminary idea, as Bob alluded to, is to add<br>
"endpoint" as an option in place of Neutron port. But if we can make<br>
Nova EPG-aware, it would be great.<br>
<br>
<br>
Is anyone listening to what I'm saying? The term "endpoint" is<br>
obtuse and completely disregards the existing denotation of the word<br>
"endpoint" in use in OpenStack today.<br>
<br>
So, we've gone ahead and replaced the term "port" in the caller<br>
interface -- which, besides being too entirely too low-level,<br>
actually did describe what the object was -- to using a term<br>
"endpoint" that doesn't describe even remotely what the thing is (a<br>
template for a collection of networking-related policies and<br>
objects) and that already has a well-known definition in the<br>
OpenStack ecosystem.<br>
<br>
That is my point. That is why I brought up the comment on the<br>
original patch in the series that some docstrings would be helpful<br>
for those not entirely subscribed to the Tenets of National Dvorkinism.<br>
<br>
These interfaces should speak plain old concepts, not networking<br>
guru arcanum.<br>
<br>
Best,<br>
-jay<br>
<br>
On Tue, Aug 5, 2014 at 12:54 PM, Sumit Naiksatam<br>
<<a href="mailto:sumitnaiksatam@gmail.com" target="_blank">sumitnaiksatam@gmail.com</a> <mailto:<a href="mailto:sumitnaiksatam@gmail.com" target="_blank">sumitnaiksatam@gmail.<u></u>com</a>><br>
<mailto:<a href="mailto:sumitnaiksatam@gmail." target="_blank">sumitnaiksatam@gmail.</a>_<u></u>_com<br>
<mailto:<a href="mailto:sumitnaiksatam@gmail.com" target="_blank">sumitnaiksatam@gmail.<u></u>com</a>>>> wrote:<br>
<br>
That's right Kevin, EPG (and its association to the<br>
L2/3_Policy)<br>
capture the attributes which would represent the<br>
"network-template"<br>
being referenced here.<br>
<br>
Jay, what Bob mentioned here was an option to use the<br>
"endpoint" as a<br>
one-to-one replacement for the option of using a Neutron<br>
port. This is<br>
more so in the context of providing an evolutionary path<br>
(from the way<br>
Nova currently does it using a pre-defined port). However,<br>
if it makes<br>
sense to make Nova aware of the EPG right at the outset,<br>
then that is<br>
even better.<br>
<br>
I have also noted your suggestion on clarifying the "endpoint"<br>
terminology. This was already done in one of the patches<br>
you had<br>
reviewed earlier, and will do that in the first patch as<br>
well (where<br>
you pointed it out now).<br>
<br>
Thanks,<br>
~Sumit.<br>
<br>
On Tue, Aug 5, 2014 at 12:24 PM, Kevin Benton<br>
<<a href="mailto:blak111@gmail.com" target="_blank">blak111@gmail.com</a> <mailto:<a href="mailto:blak111@gmail.com" target="_blank">blak111@gmail.com</a>><br>
<mailto:<a href="mailto:blak111@gmail.com" target="_blank">blak111@gmail.com</a> <mailto:<a href="mailto:blak111@gmail.com" target="_blank">blak111@gmail.com</a>>>> wrote:<br>
> Specifying an endpoint group would achieve the<br>
--networking-template effects<br>
> you described. The endpoint group would have all of the<br>
security<br>
policies,<br>
> IP allocation policies, connectivity policies, etc.<br>
already setup.<br>
><br>
><br>
> On Tue, Aug 5, 2014 at 1:04 PM, Jay Pipes<br>
<<a href="mailto:jaypipes@gmail.com" target="_blank">jaypipes@gmail.com</a> <mailto:<a href="mailto:jaypipes@gmail.com" target="_blank">jaypipes@gmail.com</a>><br>
<mailto:<a href="mailto:jaypipes@gmail.com" target="_blank">jaypipes@gmail.com</a> <mailto:<a href="mailto:jaypipes@gmail.com" target="_blank">jaypipes@gmail.com</a>>>> wrote:<br>
>><br>
>> On 08/05/2014 01:13 PM, Robert Kukura wrote:<br>
>>><br>
>>><br>
>>> On 8/5/14, 11:04 AM, Gary Kotton wrote:<br>
>>>><br>
>>>> Hi,<br>
>>>> Is there any description of how this will be consumed<br>
by Nova. My<br>
>>>> concern is this code landing there.<br>
>>><br>
>>> Hi Gary,<br>
>>><br>
>>> Initially, an endpoint's port_id is passed to Nova<br>
using "nova<br>
boot ...<br>
>>> --nic port-id=<port-uuid> ...", requiring no changes<br>
to Nova.<br>
Later,<br>
>>> slight enhancements to Nova would allow using commands<br>
such as<br>
"nova<br>
>>> boot ... --nic ep-id=<endpoint-uuid> ..." or "nova<br>
boot ... --nic<br>
>>> epg-id=<endpoint-group-uuid> ...".<br>
>><br>
>><br>
>> Hi Bob,<br>
>><br>
>> How exactly is the above a friendlier API for the main<br>
user of<br>
Neutron,<br>
>> which is Nova? I thought one of the main ideas behind<br>
the GBP<br>
stuff was to<br>
>> create a more declarative and intuitive API for users<br>
of Neutron<br>
-- i.e.<br>
>> Nova -- to use in constructing needed networking<br>
objects. The<br>
above just<br>
>> seems to me to be exchanging one low-level object<br>
(port) with<br>
another<br>
>> low-level object (endpoint or endpoint group)?<br>
>><br>
>> Perhaps the disconnect is due to the term "endpoint"<br>
being used,<br>
which,<br>
>> everywhere else in the OpenStack universe, means<br>
something entirely<br>
>> different from GBP.<br>
>><br>
>> I guess, based on my understanding of the *intent* of<br>
the GBP<br>
API, I would<br>
>> have expected an API more like:<br>
>><br>
>> nova boot ... --networking-template <UUID><br>
>><br>
>> where --networking-template would refer to a network,<br>
subnet<br>
topology, IP<br>
>> assignment policy, collection of security groups and<br>
firewall<br>
policies that<br>
>> the tenant had established prior to booting an instance...<br>
thereby making<br>
>> the API more intuitive and less cluttered.<br>
>><br>
>> Or is it that I just don't understand this new "endpoint"<br>
terminology?<br>
>><br>
>> Best,<br>
>> -jay<br>
>><br>
>><br>
>> ______________________________<u></u>___________________<br>
>> OpenStack-dev mailing list<br>
>> OpenStack-dev@lists.openstack.<u></u>__org<br>
<mailto:<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.<u></u>openstack.org</a>><br>
<mailto:<a href="mailto:OpenStack-dev@lists." target="_blank">OpenStack-dev@lists.</a>__<a href="http://openstack.org" target="_blank"><u></u>openstack.org</a><br>
<mailto:<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.<u></u>openstack.org</a>>><br>
<br>
>><br>
<a href="http://lists.openstack.org/__cgi-bin/mailman/listinfo/__openstack-dev" target="_blank">http://lists.openstack.org/__<u></u>cgi-bin/mailman/listinfo/__<u></u>openstack-dev</a><br>
<<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/<u></u>cgi-bin/mailman/listinfo/<u></u>openstack-dev</a>><br>
><br>
><br>
><br>
><br>
> --<br>
> Kevin Benton<br>
><br>
> ______________________________<u></u>___________________<br>
> OpenStack-dev mailing list<br>
> OpenStack-dev@lists.openstack.<u></u>__org<br>
<mailto:<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.<u></u>openstack.org</a>><br>
<mailto:<a href="mailto:OpenStack-dev@lists." target="_blank">OpenStack-dev@lists.</a>__<a href="http://openstack.org" target="_blank"><u></u>openstack.org</a><br>
<mailto:<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.<u></u>openstack.org</a>>><br>
<br>
><br>
<a href="http://lists.openstack.org/__cgi-bin/mailman/listinfo/__openstack-dev" target="_blank">http://lists.openstack.org/__<u></u>cgi-bin/mailman/listinfo/__<u></u>openstack-dev</a><br>
<<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/<u></u>cgi-bin/mailman/listinfo/<u></u>openstack-dev</a>><br>
><br>
<br>
______________________________<u></u>___________________<br>
OpenStack-dev mailing list<br>
OpenStack-dev@lists.openstack.<u></u>__org<br>
<mailto:<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.<u></u>openstack.org</a>><br>
<mailto:<a href="mailto:OpenStack-dev@lists." target="_blank">OpenStack-dev@lists.</a>__<a href="http://openstack.org" target="_blank"><u></u>openstack.org</a><br>
<mailto:<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.<u></u>openstack.org</a>>><br>
<br>
<a href="http://lists.openstack.org/__cgi-bin/mailman/listinfo/__openstack-dev" target="_blank">http://lists.openstack.org/__<u></u>cgi-bin/mailman/listinfo/__<u></u>openstack-dev</a><br>
<<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/<u></u>cgi-bin/mailman/listinfo/<u></u>openstack-dev</a>><br>
<br>
<br>
<br>
<br>
______________________________<u></u>___________________<br>
OpenStack-dev mailing list<br>
OpenStack-dev@lists.openstack.<u></u>__org<br>
<mailto:<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.<u></u>openstack.org</a>><br>
<a href="http://lists.openstack.org/__cgi-bin/mailman/listinfo/__openstack-dev" target="_blank">http://lists.openstack.org/__<u></u>cgi-bin/mailman/listinfo/__<u></u>openstack-dev</a><br>
<<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/<u></u>cgi-bin/mailman/listinfo/<u></u>openstack-dev</a>><br>
<br>
<br>
______________________________<u></u>___________________<br>
OpenStack-dev mailing list<br>
OpenStack-dev@lists.openstack.<u></u>__org<br>
<mailto:<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.<u></u>openstack.org</a>><br>
<a href="http://lists.openstack.org/__cgi-bin/mailman/listinfo/__openstack-dev" target="_blank">http://lists.openstack.org/__<u></u>cgi-bin/mailman/listinfo/__<u></u>openstack-dev</a> <<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/<u></u>cgi-bin/mailman/listinfo/<u></u>openstack-dev</a>><br>
<br>
<br>
<br>
<br>
--<br>
Kevin Benton<br>
<br>
<br>
______________________________<u></u>_________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.<u></u>org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/<u></u>cgi-bin/mailman/listinfo/<u></u>openstack-dev</a><br>
<br>
</blockquote>
<br>
______________________________<u></u>_________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.<u></u>org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/<u></u>cgi-bin/mailman/listinfo/<u></u>openstack-dev</a><br>
</blockquote></div>
</div>