<div style="font-family: Helvetica; font-size: 14px;"><br></div>
                <div><div><br></div><div><span style="color: rgb(160, 160, 168);">On Thursday, 4 de December de 2014 at 15:19, Ihar Hrachyshka wrote:</span></div></div>
                <blockquote type="cite" style="border-left-style:solid;border-width:1px;margin-left:0px;padding-left:10px;">
                    <span><div><div><div>-----BEGIN PGP SIGNED MESSAGE-----</div><div>Hash: SHA512</div><div><br></div><blockquote type="cite"><div><div>On Thursday, 4 de December de 2014 at 15:06, Miguel Ángel Ajo</div><div>wrote:</div><div><br></div><blockquote type="cite"><div><div><br></div><div><br></div><div>During Juno, we introduced the enhanced security groups rpc </div><div>(security_groups_info_for_devices) instead of </div><div>(security_group_rules_for_devices), and the ipset functionality</div><div>to offload iptable chains a bit.</div><div><br></div><div><br></div><div>Here I propose to:</div><div><br></div><div>1) Remove the old security_group_info_for_devices, which was left</div><div>to ease operators upgrade path from I to J (allowing running old</div><div>openvswitch agents as we upgrade)</div><div><br></div><div>Doing this we can cleanup the current iptables firewall driver a</div><div>bit from unused code paths.</div></div></blockquote></div></blockquote><div><br></div><div>+1.</div><div><br></div><blockquote type="cite"><blockquote type="cite"><div><div><br></div><div>I suppose this would require a major RPC version bump.</div><div><br></div><div>2) Remove the option to disable ipset (now it’s enabled by</div><div>default and seems to be working without problems), and make it an</div><div>standard way to handle “IP” groups from the iptables</div><div>perspective.</div></div></blockquote></blockquote><div><br></div><div>Is ipset support present in all supported distributions?</div><div><br></div></div></div></span></blockquote><div><br></div><div><span style="font-size: 14px;">It is from Red Hat perspective, not sure Ubuntu, and the others, I think</span></div><div><span style="font-size: 14px;">Juno was targeted to ubuntu 14.04 only (which does have ipset kernel</span></div><div><span style="font-size: 14px;">support and it’s tool).</span></div><div><br></div><div><span style="font-size: 14px;">Ipset was in kernel since 2.4.x, but RHEL6/Centos6 didn’t ship</span></div><div><span style="font-size: 14px;">the tools neither enabled it on kernel (AFAIK). </span></div><div><br></div><div> </div><blockquote type="cite" style="border-left-style:solid;border-width:1px;margin-left:0px;padding-left:10px;"><span><div><div><div></div><blockquote type="cite"><div><blockquote type="cite"><div><div><br></div><div><br></div><div>Thoughts?,</div><div><br></div><div>Best regards, Miguel Ángel Ajo</div><div><br></div><div>_______________________________________________ OpenStack-dev</div><div>mailing list <a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a> </div><div><<a href="mailto:OpenStack-dev@lists.openstack.org">mailto:OpenStack-dev@lists.openstack.org</a>> </div><div><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a></div></div></blockquote><div><br></div><blockquote type="cite"><div></div></blockquote><div><br></div><div><br></div><div>_______________________________________________ OpenStack-dev</div><div>mailing list <a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a> </div><div><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a></div></div></blockquote><div>-----BEGIN PGP SIGNATURE-----</div><div>Version: GnuPG/MacGPG2 v2.0.22 (Darwin)</div><div><br></div><div>iQEcBAEBCgAGBQJUgG1jAAoJEC5aWaUY1u57aK4H/1G0R0NgURf1l7WCx27VqRDR</div><div>jdFlYzecMk2E6h84Fv5tJgGqAm6mGEFUrLf8MJ9+kDB33Syb+zvxJc9v6CvMw7br</div><div>o+Qjk4lbHiiko1W8kDmq+onjUDHExapTR1+PsSX0HmuEvwV8yrAm/VJyccAAiqB6</div><div>XPrWG4Xft2zEp004/uT9jzJPeW4YhRNY84Sa2C1ghemzKn43QYlu8U3DfuDzfQFP</div><div>2MjzTwdP1FfBIX0jhXHrMlnHGuuxAscL9v6DM7Np2Iro6ExXK1ry9ex4/NWbdcIY</div><div>sP9MkuA2wAMYE8pN1UM4LwSPg2rpEZEuwJfXyTohshcVHDoyPk81F4Q6R+ABPqM=</div><div>=xzY6</div><div>-----END PGP SIGNATURE-----</div><div><br></div><div>_______________________________________________</div><div>OpenStack-dev mailing list</div><div><a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a></div><div><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a></div></div></div></span>
                 
                 
                 
                 
                </blockquote>
                 
                <div>
                    <br>
                </div>