[openstack-dev] [Neutron] Group Based Policy and the way forward

Jay Pipes jaypipes at gmail.com
Tue Aug 5 19:04:45 UTC 2014


On 08/05/2014 01:13 PM, Robert Kukura wrote:
>
> On 8/5/14, 11:04 AM, Gary Kotton wrote:
>> Hi,
>> Is there any description of how this will be consumed by Nova. My
>> concern is this code landing there.
> Hi Gary,
>
> Initially, an endpoint's port_id is passed to Nova using "nova boot ...
> --nic port-id=<port-uuid> ...", requiring no changes to Nova. Later,
> slight enhancements to Nova would allow using commands such as "nova
> boot ... --nic ep-id=<endpoint-uuid> ..." or "nova boot ... --nic
> epg-id=<endpoint-group-uuid> ...".

Hi Bob,

How exactly is the above a friendlier API for the main user of Neutron, 
which is Nova? I thought one of the main ideas behind the GBP stuff was 
to create a more declarative and intuitive API for users of Neutron -- 
i.e. Nova -- to use in constructing needed networking objects. The above 
just seems to me to be exchanging one low-level object (port) with 
another low-level object (endpoint or endpoint group)?

Perhaps the disconnect is due to the term "endpoint" being used, which, 
everywhere else in the OpenStack universe, means something entirely 
different from GBP.

I guess, based on my understanding of the *intent* of the GBP API, I 
would have expected an API more like:

  nova boot ... --networking-template <UUID>

where --networking-template would refer to a network, subnet topology, 
IP assignment policy, collection of security groups and firewall 
policies that the tenant had established prior to booting an instance... 
thereby making the API more intuitive and less cluttered.

Or is it that I just don't understand this new "endpoint" terminology?

Best,
-jay



More information about the OpenStack-dev mailing list