[openstack-dev] Deprecating old security groups code / RPC.
Miguel Ángel Ajo
majopela at redhat.com
Thu Dec 4 14:06:04 UTC 2014
During Juno, we introduced the enhanced security groups rpc (security_groups_info_for_devices) instead of (security_group_rules_for_devices),
and the ipset functionality to offload iptable chains a bit.
Here I propose to:
1) Remove the old security_group_info_for_devices, which was left to ease operators upgrade
path from I to J (allowing running old openvswitch agents as we upgrade)
Doing this we can cleanup the current iptables firewall driver a bit from unused code paths.
I suppose this would require a major RPC version bump.
2) Remove the option to disable ipset (now it’s enabled by default and seems
to be working without problems), and make it an standard way to handle “IP” groups
from the iptables perspective.
Thoughts?,
Best regards,
Miguel Ángel Ajo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20141204/17531a4f/attachment.html>
More information about the OpenStack-dev
mailing list