[openstack-dev] Deprecating old security groups code / RPC.

Miguel Ángel Ajo majopela at redhat.com
Thu Dec 4 14:06:04 UTC 2014



During Juno, we introduced the enhanced security groups rpc (security_groups_info_for_devices) instead of (security_group_rules_for_devices),  
and the ipset functionality to offload iptable chains a bit.


Here I propose to:

1) Remove the old security_group_info_for_devices, which was left to ease operators upgrade  
path from I to J (allowing running old openvswitch agents as we upgrade)

Doing this we can cleanup the current iptables firewall driver a bit from unused code paths.


I suppose this would require a major RPC version bump.

2) Remove the option to disable ipset (now it’s enabled by default and seems  
to be working without problems), and make it an standard way to handle “IP” groups  
from the iptables perspective.


Thoughts?,

Best regards,
Miguel Ángel Ajo

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20141204/17531a4f/attachment.html>


More information about the OpenStack-dev mailing list