[openstack-dev] [neutron] Deprecating old security groups code / RPC.
Miguel Ángel Ajo
majopela at redhat.com
Thu Dec 4 14:10:50 UTC 2014
Sorry, adding [neutron] to the subject.
Miguel Ángel Ajo
On Thursday, 4 de December de 2014 at 15:06, Miguel Ángel Ajo wrote:
>
>
> During Juno, we introduced the enhanced security groups rpc (security_groups_info_for_devices) instead of (security_group_rules_for_devices),
> and the ipset functionality to offload iptable chains a bit.
>
>
> Here I propose to:
>
> 1) Remove the old security_group_info_for_devices, which was left to ease operators upgrade
> path from I to J (allowing running old openvswitch agents as we upgrade)
>
> Doing this we can cleanup the current iptables firewall driver a bit from unused code paths.
>
>
> I suppose this would require a major RPC version bump.
>
> 2) Remove the option to disable ipset (now it’s enabled by default and seems
> to be working without problems), and make it an standard way to handle “IP” groups
> from the iptables perspective.
>
>
> Thoughts?,
>
> Best regards,
> Miguel Ángel Ajo
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org (mailto:OpenStack-dev at lists.openstack.org)
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20141204/7b94d9ee/attachment.html>
More information about the OpenStack-dev
mailing list