Open Stack

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

> On Thursday, 4 de December de 2014 at 15:06, Miguel Ángel Ajo
> wrote:
> 
>> 
>> 
>> During Juno, we introduced the enhanced security groups rpc 
>> (security_groups_info_for_devices) instead of 
>> (security_group_rules_for_devices), and the ipset functionality
>> to offload iptable chains a bit.
>> 
>> 
>> Here I propose to:
>> 
>> 1) Remove the old security_group_info_for_devices, which was left
>> to ease operators upgrade path from I to J (allowing running old
>> openvswitch agents as we upgrade)
>> 
>> Doing this we can cleanup the current iptables firewall driver a
>> bit from unused code paths.
>> 

+1.

>> 
>> I suppose this would require a major RPC version bump.
>> 
>> 2) Remove the option to disable ipset (now it’s enabled by
>> default and seems to be working without problems), and make it an
>> standard way to handle “IP” groups from the iptables
>> perspective.

Is ipset support present in all supported distributions?

>> 
>> 
>> Thoughts?,
>> 
>> Best regards, Miguel Ángel Ajo
>> 
>> _______________________________________________ OpenStack-dev
>> mailing list OpenStack-dev at lists.openstack.org 
>> <mailto:OpenStack-dev at lists.openstack.org> 
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>> 
> 
> 
> _______________________________________________ OpenStack-dev
> mailing list OpenStack-dev at lists.openstack.org 
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)

iQEcBAEBCgAGBQJUgG1jAAoJEC5aWaUY1u57aK4H/1G0R0NgURf1l7WCx27VqRDR
jdFlYzecMk2E6h84Fv5tJgGqAm6mGEFUrLf8MJ9+kDB33Syb+zvxJc9v6CvMw7br
o+Qjk4lbHiiko1W8kDmq+onjUDHExapTR1+PsSX0HmuEvwV8yrAm/VJyccAAiqB6
XPrWG4Xft2zEp004/uT9jzJPeW4YhRNY84Sa2C1ghemzKn43QYlu8U3DfuDzfQFP
2MjzTwdP1FfBIX0jhXHrMlnHGuuxAscL9v6DM7Np2Iro6ExXK1ry9ex4/NWbdcIY
sP9MkuA2wAMYE8pN1UM4LwSPg2rpEZEuwJfXyTohshcVHDoyPk81F4Q6R+ABPqM=
=xzY6
-----END PGP SIGNATURE-----