Open Stack

On Thursday, 4 de December de 2014 at 15:19, Ihar Hrachyshka wrote:  
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>  
> > On Thursday, 4 de December de 2014 at 15:06, Miguel Ángel Ajo
> > wrote:
> >  
> > >  
> > >  
> > > During Juno, we introduced the enhanced security groups rpc  
> > > (security_groups_info_for_devices) instead of  
> > > (security_group_rules_for_devices), and the ipset functionality
> > > to offload iptable chains a bit.
> > >  
> > >  
> > > Here I propose to:
> > >  
> > > 1) Remove the old security_group_info_for_devices, which was left
> > > to ease operators upgrade path from I to J (allowing running old
> > > openvswitch agents as we upgrade)
> > >  
> > > Doing this we can cleanup the current iptables firewall driver a
> > > bit from unused code paths.
> > >  
> >  
> >  
>  
>  
> +1.
>  
> > >  
> > > I suppose this would require a major RPC version bump.
> > >  
> > > 2) Remove the option to disable ipset (now it’s enabled by
> > > default and seems to be working without problems), and make it an
> > > standard way to handle “IP” groups from the iptables
> > > perspective.
> > >  
> >  
>  
>  
> Is ipset support present in all supported distributions?
>  

It is from Red Hat perspective, not sure Ubuntu, and the others, I think
Juno was targeted to ubuntu 14.04 only (which does have ipset kernel
support and it’s tool).

Ipset was in kernel since 2.4.x, but RHEL6/Centos6 didn’t ship
the tools neither enabled it on kernel (AFAIK).  

  
>  
> > >  
> > >  
> > > Thoughts?,
> > >  
> > > Best regards, Miguel Ángel Ajo
> > >  
> > > _______________________________________________ OpenStack-dev
> > > mailing list OpenStack-dev at lists.openstack.org (mailto:OpenStack-dev at lists.openstack.org)  
> > > <mailto:OpenStack-dev at lists.openstack.org>  
> > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> > >  
> >  
> >  
> >  
> >  
> > _______________________________________________ OpenStack-dev
> > mailing list OpenStack-dev at lists.openstack.org (mailto:OpenStack-dev at lists.openstack.org)  
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >  
>  
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
>  
> iQEcBAEBCgAGBQJUgG1jAAoJEC5aWaUY1u57aK4H/1G0R0NgURf1l7WCx27VqRDR
> jdFlYzecMk2E6h84Fv5tJgGqAm6mGEFUrLf8MJ9+kDB33Syb+zvxJc9v6CvMw7br
> o+Qjk4lbHiiko1W8kDmq+onjUDHExapTR1+PsSX0HmuEvwV8yrAm/VJyccAAiqB6
> XPrWG4Xft2zEp004/uT9jzJPeW4YhRNY84Sa2C1ghemzKn43QYlu8U3DfuDzfQFP
> 2MjzTwdP1FfBIX0jhXHrMlnHGuuxAscL9v6DM7Np2Iro6ExXK1ry9ex4/NWbdcIY
> sP9MkuA2wAMYE8pN1UM4LwSPg2rpEZEuwJfXyTohshcVHDoyPk81F4Q6R+ABPqM=
> =xzY6
> -----END PGP SIGNATURE-----
>  
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org (mailto:OpenStack-dev at lists.openstack.org)
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>  
>  


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20141204/2991cf62/attachment.html>