[openstack-dev] [nova] Undead DB objects: ProviderFirewallRule and InstanceGroupPolicy?
mriedem at linux.vnet.ibm.com
Tue Nov 18 22:19:40 UTC 2014
On 11/18/2014 3:57 PM, Matt Riedemann wrote:
> On 11/18/2014 3:28 PM, Vishvananda Ishaya wrote:
>> AFAIK they are relics.
>> On Nov 13, 2014, at 7:20 AM, Matthew Booth <mbooth at redhat.com> wrote:
>>> There are 3 db apis relating to ProviderFirewallRule:
>>> provider_fw_rule_create, provider_fw_rule_get_all, and
>>> provider_fw_rule_destroy. Of these, only provider_fw_rule_get_all seems
>>> to be used. i.e. It seems they can be queried, but not created.
>>> InstanceGroupPolicy doesn't seem to be used anywhere at all.
>>> _validate_instance_group_policy() in compute manager seems to be doing
>>> something else.
>>> Are these undead relics in need of a final stake through the heart, or
>>> is something else going on here?
>>> Matthew Booth
>>> Red Hat Engineering, Virtualisation Team
>>> Phone: +442070094448 (UK)
>>> GPG ID: D33C3490
>>> GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490
>>> OpenStack-dev mailing list
>>> OpenStack-dev at lists.openstack.org
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
> If they aren't used/exposed we should remove them. Looks like they were
> added back in Diablo and hooked in via the ec2 API, some related commits:
By the way, I found this:
That's the commit in Essex that removed the nova.api.ec2.admin module
which had the block_external_addresses API which used
provider_fw_rule_create, so after that nothing is using
provider_fw_rule_create except for some unit tests to mock it up in the
database for the virt drivers to test the firewall driver with nova-network.
Seems fair game to start removing this unusable code now.
More information about the OpenStack-dev