[openstack-dev] [neutron] Ipset, merge refactor for J?
Miguel Angel Ajo Pelayo
mangelajo at redhat.com
Tue Sep 16 05:12:08 UTC 2014
During the ipset implementatio, we designed a refactor [1] to cleanup
the firewall driver a bit, and move all the ipset low-level knowledge
down into the IpsetManager.
I'd like to see this merged for J, and, it's a bit of an urgent matter
to decide, because we keep adding small changes [2] [3] fruit of the
early testing which break the refactor, and will add extra work which
needs to be refactored too.
The advantage of merging now, vs in J, is having K & J share a more common
code base, which would help us during bug backports/etc in the future.
Shihanzhang and I, are happy to see this merge during K, as it doesn't
incur in functional changes, just code blocks are moved from the iptables
firewall driver to IpsetManager, and the corresponding tests are moved too.
This is where I'd like to see the driver going, in conjunction with a separate
driver for Iptables+Ipset, but that second part is change which
can't be done now (CI changes, documentation, etc.)
[1] https://review.openstack.org/#/c/120806/
[2] https://review.openstack.org/#/c/121455/
[3] to be done: not re-loading iptables when only ipset group members change.
[4] to be done: better locking strategy (brian haley is looking at that)
Best regards,
Miguel Ángel Ajo.
More information about the OpenStack-dev
mailing list