[tripleo] moving tripleo-ipsec to independent release model
dsneddon at redhat.com
Mon Feb 15 23:20:12 UTC 2021
I have been in pre-deployment discussions with a couple of operators
over the last 18 months or so when it came up. I think the intent was to
use IPSEC hardware offload using the NIC, but I don't know if they ended
up using TLS in production once they learned that TLS was a vastly more
I think at the very least the presence of the IPSEC code and the fact
that it's being maintained gives the impression that it is a valid
option. There may be environments where IPSEC is used outside the
OpenStack deployment, and a desire for consistency. There may even be
some operators that would want to use both for the added layers of
defense, possibly using IPSEC offload to offset the performance impact.
I wouldn't be against deprecating it, but I think that the IPSEC code
still has some mind-share.
On 2/15/21 6:39 AM, Alex Schultz wrote:
> Is this thing still even used? I thought it was a temporary thing until
> TLS everywhere was finished. If it's not used we should just retire it.
> On Fri, Feb 12, 2021 at 7:35 AM Marios Andreou <marios at redhat.com
> <mailto:marios at redhat.com>> wrote:
> hello TripleO,
> per $subject I want to propose that tripleo-ipsec moves to the
> independent release model, as done recently for os-collect-config
> and friends at .
> The tripleo-ipsec repo hasn't had much/any commits in the last year
> . In fact, we hadn't even created a ussuri branch for this repo
> and no-one noticed (!).
> Because of the lack of stable/ussuri some of the release jobs
> failed, as discussed at  and which ttx tried to fix (thank you!)
> with .
> Unfortunately this hasn't resolved the issue and jobs are still
> failing, as discussed just now in openstack-release . If we agree
> to move tripleo-ipsec to independent then it will also resolve this
> build job issue.
> If we move tripleo-ipsec to independent it means we can still
> release it if required, but we will no longer create stable/branches
> for the repo.
> please voice any objections here or go and comment on the proposal
> at 
> thanks for reading!
> regards, marios
>  https://review.opendev.org/c/openstack/releases/+/772570
>  https://review.opendev.org/c/openstack/releases/+/772995
>  https://review.opendev.org/c/openstack/releases/+/775395
More information about the openstack-discuss