On Thu, Dec 4, 2014 at 8:40 AM, Miguel Ángel Ajo <majop...@redhat.com> wrote: > > > On Thursday, 4 de December de 2014 at 15:19, Ihar Hrachyshka wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > On Thursday, 4 de December de 2014 at 15:06, Miguel Ángel Ajo > wrote: > > > > During Juno, we introduced the enhanced security groups rpc > (security_groups_info_for_devices) instead of > (security_group_rules_for_devices), and the ipset functionality > to offload iptable chains a bit. > > > Here I propose to: > > 1) Remove the old security_group_info_for_devices, which was left > to ease operators upgrade path from I to J (allowing running old > openvswitch agents as we upgrade) > > Doing this we can cleanup the current iptables firewall driver a > bit from unused code paths. > > > +1. > > > I suppose this would require a major RPC version bump. > > 2) Remove the option to disable ipset (now it’s enabled by > default and seems to be working without problems), and make it an > standard way to handle “IP” groups from the iptables > perspective. > > > Is ipset support present in all supported distributions? > > > It is from Red Hat perspective, not sure Ubuntu, and the others, I think > Juno was targeted to ubuntu 14.04 only (which does have ipset kernel > support and it’s tool). > > Ipset was in kernel since 2.4.x, but RHEL6/Centos6 didn’t ship > the tools neither enabled it on kernel (AFAIK). > Once we verify Ubuntu's support for ipset (kernel and user tools), I'm +1 to this proposal. RHEL/CentOS/Fedora and SuSe look good.
Thanks, Kyle > > > > > Thoughts?, > > Best regards, Miguel Ángel Ajo > > _______________________________________________ OpenStack-dev > mailing list OpenStack-dev@lists.openstack.org > <mailto:OpenStack-dev@lists.openstack.org> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > > _______________________________________________ OpenStack-dev > mailing list OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG/MacGPG2 v2.0.22 (Darwin) > > iQEcBAEBCgAGBQJUgG1jAAoJEC5aWaUY1u57aK4H/1G0R0NgURf1l7WCx27VqRDR > jdFlYzecMk2E6h84Fv5tJgGqAm6mGEFUrLf8MJ9+kDB33Syb+zvxJc9v6CvMw7br > o+Qjk4lbHiiko1W8kDmq+onjUDHExapTR1+PsSX0HmuEvwV8yrAm/VJyccAAiqB6 > XPrWG4Xft2zEp004/uT9jzJPeW4YhRNY84Sa2C1ghemzKn43QYlu8U3DfuDzfQFP > 2MjzTwdP1FfBIX0jhXHrMlnHGuuxAscL9v6DM7Np2Iro6ExXK1ry9ex4/NWbdcIY > sP9MkuA2wAMYE8pN1UM4LwSPg2rpEZEuwJfXyTohshcVHDoyPk81F4Q6R+ABPqM= > =xzY6 > -----END PGP SIGNATURE----- > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
