On Mon, 2014-01-20 at 20:43 +0100, Ian Wells wrote:
> To my mind, it would make that much more sense if Neutron created,
> networked and firewalled a tap and returned it completely set up
> (versus now, where the VM can start with a half-configured set of
> separation and firewall rules that get pa
On 20 January 2014 10:13, Mathieu Rohon wrote:
> With such an architecture, we wouldn't have to tell neutron about
> vif_security or vif_type when it creates a port. When Neutron get
> called with port_create, it should only return the tap created.
>
Not entirely true. Not every libvirt port is
Hi
On Thu, Jan 16, 2014 at 11:27 PM, Nachi Ueno wrote:
> Hi Bob, Kyle
>
> I pushed (A) https://review.openstack.org/#/c/67281/.
> so could you review it?
>
> 2014/1/16 Robert Kukura :
>> On 01/16/2014 03:13 PM, Kyle Mestery wrote:
>>>
>>> On Jan 16, 2014, at 1:37 PM, Nachi Ueno wrote:
>>>
H
Thanks! Kyle
2014/1/16 Kyle Mestery :
> On Jan 16, 2014, at 4:27 PM, Nachi Ueno wrote:
>
>> Hi Bob, Kyle
>>
>> I pushed (A) https://review.openstack.org/#/c/67281/.
>> so could you review it?
>>
> Just did, looks good Nachi, thanks!
>
>> 2014/1/16 Robert Kukura :
>>> On 01/16/2014 03:13 PM, Kyle
On Jan 16, 2014, at 4:27 PM, Nachi Ueno wrote:
> Hi Bob, Kyle
>
> I pushed (A) https://review.openstack.org/#/c/67281/.
> so could you review it?
>
Just did, looks good Nachi, thanks!
> 2014/1/16 Robert Kukura :
>> On 01/16/2014 03:13 PM, Kyle Mestery wrote:
>>>
>>> On Jan 16, 2014, at 1:37 P
Hi Bob, Kyle
I pushed (A) https://review.openstack.org/#/c/67281/.
so could you review it?
2014/1/16 Robert Kukura :
> On 01/16/2014 03:13 PM, Kyle Mestery wrote:
>>
>> On Jan 16, 2014, at 1:37 PM, Nachi Ueno wrote:
>>
>>> Hi Amir
>>>
>>> 2014/1/16 Amir Sadoughi :
Hi all,
I just w
On 01/16/2014 03:13 PM, Kyle Mestery wrote:
>
> On Jan 16, 2014, at 1:37 PM, Nachi Ueno wrote:
>
>> Hi Amir
>>
>> 2014/1/16 Amir Sadoughi :
>>> Hi all,
>>>
>>> I just want to make sure I understand the plan and its consequences. I’m on
>>> board with the YAGNI principle of hardwiring mechanism
That also makes sense to me as the simplest option. Looking forward to all of
your patches.
Thanks,
Amir
On Jan 16, 2014, at 2:13 PM, Kyle Mestery
mailto:mest...@siliconloons.com>> wrote:
On Jan 16, 2014, at 1:37 PM, Nachi Ueno
mailto:na...@ntti3.com>> wrote:
Hi Amir
2014/1/16 Amir Sadoug
On Jan 16, 2014, at 1:37 PM, Nachi Ueno wrote:
> Hi Amir
>
> 2014/1/16 Amir Sadoughi :
>> Hi all,
>>
>> I just want to make sure I understand the plan and its consequences. I’m on
>> board with the YAGNI principle of hardwiring mechanism drivers to return
>> their firewall_driver types for n
Hi Amir
2014/1/16 Amir Sadoughi :
> Hi all,
>
> I just want to make sure I understand the plan and its consequences. I’m on
> board with the YAGNI principle of hardwiring mechanism drivers to return
> their firewall_driver types for now.
>
> However, after (A), (B), and (C) are completed, to all
Hi all,
I just want to make sure I understand the plan and its consequences. I’m on
board with the YAGNI principle of hardwiring mechanism drivers to return their
firewall_driver types for now.
However, after (A), (B), and (C) are completed, to allow for Open vSwitch-based
security groups (bl
Hi Mathieu, Bob
Thank you for your reply
OK let's do (A) - (C) for now.
(A) Remove firewall_driver from server side
Remove Noop <-- I'll write patch for this
(B) update ML2 with extend_port_dict <-- Bob will push new review for this
(C) Fix vif_security patch using (1) and (2). <-- I'll up
On 01/16/2014 04:43 AM, Mathieu Rohon wrote:
> Hi,
>
> your proposals make sense. Having the firewall driver configuring so
> much things looks pretty stange.
Agreed. I fully support proposed fix 1, adding enable_security_group
config, at least for ml2. I'm not sure whether making this sort of
ch
Hi,
your proposals make sense. Having the firewall driver configuring so
much things looks pretty stange.
Enabling security group should be a plugin/MD decision, not a driver decision.
For ML2, in a first implementation, having vif security based on
vif_type looks good too.
Once OVSfirewallDriver
Hi folks
Security group for OVS agent (ovs plugin or ML2) is being broken.
so we need vif_security port binding to fix this
(https://review.openstack.org/#/c/21946/)
We got discussed about the architecture for ML2 on ML2 weekly meetings, and
I wanna continue discussion in here.
Here is my propos
15 matches
Mail list logo