Refactor IpsetManager to have proper separation of concerns
IptablesFirewal
the current implementation of IptablesFirewal
about how ipset works, and how to optimize the way we work with ip sets.
There are also misleading references to ipsets as "ipset_chains" in IptablesFirewal
those references should be corrected to "ipsets" or "sets" to avoid confusion.
The extent of this change should not modify functionality, and unit tests checking the
specific knowledge previously handled in the IptablesFirewall Driver should be moved
to talk with the IpsetManager now.
Intent here is to provide a better foundation for later L2 agent refactors which otherwise
would find the same issues with the IpsetManager needing to reimplement it's logic
partially.
Blueprint information
- Status:
- Complete
- Approver:
- Kyle Mestery
- Priority:
- High
- Drafter:
- Miguel Angel Ajo
- Direction:
- Approved
- Assignee:
- Miguel Angel Ajo
- Definition:
- Approved
- Series goal:
- Accepted for kilo
- Implementation:
- Implemented
- Milestone target:
- 2015.1.0
- Started by
- Miguel Angel Ajo
- Completed by
- Miguel Angel Ajo
Related branches
Related bugs
Sprints
Whiteboard
December-18 (mestery): Kilo-2.
Gerrit topic: https:/
Addressed by: https:/
IpsetManager refactoring
amotoki (Dec 8, 2014)
Originally this work was planned as a part of blueprint https:/
Mark and I suggested to ajo to register this. This work is very straight-forward and I believe it can be approved without a corresponding spec review. I suggest to target this to Kilo-1.