Support upgrading neutron firewall driver
For some time, neutron + OVS has implemented security groups through iptables rules and a "hybrid plugging" mechanism that interposed a linuxbridge between a guest and the neutron integration bridge. Neutron now has an OVS firewall driver that may be preferred for some users so we will need some form of migration mechanism.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- Brent Eagles
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- Obsolete
- Series goal:
- Accepted for future
- Implementation:
-
Unknown
- Milestone target:
- None
- Started by
- Completed by
- Juan Antonio Osorio Robles
Related branches
Related bugs
Sprints
Whiteboard
Note that migrating individual guests is intrusive, effectively requiring that the network connections defined in the guest's domain XML (assuming libvirt) need be reconfigured.
beagles: Considering the risks involved, we should consider:
- the driving forces behind this
- get some idea of benefit/risk
- whether it can be made an optional "buy-in" on upgrade and satisfy our current requirements
- considering the above, should we have a spec
