On Fri, 9 Dec 2016 at 7:51 AM, joehuang <joehu...@huawei.com> wrote: > > > > > > Hi all,
> Then I will update these things in the document. I would like to suggest that we will consider this as requirement lock and > proceed further with the implementation of single resource-sync. once this thing is implemented/commited in gerrit. > Further improvements like syncing all resources or a bunch of resources > will come in later part. > Thanks Goutham > Hello, Goutham, > > > > > > > For os-sync API, two suggestions: > > > > > > > > 1. we need to use POST but not put for this action > > > 2. Even for single resource sync, "ID" should be part of the request body, > but not as part of the URL path. > > > > > > > > > > > > > > > > > Best Regards > > > Chaoyi Huang (joehuang) > > > > > > > > > ------------------------------ > > > *From:* opnfv-tech-discuss-boun...@lists.opnfv.org [ > opnfv-tech-discuss-boun...@lists.opnfv.org] on behalf of joehuang [ > joehu...@huawei.com] > > > *Sent:* 07 December 2016 16:32 > > > *To:* Goutham Pratapa > > > *Cc:* Ashish singh; caizhiyuan (A); opnfv-tech-discuss > > > > *Subject:* Re: [opnfv-tech-discuss] [multisite] Secgroup syncing Approach > > > > > > > > > > > Hello, two comments in the doc. Need to discuss this in the weekly meeting. > > > > > > > > > > Best Regards > > > Chaoyi Huang (joehuang) > > > > > > > > > ------------------------------ > > > *From:* Goutham Pratapa [goutham.prat...@tcs.com] > > > *Sent:* 07 December 2016 14:15 > > > *To:* joehuang > > > *Cc:* Ashish Singh7; Dimitri Mazmanov; Ashish singh; caizhiyuan (A); > Meimei; opnfv-tech-discuss; Sama, Malla Reddy; Zhipeng Huang; > pratapagout...@gmail.com > > > *Subject:* RE: [opnfv-tech-discuss][multisite] Secgroup syncing Approach > > > > > > > > > > Hi all, > > > > > > > > Made some comments regarding Syncing of multiple keypairs at a time > > > > > > > https://docs.google.com/document/d/1N6HFAFUT5BbEp1wbnYjgaKdOlyJanwkXccv-_1zsVQc/edit?disco=AAAAA4VEf0U > > > > > > as off now we have implemented keypair-sync for a *specified keypair* or > sync > > *all* keypairs > > > > > > Ashish and I thought this option will also help. > > > > > > Please find the link and provide your feedback on this. > > > > > > Thanks > > Goutham > > > > > > > > > > > -----joehuang <joehu...@huawei.com> wrote: ----- > > > > To: Goutham Pratapa <goutham.prat...@tcs.com> > > > From: joehuang <joehu...@huawei.com> > > > Date: 11/30/2016 06:57PM > > > Cc: Ashish Singh7 <ashish.sin...@tcs.com>, Dimitri Mazmanov < > dimitri.mazma...@ericsson.com>, Ashish singh <ashishsingh...@gmail.com>, > "caizhiyuan (A)" <caizhiyu...@huawei.com>, Meimei <mei...@huawei.com>, > opnfv-tech-discuss <opnfv-tech-discuss@lists.opnfv.org>, > > "Sama, Malla Reddy" <s...@docomolab-euro.com>, Zhipeng Huang < > zhipengh...@gmail.com>, "pratapagout...@gmail.com" < > pratapagout...@gmail.com> > > > Subject: RE: [opnfv-tech-discuss][multisite] Secgroup syncing Approach > > > > > > hello, Goutham, > > > > > > > When I tried to review your update, and click "see new changes", it said > you have removed the update, I did not find the update yet. > > > > > > > > Best Regards > > > Chaoyi Huang (joehuang) > > > > > > > ------------------------------ > > > *From:* Goutham Pratapa [goutham.prat...@tcs.com] > > > *Sent:* 29 November 2016 17:09 > > > *To:* joehuang > > > *Cc:* Ashish Singh7; Dimitri Mazmanov; Ashish singh; caizhiyuan (A); > Meimei; opnfv-tech-discuss; Sama, Malla Reddy; Zhipeng Huang; > pratapagout...@gmail.com > > > *Subject:* RE: [opnfv-tech-discuss][multisite] Secgroup syncing Approach > > > > > > > > > > Hi all, > > > > > > I have made some comments regarding the keypair syncing. > > > > > > which allows user to sync only specified keypair and option for syncing > all keypairs. > > > > > > Thanks > > Goutham > > > > > > > > > > > -----joehuang <joehu...@huawei.com> wrote: ----- > > > > To: Ashish Singh7 <ashish.sin...@tcs.com> > > > From: joehuang <joehu...@huawei.com> > > > Date: 11/01/2016 01:59PM > > > Cc: Dimitri Mazmanov <dimitri.mazma...@ericsson.com>, Ashish singh < > ashishsingh...@gmail.com>, "caizhiyuan (A)" <caizhiyu...@huawei.com>, > Meimei <mei...@huawei.com>, opnfv-tech-discuss < > opnfv-tech-discuss@lists.opnfv.org>, "Sama, Malla Reddy" < > s...@docomolab-euro.com>, > > Zhipeng Huang <zhipengh...@gmail.com>, Goutham Pratapa < > goutham.prat...@tcs.com>, "pratapagout...@gmail.com" < > pratapagout...@gmail.com> > > > Subject: RE: [opnfv-tech-discuss][multisite] Secgroup syncing Approach > > > > > > Just one more comment for this action: > > > > > > > "All the resources(based on resource-type) from region 1 will be copied to > region 2 and 3 leaving the overlapped > > ones where resource name being the identifier. " > > > > > > > > I think we can add one option to allow the force replacement for the > overlapping items. If the user select force replacement, then > > the overlapping item should be fully replaced with the items from the > source region > > > > > > > > > > Best Regards > > > Chaoyi Huang (joehuang) > > > > > > > ------------------------------ > > > *From:* Ashish Singh7 [ashish.sin...@tcs.com] > > > *Sent:* 01 November 2016 14:52 > > > *To:* joehuang > > > *Cc:* Dimitri Mazmanov; Ashish singh; caizhiyuan (A); Meimei; > opnfv-tech-discuss; Sama, Malla Reddy; Zhipeng Huang; Goutham Pratapa; > pratapagout...@gmail.com > > > *Subject:* RE: [opnfv-tech-discuss][multisite] Secgroup syncing Approach > > > > > > > > > > Hi Joe, > > > > > > Thanks for the comments, have incorporated those. > > > > > > > > > Regards > > > Ashish Singh > > > Tata Consultancy Services > > > Cell:- 9030419618 > > > Mailto: ashish.sin...@tcs.com > > > Website: http://www.tcs.com > > > ____________________________________________ > > > Experience certainty. IT Services > > > Business Solutions > > > Consulting > > > ____________________________________________ > > > > > > > > > -----joehuang <joehu...@huawei.com> wrote: ----- > > > > To: Ashish Singh7 <ashish.sin...@tcs.com> > > > From: joehuang <joehu...@huawei.com> > > > Date: 11/01/2016 08:03AM > > > Cc: Dimitri Mazmanov <dimitri.mazma...@ericsson.com>, Ashish singh < > ashishsingh...@gmail.com>, "caizhiyuan (A)" <caizhiyu...@huawei.com>, > Meimei <mei...@huawei.com>, opnfv-tech-discuss < > opnfv-tech-discuss@lists.opnfv.org>, "Sama, Malla Reddy" < > s...@docomolab-euro.com>, > > Zhipeng Huang <zhipengh...@gmail.com>, Goutham Pratapa < > goutham.prat...@tcs.com>, "pratapagout...@gmail.com" < > pratapagout...@gmail.com> > > > Subject: RE: [opnfv-tech-discuss][multisite] Secgroup syncing Approach > > > > > > > > Ashish, > > > > > > > > > Some minor comment has been added in the doc > > > > > > > > Best Regards > > > Chaoyi Huang (joehuang) > > > > > > > > > ------------------------------ > > > *From:* Ashish Singh7 [ashish.sin...@tcs.com] > > > *Sent:* 27 October 2016 16:59 > > > *To:* joehuang > > > *Cc:* Dimitri Mazmanov; Ashish singh; caizhiyuan (A); Meimei; > opnfv-tech-discuss; Sama, Malla Reddy; Zhipeng Huang; Goutham Pratapa; > pratapagout...@gmail.com > > > *Subject:* RE: [opnfv-tech-discuss][multisite] Secgroup syncing Approach > > > > > > > > > > > > > > Hi All, > > > > > > Have replied to the comment and added API structure as well. > > > Have a look and comment accordingly. > > > > > > > > > Regards > > > Ashish Singh > > > Tata Consultancy Services > > > Cell:- 9030419618 > > > Mailto: ashish.sin...@tcs.com > > > Website: http://www.tcs.com > > > ____________________________________________ > > > Experience certainty. IT Services > > > Business Solutions > > > Consulting > > > ____________________________________________ > > > > > > > > > > > -----joehuang <joehu...@huawei.com> wrote: ----- > > > > > > To: Ashish Singh7 <ashish.sin...@tcs.com> > > > From: joehuang <joehu...@huawei.com> > > > Date: 10/27/2016 01:35AM > > > Cc: Dimitri Mazmanov <dimitri.mazma...@ericsson.com>, Ashish singh < > ashishsingh...@gmail.com>, "caizhiyuan (A)" <caizhiyu...@huawei.com>, > Meimei <mei...@huawei.com>, opnfv-tech-discuss < > opnfv-tech-discuss@lists.opnfv.org>, "Sama, Malla Reddy" < > s...@docomolab-euro.com>, > > Zhipeng Huang <zhipengh...@gmail.com>, Goutham Pratapa < > goutham.prat...@tcs.com>, "pratapagout...@gmail.com" < > pratapagout...@gmail.com> > > > Subject: RE: [opnfv-tech-discuss][multisite] Secgroup syncing Approach > > > > > > > > Hello, Ashish, > > > > > > > Good update, just one comment in the doc. > > > > > > > > Best Regards > > > Chaoyi Huang (joehuang) > > > > > > > ------------------------------ > > > *From:* Ashish Singh7 [ashish.sin...@tcs.com] > > > *Sent:* 26 October 2016 18:40 > > > *To:* joehuang > > > *Cc:* Dimitri Mazmanov; Ashish singh; caizhiyuan (A); Meimei; > opnfv-tech-discuss; Sama, Malla Reddy; Zhipeng Huang; Goutham Pratapa; > pratapagout...@gmail.com > > > *Subject:* RE: [opnfv-tech-discuss][multisite] Secgroup syncing Approach > > > > > > > > > > > > Hi All, > > > > > > Have added ssh-keys in place of secgroup in the document as per our latest > discussion. > > > Please have a look and comment accordingly. > > > > > > Regards > > > Ashish Singh > > > Tata Consultancy Services > > > Cell:- 9030419618 > > > Mailto: ashish.sin...@tcs.com > > > Website: http://www.tcs.com > > > ____________________________________________ > > > Experience certainty. IT Services > > > Business Solutions > > > Consulting > > > ____________________________________________ > > > > > > > > > > > -----joehuang <joehu...@huawei.com> wrote: ----- > > > > To: Dimitri Mazmanov <dimitri.mazma...@ericsson.com>, Ashish Singh < > ashish.sin...@tcs.com> > > > From: joehuang <joehu...@huawei.com> > > > Date: 10/11/2016 08:11AM > > > Cc: Ashish singh <ashishsingh...@gmail.com>, "caizhiyuan (A)" < > caizhiyu...@huawei.com>, Meimei <mei...@huawei.com>, opnfv-tech-discuss < > opnfv-tech-discuss@lists.opnfv.org>, "Sama, Malla Reddy" < > s...@docomolab-euro.com>, Zhipeng Huang <zhipengh...@gmail.com> > > > Subject: RE: [opnfv-tech-discuss][multisite] Secgroup syncing Approach > > > > > > Hello, > > > > > > > the following comment is also added in the doc: > > > > > > > > My opinion is to exclude SEG from the sync in Kingbird, because SEG sync > action will lead to data plane in unpredictable situation > > during multi-region concurrent CRUD operation, this is some action will > greatly impact the tenant's data plane service immediately, especially SEG > is for security purpose. > > > > > > For KeyPair, because it's user based granularity resource, that means will > be manipulated by single user, so the con-currency is not an > > issue. But we have to allow the user being able to start the sync, but not > only Admin role > > > > > > > > Best Regards > > > Chaoyi Huang (joehuang) > > > > > > > ------------------------------ > > > *From:* Dimitri Mazmanov [dimitri.mazma...@ericsson.com] > > > *Sent:* 10 October 2016 18:24 > > > *To:* joehuang; Ashish Singh > > > *Cc:* Ashish singh; caizhiyuan (A); Meimei; opnfv-tech-discuss; Sama, > Malla Reddy; Zhipeng Huang > > > *Subject:* Re: [opnfv-tech-discuss][multisite] Secgroup syncing Approach > > > > > > > > > > > > > > Hi, > > > Please see my comments as well > > > > > > > > > > *From: *joehuang <joehu...@huawei.com> > > > *Date: *Sunday, 9 October 2016 at 03:24 > > > *To: *Ashish Singh <ashish.sin...@tcs.com> > > > *Cc: *Ashish singh <ashishsingh...@gmail.com>, "caizhiyuan (A)" < > caizhiyu...@huawei.com>, Dimitri Mazmanov <dimitri.mazma...@ericsson.com>, > Meimei <mei...@huawei.com>, opnfv-tech-discuss < > opnfv-tech-discuss@lists.opnfv.org>, "Sama, Malla Reddy" < > s...@docomolab-euro.com>, > > Zhipeng Huang <zhipengh...@gmail.com> > > > *Subject: *RE: [opnfv-tech-discuss][multisite] Secgroup syncing Approach > > > > > > > > > > > > > > Hello, Ashish, > > > > > > > > > > > > > More comments in the doc. Thank you. > > > > > > > > > > > > Best Regards > > > > > Chaoyi Huang (joehuang) > > > > > > > > > > > ------------------------------ > > > > > > > *From:* Ashish Singh7 [ashish.sin...@tcs.com] > > > *Sent:* 04 October 2016 14:51 > > > *To:* joehuang > > > *Cc:* Ashish singh; caizhiyuan (A); Dimitri Mazmanov; Meimei; > opnfv-tech-discuss; Sama, Malla Reddy; Zhipeng Huang > > > *Subject:* RE: [opnfv-tech-discuss][multisite] Secgroup syncing Approach > > > > > > > > > Hi Joe, > > > > > > > > > > > > > > I have replied, Please check. > > > > > > > > > > > > > > > > > Regards > > > Ashish Singh > > > Tata Consultancy Services > > > Cell:- 9030419618 > > > Mailto: ashish.sin...@tcs.com > > > Website: http://www.tcs.com > > > ____________________________________________ > > > Experience certainty. IT Services > > > Business Solutions > > > Consulting > > > ____________________________________________ > > > > > > > > > > > -----joehuang <joehu...@huawei.com> wrote: ----- > > > > > > > > To: Ashish Singh7 <ashish.sin...@tcs.com> > > > From: joehuang <joehu...@huawei.com> > > > Date: 10/04/2016 12:19PM > > > Cc: Ashish singh <ashishsingh...@gmail.com>, "caizhiyuan (A)" < > caizhiyu...@huawei.com>, Dimitri Mazmanov <dimitri.mazma...@ericsson.com>, > Meimei <mei...@huawei.com>, opnfv-tech-discuss < > opnfv-tech-discuss@lists.opnfv.org>, "Sama, Malla Reddy" < > s...@docomolab-euro.com>, > > Zhipeng Huang <zhipengh...@gmail.com> > > > Subject: RE: [opnfv-tech-discuss][multisite] Secgroup syncing Approach > > > > > Thank you Ashish, comments are put in the document. > > > > > > > > > > > > > > > Best Regards > > > > > Chaoyi Huang (joehuang) > > > > > > > > > > > ------------------------------ > > > > > > > *From:* Ashish Singh7 [ashish.sin...@tcs.com] > > > *Sent:* 29 September 2016 22:04 > > > *To:* joehuang > > > *Cc:* Ashish singh; caizhiyuan (A); Dimitri Mazmanov; Meimei; > opnfv-tech-discuss; Sama, Malla Reddy; Zhipeng Huang > > > *Subject:* RE: [opnfv-tech-discuss][multisite] Secgroup syncing Approach > > > > > > > > > Hi All, > > > > > > > > > > > > > > I have updated the document with an approach to solve concurrency problem. > > > > > > > > > > > > > > Please have a look and comment accordingly. > > > > > > > > > > > > > > > > > > > > > Regards > > > Ashish Singh > > > Tata Consultancy Services > > > Cell:- 9030419618 > > > Mailto: ashish.sin...@tcs.com > > > Website: http://www.tcs.com > > > ____________________________________________ > > > Experience certainty. IT Services > > > Business Solutions > > > Consulting > > > ____________________________________________ > > > > > > > > > > > -----joehuang <joehu...@huawei.com> wrote: ----- > > > > > > > > To: Ashish Singh7 <ashish.sin...@tcs.com> > > > From: joehuang <joehu...@huawei.com> > > > Date: 09/27/2016 09:10AM > > > Cc: Ashish singh <ashishsingh...@gmail.com>, "caizhiyuan (A)" < > caizhiyu...@huawei.com>, Dimitri Mazmanov <dimitri.mazma...@ericsson.com>, > Meimei <mei...@huawei.com>, opnfv-tech-discuss < > opnfv-tech-discuss@lists.opnfv.org>, "Sama, Malla Reddy" < > s...@docomolab-euro.com>, > > Zhipeng Huang <zhipengh...@gmail.com> > > > Subject: RE: [opnfv-tech-discuss][multisite] Secgroup syncing Approach > > > > > Hello, Ashish, > > > > > > > > > > > > > Thank you for the BP and doc, see comments in the doc. > > > > > > > > > > > > > > > Best Regards > > > > > Chaoyi Huang (joehuang) > > > > > > > > > > > ------------------------------ > > > > > > > *From:* Ashish Singh7 [ashish.sin...@tcs.com] > > > *Sent:* 26 September 2016 18:28 > > > *To:* joehuang > > > *Cc:* Ashish singh; caizhiyuan (A); Dimitri Mazmanov; Meimei; > opnfv-tech-discuss; Sama, Malla Reddy; Zhipeng Huang > > > *Subject:* RE: [opnfv-tech-discuss][multisite] Secgroup syncing Approach > > > > > > > Hi All, > > > > > > > > I have registered a blueprint on "Resouce Syncing" and tied with a > supporting document. > > > > > > > > Blueprint: > > > > > *https://blueprints.launchpad.net/kingbird/+spec/resource-syncing* > <https://blueprints.launchpad.net/kingbird/+spec/resource-syncing> > > > > > > > > > > Google Docs link > > > > > > *https://docs.google.com/document/d/1N6HFAFUT5BbEp1wbnYjgaKdOlyJanwkXccv-_1zsVQc/edit?usp=sharing* > <https://docs.google.com/document/d/1N6HFAFUT5BbEp1wbnYjgaKdOlyJanwkXccv-_1zsVQc/edit?usp=sharing> > > > > > > > > > > > Let us use this to discuss the feature and finalize it. > > > > > > > > Regards > > > Ashish Singh > > > Tata Consultancy Services > > > Cell:- 9030419618 > > > Mailto: ashish.sin...@tcs.com > > > Website: http://www.tcs.com > > > ____________________________________________ > > > Experience certainty. IT Services > > > Business Solutions > > > Consulting > > > ____________________________________________ > > > > > > > > > > > > > > > From: joehuang <joehu...@huawei.com> > > > > > To: Ashish singh <ashishsingh...@gmail.com>, opnfv-tech-discuss < > opnfv-tech-discuss@lists.opnfv.org>, > > "caizhiyuan (A)" <caizhiyu...@huawei.com>, Meimei <mei...@huawei.com>, > "Sama, Malla Reddy" <s...@docomolab-euro.com>, Zhipeng Huang < > zhipengh...@gmail.com>, "Dimitri Mazmanov" <dimitri.mazma...@ericsson.com>, > Ashish Singh7 <ashish.sin...@tcs.com> > > > > > Date: 09/21/2016 02:23 PM > > > > > Subject: RE: [opnfv-tech-discuss][multisite] Secgroup syncing > Approach > > > > > > ------------------------------ > > > > > > > > > > > > > > Hello team, > > > > > > > > Last year, use case 4 was discussed, some network related requirements > were identified: > > https://etherpad.opnfv.org/p/multisite_centralized_servic > <https://etherpad.opnfv.org/p/multisite_centralized_service> > > > > > > > - global view for tenant level IP address / mac address space > management > > > > > If a tenant has networks in multiple region, and these networks are > routable (for example, connected with VPN), then, IP address may be > duplicated. Need a global view for IP address space management > > > > > > > > > > - If IP v4 used, this issue needs to be considered. For IPv6, it > should not be a problem. IR - disagree with this statement. This > requirement is important not just for prevention of duplicate > > address. > > > For security and other reasons it's important to know which IP > Addresses (IPv4 and IPv6) are used in which region. > > > > > Can we also extend such requirement to MAC address tracking? > > > > > Can we also extend such requirement to mapping for floating and > public IP Addresses > > > > > > > > > - A service to clone security groups across regions > > > > > No appropriate service to security groups across multiple region if > the tenant has resources distributed, has to set the security groups in > different region manually. > > > > > > > And during the discussion thread with netready, one more issue identified > > http://lists.opnfv.org/pipermail/opnfv-tech-discuss/2016-July/011499.html: > > > > > > > - VxLAN pool cross site management for VxLAN segmentation allocation > > > > All these issues needs to be addressed, we can discuss them together. > > > > > > > > Tricircle( now Tricircle team is working on the cleaning to make Tricircle > dedicated for networking automation across Neutron, mentioned below) could > be the reference, the design blueprint has just been updated > > for your reference: > https://docs.google.com/document/d/1zcxwl8xMEpxVCqLTce2-dUOtB-ObmzJTbV1uSQ6qTsY/ > , > > local network and shared VLAN network and L3 has been implemented in > Newton release. Of course, in NFV area, L2 networking should be enough in > most scenario. > > > > > > > > And the spec for Tricircle Local Neutron Plugin is in review: > > https://review.openstack.org/#/c/368529/ > > > > > > > > Best Regards > > > > > Chaoyi Huang (joehuang) > > > > > > ------------------------------ > > > > > > > > *From:* joehuang > > > *Sent:* 09 September 2016 16:59 > > > *To:* Ashish singh; opnfv-tech-discuss; caizhiyuan (A); Meimei; Sama, > Malla Reddy; Zhipeng Huang; Dimitri Mazmanov; Ashish Singh7 > > > *Subject:* RE: [opnfv-tech-discuss][multisite] Secgroup syncing Approach > > > > > > Hello, Ashish, > > > > > > > > I think sync itself (if excluding the remote sec-group) is not complex, > the complexity is to ensure the rules set in different region of Neutron > will not conflict with each other. Otherwise, > > it'll become mess. > > > > > > So I agree with you "We must use neutron to perform all our operations as > with neutron we have total control > > over it." (Is my understanding correct?) > > > > > > That's the way of Tricircle(please forgive me to explain a little: > Tricircle now is only a project about networking automation across Neutron. > And the Nova/Cinder API-Gateway > > part will be moved to Trio2o, a new created project: > https://docs.google.com/presentation/d/1kpVo5rsL6p_rq9TvkuczjommJSsisDiKJiurbhaQg7E/edit > ),And > > the SEG sync has been implemented in the Tricircle, and we are now doing > the tricircle splitting and cleaning. > > > > > > > > If we implement seg sync in Kingbird, we have to write lots of duplicated > code which has already done in Neutron, for example, SEG CRUD, rule CRUD, > validation, rule checking, default rule > > management, etc. > > > > > > Best Regards > > > > > Chaoyi Huang(joehuang) > > > > > > ------------------------------ > > > > > > > > *From:* Ashish singh [ashishsingh...@gmail.com] > > > *Sent:* 08 September 2016 23:57 > > > *To:* opnfv-tech-discuss; caizhiyuan (A); Meimei; Sama, Malla Reddy; > Zhipeng Huang; Ashish singh; Dimitri Mazmanov; joehuang; Ashish Singh7 > > > *Subject:* [opnfv-tech-discuss][multisite] Secgroup syncing Approach > > > > > > Hi All, > > > > > > > > I have drafted a basic approach for security group synching in release D > and it is as follows. > > > > > > > > - Get list of secgroups with rules for a tenant from all the regions > which do not have remote group references(currently, we ignore remote > secgroup references as there can be lot nested dependencies). > > > > > - Traverse each region and do the following > > > - Get the list of secgroup which are present in all the regions > except the current region, These are the secgroups which we need to sync in > current region: say it GRP_TO_BE_SYNCED > > > > > - There can be case where the secgroup from GRP_TO_BE_SYNCED may > have the same rules as the secgroup in current region(If not initially but > which will obviously happen after a sync job). > > > > > - Traverse through the GRP_TO_BE_SYNCED and check if there are such > secgroups(rules overlapping groups), if there, ignore it. After this > filtering, the remaining secgroup will be the final list of secgroup which > should be created for the current region. > > > > > - Create the secgroup with the final list of secgroups in the > region. > > > > > - Repeat the process for all the tenant in batches. > > > > > The default security group is not syned, as I feel region specific default > secgroup has to there in each region. > > > > > > > > We must use neutron to perform all our operations as with neutron we have > total control over it. > > > > > > > > > > > For creating a security group we need the following information > > > > > > > > --tenant-id TENANT_ID > > > > > The owner tenant ID. > > > > > --description DESCRIPTION > > > > > Description of security group rule. > > > > > --direction {ingress,egress} > > > > > Direction of traffic: ingress/egress. > > > > > --ethertype ETHERTYPE > > > > > IPv4/IPv6 > > > > > --protocol PROTOCOL Protocol of packet. Allowed values are [icmp, > icmpv6, > > > > > tcp, udp] and integer representations [0-255] > > > > > --port-range-min PORT_RANGE_MIN > > > > > Starting port range. For ICMP it is type. > > > > > --port-range-max PORT_RANGE_MAX Ending port range. For ICMP it is > code. > > > > > --remote-ip-prefix REMOTE_IP_PREFIX > > > > > CIDR to match on. > > > > > We have all these details with us available. > > > > > > > > > > > Let us take this forward, Please review/comment. > > > > > > -- > > > Best Regards, > > > > > Ashish Singh > > > > =====-----=====-----===== > > > Notice: The information contained in this e-mail > > > message and/or attachments to it may contain > > > confidential or privileged information. If you are > > > not the intended recipient, any dissemination, use, > > > review, distribution, printing or copying of the > > > information contained in this e-mail message > > > and/or attachments to it are strictly prohibited. If > > > you have received this communication in error, > > > please notify us by reply e-mail or telephone and > > > immediately and permanently delete the message > > > and any attachments. Thank you > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > opnfv-tech-discuss mailing list > > opnfv-tech-discuss@lists.opnfv.org > > https://lists.opnfv.org/mailman/listinfo/opnfv-tech-discuss > >
_______________________________________________ opnfv-tech-discuss mailing list opnfv-tech-discuss@lists.opnfv.org https://lists.opnfv.org/mailman/listinfo/opnfv-tech-discuss