)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":27336,"name":"XiaojueGuan","email":"xiaojueguan@gmail.com","username":"XiaojueGuan"},"change_message_id":"3f977bdc3aa04f444ac9e3685ff93e90108f41d4","unresolved":true,"context_lines":[{"line_number":4,"context_line":"Commit:     wu.chunyang \u003cwchy1001@gmail.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2023-07-03 07:55:07 +0000"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Add network isolating for trove"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"this PR adds a network_isolating config option for trove,"},{"line_number":10,"context_line":"with network_isolating enabled, trove guest agent will"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":13,"id":"9886fabe_cc357af9","line":7,"updated":"2023-07-04 01:39:38.000000000","message":"i think isolation can be more proper","commit_id":"edab3f87a53072729087b4e0f734f2b3f74c37ba"},{"author":{"_account_id":27336,"name":"XiaojueGuan","email":"xiaojueguan@gmail.com","username":"XiaojueGuan"},"change_message_id":"3f977bdc3aa04f444ac9e3685ff93e90108f41d4","unresolved":true,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Add network isolating for trove"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"this PR adds a network_isolating config option for trove,"},{"line_number":10,"context_line":"with network_isolating enabled, trove guest agent will"},{"line_number":11,"context_line":"plug the user defined port to database container by"},{"line_number":12,"context_line":"docker host_nic network driver which is implemented in this PR."}],"source_content_type":"text/x-gerrit-commit-message","patch_set":13,"id":"433e542a_b0e03041","line":9,"range":{"start_line":9,"start_character":15,"end_line":9,"end_character":32},"updated":"2023-07-04 01:39:38.000000000","message":"ditto","commit_id":"edab3f87a53072729087b4e0f734f2b3f74c37ba"},{"author":{"_account_id":27336,"name":"XiaojueGuan","email":"xiaojueguan@gmail.com","username":"XiaojueGuan"},"change_message_id":"3f977bdc3aa04f444ac9e3685ff93e90108f41d4","unresolved":true,"context_lines":[{"line_number":7,"context_line":"Add network isolating for trove"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"this PR adds a network_isolating config option for trove,"},{"line_number":10,"context_line":"with network_isolating enabled, trove guest agent will"},{"line_number":11,"context_line":"plug the user defined port to database container by"},{"line_number":12,"context_line":"docker host_nic network driver which is implemented in this PR."},{"line_number":13,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":13,"id":"139528c6_1c4c5279","line":10,"range":{"start_line":10,"start_character":32,"end_line":10,"end_character":49},"updated":"2023-07-04 01:39:38.000000000","message":"agent in trove guest","commit_id":"edab3f87a53072729087b4e0f734f2b3f74c37ba"},{"author":{"_account_id":27336,"name":"XiaojueGuan","email":"xiaojueguan@gmail.com","username":"XiaojueGuan"},"change_message_id":"3f977bdc3aa04f444ac9e3685ff93e90108f41d4","unresolved":true,"context_lines":[{"line_number":7,"context_line":"Add network isolating for trove"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"this PR adds a network_isolating config option for trove,"},{"line_number":10,"context_line":"with network_isolating enabled, trove guest agent will"},{"line_number":11,"context_line":"plug the user defined port to database container by"},{"line_number":12,"context_line":"docker host_nic network driver which is implemented in this PR."},{"line_number":13,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":13,"id":"cf569335_cad2e388","line":10,"range":{"start_line":10,"start_character":5,"end_line":10,"end_character":22},"updated":"2023-07-04 01:39:38.000000000","message":"ditto","commit_id":"edab3f87a53072729087b4e0f734f2b3f74c37ba"},{"author":{"_account_id":27336,"name":"XiaojueGuan","email":"xiaojueguan@gmail.com","username":"XiaojueGuan"},"change_message_id":"3f977bdc3aa04f444ac9e3685ff93e90108f41d4","unresolved":true,"context_lines":[{"line_number":12,"context_line":"docker host_nic network driver which is implemented in this PR."},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"docker host_nic network driver is a simple driver to plug host"},{"line_number":15,"context_line":"nic to a container. this driver supports ipv4,ipv6 and dual-stack."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"more details please see the story."},{"line_number":18,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":13,"id":"6a53fbce_5a3801a8","line":15,"range":{"start_line":15,"start_character":51,"end_line":15,"end_character":65},"updated":"2023-07-04 01:39:38.000000000","message":"is dual-stack","commit_id":"edab3f87a53072729087b4e0f734f2b3f74c37ba"},{"author":{"_account_id":27336,"name":"XiaojueGuan","email":"xiaojueguan@gmail.com","username":"XiaojueGuan"},"change_message_id":"3f977bdc3aa04f444ac9e3685ff93e90108f41d4","unresolved":true,"context_lines":[{"line_number":14,"context_line":"docker host_nic network driver is a simple driver to plug host"},{"line_number":15,"context_line":"nic to a container. this driver supports ipv4,ipv6 and dual-stack."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"more details please see the story."},{"line_number":18,"context_line":""},{"line_number":19,"context_line":"story: 2010733"},{"line_number":20,"context_line":"task: 47957"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":13,"id":"487d0254_41271c31","line":17,"range":{"start_line":17,"start_character":0,"end_line":17,"end_character":12},"updated":"2023-07-04 01:39:38.000000000","message":"For more details,","commit_id":"edab3f87a53072729087b4e0f734f2b3f74c37ba"}],"/PATCHSET_LEVEL":[{"author":{"_account_id":26285,"name":"wu.chunyang","email":"wchy1001@gmail.com","username":"wu.chunyang"},"change_message_id":"3419b595816ca1d0a61b09c55ce6a9958d472d28","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"1c2ba7b5_ef8bfafd","updated":"2023-05-08 15:45:02.000000000","message":"Hi, could you help review this resolution?  any suggestion is welcome.","commit_id":"d1b0b277eaf107f0b29041503afe1d78c6b26f43"},{"author":{"_account_id":31737,"name":"Hirotaka Wakabayashi","email":"hiwkby@yahoo.com","username":"hiwkby"},"change_message_id":"c45a987e76ece3b73cca3eea2ad7e90c2190c0be","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"060bfbfa_40a735af","updated":"2023-05-18 07:05:19.000000000","message":"Hello Wu! Generally +1 if Trove users optionally use this feature. Docs for users to run this feature properly are probably needed as well when they need to add some additional configurations.\n\nI think this patch changes the way of the IP assignment of Docker containers but let me check this patch in details this weekend because I am little confusing that this patch affects the IP assignment of Trove\u0027s guest compute instance as well. I think changing the Docker network driver does affect to assign the container’s IP, not cause to assign the compute instances’s ones.","commit_id":"6a8aa47cd7eac4e50e82d02e3b589eec8a1cd15e"},{"author":{"_account_id":31737,"name":"Hirotaka Wakabayashi","email":"hiwkby@yahoo.com","username":"hiwkby"},"change_message_id":"256ffd832297a326a7089029b694ad3bdaaa6248","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"e7bea867_43d02272","updated":"2023-05-09 21:30:49.000000000","message":"Hi Wu, Thanks for your great patch! I will review this in this weekend.","commit_id":"6a8aa47cd7eac4e50e82d02e3b589eec8a1cd15e"},{"author":{"_account_id":26285,"name":"wu.chunyang","email":"wchy1001@gmail.com","username":"wu.chunyang"},"change_message_id":"a60136e4ab474ab780b3336347f4feb578b8cbc7","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"cf18e700_4e014d16","updated":"2023-05-16 14:07:30.000000000","message":"recheck guest-agent timeout","commit_id":"6a8aa47cd7eac4e50e82d02e3b589eec8a1cd15e"},{"author":{"_account_id":26285,"name":"wu.chunyang","email":"wchy1001@gmail.com","username":"wu.chunyang"},"change_message_id":"bc9991fe54dcd2418ae148e2ae000086fcfeb751","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"4f76cb56_1c703252","updated":"2023-05-17 03:55:05.000000000","message":"recheck network issue","commit_id":"6a8aa47cd7eac4e50e82d02e3b589eec8a1cd15e"},{"author":{"_account_id":26285,"name":"wu.chunyang","email":"wchy1001@gmail.com","username":"wu.chunyang"},"change_message_id":"3980e9fdaf47d44a8d2480afc9d3cd643ad720a1","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"bc4fad61_e7d77938","in_reply_to":"060bfbfa_40a735af","updated":"2023-05-18 14:04:13.000000000","message":"Hi, this driver will NOT affect instance\u0027s ip assignment. only works inside the instance. Currently, trove instance may have two nics, one is management port, and the other is business port, this driver is aim to plug the business port to database container and configure(not run dhclient in container) the ip inside the container and No change in instance side. \nBTW why we need network isolation is inspired of octavia project.","commit_id":"6a8aa47cd7eac4e50e82d02e3b589eec8a1cd15e"},{"author":{"_account_id":26285,"name":"wu.chunyang","email":"wchy1001@gmail.com","username":"wu.chunyang"},"change_message_id":"c619c3abda8a4e0e4a6cb564fecda39959dff4c6","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"ab064baf_b5ce03cd","in_reply_to":"e7bea867_43d02272","updated":"2023-05-12 08:20:39.000000000","message":"thanks, it seems CI has failed, I am try to fix it now.","commit_id":"6a8aa47cd7eac4e50e82d02e3b589eec8a1cd15e"},{"author":{"_account_id":26285,"name":"wu.chunyang","email":"wchy1001@gmail.com","username":"wu.chunyang"},"change_message_id":"4bce24f89554691a18c32244bbad4e06f32c2098","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":8,"id":"7e070c13_7eeab156","updated":"2023-06-30 01:32:10.000000000","message":"Hi, Bo, Hirotaka,  could you help to review this patch? thanks in advance.","commit_id":"35296005685fd1b1d3929f8071fad791fb9b9420"},{"author":{"_account_id":31737,"name":"Hirotaka Wakabayashi","email":"hiwkby@yahoo.com","username":"hiwkby"},"change_message_id":"2da0a6fa8a5cf8899a61c0a7cb21b16f6ccc801f","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":8,"id":"a72bae50_d6d4739e","in_reply_to":"7e070c13_7eeab156","updated":"2023-07-04 01:19:07.000000000","message":"Sure, I will review this patch today.","commit_id":"35296005685fd1b1d3929f8071fad791fb9b9420"},{"author":{"_account_id":26285,"name":"wu.chunyang","email":"wchy1001@gmail.com","username":"wu.chunyang"},"change_message_id":"48c1f943c63bfb23fd7e8732f186fdaa614dc010","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":8,"id":"c0130e74_4ec51f42","in_reply_to":"a72bae50_d6d4739e","updated":"2023-07-04 10:34:03.000000000","message":"Currently, it seems that there was something wrong in our devstack installation. the guest vm appears to be unable to access internet to install requirements.","commit_id":"35296005685fd1b1d3929f8071fad791fb9b9420"},{"author":{"_account_id":31737,"name":"Hirotaka Wakabayashi","email":"hiwkby@yahoo.com","username":"hiwkby"},"change_message_id":"92f28122dad378c56908a14304cb8f20bbd12885","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":24,"id":"5d8b7788_e6b64293","updated":"2023-07-05 05:34:46.000000000","message":"Hello wu! Sorry for the delay. The patch is a little big. it mostly LGTM.:)\n\nThis patch keeps compatible and current users can update the version without changing their configuration because `network_isolation` directive is `False` as a default and the directive are injected to the guest-agent\u0027s Virtual Machine.\n\nI have not yet test it, but I am wondering how backup and restore containers can access database containers on the isolated network.\n\nAfter victoria, network topology starts gradually to be complicated and administrators have to login to controller nodes to see it. Before victoria, they can check it by executing \u0027openstack security group` command family.","commit_id":"7f53225cc28773d8e59eb47b010d48db56ae4aa5"},{"author":{"_account_id":26285,"name":"wu.chunyang","email":"wchy1001@gmail.com","username":"wu.chunyang"},"change_message_id":"ac7e309ebaddebaed47b540e43854c1a547fbff8","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":24,"id":"5d9a3137_940935da","in_reply_to":"5d8b7788_e6b64293","updated":"2023-07-05 06:40:56.000000000","message":"As i known, the backup doesn\u0027t depend on the network, the previous code only use the HOST network. i have added a new zuul jobs to test backup with network_isolation enabled. currently, the CI is not passed, because we add new  modules in requirement, the trove instances is unable to connect to internet to install it, this seems something wrong in neutron installation. i will submit a new patch to work around this problem.","commit_id":"7f53225cc28773d8e59eb47b010d48db56ae4aa5"},{"author":{"_account_id":26285,"name":"wu.chunyang","email":"wchy1001@gmail.com","username":"wu.chunyang"},"change_message_id":"7481c95d1a94c60a54e8f9b586573ffa8b6fbb92","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":26,"id":"79fdb5d1_888436f4","updated":"2023-07-06 01:14:41.000000000","message":"wow , CI passed , it was caused by the docker package, when docker installed, it generates iptables rules, which block our public network.","commit_id":"aca532ef887b959a92abfc06abf7830bc40aa918"},{"author":{"_account_id":26285,"name":"wu.chunyang","email":"wchy1001@gmail.com","username":"wu.chunyang"},"change_message_id":"e615423f7c297af9c176a2af0cc4d86a6c877c90","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":37,"id":"b44c381e_6ed41d1b","updated":"2023-07-14 09:45:16.000000000","message":"Hi, Hirotaka,  I refactor the docker-hostnic drive to use a unix socket instead of TCP:PORT. in this solution, we only need to enable the docker-hostnic.socket. when this socket receive a request, systemd will activate the docker-hostnic.service. otherwise, docker-hostnic.service will not get started. In this patch, I am not sure the documents, if possible, please help me to update docs. thanks in advance.","commit_id":"f2d19a38a6173cc1f49f11ef2a353fc1fe47c8fa"},{"author":{"_account_id":26285,"name":"wu.chunyang","email":"wchy1001@gmail.com","username":"wu.chunyang"},"change_message_id":"b909c3bda4d04b79d41845cafe7ef547631493b2","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":37,"id":"6c4f9b8f_f7030511","in_reply_to":"566f57a1_e1b23c4a","updated":"2023-07-26 05:54:27.000000000","message":"Hi, i am going to merge this commit recently, Could you help me to review this patch again ? currently, all CI jobs are passed , the job\ntrove-tempest-mysql-network-isolation used to test network isolation.","commit_id":"f2d19a38a6173cc1f49f11ef2a353fc1fe47c8fa"},{"author":{"_account_id":31737,"name":"Hirotaka Wakabayashi","email":"hiwkby@yahoo.com","username":"hiwkby"},"change_message_id":"27cd5ef342e200bd5ced598335732fb273ca53ad","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":37,"id":"566f57a1_e1b23c4a","in_reply_to":"b44c381e_6ed41d1b","updated":"2023-07-25 23:05:38.000000000","message":"Hello Wu, Sure, I think the usage of a unix domain socket is safer and better than the one of TCP in this case.:)","commit_id":"f2d19a38a6173cc1f49f11ef2a353fc1fe47c8fa"},{"author":{"_account_id":26285,"name":"wu.chunyang","email":"wchy1001@gmail.com","username":"wu.chunyang"},"change_message_id":"d541173b8115e4886447d1ed437dd2e813be09a8","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":38,"id":"9435c8fc_318b6727","updated":"2023-07-17 02:22:01.000000000","message":"recheck postgres jobs","commit_id":"8bc5977cfab6ba4e4fd823db339f0750a6d0ef9f"},{"author":{"_account_id":26285,"name":"wu.chunyang","email":"wchy1001@gmail.com","username":"wu.chunyang"},"change_message_id":"c2911395163db93d8e1eeac5b8d80ab2af1820c6","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":41,"id":"f033fcb7_83779fc5","updated":"2023-08-03 01:24:55.000000000","message":"recheck build instance timeout","commit_id":"d755f8252fbb5fdc4dd97851165cc7aadc9cbcb8"}],"doc/source/admin/network_isolating.rst":[{"author":{"_account_id":27336,"name":"XiaojueGuan","email":"xiaojueguan@gmail.com","username":"XiaojueGuan"},"change_message_id":"3f977bdc3aa04f444ac9e3685ff93e90108f41d4","unresolved":true,"context_lines":[{"line_number":7,"context_line":"Isolate bussiness network from management network"},{"line_number":8,"context_line":"-------------------------------------------------"},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"This document is aim to help administrator to configure network_isolation in trove."},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"before ``Bobcat`` release, trove didn\u0027t isolate the management network from bussiness network, sometimes, this"},{"line_number":13,"context_line":"may cause network performance issue or security issue. after that, trove adds a new configure option to configure"}],"source_content_type":"text/x-rst","patch_set":13,"id":"0efaaedf_f56a8332","line":10,"range":{"start_line":10,"start_character":14,"end_line":10,"end_character":20},"updated":"2023-07-04 01:39:38.000000000","message":"aims","commit_id":"edab3f87a53072729087b4e0f734f2b3f74c37ba"},{"author":{"_account_id":27336,"name":"XiaojueGuan","email":"xiaojueguan@gmail.com","username":"XiaojueGuan"},"change_message_id":"3f977bdc3aa04f444ac9e3685ff93e90108f41d4","unresolved":true,"context_lines":[{"line_number":9,"context_line":""},{"line_number":10,"context_line":"This document is aim to help administrator to configure network_isolation in trove."},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"before ``Bobcat`` release, trove didn\u0027t isolate the management network from bussiness network, sometimes, this"},{"line_number":13,"context_line":"may cause network performance issue or security issue. after that, trove adds a new configure option to configure"},{"line_number":14,"context_line":"network isolation."},{"line_number":15,"context_line":""}],"source_content_type":"text/x-rst","patch_set":13,"id":"dac43440_e6f06fc5","line":12,"updated":"2023-07-04 01:39:38.000000000","message":"Before","commit_id":"edab3f87a53072729087b4e0f734f2b3f74c37ba"},{"author":{"_account_id":27336,"name":"XiaojueGuan","email":"xiaojueguan@gmail.com","username":"XiaojueGuan"},"change_message_id":"3f977bdc3aa04f444ac9e3685ff93e90108f41d4","unresolved":true,"context_lines":[{"line_number":10,"context_line":"This document is aim to help administrator to configure network_isolation in trove."},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"before ``Bobcat`` release, trove didn\u0027t isolate the management network from bussiness network, sometimes, this"},{"line_number":13,"context_line":"may cause network performance issue or security issue. after that, trove adds a new configure option to configure"},{"line_number":14,"context_line":"network isolation."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"network_isolation has the following effects:"}],"source_content_type":"text/x-rst","patch_set":13,"id":"bd609ed9_8a04e043","line":13,"range":{"start_line":13,"start_character":55,"end_line":13,"end_character":65},"updated":"2023-07-04 01:39:38.000000000","message":"In case of that,","commit_id":"edab3f87a53072729087b4e0f734f2b3f74c37ba"},{"author":{"_account_id":27336,"name":"XiaojueGuan","email":"xiaojueguan@gmail.com","username":"XiaojueGuan"},"change_message_id":"3f977bdc3aa04f444ac9e3685ff93e90108f41d4","unresolved":true,"context_lines":[{"line_number":13,"context_line":"may cause network performance issue or security issue. after that, trove adds a new configure option to configure"},{"line_number":14,"context_line":"network isolation."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"network_isolation has the following effects:"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"* Don\u0027t check the overlap between management networks cidrs and bussiness networks cidrs anymore."},{"line_number":19,"context_line":"  with network_isloating enabled, trove allows the same cidrs between management networks"}],"source_content_type":"text/x-rst","patch_set":13,"id":"2f2d2caa_cc2d8170","line":16,"range":{"start_line":16,"start_character":36,"end_line":16,"end_character":43},"updated":"2023-07-04 01:39:38.000000000","message":"behaviors and requirements","commit_id":"edab3f87a53072729087b4e0f734f2b3f74c37ba"},{"author":{"_account_id":27336,"name":"XiaojueGuan","email":"xiaojueguan@gmail.com","username":"XiaojueGuan"},"change_message_id":"3f977bdc3aa04f444ac9e3685ff93e90108f41d4","unresolved":true,"context_lines":[{"line_number":15,"context_line":""},{"line_number":16,"context_line":"network_isolation has the following effects:"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"* Don\u0027t check the overlap between management networks cidrs and bussiness networks cidrs anymore."},{"line_number":19,"context_line":"  with network_isloating enabled, trove allows the same cidrs between management networks"},{"line_number":20,"context_line":"  and bussiness network."},{"line_number":21,"context_line":""}],"source_content_type":"text/x-rst","patch_set":13,"id":"1f3e8cb6_e2a59d3e","line":18,"range":{"start_line":18,"start_character":2,"end_line":18,"end_character":13},"updated":"2023-07-04 01:39:38.000000000","message":"Trove Will not check","commit_id":"edab3f87a53072729087b4e0f734f2b3f74c37ba"},{"author":{"_account_id":27336,"name":"XiaojueGuan","email":"xiaojueguan@gmail.com","username":"XiaojueGuan"},"change_message_id":"3f977bdc3aa04f444ac9e3685ff93e90108f41d4","unresolved":true,"context_lines":[{"line_number":16,"context_line":"network_isolation has the following effects:"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"* Don\u0027t check the overlap between management networks cidrs and bussiness networks cidrs anymore."},{"line_number":19,"context_line":"  with network_isloating enabled, trove allows the same cidrs between management networks"},{"line_number":20,"context_line":"  and bussiness network."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"* Must configure the management_networks in configure file. management network is responsible for"}],"source_content_type":"text/x-rst","patch_set":13,"id":"8601a9db_51a68ef3","line":19,"range":{"start_line":19,"start_character":56,"end_line":19,"end_character":61},"updated":"2023-07-04 01:39:38.000000000","message":"cidrs exist","commit_id":"edab3f87a53072729087b4e0f734f2b3f74c37ba"},{"author":{"_account_id":27336,"name":"XiaojueGuan","email":"xiaojueguan@gmail.com","username":"XiaojueGuan"},"change_message_id":"3f977bdc3aa04f444ac9e3685ff93e90108f41d4","unresolved":true,"context_lines":[{"line_number":16,"context_line":"network_isolation has the following effects:"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"* Don\u0027t check the overlap between management networks cidrs and bussiness networks cidrs anymore."},{"line_number":19,"context_line":"  with network_isloating enabled, trove allows the same cidrs between management networks"},{"line_number":20,"context_line":"  and bussiness network."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"* Must configure the management_networks in configure file. management network is responsible for"}],"source_content_type":"text/x-rst","patch_set":13,"id":"008da3f6_b132addf","line":19,"updated":"2023-07-04 01:39:38.000000000","message":"this","commit_id":"edab3f87a53072729087b4e0f734f2b3f74c37ba"},{"author":{"_account_id":27336,"name":"XiaojueGuan","email":"xiaojueguan@gmail.com","username":"XiaojueGuan"},"change_message_id":"3f977bdc3aa04f444ac9e3685ff93e90108f41d4","unresolved":true,"context_lines":[{"line_number":20,"context_line":"  and bussiness network."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"* Must configure the management_networks in configure file. management network is responsible for"},{"line_number":23,"context_line":"  connecting with rabbitMQ and docker registry. with management being not configured, trove will not"},{"line_number":24,"context_line":"  set the isolation in guest VMs."},{"line_number":25,"context_line":""},{"line_number":26,"context_line":""}],"source_content_type":"text/x-rst","patch_set":13,"id":"db82883c_81c0cd6b","line":23,"range":{"start_line":23,"start_character":53,"end_line":23,"end_character":63},"updated":"2023-07-04 01:39:38.000000000","message":"management_networks","commit_id":"edab3f87a53072729087b4e0f734f2b3f74c37ba"},{"author":{"_account_id":27336,"name":"XiaojueGuan","email":"xiaojueguan@gmail.com","username":"XiaojueGuan"},"change_message_id":"3f977bdc3aa04f444ac9e3685ff93e90108f41d4","unresolved":true,"context_lines":[{"line_number":20,"context_line":"  and bussiness network."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"* Must configure the management_networks in configure file. management network is responsible for"},{"line_number":23,"context_line":"  connecting with rabbitMQ and docker registry. with management being not configured, trove will not"},{"line_number":24,"context_line":"  set the isolation in guest VMs."},{"line_number":25,"context_line":""},{"line_number":26,"context_line":""}],"source_content_type":"text/x-rst","patch_set":13,"id":"5f5c8dcb_b166ac5a","line":23,"range":{"start_line":23,"start_character":64,"end_line":23,"end_character":73},"updated":"2023-07-04 01:39:38.000000000","message":"not being","commit_id":"edab3f87a53072729087b4e0f734f2b3f74c37ba"},{"author":{"_account_id":27336,"name":"XiaojueGuan","email":"xiaojueguan@gmail.com","username":"XiaojueGuan"},"change_message_id":"3f977bdc3aa04f444ac9e3685ff93e90108f41d4","unresolved":true,"context_lines":[{"line_number":21,"context_line":""},{"line_number":22,"context_line":"* Must configure the management_networks in configure file. management network is responsible for"},{"line_number":23,"context_line":"  connecting with rabbitMQ and docker registry. with management being not configured, trove will not"},{"line_number":24,"context_line":"  set the isolation in guest VMs."},{"line_number":25,"context_line":""},{"line_number":26,"context_line":""},{"line_number":27,"context_line":"Configure network_isloating"}],"source_content_type":"text/x-rst","patch_set":13,"id":"90522066_08a3786f","line":24,"range":{"start_line":24,"start_character":10,"end_line":24,"end_character":19},"updated":"2023-07-04 01:39:38.000000000","message":"isolation network?","commit_id":"edab3f87a53072729087b4e0f734f2b3f74c37ba"}],"doc/source/admin/network_isolation.rst":[{"author":{"_account_id":31737,"name":"Hirotaka Wakabayashi","email":"hiwkby@yahoo.com","username":"hiwkby"},"change_message_id":"3c2e213b7a87813c2c4f6c59320b9183100c162d","unresolved":true,"context_lines":[{"line_number":11,"context_line":""},{"line_number":12,"context_line":"before ``Bobcat`` release, trove didn\u0027t isolate the management network from bussiness network, sometimes, this"},{"line_number":13,"context_line":"may cause network performance issue or security issue. after that, trove adds a new configure option to configure"},{"line_number":14,"context_line":"network isolation."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"network_isolation has the following effects:"},{"line_number":17,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"9a4ae418_b8d09444","line":14,"updated":"2023-07-05 04:39:31.000000000","message":"\u003e this may cause network performance issue or security issue.\n\nUnless I misunderstood the patch, it provides Trove users with another way to isolate database containers. This patch implements network isolation as a `docker network driver plugin`(*1). Docker instances on Trove\u0027s Virtual Machine are currently isolated by using a `docker bridge`, which means all containers that connected to the same bridge network can communicate with each other and they can not communicate with containers that are connected the other bridges. \n\nIn terms of security issue, I think one security issue of the current Trove can occur when users use `docker host mode network`. Using this mode, the container shares the host’s networking namespace. The container network can be same with Trove\u0027s Virtual Machine network.\n\nIn terms of performance issue, I do not understand it very well in this review but we should describe some reasons for good performance or show some situations where users can improve performance, which can help users to use this feature. I think performance generally depends on various reasons and not easy to understand. Changing network drivers may improve performance in some situations or may not.\n\n--\n1: https://docs.docker.com/engine/extend/plugins_network/","commit_id":"1d8848e0cb4ab82ad8935a21af4cc2eef74753f7"},{"author":{"_account_id":26285,"name":"wu.chunyang","email":"wchy1001@gmail.com","username":"wu.chunyang"},"change_message_id":"aa408ec199c975dd8198a29cc4fbf52e45e0b2f2","unresolved":true,"context_lines":[{"line_number":11,"context_line":""},{"line_number":12,"context_line":"before ``Bobcat`` release, trove didn\u0027t isolate the management network from bussiness network, sometimes, this"},{"line_number":13,"context_line":"may cause network performance issue or security issue. after that, trove adds a new configure option to configure"},{"line_number":14,"context_line":"network isolation."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"network_isolation has the following effects:"},{"line_number":17,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"f48c20dc_bd623704","line":14,"in_reply_to":"053785f6_6847a680","updated":"2023-07-07 03:20:58.000000000","message":"yes, eth1 is an example for user-defined port. it\u0027s actual name may be called ens33 or something like in the VM， we identify this nic by the mac_address, which the trove-taskmanager pass through to the guest_agent.  when we enable network_isolation, we also disable the bridge mode for docker in the VM. BTW， what\u0027s the meaning of yovole0  here? i didn\u0027t remember that i mention it.","commit_id":"1d8848e0cb4ab82ad8935a21af4cc2eef74753f7"},{"author":{"_account_id":26285,"name":"wu.chunyang","email":"wchy1001@gmail.com","username":"wu.chunyang"},"change_message_id":"ac7e309ebaddebaed47b540e43854c1a547fbff8","unresolved":true,"context_lines":[{"line_number":11,"context_line":""},{"line_number":12,"context_line":"before ``Bobcat`` release, trove didn\u0027t isolate the management network from bussiness network, sometimes, this"},{"line_number":13,"context_line":"may cause network performance issue or security issue. after that, trove adds a new configure option to configure"},{"line_number":14,"context_line":"network isolation."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"network_isolation has the following effects:"},{"line_number":17,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"a56dd734_3d21cb8a","line":14,"in_reply_to":"9a4ae418_b8d09444","updated":"2023-07-05 06:40:56.000000000","message":"`Trove users with another way to isolate database containers`\nthe purpose of this patch is not to isolate database container，but rather to isolate the management network and business network, To be precise， assuming we have two nics in guest VM, \"eth0\" for management port, \"eth1\" for business network. docker bridge create a docker0 bridge, all container connect to docker0 bridge. In such case, eth0 and eth1 still share the same network namespace. there are not separated by docker. this patch keeps the \"eth0\" in the default namespace, and insert \"eth1\" to  the container namespace,  thus \"eth0\" and \"eth1\" will be separated by linux network namespace. and we can\u0027t see the eth1 in the default namespace anymore. \n\nsecurity issue:  eth0 and eth1 share the same linux network, so they may affects each other. If a bug in MySQL or any other database allows users to execute system commands, theoretically, users can access our management network.because management network is accessible.\n\nperformance issue： this just compared to bridge mode which we supported in trove. because we don\u0027t need a proxy layer, so the performance of this driver should be the same as docker HOST mode.","commit_id":"1d8848e0cb4ab82ad8935a21af4cc2eef74753f7"},{"author":{"_account_id":31737,"name":"Hirotaka Wakabayashi","email":"hiwkby@yahoo.com","username":"hiwkby"},"change_message_id":"7addbb84d6f5a501bcc7163b6ce2547ffefb00cb","unresolved":true,"context_lines":[{"line_number":11,"context_line":""},{"line_number":12,"context_line":"before ``Bobcat`` release, trove didn\u0027t isolate the management network from bussiness network, sometimes, this"},{"line_number":13,"context_line":"may cause network performance issue or security issue. after that, trove adds a new configure option to configure"},{"line_number":14,"context_line":"network isolation."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"network_isolation has the following effects:"},{"line_number":17,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"053785f6_6847a680","line":14,"in_reply_to":"a56dd734_3d21cb8a","updated":"2023-07-06 22:42:50.000000000","message":"Thanks for the clarification! \n\n\u003e the purpose of this patch is not to isolate database container，but rather to isolate the management network and business network\n\nI see.:)\n\n\u003e eth0 and eth1 share the same linux network,\n\nWe should think eth1 is not reserved for us because network interface names are dynamically assigned on a numerical basis: eth0, eth1, eth2, and so on. In addition, `eth1` makes me feel a physical network interface. In this case, `yovole0`, which sounds like `docker0`, sounds good for me.:)","commit_id":"1d8848e0cb4ab82ad8935a21af4cc2eef74753f7"},{"author":{"_account_id":27336,"name":"XiaojueGuan","email":"xiaojueguan@gmail.com","username":"XiaojueGuan"},"change_message_id":"c41af16c117a5563aa09a5d67a0bbbad3888408f","unresolved":true,"context_lines":[{"line_number":19,"context_line":"* Trove will not check the overlap between management networks cidrs and bussiness networks cidrs anymore."},{"line_number":20,"context_line":"  as trove allows the same cidrs between management network and bussiness network."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"* cloud administrator must configure the management_networks in config file. management network is responsible for"},{"line_number":23,"context_line":"  connecting with rabbitMQ and docker registry. with management_networks not being configured, trove will not"},{"line_number":24,"context_line":"  perform the isolation action in guest VMs."},{"line_number":25,"context_line":""}],"source_content_type":"text/x-rst","patch_set":37,"id":"c7b37dc9_b46ad9ea","line":22,"range":{"start_line":22,"start_character":77,"end_line":22,"end_character":87},"updated":"2023-07-16 00:43:26.000000000","message":"Upper and better.","commit_id":"f2d19a38a6173cc1f49f11ef2a353fc1fe47c8fa"},{"author":{"_account_id":27336,"name":"XiaojueGuan","email":"xiaojueguan@gmail.com","username":"XiaojueGuan"},"change_message_id":"c41af16c117a5563aa09a5d67a0bbbad3888408f","unresolved":true,"context_lines":[{"line_number":19,"context_line":"* Trove will not check the overlap between management networks cidrs and bussiness networks cidrs anymore."},{"line_number":20,"context_line":"  as trove allows the same cidrs between management network and bussiness network."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"* cloud administrator must configure the management_networks in config file. management network is responsible for"},{"line_number":23,"context_line":"  connecting with rabbitMQ and docker registry. with management_networks not being configured, trove will not"},{"line_number":24,"context_line":"  perform the isolation action in guest VMs."},{"line_number":25,"context_line":""}],"source_content_type":"text/x-rst","patch_set":37,"id":"2288a3f8_876acc45","line":22,"range":{"start_line":22,"start_character":2,"end_line":22,"end_character":26},"updated":"2023-07-16 00:43:26.000000000","message":"You might want to say, Administrator must configure the management_networks in config file, right?","commit_id":"f2d19a38a6173cc1f49f11ef2a353fc1fe47c8fa"},{"author":{"_account_id":27336,"name":"XiaojueGuan","email":"xiaojueguan@gmail.com","username":"XiaojueGuan"},"change_message_id":"c41af16c117a5563aa09a5d67a0bbbad3888408f","unresolved":true,"context_lines":[{"line_number":19,"context_line":"* Trove will not check the overlap between management networks cidrs and bussiness networks cidrs anymore."},{"line_number":20,"context_line":"  as trove allows the same cidrs between management network and bussiness network."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"* cloud administrator must configure the management_networks in config file. management network is responsible for"},{"line_number":23,"context_line":"  connecting with rabbitMQ and docker registry. with management_networks not being configured, trove will not"},{"line_number":24,"context_line":"  perform the isolation action in guest VMs."},{"line_number":25,"context_line":""},{"line_number":26,"context_line":""}],"source_content_type":"text/x-rst","patch_set":37,"id":"18383756_84416728","line":23,"range":{"start_line":22,"start_character":77,"end_line":23,"end_character":17},"updated":"2023-07-16 00:43:26.000000000","message":"To `Management network connects`, as `be connected with`","commit_id":"f2d19a38a6173cc1f49f11ef2a353fc1fe47c8fa"},{"author":{"_account_id":27336,"name":"XiaojueGuan","email":"xiaojueguan@gmail.com","username":"XiaojueGuan"},"change_message_id":"c41af16c117a5563aa09a5d67a0bbbad3888408f","unresolved":true,"context_lines":[{"line_number":20,"context_line":"  as trove allows the same cidrs between management network and bussiness network."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"* cloud administrator must configure the management_networks in config file. management network is responsible for"},{"line_number":23,"context_line":"  connecting with rabbitMQ and docker registry. with management_networks not being configured, trove will not"},{"line_number":24,"context_line":"  perform the isolation action in guest VMs."},{"line_number":25,"context_line":""},{"line_number":26,"context_line":""}],"source_content_type":"text/x-rst","patch_set":37,"id":"41a53af4_6a0b3f3c","line":23,"range":{"start_line":23,"start_character":48,"end_line":23,"end_character":52},"updated":"2023-07-16 00:43:26.000000000","message":"ditto","commit_id":"f2d19a38a6173cc1f49f11ef2a353fc1fe47c8fa"},{"author":{"_account_id":27336,"name":"XiaojueGuan","email":"xiaojueguan@gmail.com","username":"XiaojueGuan"},"change_message_id":"c41af16c117a5563aa09a5d67a0bbbad3888408f","unresolved":true,"context_lines":[{"line_number":21,"context_line":""},{"line_number":22,"context_line":"* cloud administrator must configure the management_networks in config file. management network is responsible for"},{"line_number":23,"context_line":"  connecting with rabbitMQ and docker registry. with management_networks not being configured, trove will not"},{"line_number":24,"context_line":"  perform the isolation action in guest VMs."},{"line_number":25,"context_line":""},{"line_number":26,"context_line":""},{"line_number":27,"context_line":"Configure network isolation"}],"source_content_type":"text/x-rst","patch_set":37,"id":"6df12154_f4649abb","line":24,"updated":"2023-07-16 00:43:26.000000000","message":"I think this can be removed.","commit_id":"f2d19a38a6173cc1f49f11ef2a353fc1fe47c8fa"}],"integration/scripts/files/elements/guest-agent/install.d/guest-agent-source-install/31-guest-agent-install":[{"author":{"_account_id":31737,"name":"Hirotaka Wakabayashi","email":"hiwkby@yahoo.com","username":"hiwkby"},"change_message_id":"3c2e213b7a87813c2c4f6c59320b9183100c162d","unresolved":true,"context_lines":[{"line_number":38,"context_line":"if [[ ${DEV_MODE} \u003d\u003d \"true\" ]]; then"},{"line_number":39,"context_line":"    [[ -n \"${HOST_SCP_USERNAME}\" ]] || die \"HOST_SCP_USERNAME needs to be set to the trovestack host user\""},{"line_number":40,"context_line":"    [[ -n \"${ESCAPED_PATH_TROVE}\" ]] || die \"ESCAPED_PATH_TROVE needs to be set to the path to the trove directory on the trovestack host\""},{"line_number":41,"context_line":"    sed \"s/GUEST_USERNAME/${GUEST_USERNAME}/g\" ${SCRIPTDIR}/docker-hostnic-dev.service \u003e /etc/systemd/system/docker-hostnic.service"},{"line_number":42,"context_line":"    sed \"s/GUEST_USERNAME/${GUEST_USERNAME}/g;s/HOST_SCP_USERNAME/${HOST_SCP_USERNAME}/g;s/PATH_TROVE/${ESCAPED_PATH_TROVE}/g\" ${SCRIPTDIR}/guest-agent-dev.service \u003e /etc/systemd/system/guest-agent.service"},{"line_number":43,"context_line":"else"},{"line_number":44,"context_line":"    # Link the trove-guestagent out to /usr/local/bin where the startup scripts look for"}],"source_content_type":"application/x-shellscript","patch_set":15,"id":"1f7d1530_5671a6c1","line":41,"updated":"2023-07-05 04:39:31.000000000","message":"`docker-hostnic-dev.service` currently does not seem to contain any \"GUEST_USERNAME\" words.","commit_id":"1d8848e0cb4ab82ad8935a21af4cc2eef74753f7"},{"author":{"_account_id":26285,"name":"wu.chunyang","email":"wchy1001@gmail.com","username":"wu.chunyang"},"change_message_id":"ac7e309ebaddebaed47b540e43854c1a547fbff8","unresolved":true,"context_lines":[{"line_number":38,"context_line":"if [[ ${DEV_MODE} \u003d\u003d \"true\" ]]; then"},{"line_number":39,"context_line":"    [[ -n \"${HOST_SCP_USERNAME}\" ]] || die \"HOST_SCP_USERNAME needs to be set to the trovestack host user\""},{"line_number":40,"context_line":"    [[ -n \"${ESCAPED_PATH_TROVE}\" ]] || die \"ESCAPED_PATH_TROVE needs to be set to the path to the trove directory on the trovestack host\""},{"line_number":41,"context_line":"    sed \"s/GUEST_USERNAME/${GUEST_USERNAME}/g\" ${SCRIPTDIR}/docker-hostnic-dev.service \u003e /etc/systemd/system/docker-hostnic.service"},{"line_number":42,"context_line":"    sed \"s/GUEST_USERNAME/${GUEST_USERNAME}/g;s/HOST_SCP_USERNAME/${HOST_SCP_USERNAME}/g;s/PATH_TROVE/${ESCAPED_PATH_TROVE}/g\" ${SCRIPTDIR}/guest-agent-dev.service \u003e /etc/systemd/system/guest-agent.service"},{"line_number":43,"context_line":"else"},{"line_number":44,"context_line":"    # Link the trove-guestagent out to /usr/local/bin where the startup scripts look for"}],"source_content_type":"application/x-shellscript","patch_set":15,"id":"61a8d210_3780ecfd","line":41,"in_reply_to":"1f7d1530_5671a6c1","updated":"2023-07-05 06:40:56.000000000","message":"https://review.opendev.org/c/openstack/trove/+/881898/24/integration/scripts/files/elements/guest-agent/install.d/guest-agent-source-install/docker-hostnic-dev.service#13\n\nat line 13,  we use guest_username to determine the trove project directory.","commit_id":"1d8848e0cb4ab82ad8935a21af4cc2eef74753f7"}],"integration/scripts/files/elements/guest-agent/install.d/guest-agent-source-install/host_nic.spec":[{"author":{"_account_id":31737,"name":"Hirotaka Wakabayashi","email":"hiwkby@yahoo.com","username":"hiwkby"},"change_message_id":"3c2e213b7a87813c2c4f6c59320b9183100c162d","unresolved":true,"context_lines":[{"line_number":1,"context_line":"http://127.0.0.1:4443"}],"source_content_type":"text/x-rpm-spec","patch_set":15,"id":"374e6e68_ae24ec48","line":1,"updated":"2023-07-05 04:39:31.000000000","message":"1) default protocol is `http` but can users select `https` as an alternative?\n2) IPv6 address supported?\n3) `4443` should be configurable if possible. Should we list the port in our docs as a prerequisite that Trove uses.","commit_id":"1d8848e0cb4ab82ad8935a21af4cc2eef74753f7"},{"author":{"_account_id":26285,"name":"wu.chunyang","email":"wchy1001@gmail.com","username":"wu.chunyang"},"change_message_id":"ac7e309ebaddebaed47b540e43854c1a547fbff8","unresolved":true,"context_lines":[{"line_number":1,"context_line":"http://127.0.0.1:4443"}],"source_content_type":"text/x-rpm-spec","patch_set":15,"id":"66ed0b7a_6a888b79","line":1,"in_reply_to":"374e6e68_ae24ec48","updated":"2023-07-05 06:40:56.000000000","message":"https is hard to implement, because we need a certification for this. as we only listen on 127.0.0.1, so i think it\u0027s safe there.\n\nipv6 is not supported yet, this api server used by docker, as docker also support connect driver by socket, and i tried this solution, but the flask web framework doesn\u0027t handle the request path as i expected.\n\n4443 is not configurable currently, but i think this port make no sense for user.","commit_id":"1d8848e0cb4ab82ad8935a21af4cc2eef74753f7"}],"integration/scripts/files/elements/guest-agent/post-install.d/31-enable-guest-agent-systemd":[{"author":{"_account_id":31737,"name":"Hirotaka Wakabayashi","email":"hiwkby@yahoo.com","username":"hiwkby"},"change_message_id":"3c2e213b7a87813c2c4f6c59320b9183100c162d","unresolved":true,"context_lines":[{"line_number":7,"context_line":"set -o pipefail"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"if [ \"$DIB_INIT_SYSTEM\" \u003d\u003d \"systemd\" ]; then"},{"line_number":10,"context_line":"    systemctl enable $(svc-map guest-agent docker-hostnic)"},{"line_number":11,"context_line":"fi"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"if [[ ${SYNC_LOG_TO_CONTROLLER} \u003d\u003d \"True\" ]]; then"}],"source_content_type":"application/x-shellscript","patch_set":15,"id":"e20c8c29_7a579013","line":10,"updated":"2023-07-05 04:39:31.000000000","message":"Is it correct that `docker-hostnic` service is always enabled when `network_isolation` in trove.common.cfg is `False`?","commit_id":"1d8848e0cb4ab82ad8935a21af4cc2eef74753f7"},{"author":{"_account_id":26285,"name":"wu.chunyang","email":"wchy1001@gmail.com","username":"wu.chunyang"},"change_message_id":"ac7e309ebaddebaed47b540e43854c1a547fbff8","unresolved":true,"context_lines":[{"line_number":7,"context_line":"set -o pipefail"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"if [ \"$DIB_INIT_SYSTEM\" \u003d\u003d \"systemd\" ]; then"},{"line_number":10,"context_line":"    systemctl enable $(svc-map guest-agent docker-hostnic)"},{"line_number":11,"context_line":"fi"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"if [[ ${SYNC_LOG_TO_CONTROLLER} \u003d\u003d \"True\" ]]; then"}],"source_content_type":"application/x-shellscript","patch_set":15,"id":"d80f8da9_b513d870","line":10,"in_reply_to":"e20c8c29_7a579013","updated":"2023-07-05 06:40:56.000000000","message":"this driver need to start before docker, so i think enable it is ok here, but i will add a logic to trove-guest agent, when network_isolation is false, let trove-guest agent disable this service.","commit_id":"1d8848e0cb4ab82ad8935a21af4cc2eef74753f7"}],"releasenotes/notes/add-network-isolation-support-640f7105eb90651a.yaml":[{"author":{"_account_id":27336,"name":"XiaojueGuan","email":"xiaojueguan@gmail.com","username":"XiaojueGuan"},"change_message_id":"26cf91a2a995edc786b99adf4628c5dffca5abf8","unresolved":true,"context_lines":[{"line_number":2,"context_line":""},{"line_number":3,"context_line":"features:"},{"line_number":4,"context_line":"  - |"},{"line_number":5,"context_line":"    Add network_isolation config option for trove. with network_isolation enabled,"},{"line_number":6,"context_line":"    trove guest agent will plug the user defined port to database container.thereby"},{"line_number":7,"context_line":"    achieving traffic isolation between management and business traffic."},{"line_number":8,"context_line":"    `Stroy 2010733 \u003chttps://storyboard.openstack.org/#!/story/2010733\u003e`__"}],"source_content_type":"text/x-yaml","patch_set":13,"id":"4fc692ed_01be6ff5","line":5,"range":{"start_line":5,"start_character":51,"end_line":5,"end_character":55},"updated":"2023-07-05 00:03:46.000000000","message":"Upper","commit_id":"edab3f87a53072729087b4e0f734f2b3f74c37ba"},{"author":{"_account_id":27336,"name":"XiaojueGuan","email":"xiaojueguan@gmail.com","username":"XiaojueGuan"},"change_message_id":"26cf91a2a995edc786b99adf4628c5dffca5abf8","unresolved":true,"context_lines":[{"line_number":3,"context_line":"features:"},{"line_number":4,"context_line":"  - |"},{"line_number":5,"context_line":"    Add network_isolation config option for trove. with network_isolation enabled,"},{"line_number":6,"context_line":"    trove guest agent will plug the user defined port to database container.thereby"},{"line_number":7,"context_line":"    achieving traffic isolation between management and business traffic."},{"line_number":8,"context_line":"    `Stroy 2010733 \u003chttps://storyboard.openstack.org/#!/story/2010733\u003e`__"}],"source_content_type":"text/x-yaml","patch_set":13,"id":"090f4756_3f82fdc4","line":7,"range":{"start_line":6,"start_character":76,"end_line":7,"end_character":72},"updated":"2023-07-05 00:03:46.000000000","message":"Finally, traffic isolation between management and business traffic will be achieved.","commit_id":"edab3f87a53072729087b4e0f734f2b3f74c37ba"}],"trove/common/schemata.py":[{"author":{"_account_id":27336,"name":"XiaojueGuan","email":"xiaojueguan@gmail.com","username":"XiaojueGuan"},"change_message_id":"c41af16c117a5563aa09a5d67a0bbbad3888408f","unresolved":true,"context_lines":[{"line_number":11,"context_line":"# under the License."},{"line_number":12,"context_line":""},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"# NOTE(wuchunyang): these code copied from kuryr-libnetwork project."},{"line_number":15,"context_line":"EPSILON_PATTERN \u003d \u0027^$\u0027"},{"line_number":16,"context_line":"UUID_BASE \u003d \u0027^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$\u0027"},{"line_number":17,"context_line":"UUID_PATTERN \u003d EPSILON_PATTERN + \u0027|\u0027 + UUID_BASE"}],"source_content_type":"text/x-python","patch_set":37,"id":"aad868df_b29464f2","line":14,"range":{"start_line":14,"start_character":20,"end_line":14,"end_character":37},"updated":"2023-07-16 00:43:26.000000000","message":"To `These code is copied`","commit_id":"f2d19a38a6173cc1f49f11ef2a353fc1fe47c8fa"}],"trove/instance/models.py":[{"author":{"_account_id":27336,"name":"XiaojueGuan","email":"xiaojueguan@gmail.com","username":"XiaojueGuan"},"change_message_id":"26cf91a2a995edc786b99adf4628c5dffca5abf8","unresolved":true,"context_lines":[{"line_number":1019,"context_line":"            )"},{"line_number":1020,"context_line":"        }"},{"line_number":1021,"context_line":""},{"line_number":1022,"context_line":"        # pass-through the network_isolation to guest"},{"line_number":1023,"context_line":"        files \u003d {"},{"line_number":1024,"context_line":"            guest_info_file: (\"%snetwork_isolation\u003d%s\\n\" %"},{"line_number":1025,"context_line":"                              (files.get(guest_info_file),"}],"source_content_type":"text/x-python","patch_set":13,"id":"def7232c_33d1ffd7","line":1022,"range":{"start_line":1022,"start_character":10,"end_line":1022,"end_character":22},"updated":"2023-07-05 00:03:46.000000000","message":"with - is more like clause which can be used to describe staff. I think pass through will be better.","commit_id":"edab3f87a53072729087b4e0f734f2b3f74c37ba"},{"author":{"_account_id":27336,"name":"XiaojueGuan","email":"xiaojueguan@gmail.com","username":"XiaojueGuan"},"change_message_id":"26cf91a2a995edc786b99adf4628c5dffca5abf8","unresolved":true,"context_lines":[{"line_number":1049,"context_line":"        # Configure docker\u0027s daemon.json if the directives exist in trove.conf"},{"line_number":1050,"context_line":"        docker_daemon_values \u003d {}"},{"line_number":1051,"context_line":""},{"line_number":1052,"context_line":"        # In case that user enables network_isolation but not set"},{"line_number":1053,"context_line":"        # management/bussiness network."},{"line_number":1054,"context_line":"        if CONF.network.network_isolation and \\"},{"line_number":1055,"context_line":"                kwargs.get(\"disable_bridge\", False):"},{"line_number":1056,"context_line":"            docker_daemon_values[\"bridge\"] \u003d \"none\""}],"source_content_type":"text/x-python","patch_set":13,"id":"d9dffb7e_41e5bcb8","line":1053,"range":{"start_line":1052,"start_character":54,"end_line":1053,"end_character":39},"updated":"2023-07-05 00:03:46.000000000","message":"With management/bussiness network not set","commit_id":"edab3f87a53072729087b4e0f734f2b3f74c37ba"}]}