I assume it won't be a big problem when upgrading (eg, no security group, then added security group, especially for cleaning which could take a long time to finish.)
I am not crazy about the proposed configuration options. I see that our existing conf options under [neutron] group are 'provisioning_network_uuid' and 'cleaning_network_uuid'. I initially thought about using the same config for both the network uuid and the security group, eg the value could be '<network-uuid>:<security-group-uuid>' but maybe that would be too confusing.
To me, the proposed 'provisioning_network_sg_uuid' hides the important part, the security group. Is 'sg' a well known abbreviation for 'security group'? How about 'provision_net_security_group' or 'security-group-for-provisioning'? 'provision-security-group'? [I don't think 'uuid' needs to be in the config name.]
I like the idea.
I assume it won't be a big problem when upgrading (eg, no security group, then added security group, especially for cleaning which could take a long time to finish.)
I am not crazy about the proposed configuration options. I see that our existing conf options under [neutron] group are 'provisioning_ network_ uuid' and 'cleaning_ network_ uuid'. I initially thought about using the same config for both the network uuid and the security group, eg the value could be '<network- uuid>:< security- group-uuid> ' but maybe that would be too confusing.
To me, the proposed 'provisioning_ network_ sg_uuid' hides the important part, the security group. Is 'sg' a well known abbreviation for 'security group'? How about 'provision_ net_security_ group' or 'security- group-for- provisioning' ? 'provision- security- group'? [I don't think 'uuid' needs to be in the config name.]