Yup lovely BUT... i already tried out that combination and rules are not getting applied on nova, if you take a look at what i uploaded im using containers with DockerIO, i was wondering if theres an issue just there, that security groups with neutron are not working with containers yet or the rules should be applied on the proper container namespace ...
I tried : firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver And the noop both on nova conf and ovs plugin.ini without luck thats why i was asking this to the list, cause i run out of ideas/docs to look up to Best On Wed, Oct 23, 2013 at 11:58 PM, Robert Collins <robe...@robertcollins.net>wrote: > (dropping -dev, this is a deployment question). > > firewall_driver=neutron.agent.firewall.NoopFirewallDriver > > ^ thats your problem. It's a no-op driver, which means no firewall > rules are applied. > > > http://docs.openstack.org/havana/install-guide/install/yum/content/install-neutron.install-plugin-compute.ovs.html > > (applies to apt etc as well - just the first hit from google :)) > covers this part of the setup. > > -Rob > > On 24 October 2013 01:57, Leandro Reox <leandro.r...@gmail.com> wrote: > > Hi guys, > > > > Seem that i cant find the right combination to get neutron security > groups > > working with nova and OVS > > > > - I see the logs on the ovs agent like sec group updated or rule updated > > - I can configure the rules on neutron without an issue > > > > BUT > > > > Seems like nova is not doing anything with the the rules itself, i dont > see > > any root-wrap event trying to apply an iptables chain, its like the the > > agent is not passing the order to apply the rules to nova > > > > Here is all the nova.conf stuff, and agent logs, and iptables chains: > > http://pastebin.com/RMgQxFyN > > > > > > I dont know what to try to get this working , maybe im using the wrong > > firewall driver or something ? or do i need for example that neutron and > > nova connects to the same queue?? > > > > Best > > Lean > > > > _______________________________________________ > > OpenStack-dev mailing list > > openstack-...@lists.openstack.org > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > > > -- > Robert Collins <rbtcoll...@hp.com> > Distinguished Technologist > HP Converged Cloud > > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
