subject:"\[Openstack\-operators\] Ocata security groups don't work with LBaaS v2 ports"

Re: [Openstack-operators] Ocata security groups don't work with LBaaS v2 ports

2018-03-26 Thread Ignazio Cassano

Hello Saverio,
neutron.lbaas.v2-agent should apply iptables rules but it does not work.
Also in redhat exixts the same issue reported here:

https://bugzilla.redhat.com/show_bug.cgi?id=1500118

Regards

2018-03-26 9:32 GMT+02:00 Saverio Proto :

> Hello Ignazio,
>
> it would interesting to know how this works. For instances ports,
> those ports are created by openvswitch on the compute nodes, where the
> neutron-agent will take care of the security groups enforcement (via
> iptables or openvswitch rules).
>
> the LBaaS is a namespace that lives where the neutron-lbaasv2-agent is
> running.
>
> The question is if the neutron-lbaasv2-agent is capable for setting
> iptables rules. I would start to read the code there.
>
> Cheers,
>
> Saverio
>
>
> 2018-03-23 13:51 GMT+01:00 Ignazio Cassano :
> > Hi all,
> > following the ocata documentation, I am trying to apply security group
> to a
> > lbaas v2 port but
> > it seems not working because any filter is applyed.
> > The Port Security Enabled is True on lbaas port, so I expect applying
> > security group should work.
> > Is this a bug ?
> > Regards
> > Ignazio
> >
> > ___
> > OpenStack-operators mailing list
> > OpenStack-operators@lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
> >
>
___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

Re: [Openstack-operators] Ocata security groups don't work with LBaaS v2 ports

2018-03-26 Thread Saverio Proto

Hello Ignazio,

it would interesting to know how this works. For instances ports,
those ports are created by openvswitch on the compute nodes, where the
neutron-agent will take care of the security groups enforcement (via
iptables or openvswitch rules).

the LBaaS is a namespace that lives where the neutron-lbaasv2-agent is running.

The question is if the neutron-lbaasv2-agent is capable for setting
iptables rules. I would start to read the code there.

Cheers,

Saverio


2018-03-23 13:51 GMT+01:00 Ignazio Cassano :
> Hi all,
> following the ocata documentation, I am trying to apply security group to a
> lbaas v2 port but
> it seems not working because any filter is applyed.
> The Port Security Enabled is True on lbaas port, so I expect applying
> security group should work.
> Is this a bug ?
> Regards
> Ignazio
>
> ___
> OpenStack-operators mailing list
> OpenStack-operators@lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>

___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

Re: [Openstack-operators] Ocata security groups don't work with LBaaS v2 ports

Re: [Openstack-operators] Ocata security groups don't work with LBaaS v2 ports

2 matches

Site Navigation

Mail list logo

Footer information