hi Aaron
i set the following in nova.conf
security_group_api=quantum
firewall_driver=nova.virt.firewall.NoopFirewallDriver
it works, but when i try to attach a security group to an exist vm , api
throw an error :
Network requires port_security_enabled and subnet associated in order to
apply
There is no port_security_enabled config option. This is an attribute on a
port that is used if the plugin you are using implements the
port_security_extension (which is only nvp at the time).
I'm guessing your issue is the network you are trying to boot an instance
on does not have a subnet
Aaron , thanks for you answers, i see it.
we are not useing nvp in our environemnt
yet.
my vm is boot with a subnet_id specified
.
i am sure about it .
here is more info:
vm has an ip 192.168.6.100 , this ip belongs to subnet
83afd693-7e36-41e9-b896-9d8b0d89d255
, this subnet belongs to network
You said:
it works, but when i try to attach a security group to an exist vm , api
throw an error :Network requires port_security_enabled and subnet
associated in order to apply security groups.
What command are you running to generate that error?
On Sat, Jun 8, 2013 at 1:45 AM, daniels cai
nova add-secgroup 24891d97-8d0e-4e99-9537-c8f8291913d0 d11
ERROR: Network requires port_security_enabled and subnet associated in
order to apply security groups. (HTTP 400) (Request-ID:
req-94cb2d54-858b-4843-af53-b373c88bcdc0)
security group is exists
# quantum security-group-list
Hi Daniel,
That's for finding this! This is a bug. The code wasn't accounting if the
plugin didn't implement port_security_enabled. Here's a patch that fixes
the issue in the meantime.
Best,
Aaron
--- a/nova/network/security_group/quantum_driver.py
+++
Hi Aaron,
Thanks for the response. It looks like it is the nwfilters in nova-compute
that are making this a pain for me.
On Jun 7, 2013, at 11:11 PM, Aaron Rosen wrote:
Hi Joe,
I thought setting firewall_driver = quantum.agent.firewall.NoopFirewallDriver
would do the trick? Also, the ovs
Settting this in nova.conf should disable that but then your security
groups won't work.
firewall_driver = nova.virt.firewall.NoopFirewallDriver
On Sat, Jun 8, 2013 at 12:01 PM, Joe Breu joseph.b...@rackspace.com wrote:
Hi Aaron,
Thanks for the response. It looks like it is the nwfilters
Hello,
Is there a way to create a quantum l2 network using OVS that does not have MAC
and IP spoofing enabled either in iptables or OVS? One workaround that we
found was to set the OVS plugin firewall_driver =
quantum.agent.firewall.NoopFirewallDriver to security_group_api=nova however
this
Hi Joe,
I thought setting firewall_driver =
quantum.agent.firewall.NoopFirewallDriver would do the trick? Also, the ovs
plugin does not do any mac spoof filtering at the OVS level. Those are all
done in iptables.
Aaron
On Fri, Jun 7, 2013 at 8:22 PM, Joe Breu joseph.b...@rackspace.com wrote:
10 matches
Mail list logo
