We tried that a few minutes ago, and removing nova-networks doesnt make any
difference, im starting to think that neutron security groups are not
working with dockerIO containers
On Mon, Oct 21, 2013 at 4:15 PM, Aaron Rosen wrote:
> Hrm, your config files looks good to me. From your iptables-sa
Hrm, your config files looks good to me. From your iptables-save output it
looks like you have nova-network running as well. I wonder if that is
overwritting the rules that the agents are installing. Can you try removing
nova-network and see if that changes anything?
Aaron
On Mon, Oct 21, 2013 a
Aaron,
Here you are all the info, all the nova.confs (compute, controller) , all
the agent logs, iptables output etc ... btw as i said we're testing this
setup with docker containers , just to be clear regarding your last
recommedation about libvirt vif driver (that we alreade have on the conf )
Is anything showing up in the agents log on the hypervisors? Also, can you
confirm you have this setting in your nova.conf:
libvirt_vif_driver = nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
On Fri, Oct 18, 2013 at 1:14 PM, Leandro Reox wrote:
> Aaaron, i fixed the config issues moving t
Aaaron, i fixed the config issues moving the neutron opts up to the default
section. But now im having this issue
i can launch intances normally, it seems that the rules are not getting
applied anywhere, i have full access to the docker containers. If i do
iptable -t nat -L and iptables -L , no ru
Now that i can launch intances normally, it seems that the rules are not
getting applied anywhere, i have full access to the docker containers. If i
do iptable -t nat -L and iptables -L , no rules seems to be applied to any
flow
On Fri, Oct 18, 2013 at 4:28 PM, Leandro Reox wrote:
> Yes it is, b
Do you have [default] at the top of your nova.conf? Could you pastebin your
nova.conf for us to see.
On Oct 18, 2013 12:31 PM, "Leandro Reox" wrote:
> Yes it is, but i found that is not reading the parameter from the
> nova.conf , i forced on the code on /network/manager.py and took the
> argume
Yes it is, but i found that is not reading the parameter from the nova.conf
, i forced on the code on /network/manager.py and took the argument finally
but stacks cause says that the neutron_url and if i fix it it stacks on the
next neutron parameter like timeout :
File "/usr/local/lib/python2.7/d
Hi Leandro,
I don't believe the setting of: security_group_api=neutron in nova.conf
actually doesn't matter at all on the compute nodes (still good to set it
though). But it matters on the nova-api node. can you confirm that your
nova-api node has: security_group_api=neutron in it's nova.conf?