Re: [openstack-dev] Havana neutron security groups config issue

2013-10-21 Thread Leandro Reox
Aaron, Here you are all the info, all the nova.confs (compute, controller) , all the agent logs, iptables output etc ... btw as i said we're testing this setup with docker containers , just to be clear regarding your last recommedation about libvirt vif driver (that we alreade have on the conf )

Re: [openstack-dev] Havana neutron security groups config issue

2013-10-21 Thread Aaron Rosen
Hrm, your config files looks good to me. From your iptables-save output it looks like you have nova-network running as well. I wonder if that is overwritting the rules that the agents are installing. Can you try removing nova-network and see if that changes anything? Aaron On Mon, Oct 21, 2013

Re: [openstack-dev] Havana neutron security groups config issue

2013-10-21 Thread Leandro Reox
We tried that a few minutes ago, and removing nova-networks doesnt make any difference, im starting to think that neutron security groups are not working with dockerIO containers On Mon, Oct 21, 2013 at 4:15 PM, Aaron Rosen aro...@nicira.com wrote: Hrm, your config files looks good to me. From

Re: [openstack-dev] Havana neutron security groups config issue

2013-10-18 Thread Aaron Rosen
Hi Leandro, I don't believe the setting of: security_group_api=neutron in nova.conf actually doesn't matter at all on the compute nodes (still good to set it though). But it matters on the nova-api node. can you confirm that your nova-api node has: security_group_api=neutron in it's nova.conf?

Re: [openstack-dev] Havana neutron security groups config issue

2013-10-18 Thread Leandro Reox
Yes it is, but i found that is not reading the parameter from the nova.conf , i forced on the code on /network/manager.py and took the argument finally but stacks cause says that the neutron_url and if i fix it it stacks on the next neutron parameter like timeout : File

Re: [openstack-dev] Havana neutron security groups config issue

2013-10-18 Thread Aaron Rosen
Do you have [default] at the top of your nova.conf? Could you pastebin your nova.conf for us to see. On Oct 18, 2013 12:31 PM, Leandro Reox leandro.r...@gmail.com wrote: Yes it is, but i found that is not reading the parameter from the nova.conf , i forced on the code on /network/manager.py

Re: [openstack-dev] Havana neutron security groups config issue

2013-10-18 Thread Leandro Reox
Now that i can launch intances normally, it seems that the rules are not getting applied anywhere, i have full access to the docker containers. If i do iptable -t nat -L and iptables -L , no rules seems to be applied to any flow On Fri, Oct 18, 2013 at 4:28 PM, Leandro Reox

Re: [openstack-dev] Havana neutron security groups config issue

2013-10-18 Thread Leandro Reox
Aaaron, i fixed the config issues moving the neutron opts up to the default section. But now im having this issue i can launch intances normally, it seems that the rules are not getting applied anywhere, i have full access to the docker containers. If i do iptable -t nat -L and iptables -L , no

Re: [openstack-dev] Havana neutron security groups config issue

2013-10-18 Thread Aaron Rosen
Is anything showing up in the agents log on the hypervisors? Also, can you confirm you have this setting in your nova.conf: libvirt_vif_driver = nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver On Fri, Oct 18, 2013 at 1:14 PM, Leandro Reox leandro.r...@gmail.comwrote: Aaaron, i fixed the