[openstack-dev] [Neutron] Security groups with XenAPI

Simon Pasquier simon.pasquier at bull.net
Mon Oct 28 16:15:53 UTC 2013


Hi all,

I'm trying to use the Nova XenAPI driver with Neutron (Open vSwitch with 
VLAN). After many attempts, I managed to make it work using the 
NoopFirewallDriver firewall_driver for security groups (which means, 
well, no security). With the OVSHybridIptablesFirewallDriver driver, the 
OVS agent running on the compute node won't configure the flows on the 
OVS ports.

I noticed that the XenAPI plugin [1] doesn't manage standard input which 
seems to be a blocker for running the iptables-save and iptables-restore 
commands [2]. Some work has been done in the past for nova-network [3] 
and I guess that something similar should be implemented for Neutron.

Am I right? If yes, I'd be happy to open a bug (or blueprint?).

Best regards,

[1] 
https://github.com/openstack/neutron/blob/master/neutron/plugins/openvswitch/agent/xenapi/etc/xapi.d/plugins/netwrap
[2] 
https://github.com/openstack/neutron/blob/master/neutron/agent/linux/iptables_manager.py#L346
[3] https://review.openstack.org/#/c/2071

-- 
Simon Pasquier
Software Engineer
Bull, Architect of an Open World
Phone: + 33 4 76 29 71 49
http://www.bull.com



More information about the OpenStack-dev mailing list