Open Stack

Hi Simon,

Yes, I believe you are right.

We were already planning to discuss this very topic at the XenAPI roadmap session at the summit.  Hopefully someone will take on tying up this loose end there.

Security group support is the only thing we are aware of that is missing from the XenAPI neutron integration.

Thanks for raising it - a bug report would be useful to track it!

Bob

Simon Pasquier <simon.pasquier at bull.net> wrote:


Hi all,

I'm trying to use the Nova XenAPI driver with Neutron (Open vSwitch with
VLAN). After many attempts, I managed to make it work using the
NoopFirewallDriver firewall_driver for security groups (which means,
well, no security). With the OVSHybridIptablesFirewallDriver driver, the
OVS agent running on the compute node won't configure the flows on the
OVS ports.

I noticed that the XenAPI plugin [1] doesn't manage standard input which
seems to be a blocker for running the iptables-save and iptables-restore
commands [2]. Some work has been done in the past for nova-network [3]
and I guess that something similar should be implemented for Neutron.

Am I right? If yes, I'd be happy to open a bug (or blueprint?).

Best regards,

[1]
https://github.com/openstack/neutron/blob/master/neutron/plugins/openvswitch/agent/xenapi/etc/xapi.d/plugins/netwrap
[2]
https://github.com/openstack/neutron/blob/master/neutron/agent/linux/iptables_manager.py#L346
[3] https://review.openstack.org/#/c/2071

--
Simon Pasquier
Software Engineer
Bull, Architect of an Open World
Phone: + 33 4 76 29 71 49
http://www.bull.com

_______________________________________________
OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev