[openstack-dev] [Neutron] The gate and security groups

Salvatore Orlando sorlando at nicira.com
Sun Jan 5 10:49:35 UTC 2014


On IRC Yair Fried reminded me that we have not yet solved the issue around
security groups not enforced on the gate.

An accurate report of the current status is here [1]

And it seems there is some consensus around using the additional port
binding parameters for security groups (lp: [2] and gerrit: [3]) to solve
this issue and ensure the hybrid driver is used again by nova when neutron
security groups are enforced via iptables.

I know that Amir Sadoughi and other are working on a ovs-based
implementation of security group which will make the hybrid driver
unnecessary; however, since I'm not up to date about the progress on this
feature, I think we should strive to solve this issue, which at the end of
the day is probably just a configuration issue, as soon as possible.

The gerrit patch has not received a review in 3 weeks, so perhaps it's time
to give it some more attention.


[1] https://bugs.launchpad.net/devstack/+bug/1252620
[2] https://bugs.launchpad.net/nova/+bug/1112912
[3] https://review.openstack.org/#/c/21946/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140105/92c480d9/attachment.html>

More information about the OpenStack-dev mailing list