<div dir="ltr">Hi,<div><br></div><div>On IRC Yair Fried reminded me that we have not yet solved the issue around security groups not enforced on the gate.</div><div><br></div><div>An accurate report of the current status is here [1] </div>
<div><br></div><div>And it seems there is some consensus around using the additional port binding parameters for security groups (lp: [2] and gerrit: [3]) to solve this issue and ensure the hybrid driver is used again by nova when neutron security groups are enforced via iptables.</div>
<div><br></div><div>I know that Amir Sadoughi and other are working on a ovs-based implementation of security group which will make the hybrid driver unnecessary; however, since I'm not up to date about the progress on this feature, I think we should strive to solve this issue, which at the end of the day is probably just a configuration issue, as soon as possible.</div>
<div><br></div><div>The gerrit patch has not received a review in 3 weeks, so perhaps it's time to give it some more attention.</div><div><br></div><div>Regards,</div><div>Salvatore</div><div><br></div><div>[1] <a href="https://bugs.launchpad.net/devstack/+bug/1252620">https://bugs.launchpad.net/devstack/+bug/1252620</a></div>
<div>[2] <a href="https://bugs.launchpad.net/nova/+bug/1112912">https://bugs.launchpad.net/nova/+bug/1112912</a></div><div>[3] <a href="https://review.openstack.org/#/c/21946/">https://review.openstack.org/#/c/21946/</a></div>
</div>