Open Stack

Hello Adam,

You may missed the part „in regard of a Stein-Deployment with Linuxbridges” of my question.
So OVS is not relevant, as I understand the mutual exclusion of linux bridges and ovs.

Cheers,

Ralf T.

Von: Adam Heczko <aheczko at mirantis.com>
Gesendet: Donnerstag, 11. Juli 2019 12:55
An: Slawek Kaplonski <skaplons at redhat.com>
Cc: Teckelmann, Ralf, NMU-OIP <ralf.teckelmann at bertelsmann.de>; openstack-discuss at lists.openstack.org
Betreff: Re: FWaaS in Stein - NoMatches: No 'neutron.service_plugins' driver found, looking for 'firewall'

Hi Ralf, WDYM saying 'no Perimeter-Firewall is offered anymore'?
OpenStack with OVS ML2 provides a security groups, which is considered a 'perimeter firewall'.

On Thu, Jul 11, 2019 at 12:35 PM Slawek Kaplonski <skaplons at redhat.com<mailto:skaplons at redhat.com>> wrote:
Hi,

AFAICT there is no many still active developers of neutron-fwaas project and I don’t know about such plans currently.

> On 11 Jul 2019, at 11:23, Teckelmann, Ralf, NMU-OIP <ralf.teckelmann at bertelsmann.de<mailto:ralf.teckelmann at bertelsmann.de>> wrote:
>
> Hello Slawek,
>
> Thank your for your fast response.
> This means in regard of a Stein-Deployment with Linuxbridges no Perimeter-Firewall is offered anymore.
> Are there plans to remedy this deficiency in the next releases?
>
> Cheers,
>
> Ralf T.
> Von: Slawek Kaplonski <skaplons at redhat.com<mailto:skaplons at redhat.com>>
> Gesendet: Donnerstag, 11. Juli 2019 10:04:02
> An: Teckelmann, Ralf, NMU-OIP
> Cc: openstack-discuss at lists.openstack.org<mailto:openstack-discuss at lists.openstack.org>
> Betreff: Re: FWaaS in Stein - NoMatches: No 'neutron.service_plugins' driver found, looking for 'firewall'
>
> Hi,
>
> FWaaS v1 was deprecated since some time and was removed completely in Stein release.
>
> > On 11 Jul 2019, at 09:28, Teckelmann, Ralf, NMU-OIP <ralf.teckelmann at bertelsmann.de<mailto:ralf.teckelmann at bertelsmann.de>> wrote:
> >
> > Good Morning everyone,
> >
> > We like to have FWaaS enabled for a Stein-based OpenStack installation.
> > Using linuxbridges we are not able to use FWaaS_v2, because it only seems to work with ovs.
> >
> > We thus tried FWaaS (v1) following https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.openstack.org_openstack-2Dansible-2Dos-5Fneutron_latest_configure-2Dnetwork-2Dservices.html-23firewall-2Dservice-2Doptional&d=DwIFaQ&c=vo2ie5TPcLdcgWuLVH4y8lsbGPqIayH3XbK3gK82Oco&r=WXex93lsaiQ-z7CeZkHv93lzt4fdCRIPXloSPQEU7CM&m=mRJxK4Dne35uMLvIxZWOXNeMxXzMcUTsQQd1yrgQ7kM&s=9KmdvZINwdij6mV-kMqE6S94CMiK4z8yO1b7cfXNhv8&e= .
> > However, all we get from it is (1).
> >
> > Are we missing a point or is FWaaS_V1 just not supported in Stein anymore?
> > If so, this would mean for a setup Stein+Linuxbridges no FWaaS is actually available, right?
> >
> > (1)
> > grep firewall /var/log/neutron/neutron-server.log
> > 2019-07-05 10:10:55.693 29793 ERROR neutron_lib.utils.runtime NoMatches: No'neutron.service_plugins' driver found, looking for 'firewall'
> > 2019-07-05 10:10:55.694 29793 ERROR neutron.manager [req-394624b6-e638-45ec-be7c-ce86793fdbc4 - - - - -] Plugin 'firewall' not found.
> > 2019-07-05 10:11:00.046 29979 INFO neutron.manager [req-e86af4f4-afae-46d7-ac5e-51585a12083b - - - - -] Loading Plugin: firewall
> > 2019-07-05 10:11:00.046 29979 ERROR neutron_lib.utils.runtime [req-e86af4f4-afae-46d7-ac5e-51585a12083b - - - - -] Error loading class by alias: NoMatches: No 'neutron.service_plugins' driver found, looking for 'firewall'
> >
> > Best regards,
> >
> > Ralf T.
>
> —
> Slawek Kaplonski
> Senior software engineer
> Red Hat
>

—
Slawek Kaplonski
Senior software engineer
Red Hat



--
Adam Heczko
Principal Security Architect @ Mirantis Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20190711/c043ed3f/attachment-0001.html>