Open Stack

Hi,

Security groups are supported by both Linuxbridge and OVS agents. But this is different solution than FWaaS. Security groups are applied on port’s level, not on router.

> On 11 Jul 2019, at 13:13, Teckelmann, Ralf, NMU-OIP <ralf.teckelmann at bertelsmann.de> wrote:
> 
> Hello Adam,
>  
> You may missed the part „in regard of a Stein-Deployment with Linuxbridges” of my question.
> So OVS is not relevant, as I understand the mutual exclusion of linux bridges and ovs.
>  
> Cheers,
>  
> Ralf T.
>  
> Von: Adam Heczko <aheczko at mirantis.com> 
> Gesendet: Donnerstag, 11. Juli 2019 12:55
> An: Slawek Kaplonski <skaplons at redhat.com>
> Cc: Teckelmann, Ralf, NMU-OIP <ralf.teckelmann at bertelsmann.de>; openstack-discuss at lists.openstack.org
> Betreff: Re: FWaaS in Stein - NoMatches: No 'neutron.service_plugins' driver found, looking for 'firewall'
>  
> Hi Ralf, WDYM saying 'no Perimeter-Firewall is offered anymore'?
> OpenStack with OVS ML2 provides a security groups, which is considered a 'perimeter firewall'.
>  
> On Thu, Jul 11, 2019 at 12:35 PM Slawek Kaplonski <skaplons at redhat.com> wrote:
> Hi,
> 
> AFAICT there is no many still active developers of neutron-fwaas project and I don’t know about such plans currently.
> 
> > On 11 Jul 2019, at 11:23, Teckelmann, Ralf, NMU-OIP <ralf.teckelmann at bertelsmann.de> wrote:
> > 
> > Hello Slawek,
> > 
> > Thank your for your fast response.
> > This means in regard of a Stein-Deployment with Linuxbridges no Perimeter-Firewall is offered anymore.
> > Are there plans to remedy this deficiency in the next releases?
> > 
> > Cheers,
> > 
> > Ralf T.
> > Von: Slawek Kaplonski <skaplons at redhat.com>
> > Gesendet: Donnerstag, 11. Juli 2019 10:04:02
> > An: Teckelmann, Ralf, NMU-OIP
> > Cc: openstack-discuss at lists.openstack.org
> > Betreff: Re: FWaaS in Stein - NoMatches: No 'neutron.service_plugins' driver found, looking for 'firewall'
> >  
> > Hi,
> > 
> > FWaaS v1 was deprecated since some time and was removed completely in Stein release.
> > 
> > > On 11 Jul 2019, at 09:28, Teckelmann, Ralf, NMU-OIP <ralf.teckelmann at bertelsmann.de> wrote:
> > > 
> > > Good Morning everyone,
> > > 
> > > We like to have FWaaS enabled for a Stein-based OpenStack installation.
> > > Using linuxbridges we are not able to use FWaaS_v2, because it only seems to work with ovs.
> > > 
> > > We thus tried FWaaS (v1) following https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.openstack.org_openstack-2Dansible-2Dos-5Fneutron_latest_configure-2Dnetwork-2Dservices.html-23firewall-2Dservice-2Doptional&d=DwIFaQ&c=vo2ie5TPcLdcgWuLVH4y8lsbGPqIayH3XbK3gK82Oco&r=WXex93lsaiQ-z7CeZkHv93lzt4fdCRIPXloSPQEU7CM&m=mRJxK4Dne35uMLvIxZWOXNeMxXzMcUTsQQd1yrgQ7kM&s=9KmdvZINwdij6mV-kMqE6S94CMiK4z8yO1b7cfXNhv8&e= .
> > > However, all we get from it is (1).
> > > 
> > > Are we missing a point or is FWaaS_V1 just not supported in Stein anymore?
> > > If so, this would mean for a setup Stein+Linuxbridges no FWaaS is actually available, right?
> > > 
> > > (1)
> > > grep firewall /var/log/neutron/neutron-server.log
> > > 2019-07-05 10:10:55.693 29793 ERROR neutron_lib.utils.runtime NoMatches: No'neutron.service_plugins' driver found, looking for 'firewall'
> > > 2019-07-05 10:10:55.694 29793 ERROR neutron.manager [req-394624b6-e638-45ec-be7c-ce86793fdbc4 - - - - -] Plugin 'firewall' not found.
> > > 2019-07-05 10:11:00.046 29979 INFO neutron.manager [req-e86af4f4-afae-46d7-ac5e-51585a12083b - - - - -] Loading Plugin: firewall
> > > 2019-07-05 10:11:00.046 29979 ERROR neutron_lib.utils.runtime [req-e86af4f4-afae-46d7-ac5e-51585a12083b - - - - -] Error loading class by alias: NoMatches: No 'neutron.service_plugins' driver found, looking for 'firewall'
> > > 
> > > Best regards,
> > > 
> > > Ralf T.
> > 
> > — 
> > Slawek Kaplonski
> > Senior software engineer
> > Red Hat
> > 
> 
> — 
> Slawek Kaplonski
> Senior software engineer
> Red Hat
> 
> 
> 
>  
> -- 
> Adam Heczko
> Principal Security Architect @ Mirantis Inc.

— 
Slawek Kaplonski
Senior software engineer
Red Hat