<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

<meta name="Generator" content="Microsoft Word 15 (filtered medium)">

<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}

o\:* {behavior:url(#default#VML);}

w\:* {behavior:url(#default#VML);}

.shape {behavior:url(#default#VML);}

</style><![endif]--><style><!--

/* Font Definitions */

@font-face

        {font-family:Helvetica;

        panose-1:2 11 6 4 2 2 2 2 2 4;}

@font-face

        {font-family:SimSun;

        panose-1:2 1 6 0 3 1 1 1 1 1;}

@font-face

        {font-family:"Cambria Math";

        panose-1:2 4 5 3 5 4 6 3 2 4;}

@font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

@font-face

        {font-family:Tahoma;

        panose-1:2 11 6 4 3 5 4 4 2 4;}

@font-face

        {font-family:"\@SimSun";

        panose-1:2 1 6 0 3 1 1 1 1 1;}

@font-face

        {font-family:"Trebuchet MS";

        panose-1:2 11 6 3 2 2 2 2 2 4;}

@font-face

        {font-family:inherit;

        panose-1:0 0 0 0 0 0 0 0 0 0;}

/* Style Definitions */

p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0in;

        margin-bottom:.0001pt;

        font-size:12.0pt;

        font-family:"Times New Roman",serif;}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:blue;

        text-decoration:underline;}

a:visited, span.MsoHyperlinkFollowed

        {mso-style-priority:99;

        color:purple;

        text-decoration:underline;}

p

        {mso-style-priority:99;

        mso-margin-top-alt:auto;

        margin-right:0in;

        mso-margin-bottom-alt:auto;

        margin-left:0in;

        font-size:12.0pt;

        font-family:"Times New Roman",serif;}

p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph

        {mso-style-priority:34;

        margin-top:0in;

        margin-right:0in;

        margin-bottom:0in;

        margin-left:.5in;

        margin-bottom:.0001pt;

        font-size:12.0pt;

        font-family:"Times New Roman",serif;}

span.EmailStyle18

        {mso-style-type:personal-reply;

        font-family:"Calibri",sans-serif;

        color:#1F497D;}

.MsoChpDefault

        {mso-style-type:export-only;

        font-family:"Calibri",sans-serif;}

@page WordSection1

        {size:8.5in 11.0in;

        margin:1.0in 1.0in 1.0in 1.0in;}

div.WordSection1

        {page:WordSection1;}

/* List Definitions */

@list l0

        {mso-list-id:845709244;

        mso-list-type:hybrid;

        mso-list-template-ids:-1445433280 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}

@list l0:level1

        {mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-.25in;}

@list l0:level2

        {mso-level-number-format:alpha-lower;

        mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-.25in;}

@list l0:level3

        {mso-level-number-format:roman-lower;

        mso-level-tab-stop:none;

        mso-level-number-position:right;

        text-indent:-9.0pt;}

@list l0:level4

        {mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-.25in;}

@list l0:level5

        {mso-level-number-format:alpha-lower;

        mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-.25in;}

@list l0:level6

        {mso-level-number-format:roman-lower;

        mso-level-tab-stop:none;

        mso-level-number-position:right;

        text-indent:-9.0pt;}

@list l0:level7

        {mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-.25in;}

@list l0:level8

        {mso-level-number-format:alpha-lower;

        mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-.25in;}

@list l0:level9

        {mso-level-number-format:roman-lower;

        mso-level-tab-stop:none;

        mso-level-number-position:right;

        text-indent:-9.0pt;}

ol

        {margin-bottom:0in;}

ul

        {margin-bottom:0in;}

--></style><!--[if gte mso 9]><xml>

<o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

<o:shapelayout v:ext="edit">

<o:idmap v:ext="edit" data="1" />

</o:shapelayout></xml><![endif]-->

</head>

<body lang="EN-US" link="blue" vlink="purple">

<div class="WordSection1">

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Hi,<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">After applied these change, is your neutron ml2 configuration correct? Mainly the below parts:<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">If still cannot work, could you please describe the errors?<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Beside these, we find xenserver dom0 lacks of conntrack support for neutron-ovs-agent in compute node, there is a fix waiting for review

<a href="https://review.openstack.org/#/c/341304/">https://review.openstack.org/#/c/341304/</a><o:p></o:p></span></p>

<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">1.</span><span style="font-size:7.0pt;color:#1F497D">      

</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">In nova.conf, two configurations should be set

</span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.25in;text-indent:.5in">

<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">[DEFAULT]

</span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.25in;text-indent:.5in">

<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">firewall_driver = nova.virt.firewall.NoopFirewallDriver</span><o:p></o:p></p>

<p style="margin-left:.75in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">security_group_api=neutron<o:p></o:p></span></p>

<p style="margin-left:.75in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">use_neutron = True<o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.75in">

<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">[xenserver]</span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.75in">

<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">ovs_integration_bridge =</span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.75in">

<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">vif_driver = nova.virt.xenapi.vif.XenAPIOpenVswitchDriver</span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> 2.</span><span style="font-size:7.0pt;color:#1F497D">      

</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">In neutron,  check configurations ml2_conf.ini in compute node which is used for neutron L2 agent</span><o:p></o:p></p>

<p style="margin-left:1.0in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">[agent]</span><o:p></o:p></p>

<p style="margin-left:1.0in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">minimize_polling = False</span><o:p></o:p></p>

<p style="margin-left:1.0in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">root_helper_daemon =</span><o:p></o:p></p>

<p style="margin-left:1.0in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">root_helper = /usr/local/bin/neutron-rootwrap-xen-dom0 /etc/neutron/rootwrap.conf </span><o:p></o:p></p>

<p style="margin-left:1.0in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">[ovs]</span><o:p></o:p></p>

<p style="margin-left:1.0in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">integration_bridge =</span><o:p></o:p></p>

<p style="margin-left:1.0in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">bridge_mappings =</span><o:p></o:p></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Thanks,<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Huan<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>

<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Adhi Priharmanto [mailto:adhi.pri@gmail.com]

<br>

<b>Sent:</b> Thursday, September 15, 2016 3:48 PM<br>

<b>To:</b> Huan Xie<br>

<b>Cc:</b> openstack@lists.openstack.org<br>

<b>Subject:</b> Re: [Openstack] Security Groups Can't Apply in Kilo with Neutron & XenServer<o:p></o:p></span></p>

<p class="MsoNormal"><o:p> </o:p></p>

<div>

<p class="MsoNormal">Hi, I still no luck for this problem, even I using liberty release, Security groups still not applied on network. can you help me again ?<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal"><o:p> </o:p></p>

<div>

<p class="MsoNormal">On Thu, Mar 17, 2016 at 10:55 AM, Adhi Priharmanto <<a href="mailto:adhi.pri@gmail.com" target="_blank">adhi.pri@gmail.com</a>> wrote:<o:p></o:p></p>

<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">

<div>

<p class="MsoNormal">Ok, 'll try to patched my neutron<o:p></o:p></p>

<div>

<div>

<div>

<p class="MsoNormal"><o:p> </o:p></p>

<div>

<p class="MsoNormal">On Tue, Mar 15, 2016 at 8:52 AM, Huan Xie <<a href="mailto:huan.xie@citrix.com" target="_blank">huan.xie@citrix.com</a>> wrote:<o:p></o:p></p>

<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">

<div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Hi,</span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">For apply the patch, you need to download the changed file with this

<a href="https://review.openstack.org/#/c/251271/" target="_blank">https://review.openstack.org/#/c/251271/</a> and its dependent changes, you can find its dependent changes in the right corner(Related Changes) in you open the link.</span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">For files that you need edit, in the middle of the code review page, you can find a section called

 “Files”, this part shows you which files are changed. </span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Best Regards//Huan</span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Adhi Priharmanto [mailto:<a href="mailto:adhi.pri@gmail.com" target="_blank">adhi.pri@gmail.com</a>]

<br>

<b>Sent:</b> Monday, March 14, 2016 6:21 PM<br>

<b>To:</b> Huan Xie<br>

<b>Cc:</b> <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>

<b>Subject:</b> Re: [Openstack] Security Groups Can't Apply in Kilo with Neutron & XenServer</span><o:p></o:p></p>

<div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Hi Xie, <o:p></o:p></p>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">I also commented on your post at blog.citrix :) , for step 1 - 3 was clear for me. I still confused about patched code in

<a href="https://review.openstack.org/#/c/251271/" target="_blank">https://review.openstack.org/#/c/251271/</a> for some file, could you more explain how to, which file that I should edit ?<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Thanks before <o:p></o:p></p>

</div>

</div>

</div>

</div>

<div>

<div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">On Mon, Mar 14, 2016 at 3:34 PM, Huan Xie <<a href="mailto:huan.xie@citrix.com" target="_blank">huan.xie@citrix.com</a>> wrote:<o:p></o:p></p>

<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">

<div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Hi Adhi,</span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Do you use devstack to deploy XenServer + Kilo or manually?

</span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Current Kilo release does not support XenServer + Neutron security group, because security group is

 implemented via iptables on Linux bridge, however, there is no Linux bridge created when booting a new instance.</span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">But we now have a new fix to support neutron security group, we have tested that it can work, this

 will be implemented as a blue print <a href="https://review.openstack.org/#/c/251271/" target="_blank">

https://review.openstack.org/#/c/251271/</a></span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">So, if you want to use neutron security group in Kilo, you should add some patch for your code and

 also please make the configurations as below:</span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>

<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">1.</span><span style="font-size:7.0pt;color:#1F497D">      

</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">In nova.conf, two configurations should be set

</span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.25in;text-indent:.5in">

<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">[DEFAULT]

</span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.25in;text-indent:.5in">

<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">firewall_driver = nova.virt.firewall.NoopFirewallDriver</span><o:p></o:p></p>

<p style="margin-left:.75in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">security_group_api=neutron</span><o:p></o:p></p>

<p style="margin-left:1.0in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.75in">

<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">[xenserver]</span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.75in">

<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">ovs_integration_bridge =</span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.75in">

<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">vif_driver = nova.virt.xenapi.vif.XenAPIOpenVswitchDriver</span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">                If you don’t know how to configure ovs_integration_bridge, then you can refer this

 blog <a href="https://www.citrix.com/blogs/2015/11/30/integrating-xenserver-rdo-and-neutron/" target="_blank">

https://www.citrix.com/blogs/2015/11/30/integrating-xenserver-rdo-and-neutron/</a></span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>

<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">2.</span><span style="font-size:7.0pt;color:#1F497D">      

</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">In neutron,  check configurations ml2_conf.ini in compute node which is used for neutron L2 agent</span><o:p></o:p></p>

<p style="margin-left:1.0in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">[agent]</span><o:p></o:p></p>

<p style="margin-left:1.0in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">minimize_polling = False</span><o:p></o:p></p>

<p style="margin-left:1.0in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">root_helper_daemon =</span><o:p></o:p></p>

<p style="margin-left:1.0in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">root_helper = /usr/local/bin/neutron-rootwrap-xen-dom0 /etc/neutron/rootwrap.conf</span><o:p></o:p></p>

<p style="margin-left:1.0in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>

<p style="margin-left:1.0in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">[ovs]</span><o:p></o:p></p>

<p style="margin-left:1.0in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">integration_bridge =</span><o:p></o:p></p>

<p style="margin-left:1.0in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">bridge_mappings =</span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">                Also for ovs configuration items, if you don’t clear on how to configure them, refer

 the blog</span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>

<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">3.</span><span style="font-size:7.0pt;color:#1F497D">      

</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">In neutron, check configurations /etc/neutron/rootwrap.conf in compute node</span><o:p></o:p></p>

<p style="margin-left:1.0in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">[xenapi]</span><o:p></o:p></p>

<p style="margin-left:1.0in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"># XenAPI configuration is only required by the L2 agent if it is to</span><o:p></o:p></p>

<p style="margin-left:1.0in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"># target a XenServer/XCP compute host's dom0.</span><o:p></o:p></p>

<p style="margin-left:1.0in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">xenapi_connection_url=</span><o:p></o:p></p>

<p style="margin-left:1.0in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">xenapi_connection_username=</span><o:p></o:p></p>

<p style="margin-left:1.0in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">xenapi_connection_password=

</span><o:p></o:p></p>

<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Best Regards//Huan</span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:12.0pt"><br>

<br>

-------- Original Message --------<br>

Subject: [Openstack] Security Groups Can't Apply in Kilo with Neutron & XenServer<br>

From: Adhi Priharmanto <br>

To: <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>

CC: <o:p></o:p></p>

<div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Hi all, <br>

<br>

I had Openstack Kilo installed on my lab, for Compute Hypervisor I use XenServer 6.5, and networking Using Neutron OVS. For Controller, Network, and Compute node I'm using Ubuntu 14.04.

<o:p></o:p></p>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">My problem was Security Groups rules doesn't applied to the instance that created. For example, there is no rule for SSH port 22 in security group i defined to the instance, but

 instance with floating IP able to login by ssh from external network.<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><br>

I've already add this option on my nova.conf<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">firewall_driver=nova.virt.xenapi.firewall.Dom0IptablesFirewallDriver<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">and also defined firewall_driver on my ml2_conf.ini at Controller, Network, and Compute node<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">[ovs]<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">enable_security_group = True<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">enable_ipset = True<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver<o:p></o:p></p>

</div>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">can somebody help me with this problem ?<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">--

<o:p></o:p></p>

<div>

<div>

<div>

<div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:12.0pt"><span style="font-size:10.0pt;font-family:"Trebuchet MS",sans-serif">Cheers,</span><o:p></o:p></p>

<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="outline:0px;border-spacing:0px">

<tbody>

<tr style="height:22.5pt;outline:0px;font-weight:inherit;font-style:inherit">

<td width="0" valign="bottom" style="width:.3pt;padding:0in 0in 0in 0in;height:22.5pt;outline:0px;font-style:inherit">

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:13.65pt">

<span style="font-size:1.0pt;color:#333333"> </span><o:p></o:p></p>

</td>

</tr>

<tr style="outline:0px;font-weight:inherit;font-style:inherit">

<td width="0" valign="bottom" style="width:.3pt;padding:0in 0in 0in 0in;outline:0px;font-style:inherit">

<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="outline:0px;font-weight:inherit;font-style:inherit;border-spacing:0px">

<tbody>

<tr style="outline:0px;font-style:inherit">

<td width="0" valign="top" style="width:.3pt;padding:0in 0in 0in 0in;outline:0px;font-weight:inherit;font-style:inherit;border-spacing:0px">

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;vertical-align:baseline">

<b><span style="font-size:13.5pt;font-family:"Helvetica",sans-serif;color:#333333">Adhi Priharmanto</span></b><o:p></o:p></p>

</div>

<div style="margin-top:2.25pt;outline:0px;font-weight:inherit;font-style:inherit">

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;vertical-align:baseline">

<span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#2B82AD"><a href="http://about.me/a_dhi" target="_blank">about.me/a_dhi</a></span><o:p></o:p></p>

</div>

</td>

</tr>

<tr style="outline:0px;font-weight:inherit;font-style:inherit">

<td width="0" valign="top" style="width:.3pt;padding:6.0pt 0in 0in 0in;outline:0px;font-style:inherit">

<p class="MsoNormal" align="right" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:right;background:#C5D0E0;vertical-align:baseline">

<img border="0" width="88" height="4" id="_x0000_i1025" src="http://d13pix9kaak6wt.cloudfront.net/signature/colorbar.png"><o:p></o:p></p>

</td>

</tr>

</tbody>

</table>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:0%;vertical-align:baseline">

<span style="font-size:10.5pt;color:#333333">  </span><o:p></o:p></p>

</td>

</tr>

<tr style="height:15.0pt;outline:0px;font-weight:inherit;font-style:inherit">

<td width="0" valign="bottom" style="width:.3pt;padding:0in 0in 0in 0in;height:15.0pt;outline:0px;font-style:inherit">

</td>

</tr>

</tbody>

</table>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:12.0pt"><br>

_______________________________________________<br>

Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">

http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>

Post to     : <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>

Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">

http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><o:p></o:p></p>

</blockquote>

</div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><br>

<br clear="all">

<o:p></o:p></p>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">--

<o:p></o:p></p>

</div>

</div>

<div>

<div>

<div>

<div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:12.0pt"><span style="font-size:10.0pt;font-family:"Trebuchet MS",sans-serif">Cheers,</span><o:p></o:p></p>

<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="outline:0px;border-spacing:0px">

<tbody>

<tr style="height:22.5pt;outline:0px;font-weight:inherit;font-style:inherit">

<td width="0" valign="bottom" style="width:.3pt;padding:0in 0in 0in 0in;height:22.5pt;outline:0px;font-style:inherit">

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:13.65pt">

<span style="font-size:1.0pt;color:#333333"> </span><o:p></o:p></p>

</td>

</tr>

<tr style="outline:0px;font-weight:inherit;font-style:inherit">

<td width="0" valign="bottom" style="width:.3pt;padding:0in 0in 0in 0in;outline:0px;font-style:inherit">

<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="outline:0px;font-weight:inherit;font-style:inherit;border-spacing:0px">

<tbody>

<tr style="outline:0px;font-style:inherit">

<td width="0" valign="top" style="width:.3pt;padding:0in 0in 0in 0in;outline:0px;font-weight:inherit;font-style:inherit;border-spacing:0px">

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;vertical-align:baseline">

<b><span style="font-size:13.5pt;font-family:"Helvetica",sans-serif;color:#333333">Adhi Priharmanto</span></b><o:p></o:p></p>

</div>

<div style="margin-top:2.25pt;outline:0px;font-weight:inherit;font-style:inherit">

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;vertical-align:baseline">

<span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#2B82AD"><a href="http://about.me/a_dhi" target="_blank">about.me/a_dhi</a></span><o:p></o:p></p>

</div>

</td>

</tr>

<tr style="outline:0px;font-weight:inherit;font-style:inherit">

<td width="0" valign="top" style="width:.3pt;padding:6.0pt 0in 0in 0in;outline:0px;font-style:inherit">

<p class="MsoNormal" align="right" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:right;background:#C5D0E0;vertical-align:baseline">

<img border="0" width="88" height="4" id="_x0000_i1026" src="http://d13pix9kaak6wt.cloudfront.net/signature/colorbar.png"><o:p></o:p></p>

</td>

</tr>

</tbody>

</table>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:0%;vertical-align:baseline">

<span style="font-size:10.5pt;color:#333333">  </span><o:p></o:p></p>

</td>

</tr>

<tr style="height:15.0pt;outline:0px;font-weight:inherit;font-style:inherit">

<td width="0" valign="bottom" style="width:.3pt;padding:0in 0in 0in 0in;height:15.0pt;outline:0px;font-style:inherit">

</td>

</tr>

</tbody>

</table>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Trebuchet MS",sans-serif"><a href="tel:%2B62-812-82121584" target="_blank">+62-812-82121584</a></span><o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</blockquote>

</div>

<p class="MsoNormal"><br>

<br clear="all">

<o:p></o:p></p>

<div>

<p class="MsoNormal"><o:p> </o:p></p>

</div>

</div>

</div>

<p class="MsoNormal">-- <o:p></o:p></p>

<div>

<div>

<div>

<div>

<div>

<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:10.0pt;font-family:"Trebuchet MS",sans-serif">Cheers,</span><o:p></o:p></p>

<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="outline:0px;border-spacing:0px">

<tbody>

<tr style="height:22.5pt;outline:0px;font-weight:inherit;font-style:inherit">

<td width="0" valign="bottom" style="width:.3pt;padding:0in 0in 0in 0in;height:22.5pt;outline:0px;font-style:inherit">

<p class="MsoNormal" style="line-height:13.65pt"><span style="font-size:1.0pt;font-family:"inherit",serif;color:#333333"> <o:p></o:p></span></p>

</td>

</tr>

<tr style="outline:0px;font-weight:inherit;font-style:inherit">

<td width="0" valign="bottom" style="width:.3pt;padding:0in 0in 0in 0in;outline:0px;font-style:inherit">

<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="outline:0px;font-weight:inherit;font-style:inherit;border-spacing:0px">

<tbody>

<tr style="outline:0px;font-style:inherit">

<td width="0" valign="top" style="width:.3pt;padding:0in 0in 0in 0in;outline:0px;font-weight:inherit;font-style:inherit;display:inline-block">

<p class="MsoNormal"><span style="font-family:"inherit",serif"><o:p></o:p></span></p>

<div>

<p class="MsoNormal" style="vertical-align:baseline"><b><span style="font-size:13.5pt;font-family:"Helvetica",sans-serif;color:#333333">Adhi Priharmanto<o:p></o:p></span></b></p>

</div>

<div style="margin-top:2.25pt;outline:0px;font-weight:inherit;font-style:inherit">

<p class="MsoNormal" style="vertical-align:baseline"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#2B82AD">about.me/a_dhi<o:p></o:p></span></p>

</div>

</td>

</tr>

<tr style="outline:0px;font-weight:inherit;font-style:inherit">

<td width="0" valign="top" style="width:.3pt;padding:6.0pt 0in 0in 0in;outline:0px;font-style:inherit">

<p class="MsoNormal" align="right" style="text-align:right;background:#C5D0E0;vertical-align:baseline">

<span style="font-family:"inherit",serif"><img border="0" width="88" height="4" id="_x0000_i1027" src="http://d13pix9kaak6wt.cloudfront.net/signature/colorbar.png"><o:p></o:p></span></p>

</td>

</tr>

</tbody>

</table>

<p class="MsoNormal" style="line-height:0%;vertical-align:baseline"><span style="font-size:10.5pt;font-family:"inherit",serif;color:#333333"> 

<o:p></o:p></span></p>

</td>

</tr>

<tr style="height:15.0pt;outline:0px;font-weight:inherit;font-style:inherit">

<td width="0" valign="bottom" style="width:.3pt;padding:0in 0in 0in 0in;height:15.0pt;outline:0px;font-style:inherit">

</td>

</tr>

</tbody>

</table>

<p class="MsoNormal"><o:p> </o:p></p>

</div>

<div>

<p class="MsoNormal"><o:p> </o:p></p>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</blockquote>

</div>

<p class="MsoNormal"><br>

<br clear="all">

<o:p></o:p></p>

<div>

<p class="MsoNormal"><o:p> </o:p></p>

</div>

<p class="MsoNormal">-- <o:p></o:p></p>

<div>

<div>

<div>

<div>

<div>

<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:10.0pt;font-family:"Trebuchet MS",sans-serif">Cheers,</span><o:p></o:p></p>

<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="outline:0px;border-spacing:0px">

<tbody>

<tr style="height:22.5pt;outline:0px;font-weight:inherit;font-style:inherit">

<td width="0" valign="bottom" style="width:.3pt;padding:0in 0in 0in 0in;height:22.5pt;outline:0px;font-style:inherit">

<p class="MsoNormal" style="line-height:13.65pt"><span style="font-size:1.0pt;font-family:"inherit",serif;color:#333333"> <o:p></o:p></span></p>

</td>

</tr>

<tr style="outline:0px;font-weight:inherit;font-style:inherit">

<td width="0" valign="bottom" style="width:.3pt;padding:0in 0in 0in 0in;outline:0px;font-style:inherit">

<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="outline:0px;font-weight:inherit;font-style:inherit;border-spacing:0px">

<tbody>

<tr style="outline:0px;font-style:inherit">

<td width="0" valign="top" style="width:.3pt;padding:0in 0in 0in 0in;outline:0px;font-weight:inherit;font-style:inherit;display:inline-block">

<p class="MsoNormal"><span style="font-family:"inherit",serif"><o:p></o:p></span></p>

<div>

<p class="MsoNormal" style="vertical-align:baseline"><b><span style="font-size:13.5pt;font-family:"Helvetica",sans-serif;color:#333333">Adhi Priharmanto<o:p></o:p></span></b></p>

</div>

<div style="margin-top:2.25pt;outline:0px;font-weight:inherit;font-style:inherit">

<p class="MsoNormal" style="vertical-align:baseline"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#2B82AD">about.me/a_dhi<o:p></o:p></span></p>

</div>

</td>

</tr>

<tr style="outline:0px;font-weight:inherit;font-style:inherit">

<td width="0" valign="top" style="width:.3pt;padding:6.0pt 0in 0in 0in;outline:0px;font-style:inherit">

<p class="MsoNormal" align="right" style="text-align:right;background:#C5D0E0;vertical-align:baseline">

<span style="font-family:"inherit",serif"><img border="0" width="88" height="4" id="_x0000_i1028" src="http://d13pix9kaak6wt.cloudfront.net/signature/colorbar.png"><o:p></o:p></span></p>

</td>

</tr>

</tbody>

</table>

<p class="MsoNormal" style="line-height:0%;vertical-align:baseline"><span style="font-size:10.5pt;font-family:"inherit",serif;color:#333333"> 

<o:p></o:p></span></p>

</td>

</tr>

<tr style="height:15.0pt;outline:0px;font-weight:inherit;font-style:inherit">

<td width="0" valign="bottom" style="width:.3pt;padding:0in 0in 0in 0in;height:15.0pt;outline:0px;font-style:inherit">

</td>

</tr>

</tbody>

</table>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Trebuchet MS",sans-serif">+62-812-82121584</span><o:p></o:p></p>

</div>

<div>

<p class="MsoNormal"><o:p> </o:p></p>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</body>

</html>