Hi, I think the problem is the migration from iptables_hybrid to openvswitch firewall : https://docs.openstack.org/neutron/rocky/contributor/internals/openvswitch_f... Thanks Ignazio Il Dom 8 Mar 2020, 15:07 Slawek Kaplonski <skaplons@redhat.com> ha scritto:
Hi,
On 7 Mar 2020, at 21:45, Ignazio Cassano <ignaziocassano@gmail.com> wrote:
Slawek, forgive me if I take advantage of your patience.
Before rebooting nodes, I modified nodes and controllers with security groups logs, modifying neutron.conf, ml2 and openvswitch agents, moving from iptables_hybrid to openvswitch firewall etc etc..... I only restarted neutron components and before rebooting nodes and controllers, I saw security groups logs and I was able to migrate instances. Why after rebooting not ?
To be honest I don’t know why it’s like that. You probably will need to give more info there, what errors You have exactly during the migration.
And, please, what about “multiple port bindings” ?
Spec for this feature is at https://specs.openstack.org/openstack/neutron-specs/specs/ocata/portbinding_... - You should find more details about it there.
Thanks Ignazio
Il giorno sab 7 mar 2020 alle ore 19:02 Slawek Kaplonski <
Hi,
On 7 Mar 2020, at 18:45, Ignazio Cassano <ignaziocassano@gmail.com> wrote:
Hello, I have queens installation based on centos7.
Before implementing security groups logs, I had the following configuration in /etc/neutron/plugins/ml2/openvswitch_agent.ini:
firewall_driver = iptables_hybrid
Enabling security groups log I had to change it in :
firewall_driver = openvswitch
It seems to work end security logs are logged . After restarting kvm nodes and controllers, virtual machines do not
skaplons@redhat.com> ha scritto: live migrate.
The firewall driver change could be the cause of my problem ?
Yes, In queens there wasn’t yet migration between various firewall drivers so that can be an issue. It should works fine since Rocky release with “multiple port bindings” feature.
firewall_driver = openvswitch is mandatory for security groups log ?
Yes, logging isn’t supported by iptables_hybrid driver.
Please, any help ?
I cannot reproduce the problem rebooting all my nodes. I rebooted them because I hat to transfer from a rack to another.
Ignazio
— Slawek Kaplonski Senior software engineer Red Hat
— Slawek Kaplonski Senior software engineer Red Hat