FWaaS in Stein - NoMatches: No 'neutron.service_plugins' driver found, looking for 'firewall'
Adam Heczko
aheczko at mirantis.com
Thu Jul 11 11:44:49 UTC 2019
Exacly Slawek.
Ralph I was referring to the sentence 'Perimeter-Firewall'
OpenStack provides a Perimeter-Firewall and that is a Security Groups.
https://docs.openstack.org/nova/queens/admin/security-groups.html
SG (Security Groups) is something different than FWaaS.
Though FWaaS to some degree could also provide a SG functionality, as it
can bind to AFAIK and Neutron port.
On Thu, Jul 11, 2019 at 1:22 PM Slawek Kaplonski <skaplons at redhat.com>
wrote:
> Hi,
>
> Security groups are supported by both Linuxbridge and OVS agents. But this
> is different solution than FWaaS. Security groups are applied on port’s
> level, not on router.
>
> > On 11 Jul 2019, at 13:13, Teckelmann, Ralf, NMU-OIP <
> ralf.teckelmann at bertelsmann.de> wrote:
> >
> > Hello Adam,
> >
> > You may missed the part „in regard of a Stein-Deployment with
> Linuxbridges” of my question.
> > So OVS is not relevant, as I understand the mutual exclusion of linux
> bridges and ovs.
> >
> > Cheers,
> >
> > Ralf T.
> >
> > Von: Adam Heczko <aheczko at mirantis.com>
> > Gesendet: Donnerstag, 11. Juli 2019 12:55
> > An: Slawek Kaplonski <skaplons at redhat.com>
> > Cc: Teckelmann, Ralf, NMU-OIP <ralf.teckelmann at bertelsmann.de>;
> openstack-discuss at lists.openstack.org
> > Betreff: Re: FWaaS in Stein - NoMatches: No 'neutron.service_plugins'
> driver found, looking for 'firewall'
> >
> > Hi Ralf, WDYM saying 'no Perimeter-Firewall is offered anymore'?
> > OpenStack with OVS ML2 provides a security groups, which is considered a
> 'perimeter firewall'.
> >
> > On Thu, Jul 11, 2019 at 12:35 PM Slawek Kaplonski <skaplons at redhat.com>
> wrote:
> > Hi,
> >
> > AFAICT there is no many still active developers of neutron-fwaas project
> and I don’t know about such plans currently.
> >
> > > On 11 Jul 2019, at 11:23, Teckelmann, Ralf, NMU-OIP <
> ralf.teckelmann at bertelsmann.de> wrote:
> > >
> > > Hello Slawek,
> > >
> > > Thank your for your fast response.
> > > This means in regard of a Stein-Deployment with Linuxbridges no
> Perimeter-Firewall is offered anymore.
> > > Are there plans to remedy this deficiency in the next releases?
> > >
> > > Cheers,
> > >
> > > Ralf T.
> > > Von: Slawek Kaplonski <skaplons at redhat.com>
> > > Gesendet: Donnerstag, 11. Juli 2019 10:04:02
> > > An: Teckelmann, Ralf, NMU-OIP
> > > Cc: openstack-discuss at lists.openstack.org
> > > Betreff: Re: FWaaS in Stein - NoMatches: No 'neutron.service_plugins'
> driver found, looking for 'firewall'
> > >
> > > Hi,
> > >
> > > FWaaS v1 was deprecated since some time and was removed completely in
> Stein release.
> > >
> > > > On 11 Jul 2019, at 09:28, Teckelmann, Ralf, NMU-OIP <
> ralf.teckelmann at bertelsmann.de> wrote:
> > > >
> > > > Good Morning everyone,
> > > >
> > > > We like to have FWaaS enabled for a Stein-based OpenStack
> installation.
> > > > Using linuxbridges we are not able to use FWaaS_v2, because it only
> seems to work with ovs.
> > > >
> > > > We thus tried FWaaS (v1) following
> https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.openstack.org_openstack-2Dansible-2Dos-5Fneutron_latest_configure-2Dnetwork-2Dservices.html-23firewall-2Dservice-2Doptional&d=DwIFaQ&c=vo2ie5TPcLdcgWuLVH4y8lsbGPqIayH3XbK3gK82Oco&r=WXex93lsaiQ-z7CeZkHv93lzt4fdCRIPXloSPQEU7CM&m=mRJxK4Dne35uMLvIxZWOXNeMxXzMcUTsQQd1yrgQ7kM&s=9KmdvZINwdij6mV-kMqE6S94CMiK4z8yO1b7cfXNhv8&e=
> .
> > > > However, all we get from it is (1).
> > > >
> > > > Are we missing a point or is FWaaS_V1 just not supported in Stein
> anymore?
> > > > If so, this would mean for a setup Stein+Linuxbridges no FWaaS is
> actually available, right?
> > > >
> > > > (1)
> > > > grep firewall /var/log/neutron/neutron-server.log
> > > > 2019-07-05 10:10:55.693 29793 ERROR neutron_lib.utils.runtime
> NoMatches: No'neutron.service_plugins' driver found, looking for 'firewall'
> > > > 2019-07-05 10:10:55.694 29793 ERROR neutron.manager
> [req-394624b6-e638-45ec-be7c-ce86793fdbc4 - - - - -] Plugin 'firewall' not
> found.
> > > > 2019-07-05 10:11:00.046 29979 INFO neutron.manager
> [req-e86af4f4-afae-46d7-ac5e-51585a12083b - - - - -] Loading Plugin:
> firewall
> > > > 2019-07-05 10:11:00.046 29979 ERROR neutron_lib.utils.runtime
> [req-e86af4f4-afae-46d7-ac5e-51585a12083b - - - - -] Error loading class by
> alias: NoMatches: No 'neutron.service_plugins' driver found, looking for
> 'firewall'
> > > >
> > > > Best regards,
> > > >
> > > > Ralf T.
> > >
> > > —
> > > Slawek Kaplonski
> > > Senior software engineer
> > > Red Hat
> > >
> >
> > —
> > Slawek Kaplonski
> > Senior software engineer
> > Red Hat
> >
> >
> >
> >
> > --
> > Adam Heczko
> > Principal Security Architect @ Mirantis Inc.
>
> —
> Slawek Kaplonski
> Senior software engineer
> Red Hat
>
>
--
Adam Heczko
Principal Security Architect @ Mirantis Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20190711/a36cc441/attachment-0001.html>
More information about the openstack-discuss
mailing list