[queens] [neutron]security_groups_log]

Ignazio Cassano ignaziocassano at gmail.com
Sat Mar 7 20:45:52 UTC 2020


Slawek, forgive me if I take advantage of  your patience.

Before rebooting nodes,  I modified nodes and controllers with security
groups logs, modifying neutron.conf, ml2 and openvswitch agents, moving
from iptables_hybrid to openvswitch firewall etc etc.....
I only restarted neutron components and before rebooting nodes and
controllers, I saw security groups logs and I was able to migrate instances.
Why after rebooting not ?
And, please, what about “multiple port bindings” ?

Thanks
Ignazio



Il giorno sab 7 mar 2020 alle ore 19:02 Slawek Kaplonski <
skaplons at redhat.com> ha scritto:

> Hi,
>
> > On 7 Mar 2020, at 18:45, Ignazio Cassano <ignaziocassano at gmail.com>
> wrote:
> >
> > Hello, I have  queens installation based on centos7.
> >
> > Before implementing security groups logs, I had the following
> configuration in
> > /etc/neutron/plugins/ml2/openvswitch_agent.ini:
> >
> > firewall_driver = iptables_hybrid
> >
> >
> > Enabling security groups log I had to change it in :
> >
> > firewall_driver = openvswitch
> >
> >
> > It seems to work end security logs are logged .
> > After restarting kvm nodes and controllers, virtual machines do not live
> migrate.
> > The firewall driver change could be the cause of my problem ?
>
> Yes, In queens there wasn’t yet migration between various firewall drivers
> so that can be an issue. It should works fine since Rocky release with
> “multiple port bindings” feature.
>
> > firewall_driver = openvswitch is mandatory for security groups log ?
>
> Yes, logging isn’t supported by iptables_hybrid driver.
>
> >
> > Please, any help ?
> >
> >
> > I cannot reproduce the problem  rebooting all my nodes.
> > I rebooted them because I hat to transfer from a rack to another.
> >
> > Ignazio
> >
> >
>
>> Slawek Kaplonski
> Senior software engineer
> Red Hat
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20200307/17726e04/attachment-0001.html>


More information about the openstack-discuss mailing list