[Openstack-operators] Quantum + Firewall as a Service

Jacob Godin jacobgodin at gmail.com
Tue Apr 2 22:04:07 UTC 2013


Ok great, thanks for all of the info.

Cheers


On Tue, Apr 2, 2013 at 7:03 PM, Tomasz Paszkowski <ss7pro at gmail.com> wrote:

> Yes, this is grizzly feature.
>
>
> On Wed, Apr 3, 2013 at 12:02 AM, Jacob Godin <jacobgodin at gmail.com> wrote:
> > Hi Tomasz,
> >
> > Just to clarify, this was not in Folsom?
> >
> >
> > On Tue, Apr 2, 2013 at 4:15 PM, Tomasz Paszkowski <ss7pro at gmail.com>
> wrote:
> >>
> >> Yes,
> >>
> >> after you'll put this line into your nova.conf file on all compute nodes
> >> it'll work seamlessly with security groups (also though horizon, as
> horizon
> >> is just an graphical interface to an openstack api).  Remember also to
> check
> >> if you have valid firewall driver set (eg.
> >> firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver).
> >>
> >>
> >>
> >>
> >>
> >> On Tue, Apr 2, 2013 at 8:06 PM, Jacob Godin <jacobgodin at gmail.com>
> wrote:
> >>>
> >>> Will this work with per-tenant routers as well? Is it configurable
> >>> through nova security groups (and Horizon)?
> >>>
> >>> Thanks!
> >>>
> >>>
> >>> On Tue, Apr 2, 2013 at 12:59 PM, Tomasz Paszkowski <ss7pro at gmail.com>
> >>> wrote:
> >>>>
> >>>> Hi Jacob,
> >>>>
> >>>> Grizzly release supports this setup by using Hybrid configuration
> (linux
> >>>> bridge attached to the ovs-bridge). All you need is to set:
> >>>>
> >>>> libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtGenericVIFDriver in
> your
> >>>> nova.conf
> >>>>
> >>>> :-)
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> On Tue, Apr 2, 2013 at 5:43 PM, Jacob Godin <jacobgodin at gmail.com>
> >>>> wrote:
> >>>>>
> >>>>> Hi all,
> >>>>>
> >>>>> Is anyone implementing Quantum per-tenant routers with a "Firewall
> as a
> >>>>> Service" so that each tenant can create and manage their own
> firewalls? As
> >>>>> far as I know, Nova security groups still will not integrate with
> this type
> >>>>> of Quantum setup.
> >>>>>
> >>>>> I'm currently using Openvswitch as an L2 agent.
> >>>>>
> >>>>> Thanks
> >>>>> Jacob
> >>>>>
> >>>>> _______________________________________________
> >>>>> OpenStack-operators mailing list
> >>>>> OpenStack-operators at lists.openstack.org
> >>>>>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
> >>>>>
> >>>>
> >>>>
> >>>>
> >>>> --
> >>>> Tomasz Paszkowski
> >>>> SS7, Asterisk, SAN, Datacenter, Cloud Computing
> >>>> +48500166299
> >>>
> >>>
> >>
> >>
> >>
> >> --
> >> Tomasz Paszkowski
> >> SS7, Asterisk, SAN, Datacenter, Cloud Computing
> >> +48500166299
> >
> >
>
>
>
> --
> Tomasz Paszkowski
> SS7, Asterisk, SAN, Datacenter, Cloud Computing
> +48500166299
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20130402/e7a26141/attachment-0001.html>


More information about the OpenStack-operators mailing list